85 replies to this topic

[Saffith]

I don't see any reason to remove passwords entirely. The question is really whether to keep the encryption code private. That would mean that the programs built from the public source code wouldn't be the same as what you'd download from zeldaclassic.com. They'd be mutually incompatible, and only the latter would be able to open existing quests.

[Gleeok]

Just in case there was some misunderstanding: If passwords were removed completely then ZC could no longer open any quest from 1.9 up to 2.5 (which is basically all of them), so that's not going to happen.

[David]

That would have been nice to know since I was under the assumption that the passwords would be completely removed if ZC went open-source.

 

In that case, I'd prefer the encryption code to remain private. I know that passwords can somewhat easily be bypassed but I'd feel a bit better knowing that my quest files have at least some protection. Personally, I believe that people should show courtesy towards the authors of passworded quests by not cracking their quests. Thus, I think it would be wrong to have the ability to bypass them more easily with the encryption code.

[Timelord]

I'm going to address this in three blocks...

 

------------(1)------------

Logistics

 

It may seem like passwords dont protect quests in your eyes, but it actually takes at least some effort to figure out how to bypass the password. I, for one, wouldn't have any idea of where to start about doing it, and I'm using ZC for about 6 years

 

I feel better knowing that casual ZC players can't just open my quests in the editor. If they want to make "some minor changes" for whatever reason it could potentially break the quest and ruin their game experience, due to how easy it is to break things in quests if you don't know what you are doing. I trust that those people who actually took time to look into how to bypass the password know what they are doing.

 

So basically, I want passwords not to protect my quest, but to protect the players.

 

Possibly, but ask yourself this: Would you find the situation to be different, at all, if you had to scan through 400 source files, across 22 paths--not an exaggeration--to find it, in a spaghetti maze of C++ that was cross-derived from C, with sparse comments, if any?

 

Even if you found, and identified it, you'd still; need to comprehend it in order to utilise it to make a custom decrypter.

 

 

That would have been nice to know since I was under the assumption that the passwords would be completely removed if ZC went open-source.

 

In that case, I'd prefer the encryption code to remain private. I know that passwords can somewhat easily be bypassed but I'd feel a bit better knowing that my quest files have at least some protection. Personally, I believe that people should show courtesy towards the authors of passworded quests by not cracking their quests. Thus, I think it would be wrong to have the ability to bypass them more easily with the encryption code.

 

See above, and Saffith's similar remarks. The encryption routines, in the source, would still be harder to utilise to any positive gain--far harder--than it is to make a tool to clear the hashes using only the quest files as a basis. You don't need the sources to do that, and it is still easier.

 

I honestly couldn't care. Well, actually I kinda do. If there was no password protection on a quest, then that would ruin all the quest password rewards. I decided to go with the middle option simply because HURRY THE HELL UP ALREADY AND MAKE WEAPON AND ENEMY SCRIPTS, FOR CRYING OUT LOUD!
 

 

How does it take 10 seconds? Lol.

 

Ten seconds, on average. Some take three or four, some fifteen. The length, is primarily expanding the LSS compression, so it's based purely on the uncompressed output file size, and disk speed. The actual. password removal, occurs in milliseconds.

 

The more tiles, and maps, the longer LSS decompression takes, and the larger the output file, if you don't re-compress it.

 

If you need proof, meet me in chat, or on Skype, send me any number of your quests, and I'll let you watch via VNC as I decrypt them. I could do it as a batch process, but that would take longer to write, than to manually perform.

 

 

------------(2)------------

Common Complaints

 

As someone who has actually spent a fair amount of time looking for tools and info [...] The fact of the matter is: It's not nearly as easy for ye average user with google-fu to bypass passwords as some here like to think.
 

 

Where do you want it, SourceForge? Actually...about that...

 

There are sets of documentation that explains how the encryption works out these, and source in C, and in Python. Neither is terribly difficult to obtain, but it's not permitted to distribute them through this forum, which is why we never discuss the tools, code, or docs, here.

 

 

When you buy a game you don't expect it to come with source code and the ability to look through the entire project. I can't see the logic in why some people feel they are entitled to having that access just because the project is free and just because they use the same dev tools. If people want to open up and share their entire projects it's so, so very easy to do that, but that choice should be in the creator.

