GOG.com Galaxy - DRM-free gaming platform

[Demut]

GOG.com Galaxy - DRM-free gaming platform

How come I haven’t seen a separate thread for this amazing topic yet? The search revealed nothing either.

[video=youtube;nyYW9AOWh-8]http://www.youtube.com/watch?v=nyYW9AOWh-8[/video]

I mean this sounds simply amazing! An alternative to Steam with all its window dressing, meaning, a program with all the added benefits of Steam but none of its DRM drawbacks? I can’t even put into words how excited the possibilities of this make me. If they do this right (and why wouldn’t they?) this could be a serious problem for Valve or at the very least force them to change themselves. I would welcome either outcome

 

[EmperorZorn]

It does sound amazing, doesn't it ?

I'm really, really excited for GoG Galaxy, as I've stated in another thread already~

Steam isn't that bad, but it does have cirious drawbacks.
I once modified the X-Com .exe to support windows xp (changed a .dll reference within to fool it to use a directx9 dll instead).
It worked like a dream, but every now and then Steam overwrote my workaround with a forced update.

I also had to be worried about being banned from the service for this modification
while I was playing my legally bought game. Needless to say, I don't like that.

Especially because other versions of a game seem to have less problems on launch than a Steam release,
because they don't need to go through a complete bureaucratic cycle until fixes become available~

 

[GHOSTMD]

I already have stated out my opinion about this several times.... even with the "passion" i have
I won' t start the ranting again... just to keep the peace, read my signature and you know where
i stand and what i think about all those fancy "services"

But i rly hope i RLY RLY hope GoG will crush origin, uplay, bn2.0 and of course steam in the upcoming
years and i wish them all luck on their way to do so... specially for all the gamerz they still remember
how it is to feel you would own your games you bought

Enough said... before my blood begins to boil up again :/

How come I haven’t seen a separate thread for this amazing topic yet?

Because most of the forum veterans here already know GoG very well and use this Plattform
and they followed the Summer conference of CDPR to i assume

 

[Blothulfur]

I tell you something if I had voice of that bloke on ad i'd be be getting a lot more slap and tickle off our Gert, sex on a fucking stick that.

 

[Gilrond-i-Virdan]

So far the main problem with this client is that GOG didn't confirm that the protocol will be opened (i.e. documented). One of the major problems with their current downloader was the closed protocol and the fact that the downloader itself was closed. Community reverse engineered the protocol to make an open alternative. Galaxy is going to be a more complex project and protocol will be more complex as well.

So GOG can either make their client open from the start to avoid all the above, or at least to document the protocol / API. If neither of that would happen, then this effort isn't really any better than what Steam does (i.e. closed client, no documentation on the protocol and so on). The only positive difference would be that it will remain optional and users would be able to skip it. So I'm not excited about this, until open client will appear.

To clarify, closed client of this type has all the same problems which DRM has - lack of trust, bad security foundation (no possibility of external audit) and so on. For a DRM-free gaming platform, open client is a must.

@demut: This actually was already discussed to some degree in the main GOG thread.

 

[Demut]

I know but I find that it’s worth its own thread :<>

Oh and could you try to explain the deal about open and closed clients? Where’s the issue with “closed” ones when you can simply download an installer and not rely on the client itself at all if you don’t want to?

 

[Gilrond-i-Virdan]

@demut: Note, we aren't talking about the fact that client is optional and one can avoid using it. We are talking about why it's better to make the client open (it's concerning those who want to use it).

DRM is all about hiding something from the user. By definition DRM never can have proper trust - i.e. it's always reasonable to suspect it to have undesirable features (like any malware). Galaxy client won't be about DRM, but it will have important functions (managing updates for instance). That's an administrative task to some degree. Any agent performing such task should be trusted. By not opening the client GOG leaves the potential for whatever hidden undesirable features to be included. I.e. it undermines trust (same way as DRM undermines trust). Additionally, closed client can't be independently audited, therefore it has less potential for improving security.

GOG can fix all that by making their client open source, which will make such client in line with their general approach to being DRM-free. That would reduce suspicion of hidden sinister features and would give the possibility of auditing it by anyone who wants to.

