Thursday, July 24, 2008

"Encryption Chip" Will Not End Piracy

Nolan Bushnell is full of it. There, I finally got that off my chest. It's arguably acerbic and rather rude, but it needed to be said. You have no idea how hard I've tried to avoid saying it. After all, he's the founder of Atari and a historical figure unto his own. He deserves certain respect for that.

The first time Nolan Bushnell claimed that the "encryption chip" will end piracy, I exercised due restraint. His statement reverberated all over the Internet, causing reactions that ranged from mild skepticism on one end of the spectrum to derision and disgust on the other.

So why am I writing now, more than two months later, if nobody believed him in the first place? In other words, why am I beating a dead horse? Partly, it's because he did it again and it pisses me off. Mostly, though, it's because I'm rather interested in copy protections and security; it's sort of a hobby of mine.

The most important lessons you learn in those two fields is that no protection is perfect and every solution spawns a new class of problems. This means that there will never be one final (technical) solution to the issue of piracy; there is no silver bullet. The experts from both fields are locked in an arms race with their adversaries. Once you've learned that, you'll have no problem recognizing that Nolan Bushnell is really just flogging his merch.

However, the issue runs deeper than that.

Copy Protection and Security

When I referred to copy protections and security I said "two fields", even though one can be considered a subset of the other; after all, copy protections are supposed to prevent the unauthorized use of software. Even though this is technically true, there are some drastic differences between the two.

An important difference is the level of cooperation from the users. When it comes to information security, the users actively cooperate with the protection systems, because it's in their best interest. You don't give access to your bank account to all your friends, do you?

On the other hand, copy protections often clash with the users' interests. Some of these interests are illegal, such as downloading a commercial game for free. But other interests are quite legal and legitimate. You added more memory to your computer? Odds are you might have to reactivate your Windows.

Another important difference is that a copy protection has to protect an application that lives on the user's computer. Unless we're talking about an MMOG, there's no server counterpart that executes a critical piece of code, without which the game can't work.

When you put those two things together, it becomes obvious why you can't make a perfect copy protection: you're relying on cooperation from a user that has complete control over his copy of your content or software. If that user doesn't want to cooperate, the best you can do is delay him. Even unbreakable ciphers won't help you, because sooner or later you'll have to decrypt the content and, when you do, the user will nab it.

But what if you could alter these conditions? You could make sure that there's a critical part of an application that executes somewhere where the user doesn't have control over it: that's what MMOGs do. The other option is to take away the control from the user.

Trust Controversy

Enter the "trusted computing". The first time I heard of it was back when Microsoft was touting Palladium. Back then, it sounded like a bad pun: a company found guilty in an antitrust lawsuit is proposing to build a "trusted computing platform" for its users. The irony was not lost on anyone and it provoked some enlightening responses from security experts.

Then, since nothing really seemed to happen and we didn't all suddenly wake up in some digital equivalent of 1984, I lost track of this topic for a while. I forgot about it until Nolan Bushnell started his TPM hype. A quick search engine query revealed that TPM stands for "Trusted Platform Module" and that it's the central component of "trusted computing".

What, then, is the so-called "trusted computing"? It's a technology that encompasses the following concepts:
  1. Endorsement key is a cryptographic key pair unique to one computer. The chief use for it is to prove the computer's identity.
  2. Secure I/O makes sure that the communication between the user and their software is secure and cannot be intercepted or altered.
  3. Memory curtaining protects those parts of memory that contain sensitive data (such as cryptographic keys) from unauthorized access, even by the operating system itself.
  4. Sealed storage binds data to the specific platform -- both hardware and software -- so that you cannot access it from any other platform.
  5. Remote attestation allows authorized parties to detect changes to the platform configuration in order to make sure that they meet the expected parameters; in other words, to prove that nobody tampered with the platform.
That's just a brief summary, to give you an idea of what we're talking about here. If you want more information, I recommend that you start at Wikipedia and then go on directly to the Trusted Computing Group site.

So, the core idea is to make computers more secure, by ensuring that no "untrusted" code has access to your stuff. At least, that's supposed to be the core idea. Unfortunately, there has been a great deal of confusion about the word "trust" in "trusted computing". Specifically, who is supposed to trust whom?