 

 

Shockingly, people here do expect to be able to use the music, the graphics, and the motifs from those games, in their fan projects. You can have your cake, and eat it too, but you can only manage that with one of two possible outcomes. Neither are very pretty.

 

If the entire game, or programme, all the content, everything, was original; made by the creator, then certainly, they're protected in any civilised country, against that kind of theft. Once you start on the slippery slope of borrowing content, to make something, it becomes increasingly not-yours. It's actually rather absurd, and silly, to see people try to do that; and it happens elsewhere.

 

Honestly, anyone who complains about people stealing from their software ideas, who uses Zelda Classic is in some way hypocritical. The very idea of Zelda Classic, steals from other game designers, and publishers. Seriously, why do fan projects have higher priority in this regard, than the commercial games that we essentially rape, to make them?

 

...

 

Well, probably three outcomes, if you include disembowelment...which is again, not pretty.

 

 

------------(3)------------

Development and Source Matters

 

Perhaps not, but I bet you know how to use Google, and it'll be happy to help.

That's the thing; it only need to be done once. Once someone figures out how to bypass the passwords, it becomes easy for everyone. Editing out the password check and recompiling might be a bit easier than poking around with a debugger or hex editor, but I doubt it makes a difference of even a day.

 

Precisely. This isn't something that even requires work, now. People have done the work--multiple times--and the hash system has been fully documented out in the wild.

 

Just because you can't find it on PZC--meaning that it was censored--doesn't make it difficult.

 

 

Another thing worth noting is that disabling the password check this way isn't exactly easy. You stil have to install a C++ compiler, set up all the libraries ZC needs, then dig through the code and figure out what you need to change. It's not something the average user can do on a whim. Even for those who know what they're doing, it's a fair amount of work to set it up.

 

Pretty much, what I said, early on. It's far easier just to crack the quest files, than modify the source to achieve the same result. Aside from being technically tedious, it's also problematic from other standpoints, which is one reason that making a version of ZC that is compatible with both standards, has been so treacherous, if not impossible, from all I've learnt.

 

 

I don't see any reason to remove passwords entirely. The question is really whether to keep the encryption code private. That would mean that the programs built from the public source code wouldn't be the same as what you'd download from zeldaclassic.com. They'd be mutually incompatible, and only the latter would be able to open existing quests.

 

 

^ Here is the key point. ^

 

People want new ZC features, and the programme itself is essentially down to one developer, part time. If you want new features, and want it to run on smartphones, or even modern versions of Windows, and the like, it needs developers. it needs a community of people working on it. It needs to expand beyond some of these petty notions of ownership, or go extinct:

 

If an open source version of ZC can't bloody run just about every quest made to date, it may as well not exist. The entire problem is a knife to the heart for the future of ZC, and there's no simple fix for that.

 

Open source ZC will have no library of games, and thus, no-one will have much interest in working on the open-source aspect of the project. There's really no point in making it open, at all, at that point; but I wouldn't expect it to last much longer with one person alone driving it forward.

 

Even Saffith, will one day feel that 'enough, is enough', whatever he may think now.

 

I feel the underlying issue needs to be addressed: The developers have no desire to produce a hybrid. Certainly, Gleeok was tired of the password debate long ago, and has since said he's not going to deal with it, any longer. If you want ZC to have a future, and this password thing troubles you, then you need to get over it.

 

There are jiggery-pokery ways around this, but they are not things that the devs want to muck about with, and at the end of the day, it's their time that this issue is wasting.

 

I should also note, that excluding the password routines in the open source, may make it far more tedious for people that want to add custom implementations of protection, that actually do work, in the future. I honestly think this needs to have its own hooks, so that it works as a software module, at some future development point. This is for self-contained games, that run using a customised ZC engine as a base, mind you.

Edited by ZoriaRPG, 20 October 2015 - 12:45 AM.

[Anarchy_Balsac]

For a little perspective, we're pretty much the ONLY modding community that has password protection in the first place.  Modding tools for games don't tend to have a password feature.  It's just not something that is done.

 

But yet, all the others get by just fine without it.  I don't think it'll be a problem for the ZC community either.  If anything, it'll ease the bandwidth of Pure and AGN a little when people can just open quests to figure stuff out instead of posting topics and hoping someone replies.