If GOG can't do such thing for whatever reason (can be operational, unfamiliarity with open source development and so on), they can allow community to develop such open client, but for that GOG should document the protocol between the client and their service properly, as well as general client functionality.

If GOG fails to do both, I'll consider Galaxy to be a failure and just a Steam clone without improving any core problems in it (except for keeping it optional). Of course community can make an effort and reverse engineer it, but it won't be to the GOG's credit.

 

[Demut]

Hrm, I see, thanks. have you taken this to the people at GOG yet?

 

[Gilrond-i-Virdan]

@demut: There already are requests in the GOG community wishlist system about these issues. GOG didn't comment anything though.

 

[Aaden]

I don't know about regulations regarding open source software or what implications the documentation you ask for may have - but is doing that feasible from a business PoV?
What I mean is, is there anything to stop the community from coming up with an alternative client with a different set of features? I'm pretty sure GoG intends to profit more from the client than just by catching up with the features Steam offers - e.g. I guess they'll add a storefront to the application to make their shop more accessible and more visible to generate more (impulse) purchases. An alternative client might not have that because a certain audience might consider it unwanted advertising or the like.
And from a Software Engineering PoV: Wouldn't you want to keep your solutions to complex issues involved in developing such an application a secret, lest the competition just "steals" it for their own software? Is there some sort of copyright for open source code? And even if so: is there a way to know if someone with a closed source project is using your code?

 

[Gilrond-i-Virdan]

What I mean is, is there anything to stop the community from coming up with an alternative client with a different set of features?..
I'm pretty sure GoG intends to profit more from the client

GOG is not selling the client. GOG is profiting on the service. Whether the client will be open or not, won't affect purchasing activity. So I see no problem here. Client is not their product, it's a tool to use their service (which is their product). Additional features in the forked clients can even help GOG - if they like them, they can incorporate them in their own client. They can even be proposed to be included in it to begin with (and appear in forks only if GOG is too slow or not interested in adapting them). Since the defining interface is the service protocol anyway, whatever those features are won't really affect GOG selling games as above. If anyone wouldn't like some alternative client - so what, they can use GOG's client. Same way, there are open GOG downloaders now, and they don't hinder the service: https://github.com/Sude-/lgogdownloader

And from a Software Engineering PoV: Wouldn't you want to keep your solutions to complex issues involved in developing such an application a secret, lest the competition just "steals" it for their own software?

I see nothing secret in such client. It's a helper tool, not some kind of trade secret. It's not even an extremely complex issue - just the one which requires work to implement. Desura for example has an open client which they officially endorsed: https://github.com/lodle/Desurium

And who said complex issues require closed solutions? There are tons of complex problems which are solved with open tools.

"Stealing" anything is nonsense in the open source. It by design allows copying / forking etc. Open source licenses have rules however. I.e. those who create derivative works can for example be required to share their modifications (strong copyleft). In other cases not (weak copyleft). For more details see https://en.wikipedia.org/wiki/Copyleft
It depends on the license chosen for the project. In this case it makes sense for GOG to use strong copyleft license, if they want to get source for any derivative works made available.

Anyway, it's not like someone can go and create a second GOG by copying their client. That's not what defines their service.

 

[Aaden]

GOG is not selling the client. GOG is profiting on the service. Whether the client will be open or not, won't affect purchasing activity. So I see no problem here. Client is not their product, it's a tool to use their service (which is their product). Additional features in the forked clients can even help GOG - if they like them, they can incorporate them in their own client. They can even be proposed to be included in it to begin with (and appear in forks only if GOG is too slow or not interested in adapting them). Since the defining interface is the service protocol anyway, whatever those features are won't really affect GOG selling games as above. If anyone wouldn't like some alternative client - so what, they can use GOG's client. Same way, there are open GOG downloaders now, and they don't hinder the service: https://github.com/Sude-/lgogdownloader

I have a feeling we talk at cross-purposes. Obviously GoG won't sell their client and I didn't mean to imply that. And it's not additional features I worry about but less features. I gave an example of a feature in their client that might serve to generate more sales: a storefront implemented in the client to encourage impulse purchases (start client to play a game -> see game on sale -> oooh shiny! I wants it!). If there are alternative clients they might forgo a storefront (to make the client more lightweight or because someone doesn't like the advertising or for whatever reason) and thus some GoG users will not have that impulse purchase incentive - something that clearly is not desirable for GoG.
GoG Downloader is a different matter because it doesn't do anything but downloading the games. People using or not using the Downloader is of no economic interest for GoG.

