compiling and compression would not help as they can both be decompiled/decompressed with relative ease.
I'm talking about using [url=http://en.wikipedia.org/wiki/Symmetric-key_algorithm]Symmetric encryption[/url] in a module, where it would not be easily cracked. Cracking it is possible of course, but it's not something the 10 YO's leaking the scripts could do by themselves.
[QUOTE=>>oubliette<<;42970540]compiling and compression would not help as they can both be decompiled/decompressed with relative ease.
I'm talking about using [url=http://en.wikipedia.org/wiki/Symmetric-key_algorithm]Symmetric encryption[/url] in a module, where it would not be easily cracked. Cracking it is possible of course, but it's not something the 10 YO's leaking the scripts could do by themselves.[/QUOTE]
You would still have to run it in gmod, way easier to intercept that than decrypting it. Ways to do that are already public.
But still, it would be a pretty big hassle for the leakers.
You had a way to load lua in oubhack, maybe it was a different way than RunString.
I wonder if anyone else has noticed that this thread 14 times more views than rules sticky.
Why not add an opt-in thing where it'll run a string replace on a file of your choosing whenever someone downloads it from coderhire, replacing a certain string with the downloaders steamid or some other identifier, that way each coder can hide it in their code somewhere, making it harder for 10 year old kids to get rid of it and easier to trace where the code came from
Indent a unique ID in to the script through indentation
I guess the mentioning of this sort of removes that possibility
[QUOTE=LennyPenny;42970628]You would still have to run it in gmod, way easier to intercept that than decrypting it. Ways to do that are already public.
[/QUOTE]
Those who know what they're doing won't be stopped by something like this. However 12-year olds with their parents' credit cards will (to an extent).
Change your approach to the problem at hand -- instead of focusing on the minority you should focus on the majority and build a solution that will prevent the aforementioned demographic from being able to simply reupload the package they downloaded from CoderHire somewhere else.
Hey, my partner pointed it out in comments, but I'll mention it here in case it's a site glitch
[IMG]http://i.imgur.com/yhSsp3Z.png[/IMG]
-50 is actually +50!
On this script:
[url]http://coderhire.com/scripts/view/700[/url]
[QUOTE=NiandraLades;42972471]Hey, my partner pointed it out in comments, but I'll mention it here in case it's a site glitch
[IMG]http://i.imgur.com/yhSsp3Z.png[/IMG]
-50 is actually +50!
On this script:
[url]http://coderhire.com/scripts/view/700[/url][/QUOTE]
I never bothered adding anything to check the sale price is less than the normal price, so the percentage calculation is negating the difference. In this case (although illogical) 2.99 is -50% [b]less[/b] than 1.99.
Regarding the module suggestion, I'm kinda on the fence there. A lot of the time I'll end up making small changes to purchased scripts to fix small things that bother me but wouldn't be considered a bug. Use of a encryption module is a bit 50/50 for me, for that reason.
Now a bit of an offtopic.
Can we get a time limit on the reviews?
I have about 40-50 sales on my printers and only 6 reviews and the people who didn't post the review say that they won't do it 'in case they occur an error and author won't fix it', even thought they have it for over 2 months and any error they occured was already fixed.
So basically it's like this: If you did a good job with the script and the customer is 'better safe than sorry' sort of type then you won't get any review, but if you failed completely to make the script work then you'll get bad/medium reviews instantly.
[QUOTE=Netheous;42974280]Now a bit of an offtopic.
Can we get a time limit on the reviews?
I have about 40-50 sales on my printers and only 6 reviews and the people who didn't post the review say that they won't do it 'in case they occur an error and author won't fix it', even thought they have it for over 2 months and any error they occured was already fixed.
So basically it's like this: If you did a good job with the script and the customer is 'better safe than sorry' sort of type then you won't get any review, but if you failed completely to make the script work then you'll get bad/medium reviews instantly.[/QUOTE]
Even some guidelines or general Do's and Dont's of reviews (required reading) would be nice.
[QUOTE=Netheous;42974280]Now a bit of an offtopic.
Can we get a time limit on the reviews?
I have about 40-50 sales on my printers and only 6 reviews and the people who didn't post the review say that they won't do it 'in case they occur an error and author won't fix it', even thought they have it for over 2 months and any error they occured was already fixed.
So basically it's like this: If you did a good job with the script and the customer is 'better safe than sorry' sort of type then you won't get any review, but if you failed completely to make the script work then you'll get bad/medium reviews instantly.[/QUOTE]
Maybe advance the reputation system to more than just "trusted hirer" and "trusted coder"
[QUOTE=StonedPenguin;42974717]Maybe advance the reputation system to more than just "trusted hirer" and "trusted coder"[/QUOTE]
Trusted coder level 9999
Back to the point about leaks;
In all honesty, to combat something like this entirely, you could just simply [B]not give[/B] the client the code, instead a [B]supplementary script to load the purchased script through CoderHire's API[/B], perhaps http.Fetch with either a uniqueid for their download (more special than their steamid, this pertains to their coderhire account itself) as an argument for validation.
Would in all honesty, stop 99% of leaks, as they never ACTUALLY get the code, only the ability to run it, which is what the license is all about 99% of the time. So it wouldn't matter to them.
The only [B]REAL[/B] downside I could see with this, is that CoderHire would turn into a CDN for Lua.
ON the other hand, it sounds like a mighty fine idea, but the problem is:
[B]What's stopping people from opening up their browser, typing in the URL used to retrieve the code from the API, and paste-binning it?[/B]
There would still need to be some low-level encryption, or rather, some way to keep the generic browsers out, and only allow gmod/hl2 access to the API, which I KNOW is possible with .htaccess/htaccess.txt control, that could work out better by actually preventing browser access, and limit that part of the API for only game accessing so people can't simply dump the code requested.