[Shane]

I'm on the fence with this one, and completely fine with either option. I plan to give out the password of my quest(s) as a reward for finishing my quest(s) so you can see how everything is done and take whatever you want. I usually don't open quest files out of respect anyway. That, and I'm not really that interested into seeing behind the scenes stuff. If they want to breach my quest file or cheat and ruin their own experience with my quest(s), that's their problem that I refuse to deal with.

 

Also how will keeping password protection halt Zelda Classic's future, ZoriaRPG? That sounds false to me.

[Russ]

Also how will keeping password protection halt Zelda Classic's future, ZoriaRPG? That sounds false to me.

The issue here is that keeping password protection means keeping ZC closed source, which would halt its future in the sense that Saffith and Gleeok simply lack the time to do everything themselves. The dev team for 2.5 was massive, yet shrunk to two people. We really need it to become open source to save it.

Here's the way I see it. As of now, passwords aren't safe. They can be cracked with relative ease. Releasing the source code wouldn't make it any easier. It'd just give a determined person another option. So by going open source, we lose nothing (it's not suddenly easier to crack passwords), and we gain a heck of a lot. So why not?

As for the argument that people can steal from quests with the password... I feel that's pretty unfounded. As it stands, people can already steal from a quest. "Ooh, I want those tiles. Let me just take a screenshot and rip them in from it." The password is more or less irrelevant here. Scripts can be kept private even with an unpassworded quest by importing them rather than leaving them in the header. The ONLY thing you would need the password to steal is the MIDI music, which didn't even have that handy option that disables saving them until 2.5 anyways. The bottom line is that it's just as easy to steal with as without a password. All that said, I think the fears would be unfounded even if this change WOULD make stealing easier because we're a bunch of honest people. If you saw somebody making a quest entirely out of stolen material, would you support it?

[Shane]

Ah, that makes sense.

 

Well, if people want to rip my tiles, palettes, etc. without finishing any of my quests, that's fine. I'm probably still going to have a password up as some form of reward for those who do play my quest until the end as a more personal thank you. I trust the community enough to use my resources and to play my quest as intended, we're a small, respectful community after all.

[Aevin]

Honestly, anyone who complains about people stealing from their software ideas, who uses Zelda Classic is in some way hypocritical. The very idea of Zelda Classic, steals from other game designers, and publishers. Seriously, why do fan projects have higher priority in this regard, than the commercial games that we essentially rape, to make them?

Look, it doesn't take that much effort to have basic and respect and empathy for the other side. And the language here is offensive, unnecessarily inflammatory. You don't need to go that far. You're smarter than that. We've had a good discussion here so far, and past topics have gotten ugly due to stuff like this, so please stop.

 

I do have an issue with your logic here. To me it comes across like saying grandma shouldn't hide her secret soup recipe just because it uses the same basic ingredient set as RecipeCorp's. It's still a personal creation with plenty of her own creativity involved, so it's natural to feel attached to it.

[Anarchy_Balsac]

The ONLY thing you would need the password to steal is the MIDI music, which didn't even have that handy option that disables saving them until 2.5 anyways. The bottom line is that it's just as easy to steal with as without a password. All that said, I think the fears would be unfounded even if this change WOULD make stealing easier because we're a bunch of honest people. If you saw somebody making a quest entirely out of stolen material, would you support it?

 

You can STILL save the MIDIs in 2.5.  Also, no, nobody would support it, nor do they in other modding communities that DON'T have password protection.

 

 

Look, it doesn't take that much effort to have basic and respect and empathy for the other side. And the language here is offensive, unnecessarily inflammatory. You don't need to go that far. You're smarter than that. We've had a good discussion here so far, and past topics have gotten ugly due to stuff like this, so please stop.

 

I do have an issue with your logic here. To me it comes across like saying grandma shouldn't hide her secret soup recipe just because it uses the same basic ingredient set as RecipeCorp's. It's still a personal creation with plenty of her own creativity involved, so it's natural to feel attached to it.

 

He was a bit blunt, but he has a point.  It's silly to mod the work of others, then be overprotective of said modded work.  It's a lot more complex than just stealing versus totally original, I get that.  But if we're being honest, even heavily modding someone's work can be considered ripping it off to a degree, albiet, a minor one.