Anyway, it's not like someone can go and create a second GOG by copying their client. That's not what defines their service.

Obviously not. I was thinking about features of the client that might give GoG an edge over their competitors (whatever that might be - don't know what killer features a game library apllication could have, but let's talk hypothetically). If their client is open source, is there anything to stop GoG's competitors from copying that feature with hardly any work involved and GoG losing their edge immediately?

And who said complex issues require closed solutions? There are tons of complex problems which are solved with open tools.

No one. It was meant in the context of paying your own software engineers for solving a complex issue and then giving it away to your competition for free by making it open source. Open Source obviously is great in many regards, but I don't know how it works when it comes to economic considerations such as this and thought you might be able to enlighten me.

 

[Gilrond-i-Virdan]

If there are alternative clients they might forgo a storefront (to make the client more lightweight or because someone doesn't like the advertising or for whatever reason) and thus some GoG users will not have that impulse purchase incentive - something that clearly is not desirable for GoG.
GoG Downloader is a different matter because it doesn't do anything but downloading the games.

On the contrary. If there are users who are annoyed by ad-style offers, and prefer to use a client without them, preventing them from doing it would likely result in such users not using the client at all. So such feature has to be optional in GOG's client to begin with. And if it's optional there, making it optional in any other client wouldn't make a difference. Unskippable ads are the last thing GOG want in their service.

Obviously not. I was thinking about features of the client that might give GoG an edge over their competitors (whatever that might be - don't know what killer features a game library apllication could have, but let's talk hypothetically). If their client is open source, is there anything to stop GoG's competitors from copying that feature with hardly any work involved and GoG losing their edge immediately?

I strongly doubt anyone can produce such features for this type of client, that competitors can't simply duplicate on their own if they want to. That's not something one has to worry about. Being scared to open the client because of that is silly.

It was meant in the context of paying your own software engineers for solving a complex issue and then giving it away to your competition for free by making it open source.

Happens all the time, including with major well known companies. Probably the most well known example is Linux kernel itself. The biggest contributors to it are big companies where work is done by paid developers. It all depends on the context and the project. I see GOG's client as quite suitable for open source development.

 

[dragonbird]

OK, can we try to stop this from turning into open-source advocacy please? I know that we haven't seen much about the product yet, and don't have a lot to say, but if pushing for one particular set of code to be used, GOG is probably a more-suitable venue than here. It's they who need to be persuaded, not the members of this forum.

 

[Gilrond-i-Virdan]

@Dragonbird: That's a valid critique (or rather proposal) for the GOG's client. Opening the client is not a random topic, but mostly triggered by the past issues, when community asked GOG to open their downloader, or at least to document its web API. GOG did neither of that (and didn't really communicate much on this issue as well), so community was mostly left to deduce it all through reverse engineering and network analysis. And of course GOG changed stuff without notification as well, requiring to update that research.

Therefore raising this issue about the new client is important in advance. Galaxy is supposed to be way more complex than the current downloader, so these issues can only multiply. GOG has threads about the client and related issues already. Since such thread was opened here, why not discuss it. It's within the topic of the client. This thread shouldn't be just for comments like "oh, how great the client is, just awesome!". There is nothing wrong in highlighting existing (or pending) problems and concerns. Of course if it's only restricted to praises for the upcoming client, then it's a different story.

 

[Demut]

Agreed, I wasn’t aware of this problem and I’m glad to have heard of it, even if it might not matter much in the grand scheme of things that I now know about this.

 

[Aaden]

I agree that there were cases when Gilrond went a bit too far with pushing the Linux/Open Source/etc agenda, but this is not one of them. Discussing technical issues and development approaches seems valid to me in this context - there are (quite many!) people here who probably are interested in GoG Galaxy but are not aware of the implications, e.g. for security, of Open vs Closed Source. Plus, Gilrond wasn't advocating but answering demut's and my questions.

