There's no way they missed the negative publicity leading up to the launch. They were trying really, really hard to not let this happen, but there we have it.
The internet scored its first point when the DRM was cracked almost immediately. This second failure is just going to motivate everyone, even those who actually bought the game, to download a torrented copy of the cracked version.
A couple of friends on anoher forum have reported they are pretty major.
I'm inclined to think it's not completely cracked. I played a little with the network traffic and it's definitely encrypted/signed. Also one of the gnomes in the office had a go at reverse engineering it and as far as he's got so far he says it is pretty solidly done.
1) Many refuse to buy the game ONLY because of the DRM.
2) DRM Servers Crash
3) Game cracked almost immediately after launch.
4) Legitimate users download the crack.
Point 4 is awesome. I think Ubi should be sued because a legit user HAD to crack the game to play it with a bad internet connection / servers down, and got a virus, and sue ubi for the damages.
I completely stopped upgrading my PC for gaming years ago and switched to console, I just got sick to shit of DRM adding yet another negative expense on my game playing experience. Not only does it aggravate the player, but it can put a significant drain on your CPU that should be being used almost exclusively for the game.
I've also notice games screw with the process priorities by confusing windows. The autoplay (which contains the DRM programs) gets priority over the actual game, you then have to CAD to set the priority for the actual game.
I wouldn't be surprised if this is the work of a DDOS. I mean Ubisoft probably worked hard to make sure this wouldn't happen so they wouldn't get even more negative publicity. The only reasonable explanation I can think of for such a terrible failure is that anti-DRM people are DDOSing the servers.
Honestly, that is no excuse. Even if every black-hat hacker in the world had it out for a certain game, people who buy physical copies of the game should still be able to play it that day.
The point is, to prove a point a DDoS attack can be initiated against Ubi's authentication servers thus making the game unplayable for extended periods of time for legitimate customers only.
Even if Ubi takes DDoS into account, the DDoS might slow the servers down just enough to keep kicking people out of their games.
Agreed, on initial release the DRM server would be getting hit major amounts due to the massive amounts of pre-orders. You don't pre-order unless you're planning to play it in that first week it's on sale.
And we all knew that with the publicity surrounding the new DRM, something like a DDoS at release shouldn't have been a surprise. Ubisoft really should be prepared for these attacks.
>It seems that the game may be making repeated requests for authentication between levels before allowing the player to continue.
>An early crack was also released for Assassin's Creed II (which hits Australia and Europe before North America's March 9 release), but those who have tried it say that they are unable to advance very far into the game without being sent back to the menu screen.
Maybe they are victim of accidental DDOS created by their own DRM security strategy. Maybe the consequences of the "repeated requests for authentication between levels" for hacked versions is what is causing the DDOS. Then hilariously, people who legitimately bought the game but can't connect try to download the hacked version and it only cause more authentication request and make things worst.
Unfortunately, they're likely to simply deploy even bigger cluster of authentication servers and add the cost to the next game. Then it will fall down again. Lather, rinse, repeat.
Yeah, think of all the meetings they had to design this feature. They can't let those go to waste; better to have another meeting to decide how to beef up the network.
I love all the blog posts that say "don't hire good programmers because they will waste time programming something fun instead of doing work," but of course, in the real world, "doing work" is the much bigger productivity sink. Imagine how much better the game would be if all the resources on the anti-piracy team were programming the actual game instead. Maybe more people would be willing to pony up $60 for the game if it was better.
Maybe, but it's hard to feel sorry for anyone who knowingly bought into the deal. I will, on very rare occasions, purchase DRM'd products, but when I do I know full well it's my own darn fault if I end up losing access to them.
Not everyone researches the DRM in their games before purchasing. Some people just buy the box at Best Buy. Seems unfair to expect everyone to know these things ahead of time... shouldn't you be able to just buy a box at Best Buy, and rightly expect to play what you paid for?
Hence the "knowingly bought" qualifier. I sure agree that you ought to be able to expect your fair use when you drop your cash, but unfortunately the days are long since past when that's been the case for anything content related.
Ya that is true, ff they know what they're getting themselves into, I don't feel bad for them. If I had to guess, though, I'd say that the majority probably don't.
Ok, I'm against DRM too, but no, if this is a DDoS, the hackers are not doing anyone favours, because what's harming the consumers in this case isn't the DRM, it's the DDoS.
That's some twisted logic. The DRM is indeed what's harming the consumers. It doesn't matter who or what took down the servers: what matters is that Ubisoft's DRM won't let users play the game. If that DRM didn't exist, all the anti-Ubisoft hate in the world couldn't stop consumers from playing the game!