If you read Bruce Schneier's essay on "trusted computing", you'll notice that there's a good deal of controversy and confusion surrounding the issue. As one commenter so aptly put it, the only one not trusted seems to be the owner of the computer.

All Your Base

Each of the five concepts of "trusted computing" addresses a real security problem:
  1. Endorsement keys would be used to mitigate spoofing concerns in secure transactions by establishing the identity of each party involved.
  2. Secure I/O is supposed to avoid security breaches through techniques such as keylogging.
  3. Memory curtaining would make sure that sensitive information, such as cryptographic keys, is not allowed to "leak" somewhere where it could be extracted by malicious parties.
  4. Sealed storage would do a similar thing for sensitive information in non-volatile storage.
  5. Remote attestation could help network administrators easily detect intrusions and attacks on their machines.
Yet, after a closer look at them, it becomes evident that there's plenty of room for abuse. Imagine, for example, a system that enforces specific usage policies on your data:
  • It would use sealed storage to bind that data to a particular application or set of applications that you're allowed to use on that data.
  • It would employ memory curtaining to make sure you cannot extract that data directly from memory.
  • It would use secure I/O to make sure you cannot intercept it on its way somewhere else.
  • It would use remote attestation to report if you tamper with any part of the system.
  • And it would clearly identify you as a "culprit" to whoever is interested in enforcing those policies, if it possessed both your personal information and your endorsement key.
Is there any kind of usage policy that springs immediately to mind? There are two, actually: DRM and vendor lock-in. Ross Anderson describes several ways to abuse TC in his FAQ. Richard Stallman dedicates a whole chapter to this topic, in his book "Free Software, Free Society"; although slightly reminiscent of Book of Revelations in tone, it offers some very interesting insights.

Another interesting aspect of "trusted computing" is that it actually raises the stakes when it comes to information security: imagine a worm that successfully exploits a bug in the supposedly secure OS code to install a "trusted" rootkit? Talk about irony.

Pirates vs. Ninjas

Getting back to the original topic, does this mean that Nolan Bushnell is right? Is his "stealth encryption chip" really going to send all the pirates to the Davy Jones's Locker? Not by a long shot! Remember, if the software in question does not have some critical code running on some computer under control of some "authority", you can eventually break its copy protection.

When it comes to policy enforcement, the most important part of the "trusted computing" is the remote attestation. This is the way to ensure you won't tamper with the policy enforcement code. Incidentally, it requires you to be online. Now back up a couple of months and remember what happened when BioWare tried to pull that trick on its players.

If you believe that pirates can't hide behind this forever, think again. There are numerous valid reasons to resist the attempts to introduce an artificial dependency on Internet connection into software and all those reasons boil down to one: the connection is not always available, yet the artificial nature of the dependency means that the software doesn't actually need it to work properly.

Besides, people are not yet convinced that "trusted computing" will actually make things better. Plus, there are all sorts of concerns about privacy and also about practicality of the whole approach. Still, the Trusted Computing Group has been formed, the commercial motivation is there and "trusted computing" will keep rolling, until all doubts and concerns have been dealt with, one way or another.

What, then, is the worst blow "trusted computing" could deal to pirates? Indulge me a bit, as I let my imagination run wild and explore a "what-if" future.

Crack Dealers

Back when I was a little kid, learning what makes the cute, little Spectrum 48 tick, pirates were selling games on audio tapes. Today, pirated games are free. They are cracked for free, by enthusiasts; they are uploaded for free, on sites that survive on advertising or donations; and they are downloaded for free. I can still see some pirates in the streets, selling CDs and DVDs, but I'm sure they won't be buying any Ferraris with that money.

Fast forward to the time when "trusted computing" is in its full swing. To crack protections, pirates need very specialized software, maybe even some hardware, and a lot more effort than before. More than ever, piracy is something that only the select few can do.

However, it is also more lucrative than ever. As the usage policies are enforced more rigorously, the multitudes who used to obtain their entertainment for free now have to go and buy it. The big companies take advantage of that and the prices are even higher than before. You can buy an overpriced game directly from its publisher; or you can take a chance and go buy yourself a pirated copy from a local "software crack dealer". It's illegal, sure, but it's a lot cheaper and you can afford to buy a lot more.

