[erlang-questions] Stand Alone Erlang or Equivalent

Benjamin Tolputt bjt@REDACTED
Sat Sep 8 07:36:34 CEST 2007 

Vlad Dumitrescu wrote:
> The explanation this time is clearer, thanks.
OK, cool.
> You say some kind of DRM is necessary in order to get a deal. Sure, 
> that's agreed.
>
> You say it's easier/safer to put all beam files in an archive and 
> protect it, as compared to protect each beam file. I may be wrong, but 
> I think there's no difference. If the code loader is extended so that 
> it can load from an encrypted archive, then it can just as easily load 
> from separately encrypted beam files. A cracker can do something about 
> it if it cracks the encryption, and in that case both alternatives are 
> just as easy to tamper with. Without the encryption key, a modified 
> beam file would useless in both cases.
>
> What am I missing? What is a packaging into a smaller set of files 
> adding to the security level?
A couple of things here. Firstly, by having the files "out in the open" 
(i.e. same filename, etc) - it makes it REALLY easy to compare to the 
original. It is pretty easy to work out how to the encryption used (& 
the key) when you have the original file to compare to.

Game software DRM is all about _inconveniencing_ the hackers. It is an 
axiom that having both the encrypted file & encryption key in the hands 
of the client is not 100% secure. So arguments on that will only get 
agreement from me. We cannot really raise the security level by putting 
the files into a single archive, but we can raise the "inconvenience 
level" making it more difficult

There is also "standard practice" to consider. As I mentioned in another 
email - the standard practice for game deployment is a small number of 
large archive files. By enabling the code to be extracted from a zip or 
other archive - there is a single "bottleneck" in the code that can be 
altered to other archive file formats (encrypted or otherwise).

The point *I* am trying to make is that enabling a single file (or 
perhaps double "exe + archive" file) distribution enables the game 
developers to get past the above "commercial hurdles", while also giving 
the other developers asking for single/dual file deployments what they 
desire.

Please note, this is not a demand or even a pushy request (contrary to 
what I am sure it appears to be). I am simply trying to explain WHY some 
of us desire the deployment characteristics we are asking for.

Regards,
B.J.Tolputt

More information about the erlang-questions mailing list