Ubisoft's DRM is what's hurting the customers. The DDoS (if that is actually what's happening) is just a side-effect, and probably an inevitable side-effect of DRM.
It doesn't matter who or what took down the servers
Sure it does. Just like it matters and should affect our responses whether a building was destroyed by earthquake or some dude who sets off a bomb under the building to prove that it couldn't survive an earthquake. Intention, while not everything, matters a hell of a lot. Illegal and malicious actions like these don't serve to punish the companies who use DRM, they just give them a scapegoat to blame. If, like me, you're against DRM, vote with your dollars and stay the hell away from companies who use DRM in their products.
There's a big difference between the earthquake case, where it's really unlikely that there's a dude who will actually set off a bomb, and here, where it's guaranteed that over the whole internet, there's at least one dude who is going to DDoS you. The fact that someone in particular actually sets it off and is therefore morally responsible for disconnecting all those users doesn't remove any blame from Ubisoft, who was releasing into the real world where the DDoS was guaranteed.
It actually doesn't matter how the building was brought down for the people who are in it -- what matters is that the building is down and they can't get to work/get out of the rubble.
We have this benchmark of "reasonable expectations" for designers of things. Sure, you could whittle endless years away contemplating and preparing for every conceivable eventuality, but we don't expect that of people because that's crazy.
However, we do install security in buildings because we know from experience that every once in a while you'll get a loon trying to blow the building up with a truckbomb or trying to shoot up the lobby. Security isn't perfect, but they perform reasonably in most situations.
We ask our architects to consider disaster resistance in building design because we know that it's plausible that the area may one day be affected by earthquake or some other calamity.
If either security or architects and engineers are found to be negligent of their duties to provide reasonable protections against violent crazy people and/or natural disaster, they are ostracized as seen fit by society. While they didn't cause the earthquake or the explosion, they knew, or should have known, that an earthquake or a violent assault might occur in the building they had designed and/or were assigned to protect.
If they were found to have prepared adequately and still failed, they are generally "let off the hook".
Now, in the case of a highly unpopular, highly publicized DRM scheme, do you think it's reasonable to assume that some out there might be interested in negatively affecting its operation such that people don't buy your game? A lot of people want to gob up the debut. I would say that it is reasonable, and that Ubisoft doesn't get any kind of pass for inability to ward off a DDoS in such a case.
Ubisoft is a big multinational company, publicly traded, with a lot of money. There's no good excuse to let their servers die from either DDoS, non-malicious overload (effectual DDoS), or other standard calamity.
While they didn't cause the earthquake or the explosion, they knew, or should have known, that an earthquake or a violent assault might occur in the building they had designed and/or were assigned to protect.
That is irrelevant to the fact that the idiot with the bomb wasn't doing anyone any favors, which was the point I was trying to make in my original comment. I guess I should have omitted the part about "what's harming the consumers" or changed it to "what's directly harming the consumers" to avoid all these knee-jerk responses from the anti-DRM brigade, which incidentally I consider myself to be a part of.
AC2 is not an MMORPG. It's a single player game. If this was an MMORPG, then yes, there would be more understanding about the MMORPG side of things, but it's not. More to the point: Paying customers cannot play the game while non-paying customers can play the game.
Let's make this clear: Ubisoft went out of their way to build a system that prevents their customers from playing their game while non-paying customers can play the game.
Yes, I know - MMORPG was simply an example. The main point is that if the content had been worth actual value to the consumer/player then those doing any DDOS would be getting equal flack for their actions.
Im sorry but it seems illogical to condone the idea that DDOS'ing the servers to prove a point as a good one :)
> Let's make this clear: Ubisoft went out of their way to build a system that prevents their customers from playing their game while non-paying customers can play the game.
I think that's a bit mis-representative.
Firstly non-paying customers can't play the game: so far I have not been able to find a crack that works fully. We've done some reverse engineering here at work (and we employ some smart bods who do this stuff to enterprise software) and the summation is "parts might be cracked, but definitely not all yet... ooh look at this bit...". The skid-row crack doesn't work for the whole game just part of it (independently verified). So far as I've read all those yelling "Told ya! It's cracked" haven't actually bothered to try it themselves!
Secondly they went out of their way to build a system that might prevent some customers playing the game. It's a silly, idiotic system they've invented but it should only affect those with dodgy or no internet connection... instead because of DDOS (unproven, and im not sure this is the case) all customers are affected.
Server and networks go down. It happens, and sometimes, no matter how much local testing you do, they only fail when you are at a huge number of users at a peak time (Sunday game playing). They should have expected it to happen and program accordingly.
That's what I meant, though. They would have expected large numbers of users. They knew how many copies of the game they sold, and should have planned their servers accordingly. Time will tell, though, whether it was a failure on their part or foul play.