Suddenly, pirates are not your everyday enthusiasts anymore; instead, they're rich criminals. They have bodyguards with guns. They have shady lawyers. They have money laundering enterprises and fake fronts and lots of connections. They know powerful people. In your efforts to eradicate a problem, you managed to make it mutate into something worse.

If this seems improbable and exaggerated, that's okay: I don't believe it's likely to happen. My point is that you should always be on the lookout for unintended consequences. It would be nice if, just for once, we asked ourselves where we're going before we get there.

Sunday, July 20, 2008

Update: Firefox 3 Works After All

Consider this a deep breath before I plunge into some more serious blogging. It turns out that Firefox 3 works rather well, after all. Not that I doubted it, but I couldn't really try it out until all my favorite add-ons were updated and relatively stable.

The biggest difference I've noticed so far is that it doesn't do its famous hog-the-CPU trick on pages such as Google Spreadsheets. Now that is a big relief for me; I absolutely hated that particular bug.

Make no mistake: I didn't change my mind about my first experience with Firefox 3. I still believe the developers should have allowed their users to do one of the following:
  1. check the add-on compatibility during the installation
  2. revert to Firefox 2
  3. run Firefox 2 and Firefox 3 side by side
But, hey, at least it works now. And I've only confirmed that I'm a late adopter by nature. As if I really needed to confirm that: I've lived in Chile for nine years before I decided to try Carménère.

Tuesday, June 17, 2008

Firefox 3: A Five Act Tragedy

Act I: The Hype

I first heard of the Firefox Download Day at the office, from a co-worker. It wasn't a dark and stormy night, however much we all wished it to be -- the A/C was on the blink yet again.

Naturally, my curiosity was piqued. I've been using Firefox for years now and I've grown used to it and a bunch of add-ons for it. Sure, it had a couple of annoying bugs, but I could live with those. Of course, a new and improved version was likely to get rid of them, which would have been incentive enough to check it out.

So I went to the "Spread Firefox!" site to find out what the fuss was all about. When I found that Mozilla not only planned to give us all a new version of my browser of choice, but also establish a Guiness World Record, I was hooked. I pledged right away and also scheduled a reminder in my Google Calendar, to make sure I wouldn't forget.

Act II: The Outage

It seems childish in retrospect, but I got really excited. Not only was I going to get my hands on the hottest piece of software on the Web, but I was also going to be a part of the effort to set a Guiness World Record. And I wasn't the only one around: a few other co-workers were as excited about this as I was.

When the big day finally came, I made sure I was busy working to keep my mind off the wait. The time passed quickly enough and when the clock was finally done ticking its way to 1 pm, I went back to the Firefox site. That's when I got my first surprise: the site was down.

It's not unusual for a site to be brought down to its knees by overwhelming interest, but I would have expected Mozilla to be prepared. After all, they were the ones who did their best to attract all that attention. Why make a fuss if you can't cope with the results?

After a couple of hours of doing a Wile E. Coyote impression, Mozilla finally got its stuff together and I was finally able to download my copy. Once it was on my disk, I wasted no more time and clicked through the install impatiently. At last, the moment of truth was at hand: I launched Firefox 3!

Act III: The Incompatibility

The first thing my new Firefox did was to check my add-ons. It then proceeded to notify me that less than half of them had updates compatible with version 3 of Firefox. That left more than half of my add-ons disabled.

Being a coder means that an essential part of your job is to imagine worst cases for your code, so
I generally try to be an optimist about everything else, just to balance things out. Therefore I surmised that the Mozilla site was still experiencing difficulties. Did I mention that my optimism is rarely founded?

I spent some time fumbling with the new user interface, only to find out that the developers didn't stop at adding the add-on search into Firefox itself. They also decided to remove the link that took the users directly to the add-on page. I ended up checking manually and the add-on page was working quite well, thank you.

That's where I felt Mozilla managed to set a record, although it wasn't the one they were hoping for: I went from enthusiastic to disappointed in less than 5 minutes since I installed their software. What were they thinking?