[B]What's stopping people from changing the client code to PRINT / ECHO the code, or even write it to a text file on the server, so they can leak it?[/B]
Like I said before, this needs some major thought, encryption is a good bet, but again, this will lead to decryption, and just invite it to be cracked. We need to think more along the lines of making it unreadable, or rather, un-filterable so the client cannot simply print it out, or log the code that is ran through that system.
ANOTHER problem that i can see here, which is already sorted, is version control.
[B]What's stopping a script developer packing a nasty exploit that the client cannot see on his server, as it is loaded automatically through his grabber script?[/B]
Well, let's hope the moderators are up to the task of looking through people's code vehmetically for worms and the like.
All in all, this would prevent a lot of skids from leaking code, as let's face it, 80% of people that user coderhire to purchase, do NOT have scripting knowledge. The ones that do, are easily recognisable.
That's just my two cents is all, It's already blown out of the water, possible with setbacks.
Whilst I do agree that it'd be nice to do something, nothing we do is going to stop leakers.
We could prevent it a little by making it annoying for people to get the actual code for a script by getting obfuscated code from the API and RunString'ing it (encryption is pointless because the server would have the code to decrypt it anyway), including CH user identifiers to know who leaked something, but then the code is easily gainable anyway because of the code running on the server state to do all of that.
This also doesn't solve the problem that most scripts have a configuration file that users edit, and then if the API is down, nobody can use anything at all.
If anything is added at all it should have little to no impact on end users. They still have rights to modify the scripts don't they
Combating piracy at the cost of legitimate customers is pointless and I think this discussion altogether should just stop here.
My personal stance on this has been that you're not really paying for the code itself, but for support you'll get in case something goes terribly wrong. Sure, it does cost me money, if someone decides to use a leaked version over the official version, but I at least try to update my scripts based on feedback and give support whenever I can, so that's a thing leaked script users lose when using code they get from whatever fishy sources.
Also, another way to reduce piracy would be to have some kind of public hall-of-shame list of servers that use leaked code. Most buyers on coderhire buy scripts for their community, and it'd likely discourage people if there was a possibility of their community getting negative publicity.
[QUOTE=Wyozi;42975820]My personal stance on this has been that you're not really paying for the code itself, but for support you'll get in case something goes terribly wrong. Sure, it does cost me money, if someone decides to use a leaked version over the official version, but I at least try to update my scripts based on feedback and give support whenever I can, so that's a thing leaked script users lose when using code they get from whatever fishy sources.
Also, another way to reduce piracy would be to have some kind of public hall-of-shame list of servers that use leaked code. Most buyers on coderhire buy scripts for their community, and it'd likely discourage people if there was a possibility of their community getting negative publicity.[/QUOTE]
Hall of shame would make them infamous, and people would join the server to see what they have got that is leaked, being extra publicity and extra players... so not a good idea.
There's also the fact that if a server owner is looking for LUA scripts and installs a script that they didn't know was leaked (such as the person distributing it claiming it as their own), they won't even know, and this can potentially hurt the server's reputation.
[quote]Would in all honesty, stop 99% of leaks, as they never ACTUALLY get the code, only the ability to run it, which is what the license is all about 99% of the time. So it wouldn't matter to them."[/quote]
Would this prevent the buyer from editing it though? If not, that sounds like a good idea, but one of the main things almost every person purchasing scripts is most likely looking for is a simple config file so they can tweak things to how they need.
Like, if I'm buying something on Coderhire, it's going to because I can't do it myself or it just looks like a nice addition and every server owner is going to have different needs.
[QUOTE=WitheredPyre;42976298]There's also the fact that if a server owner is looking for LUA scripts and installs a script that they didn't know was leaked (such as the person distributing it claiming it as their own), they won't even know, and this can potentially hurt the server's reputation.[/QUOTE]
Whenever I see someone saying "LUA", I die a little bit inside...
Anyways, people who are looking for a script won't find coderhire scripts on the internet and if they do, there is always description saying 'q.q scripterz earn 2much, grab dis laek'.
[QUOTE=Netheous;42976388]Whenever I see someone saying "LUA", I die a little bit inside...
Anyways, people who are looking for a script won't find coderhire scripts on the internet and if they do, there is always description saying 'q.q scripterz earn 2much, grab dis laek'.[/QUOTE]
Well, uh, sorry?
Perhaps full code access will cost more than just the ability to run it?
The problem I see is that is that Garry's Mod needs access to the uncompressed/unencrypted/unwhatevered Lua to run it. No matter how much encryption you do, it would be trivial getting the unencrypted Lua from Garry's Mod. Maybe bytecode loading can be enabled by a module or something. Even then it's still possible to decode though a lot harder.
I thought that everyone would like to know that despite the little children and their leaks, this month is already beating last month for sales. We also have about 150 more daily users, bringing it to around 750, as well as around a 30% increase of users online at any one time.
[img]http://puu.sh/5sZwJ.png[/img]
[QUOTE=_Undefined;42977363]I thought that everyone would like to know that despite the little children and their leaks, this month is already beating last month for sales. We also have about 150 more daily users, bringing it to around 750, as well as around a 30% increase of users online at any one time.
[img]http://puu.sh/5sZwJ.png[/img][/QUOTE]
That's awesome.
I've just come into this, and I have no idea what is going on. Could somebody sum it up?
[QUOTE=Haskell;42977429]I've just come into this, and I have no idea what is going on. Could somebody sum it up?[/QUOTE]
Everybody has been tossing around ideas for how to prevent scripts from easily (preferably not at all) being leaked, but all of the solutions have been either hindering for users, easy(ish) or relatively possible to bypass/decrypt, or wouldn't work at all.
Good news everyone!
Sorry, you need to Log In to post a reply to this thread.