 

That's not necessarily a bad thing, mind you.  Battletoads heavily borrowed from TMNT, but had one of the most fun arcades I ever played. It just means that very little is completely original, and that we should all self-reflect a little before freaking out about people "stealing".

Edited by Anarchy_Balsac, 20 October 2015 - 01:26 AM.

[Shane]

Yeah, you can actually exploit a method to get pretty much any MIDI you want (even if saves are disabled) by going to the esc menu a split second before the quest starts/resumes after an F6 continue or game over.

[Timelord]

For a little perspective, we're pretty much the ONLY modding community that has password protection in the first place.  Modding tools for games don't tend to have a password feature.  It's just not something that is done.

 

But yet, all the others get by just fine without it.  I don't think it'll be a problem for the ZC community either.  If anything, it'll ease the bandwidth of Pure and AGN a little when people can just open quests to figure stuff out instead of posting topics and hoping someone replies.

 

I'm not sure if it's exclusive, but a password-protected mod, or hack, is absurdly rare. It is indeed, unusual, and I have a sense that people are mainly nostalgic about it. The idea that including the source for the PW routines, in the open package, would somehow make it less useful than now, is just absurd. It really makes no difference; and it doesn't stop people from using passwords, if they wish.

 

As I said, anyone who could modify the source, can already hack quests. Publishing it will keep ZC a community, of people using one programme, instead of completely forking, and severing it. We'll have ZC forks down the line one way, or another, but any outcome that prevents open-source ZC from being completely compatible with the present quest library, is absolutely undesirable.

 

I'd say, that an intentional fork, or later development addition that allows custom encryption would suit people who want that, but I don't see it ultimately being popular. if ZC never has quest passwords, I doubt we would have any fewer games, or users because of it. It feels as if it's just stubbornness, in needing to maintain the belief that whatever you made is somehow magically protected, in order to evade breaking some illusory, skewed perception of the facts.

 

...

 

In a topic like this, and this important, bluntness, and shock value to make people think, both matter. Shock value sells news, and every journalist knows it. Sugar-coating things, is what we've been doing too long: In a civilised society of any kind, it's not acceptable to steal from Paul, and condemn Peter if steals from you, what you stole from Paul.

 

...and no, I mean stealing. More than 90% of the content, in all the games made for Zelda Classic, is directly ripped from other video games, period. Most games directly utilise graphics, sounds, music, and stories from official Nintendo games. The engine itself uses them.

 

If we can use that, then we should not criticise people for using anything that we make: That's is precisely what hypocrisy means. If you have ever, even once, used any graphic, sound, story element, character name, proper noun specific to a story, or title, that came from a Nintendo, Konami, or other major publisher, then you should reconsider what you think of as 'stealing', when you start ranting about that sort of thing.

 

Let's use the newly-repaired bulletpoint feature:

 

• We absolutely do steal the original properties of others. ZC itself, is just that.
• Most tilesets in the database, are ripped from commercial games, without any permission.
• Most game sounds, are likewise, ripped and used without permission.
• With rare exceptions (kudos, 744) we rip music from games, and bands.
• We have no right to any of that content, and we distribute it free as the wind.
• We take game stories, and deliberately recreate them, exactly, as 'ports'. 
• We never asked permission, we never sent in a letter to the people that own the IP, or to the people who have the moral rights on those properties.

 

• Nevertheless now, those publishers have been kind enough to look the other way, so I ask you this, in all honesty:

 

Why do we not show that same level of consideration, or at least acceptance, to our own community as a whole?

 

How does anyone here, find themselves in a sense of entitlement to any of that?

 

Why is this even a predicament?

 

It really is a moot point, as anyone who wants any of that, can get it. It just takes a bit of determination, or some logical analysis. It's nothing beyond most users here, if they really want to try. Arguing that you don;t want to see the password routines published, to protect your 'content', is abjectly ludicrous. Even if you are trying to protect something, the source code is pretty irrelevant to it. We're still all thieves, albeit just polite thieves, within our own circles. I'm no exception to the above bulletpoints, by the by.

 

I merely comprehend just how much I've taken from everything else.

 

I won't sit here and argue ownership rights. That's pointless, as people will believe whatever they want.

