Archive for September, 2007

Rootkit DRM Methods Fuel Piracy

Sunday, September 30th, 2007

I talked to several people lately who expressed interest in BioShock. I told them straight up: no matter what you do, don’t buy that shit. If you do, you will just get brutally fucked up the ass by SecuRom, online activation and the 57 million of other DRM features that 2kgames decided to put in it. If you download it on the other hand you get a safe copy that includes no rootkit, and will still work 20 years from now when 2kgames no longer exist, and you for some reason are in a mood to play the old abandonware shit.

I usually don’t advocate copyright infringement here but I can’t in good conscience recommend to anyone paying money for software that will fuck up their system. We live in a seriously fucked up day and age where the legal software contains very shady, very dangerous mallware.

Especially since the DRM has no effect on the file sharing at all. BioShock was cracked in 11 days. Was the revenue gained during these 11 days worth the bad PR, alienating thousands of customers who paid for the game but were not able to play it without uninstalling crucial tools like debuggers and process monitor they use for their real life work every day?

I’m not playing BioShock - I’m boycotting that game because of the DRM. But I got fucked by this kind of DRM some time ago when my brother bought me Brothers in Arms: Earned in Blood which contains Starforce - an evil piece of shit that destroys your optical drives. So I have that game - it’s a legal copy, I have the box and set of CD’s but I can’t fucking play it. Or rather I can, but not without risking damage to my optical drives and rendering my system unstable.

But, if I downloaded the game, it comes with a crack that removes Starforce. Same goes for BioShock and SecuRom - if you download it, you get the game without the dangerous components. Anyone who is passionate about the game, and has half a brain will opt to download rather than buy games that are protected this way. The only people who buy them are those who don’t know about the rootkits, or are to clueless to understand what they do.

If you are a game publisher, do the math - implementing DRM the rootkit way will:

  1. possibly increase sales in first week or two (not guaranteed though - people who were planning to download it will just hold off and wait anyway)
  2. cause massive backlash from loyal fans
  3. cause loss of customers who will never buy your products again
  4. very, very bad PR in independent online forums
  5. mainstream gaming media may pick up the story after the massive outrage in independent media
  6. you become infamous in security industry. IT people across the globe hate you giving you more bad PR outside the gaming circles
  7. possible class action lawsuits
  8. sharp decline in sales caused by the rootkit news reaching more and more people
  9. loyal fans who were backbone of your customer base boycot your products or turn to illegal downloads

Is it worth it? Personally I don’t think any DRM is worth the diminished customer experience. There is just no trade off here. You shit on your customers as if they were thieves and in exchange you get… 11 days - if you are lucky. It makes no sense.

No matter what kind of business you run, the golden rule always was “customer is always right”. Somehow music, movie and PC gaming companies decided that “customer is a filthy thief that must be punished” is a reasonable alternative. How long can you run your business the Soup Natzi style?

Soup Natzi

This extends beyond gaming. Every time you put a piece of DRM on your product you are essentially making it less marketable and less valuable than the cracked copy available on just about every torrent site out there. People want to rip their CD’s to mp3 files. If you prohibit this via DRM they will just download the mp3’s they want. And next time they will remember that you sell crippled CD’s so they will just hit up P2P instead of the record store.

The same argument is now becoming more and more valid for video as well. More and more people own video ipods, smart phones or other hand-held devices which have massive storage space and are capable of displaying video. Why should we be forced to buy movies in 5 different formats to be able to play them on all the different devices that you own? You download once, and then you just use the same copy on all the different portable players - this is what consumers want. And yet, movie studios consider such behavior reprehensible.

All these people lock down their products in ways that makes them either unusable, or actually dangerous to use and then complain that people prefer the unlocked, un-encumbered and inherently safer copies, that also incidentally can be downloaded for free. You have to remember that some people will never pay for your products. If they can’t download it, they will simply ignore it. When you use DRM you are simply alienating the rest of the people - those who were willing to give you money, but now they don’t because they can get a a copy that is of much better quality for free online.

I’m amazed how few people understand this simple dynamic.

Hotlinking Rant

Saturday, September 29th, 2007

I’ve been getting hit by hot linking pretty hard lately. If the site has been slow and unresponsive lately, it might have been because of that. Apparently someone has been using some of the images hosted here in their post signature on some very active forums resulting in almost an unintentional mini DDOS. Thanks fuckers. My bandwidth is still fine, and I don’t owe any overcharges. In fact, this didn’t even put a big dent in my bandwidth allowance. But it does put a strain on the server for absolutely no reason.

Quick run through the logs revealed that images from my site were used on at least 5 or 6 different forums, and at least 3 Myspace profiles and several live journals. I would just want to ask, WHAT THE FUCK ARE YOU PEOPLE THINKING? Are you retarded? Did you just get internet yesterday? I mean, what the fuck?

Think about it - you are hotlinking to a picture that sits on a server maintained by some dude you don’t even know. What stops me from swapping the file you just linked with say tubgirl, lemonparty, goatse or perhaps some nasty mashup of the three? I mean, other than common decency. If I was a real jackass, it would take me two clicks of a mouse to put a really, really vile, disgusting images in your signature or on your myspace profile.

Oh, and if I’m extra nasty I might just shoot an abuse complaint to myspace staff and say you are posting vile pr0n. Which you technically would be if I swapped around some images. From what I heard they delete accounts first, and ask questions second. Same goes for LJ.

So you really are putting your good name, and the integrity of your account on a given forum or social network in someone else’s hands. This is not a good position to put yourself into. One day you will piss off a guy that is a much bigger dick than I am, and you might likely get banned or loose your account on a given network.