Pretend you're in charge of developing a rather successful software product. One of the key advantages it has over the competition is its extensibility. There's a huge variety of add-ons for it and they do lots of different things, ranging from silly to extremely useful. Even though your users might be dissatisfied with some aspects of your software, they would still be reluctant to change to a product that doesn't have the add-ons they use. So what do you do when you decide to develop a shiny new version of your product?

The fashionable answer seems to be "break the add-ons that worked nicely with the older versions", even though the history teaches us the opposite.

Okay, I understand that you can't always maintain compatibility. Sometimes, preserving compatibility is in direct conflict with a higher-priority design goal and you just have to go ahead and break stuff. What you do in those situations is to try to minimize the damage, which is what Mozilla tried to do. But what do you do about the stuff the remains broken?

Here's what you do: you make your installer check the compatibility and report to user before installing the new version and breaking your user's stuff.

Act IV: The Retreat

Once again life conspired to remind me why I'm a late adopter. After a minute or two of staring at the list of things I wouldn't be able to use with Firefox 3, I decided to go back to version 2. A routine check of my download folder revealed that I apparently got rid of the installer at some point in time. No big deal, I can download it from the Firefox site, right?

Wrong! There is no link to Firefox 2 anywhere on the whole page. No matter how hard you try, you won't be offered a chance to turn back. And I tried very hard, trust me. Among other things, I tried typing "firefox 2" into the search box. That particular attempt rewarded me with zero results. I didn't even get a link to a press release or release notes for Firefox 2. Zilch. Firefox 2 has been exterminated.

Despite all its pictures of birds and balloons and a smiling Sun, the message Mozilla is sending its users is loud and clear: "Assume the position!"

In the end, I found the download link on www.firefox2.com, a site that features a prominent notice that it isn't associated with Mozilla in any way. It worked for me, but it probably won't work for you. As I'm writing, I'm also looking at the new content of the site, where every occurence of "Firefox 2" has been replaced with "Firefox 3", except the site URL, of course.

Just in case you really need to go back, the solution is to grab the Firefox 3 download link and change it manually to request the version 2.0.0.14. For example, the correct link to download the English (US) version of Firefox 2.0.0.14 for Windows is:
http://download.mozilla.org/?product=firefox-2.0.0.14&os=win&lang=en-US


Act V: The Repose

Having successfully overcome the unexpected difficulties, I decided it was time to wrap things up and go back to work. I installed Firefox 2 over its younger sibling and launched it. My optimism was proven unfounded yet again: Firefox neatly crashed when it tried to load my saved session.

I tried a few things before I stopped fighting the inevitable and uninstalled Firefox. Hoping fervently that the problem would be solved this time, I reinstalled it and launched it.

By this time I was more than a mite miffed or a tad testy: I was positively pissed off. In the spirit of their decision that I won't need version 2 ever again, Mozilla obviously didn't bother to test the downgrade process.

Fortunately, it turned out that no drastic measures were necessary. I was back to Firefox 2 and all my add-ons worked again.

Epilogue

While writing this post, I stumbled upon this article that explains how to make older add-ons work with new Firefox. In short, it describes a quick hack that makes Firefox skip the step where it checks for add-on compatibility. The article was about version 3.0rc1, so I don't know whether this will work in the final release. I didn't try it and I don't intend to. I prefer to wait until all the add-ons I use are updated. Having a new browser that's shiny and sleek is cool, but being able to use it my way is way cooler.

Thursday, May 15, 2008

Piracy is Here to Stay

"With great power comes great responsibility." Wise words, Uncle Ben, but someone at BioWare wasn't listening. For those who hate following links, the short version of the story is that BioWare was going to implement draconian anti-piracy measures in Mass Effect and Spore for PC. In the end, they won't be doing it, but it wasn't for the lack of trying. Indeed, I tend to agree with Penny Arcade when it comes to predicting the next step in the war on piracy, a war that has a long history of going overboard.

What's interesting is the widespread reaction among the gamers:
Not only does this not make me want to buy the game, this makes me want to download a pirated and cracked copy even more
Funny, isn't it? I mean, when someone mentions using RFID for shoplifting prevention, you'll hear all sorts of privacy concerns and doubts about usefulness of such a system, but you won't hear people say they'll go shoplifting in protest.