I've done quite a few independent 3rd party tech reviews of a number of game hosting providers, and was (and am) quite shocked at the absolute crap that I saw. Sure, a few were well done and at a level of quality you would expect based on their popularity and sales numbers, but quite a few were shockingly pieces of crap.
You're making the assumption that the hosting system they're using is the former, and not the latter.
While I don't know anything about their specific situation, I wouldn't just assume that they actually have their shit together.
It could very well be that the didn't design or implement a system good enough to handle the requirements of their DRM.
Oh, and I also have a possible theory as to why this is.
Game developers are, for the most part, quite smart.
When a game company, or any tech company, for that matter, runs into a problem that needs solving, they generally try and solve it in-house to start with. The normal traits that make a developer good at his job (problem solving skills, intelligence, confidence in his/her abilities, etc) sometimes are their own worst enemy, as they feel that they can solve that particular problem.
Very rarely have I found smart developers that understand and recognize their limits to the point that they suggest bringing in outside, professional help, rather than tackling the problem themselves. This makes them look bad to management and their peers, and can damage their ego. And it may seem like a fun challenge as well. They honestly think that they can figure out a solution to just about any problem, even if that problem is way outside of their skill set or experience.
Personally, my experience is in architecting large, scalable, fault tolerant systems, like online banking, offshore gambling, government stuff, and online global gaming systems.
I've been brought into more than a few situations where this has been exactly the case. Sure, the in-house devs have come up with a solution, and they're doing everything that a smart person would do for the first pass at a solution, but they don't have the experience to know what will or won't work down the road.
Their first iteration ran into the same problems that every other first iteration had, but their timeline, budgets, and marketing pressures don't afford them the luxury of improving it to where it should be.
I have the luxury of the experience to come in with knowledge of the 20th iteration of a solution, and can apply them early on in the process.
My current contract is just like that... I made design and implementation decisions early on that seemed to make no sense to the devs, even after I explained the reasoning, but now that we're 8 months down the road and they see those designs in action, they get it. And a lot of that also has to do with the devs lack of experience and understanding of what an operations team needs to run the system.
Anyway, this has been some of my experience, and it wouldn't surprise me to find that it could quite possibly be the case here.
I made design and implementation decisions early on that seemed to make no sense to the devs, even after I explained the reasoning, but now that we're 8 months down the road and they see those designs in action, they get it.
To what degree does this refute the YAGNI principle? If the initial phases of the project don't need those sophisticated aspects, why would you design them in at the beginning?
Don't interpret that as an attack. I'm really trying to resolve two principles that both seem obvious, but are in tension to some degree.
>> If the initial phases of the project don't need those sophisticated aspects, why would you design them in at the beginning?
Because history has taught me that it will be a definite requirement later on (as in when going live), and the amount of work involved with going back after the fact and incorporating it is insanely high versus designing it properly up front.
So that's not YAGNI, that's You Just Don't Know That You'll Need It.
That's where the experience comes in.
We're not talking about simple refactorings, etc., but major design decisons like technology stacks, architectures, etc.
For instance, the biggest issue I've run into is having a live MMO that had the "new" requirement to be able to troubleshoot and debug a single user among hundreds of thousands.
That is something best handled by a proper initial design, not a slight reworking later on in the process.
As far as I'm concerned, too many people take YAGNI too far. There's a compromise there, and that's where the experience comes into play.
So they intentionally introduced a gaping DDoS vulnerability into their software? That doesn't exactly make me feel warm and fuzzy.
The buck stops with Ubisoft, regardless of whether it's a DDoS or not. There's no good software engineering reason for the failure of one of their servers -- or even all of their servers -- to imperil all of their users, yet they decided to design their product that way anyway. That means it's their fault when the inevitable occurs. (As it would have even without the DDoS, when they decide to shut the authentication servers down if not before.)
My grandmother could have seen this coming, and my grandmother has been dead for a long time.
> The only reasonable explanation I can think of for such a terrible failure is that anti-DRM people are DDOSing the servers.
Don't forget Hanlon's razor.
It might be a DDoS, but given how stupid was the decision to implement such a DRM scheme in the first place, I would not be surprised if their incompetence also extended to a really lousy and unreliable implementation of the idea.
This. Any DRM scheme that tries to take away users' control over their own open hardware is both despicable and doomed. How smart can you be before you decide you'd rather not have that on your résumé?
"We've got a really great suggestion for how to make such an assurance: Find a less abominable DRM policy."
I don't see how Ubisoft isn't getting sued for this. Here, you can own this object, it and everything on it are yours. But, if we decide so, then you can't use it at certain times, even though you paid in full to be able to use it at any time.