On the contrary. If there are users who are annoyed by ad-style offers, and prefer to use a client without them, preventing them from doing it would likely result in such users not using the client at all. So such feature has to be optional in GOG's client to begin with. And if it's optional there, making it optional in any other client wouldn't make a difference. Unskippable ads are the last thing GOG want in their service.

You can't compare a storefront like Steam's to unskippable ads, especially if you can default startup to another tab/section of the client, and thus I doubt that anyone would skip the client and all of its features just because of it. If there were annoyances that decide whether or not a user uses GoG at all, I'd agree, but I don't think that's the case with a sensitively designed client. Still, the store would be considerably closer and more visible to the user than in the web browser. An advantage for GoG that alternative clients without any storefront whatsoever do not have. I think psychological trickery - effective measures that do not annoy users - to increase sales is one of the major reasons for offering a client. And saying "your service and client are great and all, but could we have the same great thing for the user, but without the concessions that make it attractive for you, GoG?" doesn't seem like something a company would want to agree to.

 

[Gilrond-i-Virdan]

@aaden: Delegating purchases to the client which already lacks trust (because it's closed) makes it even worse. Browsers seriously work on security and a lot of people are auditing them. Who would audit GOG client? And closed with that? Would you trust such client any of your financial transactions? I'd never do such a thing. If anything, your idea about putting storefront in the client only highlights the importance of making it open.

 

[dragonbird]

I have problems though with the advocacy of an open-source client at this stage.
It makes a lot of assumptions regarding the purpose of the client, assumptions such as "it will be a storefront" which have never actually been stated.

It starts from the viewpoint of "here is an open-source product, GOG should use it", whereas the actual approach from GOG should be "What features do we want?". Yes, if many of those features pre-exist in open-source code, then GOG probably SHOULD consider using that as a starting point, but we don't know that. I know from long experience that trying to shoe-horn a customer's requirements into a specific software solution just because you want to sell it (or give it to them) isn't usually a good idea.

And it starts from the premise that open-source is ALWAYS the most secure approach. This is still disputed, and an opinion rather than fact, and we have the strong evidence from Heartbleed that trusting software just because it's open-source can lead to complacency and a false sense of security.

So I still think we're getting side-tracked into a different discussion. I've been looking at the main thread over at GOG, there isn't much info except for a lot of fear from the users, especially regarding what will happen to the existing downloader when Galaxy comes out, and exactly what the client is going to do anyway. Not many answers, just a lot of reassurances from the GOG team on what it WON'T do.

(Oh, and Gilrond, you'll probably be reasurred to hear that it seems to be confirmed as NOT being based on C++ or Java. Nothing about what it is, but the speculation seems to be Python).

 

[Gilrond-i-Virdan]

It starts from the viewpoint of "here is an open-source product, GOG should use it

No, you got it wrong. It starts with viewpoint that any new client that GOG is going to develop should be open in order to improve trust and make it in line with their DRM-free approach (considering they already published information about some features that such client will implement, such as updates management). Whether GOG will develop it from scratch, reuse existing options and etc. isn't the point of this conversation. The point is openness of the client. I hope that makes it more clear.

And it starts from the premise that open-source is ALWAYS the most secure approach. This is still disputed, and an opinion rather than fact

That's not disputed. Open code can be better audited (it doesn't meat it always is). Heartbleed example only highlights the issue. The fact that the protocol and implementation were open helped identifying the problem and fixing it as soon as it was discovered. It took too long to find it to begin with? Yes, because as it happened, no one audited that functionality properly - a major point of embarrassment for some experts. But if it had been closed - it wouldn't have been found in the first place or would be much harder to find. Just to clarify - openness of the code doesn't guarantee security. That's not what this is about. It gives potential for better review, therefore reducing potential for sneaky sinister intentions (there is never 100% guarantee, we are talking about potential here). It's a common sense agreed position of security experts.

And for the reference, security through obscurity is rejected as improper approach: https://en.wikipedia.org/wiki/Security_through_obscurity