So what is it that makes us perceive and react to piracy in such a different way? Let's take a look at some of the factors involved. Be warned, though: there's no magical happy ending to this story. Whether the hero defeats the villain and gets the girl remains to be seen.

Thou Shalt Not

Back where I originally come from, some 15 years ago, shops didn't have any shoplifting prevention mechanisms besides humans and, if the shop was large enough, mirrors. We all knew shoplifting was wrong, that it was stealing, that it was crime. We also knew that getting caught would have serious repercussions. Yet there were kids who did it. Not out of necessity, either. They did it for fun. It was challenging. It was a game.

Where am I going with this? There are several points I'm trying to make here. First of all, crime has a lot to do with perception. Sure, there's law, with its letter and its spirit and a bunch of lawyers and politicians to play with it. If you break the law, you're a criminal and that should be it. And yet, none of those kids saw themselves as criminals.

Second, it's in people's nature to do as they wish and rules be damned. You can try to educate them, to impress upon them that such behavior is wrong, but there will still be those who will do it and for a variety of reasons, too.

It might sound like I'm trying to justify piracy, theft and crime in general. I'm not. I'm trying to point out that they will always exist and that reasons for it are not as monolithical as we would like to believe. After all, it would be a lot simpler if people committed crimes because they're evil, but the world doesn't work that way. And if we want to do something about a problem, we have to understand the cause.

Can't Touch This

Every time I rent a DVD, I have to watch one of the MPAA's anti-piracy videos. There's no way to skip it, of course, so each time I'm freshly reminded of the first and foremost difference between stealing and piracy: intangibility. In order to steal a car, a handbag, a television or a DVD, just like in the video, you have to reach out and grab something tangible. There might be a lot of objects like that one, but there is only one of that particular object and it's not yours. Taking possession of it is clearly identifiable as a crime.

Things are not as intuitive with music, movies and software. Sure, if someone invites me to their house to watch a DVD with them, it's not a crime. They're sharing their property with me of their own will. If they offer to give me a lift in their car, it's the same sort of thing. But you can't copy a car like you can a song, can you? You can't parody a car, either, or quote it.

Intellectual property is a complicated and muddled concept and requires an equaly complicated and muddled definition of fair use. With the massification of the digital content and media, things got even more complicated and muddled, which brings us to the chaos we're living nowadays.

And chaos it is. How else would you call it when in one corner you have people who demand that all the digital content be free, as in free beer, and in the other corner you have giants like RIAA suing random individuals?

The Age of Middlemen

So far we've looked at some of the factors causing the piracy. But what about the effects of it? Organizations like MPAA and RIAA are claiming that they are losing money. Publishers like EA are complaining about the same thing.

Let's get one thing clear from the start: developers need game sales to survive. They develop games for living and their money comes from sales, just like your money comes from the job you're doing. There is no doubt that if you install and play their game on your computer without buying it, you're using the products of their work without them receiving your money for it.

Notice, however, that I haven't mentioned publishers in previous paragraph. What does RIAA stand for? Recording Industry Association of America. The keyword here is "recording". The people RIAA represent are those who make money by selling sound recordings of music. That used to be very straightforward: they used to sell records.

Vinyl records are a bitch to duplicate. As long as they were the medium for sound reproduction, the recording industry could control the music industry by controlling the medium itself. The advent of magnetic tapes brought the first crisis. The big guys freaked out, tried to defend their territory and lost. That was the major turning point in the history of copyright.

Evolution

Notice how MPAA is making a lot less fuss than RIAA? You know why? Their industry kept evolving. Sure, nowadays you can watch DVDs on your HDTV in your home-theater, but nothing beats seeing the very first screening of the long-awaited movie in your theater of choice. Besides, everyone and their grandmother will have seen the movie before it comes out on a DVD.

The first important factor here is that movie industry still has a meaningful experience to offer to their customers, beyond merely distributing the medium on which the content is stored. The second important factor is that there's ample segmentation. You can choose how much you care about a movie: will you go to a theater or buy a DVD? Or you might rent it before deciding whether to buy it. Or you might just wait for it to come out on cable. Plenty of options out there.