 

I however, will point out the flaws in reasons for arguing against this move, and try to make you think about your motivations until the cows come home. That occasionally requires some shocking terminology, but I don't think it was inappropriate. Pop open a good dictionary sometime, and look up those words that you find offensive, and read what they actually mean; or don't.

 

I mean that. I'm presuming that you're objecting to the word rape. 

 

Really, look it up.

Spoiler

The seizure of property, in an act of plundering; pillaging, or otherwise. Synonymous to: violation, ravaging, pillaging, plundering, desecration, defilement, sacking.

 

I'll admit, I own an OED, so my lexicon may include usage less common now-a-days. I do apologise if that was too violent sounding to (some of) you, but it's fitting in a sense. That's what ZC did, to the NES Zelda game. It pillaged it, and plundered it, then moved on, like a crusader. We benefited, and the original authors did not.

 

Is it possible that we are absurd to shame others for doing that, in turn, to us?

 

I'm not saying that we don't have moral, and legal rights of our own creations, but we need to be able to accept that people will re-use what we make, with, or without our consent, just as we've done.

 

...

 

My most pressing problem here, is that the argument that releasing the PW routines in the source would somehow 'ruin the value' of whatever materials you've put together.  People that understand how this stuff works, all concur that it ultimately makes no difference, except that one way, everything becomes broken.

 

People who find the quest password a good 'bonus' at the end of the game, won;t be spoilt by releasing the encryption routine in the source. people who don't care, or who hack games already, will continue to do either. Really, having beaten the game legitimately, is its own reward. For the record, this is why in the topic about post-game rewards, I thought the quest password (or a cheat code) were pretty pointless.

 

If you want to give a real award, make a ZIP of your scripts, and put up a website with a code engine, that parses predetermined strings, and dispenses your script packs to people who beat the game. I frankly feel that the 'post-game-reward' is overrated, and that it'd be better to have more replay value, or a bonus chapter; but that's subjective.

 

Before you say, 'People will just share the link.', aye, they will; and they will also share the password, just the same.

 

In this perpetual argument, the dissenting voices are all people complaining that people might use something they made, and many of those, used things that other people made to create their game in the first place. That's not only circular logic, but it's shoehorning an irrational argument into a simple problem. The project is stalled, over this... Developers are losing their hair over this, and pretty much giving up, all because a very small percentage of users might have a problem with it.

 

I also noticed that most of the cries of those who rally against opening the routines, simply do not comprehend what that means. You can't just copy them, and paste them in a file, and use that to unlock quests. It's mad difficult to use the internal routines to crack quest files y building a programme from them; whereas it is absurdly easy to that it without the source.

 

Really, look at the companion topics to this on AGN. It's pretty close to a total consensus that the encryption routines should be released. They probably will, anyway, whatever the outcome here, because it's the only practical, or at least pragmatic solution.

 

TBH, it doesn't make any difference for my application, as I never encrypt a ruddy thing in ZQuest. If I make a standalone game, using the engine, and an open-source release, I can do something to protect the entire thing, if I should desire, buut even that would be cheating the idea of open-source software. ISpeaking of cheating, i people are going to cheat, they'll find a way. and none of us can do a thing about it.

 

This reminds me greatly of the old arguments about copy protection on software diskettes. No, that didn't work, either.

 

...oh...and are we really worrying about MIDIs now? Is that what we've come down to for arguing against making the open-source release...usable?

 

I really just don't know what to think at this point, and I see why things that happened, and are happening, occurred. It's really just maddening. The core developers are explaining to you, why this is a problem, and pretty much asking for your grace to do what they need to do, and now we're discussing stealing MIDIs.

 

You know, you can just, record the MIDIs and re-use them that way, too, without needing to do a thing other than run a patch cord between your mic, and speakers connectors. Since when did we care about stealing music though? Don't we include stolen music directly in the ZC programme, on the title screen?

 

Do you see what I mean, when I say that these arguments are hypocritical?

 

I believe I used up all my bullets on the points above. now, it't time for some shots, to dull the pain.

 

ZC's just doomed:  Either it will, or it will not. There is no try.

 

P.S. If this is meaningful, just because the devs don;t include the routines in the source, doesn't mean that people won't add them back manually, or make new routines to bypass password validation. We know how to decrypt quests, and strip passwords. That can be applied to the open-source ZC, so that it bypasses validation steps too, which means in the end, if needed, we'd just make it open, and run everything as part of the open project, so, a third fork.