Sure this is being a little harsh because Ubisoft didn't do this on purpose, but seriously, this is ridiculous.
If you have bought the game, you have an implied right to play the game (if the small print says otherwise, it should be null and void, and Ubisoft charged with fraud, for that would be making money by deception).
If you bought the game and can't play it, due to Ubisoft's deliberate decision to tie playing the game to their server being up, then you should be entitled to your money back.
"If you have bought the game, you have an implied right to play the game (if the small print says otherwise, it should be null and void, and Ubisoft charged with fraud, for that would be making money by deception)"
That would be nice, but it isn't the way things work.
Actually, sometimes it is. Volkswagen got sued in the US for selling cars equipped with transponder keys that were far more difficult and expensive to replace than standard car keys without making adequate disclosures to the customer. I suspect a similar lawsuit option exists for Ubisoft customers.
Sometimes it's cheaper than paying the lawyers. The settlement terms in the VW case mostly consisted of informing customers who could make keys for them, and giving vouchers to certain customers for reduced-price duplicates.
Depending on whether Ubisoft really sees this DRM strategy as critical to its survival, it might settle such a suit, or try to head one off before it got to court by changing its DRM policy.
Actually, that is the way things work. I know if I had purchased this game, instead of boycotting it because of the DRM (which I did), right now I would be back at the store demanding a full refund back to my credit card.
If the merchant refuses, that's what a merchant agreement is for... Time to call my bank and get a chargeback. Fuck 'em. They can get the money back from Ubisoft for selling me defective product.
I don't care what type of "click wrap" license they try to foist on me. That shit doesn't hold up in court as legally binding. In the end, my bank will get my money back.
By that logic, Blizzard would have been sued into oblivion for all the downtime that World of Warcraft has experienced, and continues to experience on certain realm servers.
It's been quite a while now that no matter how much you pay for a device it's still owned by the company that produces it. You're only allowed to do with it what they deem acceptable. Apple is simply the poster child for this kind of behaviour.
As long as we keep accepting that companies have a say about what we do with the property we bought from them after the moment of purchase these kinds of stories will continue.
I understand your point, but, it is almost impossible to brick an iPhone unless you mess with the baseband. An in this case it is the person who modifed the firmware who is at fault not apple.
In the case of AC2 people with legitimate UNMODIFIED games are being left without their product. I'm not supporting apple for locking the hardware but I don't think your comparison is fair. It would be a lot easier to compare with the Zune or the PS3 in which cases the platforms were also unmodified and suffered down-time due to a manufacturers mistake.
They "got away" with bricking devices which were modified, which explicitly voids all warranties. I'd be willing to bet the hacks also violated TOS agreements.
While it's an ass-move to pull, and I seriously disagree with them doing it, it's fully within their rights. If you change your hardware / software, and don't expect things to possibly fail when you apply an update that doesn't expect modified hardware / software, you are an absolute moron.
This certainly isn't a likely scenario, but I was just wondering... Since all those posts are anonymous, wouldn't it be easy to create a fake buzz about some famous DRM not working? Even without using zombie hosts, or anything advanced - with help of ~10 people you can generate hundreds of messages from different locations in the world, cafes, via tor proxy, vpses, etc. Setup a couple of blog posts and get some attention to them on twitter.
Since the issue is impossible to debug from server side (there are no errors or connections at all), I think you could keep it up for good couple of days. Is there something obvious I missed to make it more believable?
So... when is Ubisoft releasing the next game with DRM?
A couple of points about this, it seems everywhere is jumping up and down pointing and laughing, but there's currently no crack for Assassins Creed 2 so pirates didn't profit and also, the problem is only local to the US. Internationally, the game works fine.
> "I'll do what I can to get more information on what the issue is here first thing tomorrow and push for a resolution and assurance this won't happen in the future."
How about this: drop the braindead DRM. Treat your paying customers like the adults that they are.
Except, every single MMO that has ever come out has had problems in it's early days, despite having pre-orders, betas, and other stepping stones, and the knowledge that every single MMO that has ever come out has had these same problems.
Ubisoft screwed up.
Even if it is a DDOS, they've still screwed up by implementing the system they implemented, which amounts to a single player local game requiring a 'Net connection to play. I was considering buying AC2, especially since I live here in Montreal and would love to support the home team, but I won't. I don't want to buy a game that can't be played, and thats what they are selling. A "Loading" Game.
I hope that the Ubisoft execs a.k.a douchebags have realized that their new "DRM authentication" system is an epic fail. From what I've read so far, it is neither useful nor effective, but has proved to be a source of inconvenience to the customers who actually bought the game.
Internet: 1 Ubisoft: 0.