The ironic thing is that I really don’t have any original images on this site. What you people are linking to are usually cropped, resized low quality copies of original work that can be fund elsewhere. But I guess anyone lazy enough to hotlink, is to lazy to click on a link and go to the source. Sigh…

Because of this I decided to disable hotlinking from outside domains. I’m using the following .htaccess file i my uploads directory:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?terminally-incoherent\.com/ [NC]
RewriteCond %{HTTP_REFERER} !bloglines\.com [NC]
RewriteCond %{HTTP_REFERER} !google\. [NC]
RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]
RewriteCond %{HTTP_REFERER} !^http://babel.altavista.com/.*(www\.)?terminally-incoherent\.com [NC]
RewriteCond %{HTTP_REFERER} !^http://[^./]*\.talkr\.com [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(jpe?g|gif|png)$ - [F]

What this means is that you can still access images directly, and and that google, bloglines and some other services will still have access. You will still be able to see the images embedded in RSS feed from within your online reader as before. Everyone else will get a nice 403 Forbidden error. I could silently redirect hotlinked images to use Coral Cache, but you know what - I don’t care anymore. Fuck it. Stupid people can deal with broken image tags. Smart people already coralized it or uploaded it somewhere else. This way I loose minimal amount of bandwidth, and spend as little time possible responding to your request.

Btw, if you are using an online RSS reader that is not on my list please let me know what it is in the comments and I’ll add it to the exception list.

Also, if you do feel the need to link directly to an image hosted here you will now need to use ImgRed. How does it work? It’s simple - simply slap http://imgred.com/ in front of the image URL. That’s all you need to do - the image will get cashed on ImgRed servers which takes a load of my page, and still lets you share the image without the hassle of uploading it to another service. You can also use Coral Cache as mentioned before. Both work equally well.

You notice that neither of the caching mechanisms are on my exception list. They don’t have to be. They were designed to work around this. So use them.

WASD, Arrow Keys or HJKL?

Friday, September 28th, 2007

The other day I saw this:

WASD vs Arrows
author unknown

I decided we need to have a showdown. Which is your favorite movement key combination for gaming and/or text editing?

Favorite Keys
View Results

While we are at it, here is something that kinda bothers me. Do left handed gamers still use WASD? It would seem kinda uncomfortable to have both hands all the way on the left side of the keyboard, and have the wrong hand operating the keys (cause even if you are left handed, your left hand still works the keys left of the home row). Any left handed gamers who read this blog?

Do you guys re-map the keys to something else, learn how to use WASD with your right hand, or do you learn to use mouse in your right hand when you play games? Also, if you use the mouse with your left hand, do you usually swap the keys so that you have the RMB equivalent under the index finger?

It got me thinking because a lot of games don’t even offer this option which kinda sucks from the accessibility point of view.

Access Your Linux Box Remotely With NoMachine

Thursday, September 27th, 2007

As remote protocols go VNC is usually considered the standard because it is open, popular and relatively easy to work with. There are dozens of free and commercial implementations of the protocol, and even products like my favorite CrossLoop use it. But, truth be told, VNC is not great. If you want speed and quality, you ought to look somewhere else.

In the past I mentioned that the RDP protocol (also known as the Remote Desktop) for Windows just can’t be beat. When given a choice between VNC and RDP to work on a remote windows box, I will always choose the later. Yes, it is proprietary, but it is just serves my needs better. VNC is more geared towards remote support because both the local and remote users usually share the same desktop session. RDP on the other hand utilizes Windows Terminal Services letting you work in your private instance. And on top of that it’s much faster, and even over a slow internet link you can use the machine without huge delays or visual artifacts.

What about linux? If you want this type of service and performance, you have to look at another proprietary product. I’m talking about nx protocol by NoMachine. However unlike RDP, the core libraries for NX are released under GPL and NoMachine does distribute free binaries for most modern systems.

How do you set up a NX server? It’s as easy as downloading and installing 3 deb packages. Note that you need all three. The node depends on the client, and the server depends on the node. Go figure. Here is how I got it working under Feisty:

wget http://64.34.161.181/download/3.0.0/Linux/nxclient_3.0.0-78_i386.deb
wget http://64.34.161.181/download/3.0.0/Linux/nxnode_3.0.0-83_i386.deb
wget http://64.34.161.181/download/3.0.0/Linux/FE/nxserver_3.0.0-69_i386.deb
sudo dpkg -i nxclient_3.0.0-78_i386.deb
sudo dpkg -i nxnode_3.0.0-83_i386.deb
sudo dpkg -i nxserver_3.0.0-69_i386.deb

I had no major issues installing the 3.0 release, although it did complain about my CUPS configuration, or rather lack of thereof. I didn’t really care. :) Results? Here is a screeshot of my Ubuntulite inside a NXClient running on Windows XP:

Ubuntulite in NX Client on WinXP

And yes, it is the same Ubuntulite installation I put on my poor “senior citizen” rickety old spare laptop few days ago. Which just goes to show that the NXServer works great even on a tad flaky, 0.5 beta release of Ubuntulite.

The speed is comparable to what you get when using with RDP on windows, and so is the quality of the image. It’s crisp and refreshes very fast. It also beats normal X-forwarding when you are connecting from windows because the NX client much smaller than installing full blown X under cygwin, and free as opposed to something like XWin32. It also lets you view the whole desktop as if you were sitting at it as opposed to launching all your apps from withing xterms

Caveat emptor: by default the NX protocol uses ssh for routing it’s connections. Thus you have to make sure you have openssh-server package installed on your system. The NoMachie binaries will install just fine without it, but you won’t be able to establish a remote connection unless you install it. The upside of this is that all your communication between you and your remote machine is encrypted “out-of-the-box”. This is usually not the case with VNC, and never the case with RDP.

Definitely give it a whirl especially if you have a headless linux box somewhere and you would like to have an easier way of interacting with it than just plain ssh, without trading off security.