 

You see, we don't need the original source code method to do that, either; making the argument even more pointless. It's merely a matter of time, wasted.

Edited by ZoriaRPG, 20 October 2015 - 03:54 AM.

[Gleeok]

I'd have voted if not for how you worded the top choice.

Alright, fine. You win...

...Added a second poll!

....ZoriaRPG was here.....

Oh my gawd you need to make that into a Power Point presentation. ...You get a poll option too for that effort.

Also I kind of agree with most of that as well. (I read the last part mostly)

[Shane]

My most pressing problem here, is that the argument that releasing the PW routines in the source would somehow 'ruin the value' of whatever materials you've put together.  People that understand how this stuff works, all concur that it ultimately makes no difference, except that one way, everything becomes broken.

 

People who find the quest password a good 'bonus' at the end of the game, won;t be spoilt by releasing the encryption routine in the source. people who don't care, or who hack games already, will continue to do either. Really, having beaten the game legitimately, is its own reward. For the record, this is why in the topic about post-game rewards, I thought the quest password (or a cheat code) were pretty pointless.

 

If you want to give a real award, make a ZIP of your scripts, and put up a website with a code engine, that parses predetermined strings, and dispenses your script packs to people who beat the game. I frankly feel that the 'post-game-reward' is overrated, and that it'd be better to have more replay value, or a bonus chapter; but that's subjective.

OK, since this is all clearly subjective here, I'll go ahead and thoroughly explain (hopefully in great detail) as to why I feel that a password reveal is a good reward.

 

I believe a player should not see behind the scenes until he or she beats a quest. I believe going into a file beforehand will somewhat ruin the experience if not entirely as the sense of mysterious within the quest will be gone the moment he or she accidentally or intentionally sees later areas, etc. I'm more concerned about the former, of course. It would completely destroy any satisfaction of exploration/discovery within the quest. This is why it's more effective and more beneficial, in my opinion. to give access to the quest file only after beating the quest, so that they at least are aware of all the areas and spoilers. And they can see if they miss anything, etc. It's a completely versatile reward, and adds to the reward of beating the quest, so why just stop there? Just giving an ending could be argued as overrated. Nothing wrong with giving more satisfaction to the player, since that's your goal as a quest designer. I honestly don't appreciate the whole "anyone who understands how things actually work will agree with my subjective views"-attitude either, but let's not go there.

 

And yes, if you read a few posts above, I'm well aware people can still take resources/breach the file. My target audience are people who actually play quests, so I design it for them. If you're more focused on accessing quest files than you are playing quests, then something is wrong here I'd like to think.

 

Also what's the difference in giving script resources and access to the entirety of a quest? The latter seems much more interesting and relevant. And besides, a bonus chapter is still post-game-reward. So I don't see where you're getting at with this. You're just suggesting two different forms of post-game-rewards.  There is absolutely nothing hypocritical to what I am saying. I don't mind ZC going open source, but I'm still placing a password on my quest as an extra drive to beat it.

 

Before you say, 'People will just share the link.', aye, they will; and they will also share the password, just the same.

See, that's the thing I feel that's being misunderstood here. I don't mind if people access it early. I don't mind if people take resources. Clearly if I planned on revealing the password, I wouldn't mind. The reason why it's at the end of the quest is to prevent spoilers for those who wish to play my quest as intended. These people are my actual target audience and I care for none other as I've said above. And another reason also is I want to give the players the satisfaction of seeing the password after they've beaten my quest. Such satisfaction will never be obtained when breaching or asking for the password. It's more of a design choice than me wanting to protect "stolen content". I say that in quotes because what I'm actually protecting (read: if anything) is my custom work that I put effort and time into. But even that will be free to use once it's uploaded online.

 

No offense, but I don't get what's so hard to understand about such a basic and innocent design choice.

 

Edit: Also Zoria, no one has stated they are worried about people stealing their MIDIs. I don't think you have read the conversation properly as some of your statements are huge misunderstandings...

 

Edit 2: Worded some things a bit better.

 

Edit 3: Expanded my post more.

[Anarchy_Balsac]

Alright, fine. You win...

...Added a second poll!

 

I like babies just fine though