RIAA, on the other hand, got stuck. They just sat there while their golden goose spread its wings and flied away. Well, they didn't just sit. They kicked and screamed and made a hell of a fuss. They're still doing it, in fact. But they failed to adapt and are paying the price for it.

It's something I realized when I went to a Dream Theater concert in March this year. These guys didn't only play their instruments and sing their songs. No, they staged such an impressive multimedia spectacle, that I didn't even mind the fact that they didn't play most of my favorite songs. After a show like that, which in itself must have made them a pretty penny, they could've sold me their newest album without needing the middleman at all.

Or could they?

Eye of the Beholder

Piracy, like I said, has a lot to do with perception. You can call it culture or mindset or education, but the fact is that I don't know many people here in Chile who buy their music. If you look at it from their point of view, the reasoning is simple: why should they? It's out there on the Internet, for free. We all use MP3 players these days, so why should anyone pay for an overpriced lump of plastic that later you have to insert in a drive and rip and transfer to your player before you can listen to it comfortably?

Musicians, that's why. People who make that music need the money. Then again, the record industry screwed things up on that front too. The public perceives them as people who take huge cuts of profits and exploit the authors. It doesn't make piracy right, but it makes it justifiable in people's eyes. We come again to perception.

And perception is a lot bigger problem than most of us would like to admit. Could Dream Theater really have sold us their music directly, without going through the recording industry? Why would we buy it, when we're so accustomed to getting our music for free?

Detox: Rehab or Jail?

A habit is formed. How do we break it? MPAA seems to think the answer lies in the propaganda. The effects remain to be seen, but I personally doubt it will have any significant effect. RIAA, on the other hand, thinks the answer lies in the law enforcement. We've all seen how that's working out so far and I think we can agree that the idea is laughable.

What about software? Specifically, what about games? The software industry in general is not as monolithical as recording or motion picture industry. For example, applications targeted at big corporations don't have to worry about piracy too much, but their target is not as big as the home user market. Each type of software has its own worries, but games are in a particularly hairy situation.

The problem with the games industry is that it resembles the recording industry. As the saying goes, the developers make the game and the publishers make the money. They're not limited to being middlemen, though. Often they also finance the development, which gives them a bit of versatility when it comes to surviving the paradigm shifts. However, the fact remains that the online distribution channels will be making the publishers' role as middlemen increasingly obsolete as time passes. Of course, online distribution brings its own middlemen, as casual game developers are discovering.

Safe Hex: ACME Copy Protection

So how does the software industry fight piracy? We geeks tend to believe that everything can be solved by technology. Thus the copy protection mechanisms.

Now, wiser geeks know that technology is not an answer to everything. As Fravia used to teach, there is no copy protection that cannot be broken. The one time I thought I found an exception to that rule was when I used Kali. I was wrong, of course. The program itself is just a client for the centralized service and, as such, it can be copied as freely as you want. It's semantics, I know, but it's important.

The reason why it's important is because that solution doesn't apply to most games. The most notable exception are the MMOs. Incidentally, it's a pretty important factor for the popularity of this genre among the developers.

The rest of the genres have to choose whether to use copy protection mechanisms or not. If they do, they have to decide how strong to make it. Unfortunately, strong often means "problematic for the legitimate customer" along with "difficult to circumvent". This is what creates reactions of outrage, such as the reactions to the abortive attempt to "secure" Mass Effect and Spore.

No Silver Bullet

Okay, so the neither the propaganda nor the law enforcement nor the technology solve our problem. What's the answer, then?

Unfortunately, nothing worth doing is ever easy. First of all, there is no silver bullet. There's no magical solution to this mess. You can bet that the real solution won't bring you quick bucks and instant happiness.

I'm no expert on these matters and I can't say with certainty how to deal with this. However, I have a hunch and I'm willing to bet it's a good one: nurture the market.

Take the situation here in Chile. For one thing, games are outlandishly expensive. It's not just the price itself, it's how that price compares to people's earnings and other products. Second, there are too few stores selling games and their selection usually leaves a lot to wish for. There are too many obsolete games and too many crap games and too few hot items. Third, the same comments apply when it comes to renting games. Still, there are people who buy games. We do it because we like those games, we appreciate the effort it took to make them and proud to own them. But there's a lot of room for improvement.

