Pirates is way too heavy a term here. Canonical is large enough and the issue muddy enough that I don't think this is a warranted accusation. They're also shooting themselves in the foot, instead of coming to some kind of amicable arrangement they've now accused canonical of a serious crime which will lead to a response to that accusation rather than to a solution that would have been beneficial to all parties.
If you deal with a company that is much larger than yours that made a mistake or did something you don't agree with publicity is a means of last resort, not your first avenue for redress. And if you truly believe canonical pirated your game then you should sue them.
This is an excellent reminder why I prefer open source to closed source, projects like Arch and Debian would never suffer from this.
Yes, please reserve such defamatory language for nine year olds who download music, and not innocent corporations run by billionaires who distribute copyrighted material for profit without compensating its owners.
This is for-profit and closer to true piracy than file sharing is. It could be unintentional, but if they've already been contacted about it they really should be quicker to resolve the situation.
Tommy Refenes has stated in an interview[1] that he said "it's fine" just because at the time he couldn't do anything about it. The level editor was programmed in a rush and he didn't think that anyone would exploit something offered to them for free.
In the end, the guy who warned him that an "evil hacker" could compromise the system, turned out to be that evil hacker himself.
For us web devs it pretty obvious that anything that can be exploited will be exploited. Tommy was naive about it. Imho, his "it's fine" comment made it worse - what he should have said is "thanks, but I can't fix it right now".
>The level editor was programmed in a rush and he didn't think that anyone would exploit something offered to them for free.
There's simply no way he actually believed that. It reads as a way to further shift blame to the exploiter by painting him as someone who hasn't just exploited an indie game darling, but has taken advantage of their altruism.
>In the end, the guy who warned him that an "evil hacker" could compromise the system, turned out to be that evil hacker himself.
I really wonder if Mr. Hacker would have gone ahead and done that if Tommy hadn't been so smug about blowing the guy off. If "it's fine" was asking for trouble, "I've done this for a while now" was positively begging for it.
I vaguely recall this incident from when it happened, but having recently watched Indie Game The Movie puts a new perspective on it.
That chain of events fits the personalities demonstrated in the documentary like a glove.
That, my friend, is called spin. I don't believe for one moment that the response "I've done this for years" doesn't smack of eye rolling and dismissiveness.
The right answer would have been "DM me", but that was done by the other side.
As someone who likes to understand potential security issues, and who has just embarked upon a project which is using PostgreSQL, what is the subtext of your comment?
Not every public web site enforces its business logic in client-side JavaScript and just accepts as valid the data that's submitted to a server. Every game that wants to submit a score to a central scoreboard has this problem, and it's a little absurd to debate the exact protocol by which an insecure-by-design architecture gets exploited.
You can submit the input sequence used along with the high score. You've then transformed the problem for the attacker from simply sending up an artificial score to writing a program to solve the game, which is harder and was an existing vulnerability already.
I thought this was my exact point. I was responding to a comment that replacing the database connection with an API would solve the problem. It wouldn't. Accepting a score from the client is insecure by design.
Every game basically has to trust the scores submitted by users. That doesn't mean it should trust users to mess with other users' scores, and it certainly doesn't mean it should trust users to mess with levels that other users have designed.
Yes, but you can fine grain permissions so a unique client can alter a high score that they previously held, but not alter everyone's scores, which is difficult if not completely impossible in MySQL directly, as well as sanitize data to reject wildly incoherent submissions.
The possibilities of pre-formatting data are endless with an API. Not so much with an INSERT statement.
If one must directly access the database from a client application, the right way is to make sure each user has an unique, secure database credential with only the minimal permissions necessary. However, direct database access is still a terrible idea in most cases, as it is a lot of work to prevent a resource starvation attack.
If they're selling software which they don't have the right to sell, and not sharing the profits with the rightful owner until and unless confronted, that fact should be communicated far and wide. It is a serious breach of ethics if intentional, a show-stopping flaw in Canonical's Software Center system if not, and illegal in any case.
