[erlang-questions] Stand Alone Erlang or Equivalent
Sat Sep 8 07:36:34 CEST 2007
Vlad Dumitrescu wrote:
> The explanation this time is clearer, thanks.
> You say some kind of DRM is necessary in order to get a deal. Sure,
> that's agreed.
> You say it's easier/safer to put all beam files in an archive and
> protect it, as compared to protect each beam file. I may be wrong, but
> I think there's no difference. If the code loader is extended so that
> it can load from an encrypted archive, then it can just as easily load
> from separately encrypted beam files. A cracker can do something about
> it if it cracks the encryption, and in that case both alternatives are
> just as easy to tamper with. Without the encryption key, a modified
> beam file would useless in both cases.
> What am I missing? What is a packaging into a smaller set of files
> adding to the security level?
A couple of things here. Firstly, by having the files "out in the open"
(i.e. same filename, etc) - it makes it REALLY easy to compare to the
original. It is pretty easy to work out how to the encryption used (&
the key) when you have the original file to compare to.
Game software DRM is all about _inconveniencing_ the hackers. It is an
axiom that having both the encrypted file & encryption key in the hands
of the client is not 100% secure. So arguments on that will only get
agreement from me. We cannot really raise the security level by putting
the files into a single archive, but we can raise the "inconvenience
level" making it more difficult
There is also "standard practice" to consider. As I mentioned in another
email - the standard practice for game deployment is a small number of
large archive files. By enabling the code to be extracted from a zip or
other archive - there is a single "bottleneck" in the code that can be
altered to other archive file formats (encrypted or otherwise).
The point *I* am trying to make is that enabling a single file (or
perhaps double "exe + archive" file) distribution enables the game
developers to get past the above "commercial hurdles", while also giving
the other developers asking for single/dual file deployments what they
Please note, this is not a demand or even a pushy request (contrary to
what I am sure it appears to be). I am simply trying to explain WHY some
of us desire the deployment characteristics we are asking for.
More information about the erlang-questions