As shardling pointed out[0], the use of "pirates" was editorializing of the title by new user kotakufanb who apparently didn't observe the guidelines ("... please use the original title, unless it is misleading or linkbait") as the word "pirate" appears nowhere on the article.
So, I would take their current claim with a large grain of salt.
---
[1] What's even sadder is Tommy (the programmer of the SMB team) clearly shows he knows nothing of Linux, the community, licensing, or even good programming for that matter. Here's a couple of examples:
1. There's a screenshot above of the lack of security with the high-score servers
2. Complete lack of portability. Humble Bundle of SMB (Linux port) doesn't even run.
3. Bugs. On Windows, you start the game and for some odd reason the game mutes itself.
The games great, but for such a buggy product, I'd keep programming opinions to myself.
I have a feeling the issue might be at least partly caused with issues on OpenGL/SDL/X11 or something like that. I've had no end of issues with fullscreen games under Linux.
To be charitable here, we're talking about a 2 man team (who shipped a successful product on their own) rather than a large AAA dev with an actual QA dept. Tommy might not be the greatest programmer (I remember reading something he wrote where he had some strange views on threading) but I think criticism has to be offset against that.
And at the end of the day they shipped a Linux game before Steam on Linux was even announced, apart from that one issue it seems to work flawlessly (for me at least) under Ubuntu including actually recognising an Xbox360 pad which Braid didn't.
It was not just that they sold his game without paying him (I understand there's more than enough reason to believe this was a regrettable mistake), it's that they claim that he declined to sell his games when in reality they declined to accept them. That makes him look like he's somewhy opposed to Ubuntu, and it is rather bad PR for him. I understand that he tried to get them to stop doing that, and chose to reply to what he saw as PR attack with bad PR instead of legal action (which probably would have made him look even worse). I don't think it was a very level headed decision, but I don't think what he's doing is wrong.
You keep using that word, I don't think it means what you think it means.
Piracy is not a crime, much less a serious one. Murder, for example, is a
serious crime. Please don't spout nonsense. Copyright infringement is a civil
offense, not even a felony.
That is not to say that what Canonical did - if the accusations are justified -
is ethically sound. But please don't spread the bullshit propaganda of certain
industry representatives.
I don't see any proof of that in the article. Again, if that's exactly what happened then they should sue them, this kind of trial-by-media isn't the way to resolve this. Canonical may be in the wrong, they may be not with just one side telling their story it could be just a silly communications issue or it could be that canonical's left hand doesn't now what it's right hand is doing. That isn't unusual at all. I'm pretty sure if they had sent Canonical a C&D they would have received an adequate response.
Of course blog posts are cheaper than lawyers but the end result is that they've now made themselves toxic and no distro will touch them from here.
Keep your dirty laundry out of sight until you've exhausted all other avenues seems to be a good rule of business. Once you go down the name calling road there is no turning back.
Mistakes happen, but this blogpost was not a mistake. The intent here is to inflict damage and it will likely be dealt with accordingly.
seems to be more complex than that, they (Team Meat) wanted SMB in the store but never signed contracts, but canonical put it in the store anyway, so it isn't as if they just saw the game and decided they wanted it... it was a deal being discussed that wasn't completed. Negligent, but not malicious...
Pirates is wrongly re appropriated term, but it certainly fits better to a company selling something belong to someone else without an agreement and keeping all the money than say someone downloading an audio track to preview it before buying if it's good enough (and available enough at a reasonable price).
Anyways there's no mention of piracy in the original statement.
It was not intended publicity, it's not as if they made a press release or something, it's just the answer to a question asked to the guy on a website that got picked up.
If you deal with a company that is much larger than yours that made a mistake or did something you don't agree with publicity is a means of last resort, not your first avenue for redress. And if you truly believe canonical pirated your game then you should sue them.
This is an excellent reminder why I prefer open source to closed source, projects like Arch and Debian would never suffer from this.