What about countries like United States? Adapt. MMOs are just one trend. The Sims games are innovative in that they introduce a social component and allow people to create whole communities around them. Episodic content is another idea that has yet to be fully explored. Who knows what interesting new idea will come along next?

Above all, nurture the market. I don't know any comic book fan that opted to photocopy a comic book instead of buying it. They love comic books. They're quite fanatical about them. Games need the same kind of fans. And they sure as hell won't get them by treating their customers like criminals and making games even harder to install.

And Yet It Moves

So, what, piracy is here to stay and we have to learn to deal with it? Is that it? All this writing and I have no groundbreaking solution?

Yes, that's more or less it. I did warn you at the beginning that the future is still uncertain. Yet I'm sure it's not a dark one. Consider the fact that Sins of a Solar Empire has no copy protection and doesn't seem to need one. Consider the fact that casual games are successful enough to make Rockstar VP nervous.

Are "hardcore" PC games a dying market, then? Not at all. There will always be market for them and, if the industry does its homework, it won't be just a niche market. Though the lessons to learn may be hard, failing to learn them won't be fun, neither for the industry nor for the gamers.

Monday, May 12, 2008

Assassin's Creed

How can you know whether a game is good without playing it? You can't, really. It wouldn't be fun if you could, right? Fortunately, there are people out there who play games and then tell you about their experience. Some of them do it professionally, some of them just because they think the world really needs to know about those games. Assassin's Creed is one of those games that are good enough to make me want to join the latter group. However, unlike most such games, it also has defects that appeal to my inner ranter. Perfect blogging material.

Just to make it clear, this is not a traditional review, rich in detail and sprinkled with screenshots. My goal is not to give you a detailed description of what you experience as you play Assassin's Creed. If that's what you're looking for, then I recommend the Gamespot reviews, for Xbox 360, PS3 and PC. What I'm focusing on here are the strengths and weaknesses of the game. The idea is to help people who never played it before and people interested in game design.

Still with me? Okay, let's delve into Assassin's Creed.

Stunning Visuals

You know how games always look a lot better in reviews and trailers than when you actually play them? I expected the same to happen with Assassin's Creed. To say that I was surprised is a huge understatement. This game is simply beautiful.

My PC has a dated CPU -- the installer warned me that I don't fulfill the requirements -- but my nVidia 7900 GTX more than compensates for it. Even so, I can't configure the graphics to maximum quality and detail. Or rather, I could if I didn't mind playing a slideshow instead of a game. As it is, the graphics are still stunning.

Everything is richly textured and beautifully illuminated. Each city has its own personality. The devastating aftermath of war in Acre makes itself evident not only in its burned houses and damaged city walls, but it also permeates the very atmosphere of the city, thanks to the greyish lighting that stands in contrast to golden colors of Damascus and Jerusalem.

The animations flow smoothly and every now and then you'll get a very dramatic angle that showcases your prowess at swordplay during a fight with guards. Of course, sometimes the game will get it wrong and you'll get a spectacular shot of a tree or a merchant stand between you and the camera.

Another excellent detail is the blurring effect the game applies when you lock on a target. It's supposed to make you feel like an assassin focusing intently on his victim and it does a great job.

Parkour

When I first saw the word "parkour" my reaction went along the lines of "huh?" It turns out that most of us know of it as "free running". It also turns out that it's not the same thing at all. I won't pretend I'm an expert and, for that same reason, I won't explain the difference. You have Wikipedia for that and you can blame them for any eventual error in it. Suffice it to say that the gameplay of Assassin's Creed incorporates parkour in a most enjoyable way.

I remember that one of my friends once proposed to make a game about free running. We shot down that idea for various reasons -- where the hell were we going to get money for an AAA game anyway? -- and one of them was the fact that we thought it wouldn't be interesting on its own, that it needed something more. I still believe that, especially after playing Assassin's Creed. There's something immensely satisfying about ending your crazy race over rooftops with a spectacular pounce and stab that brings your hapless victim down with a startled, strangled cry.

By the way, if you're into game development, I highly recommend reading this Gamasutra article on parkour in Assassin's Creed and Crackdown.

Music and Sound Effects

When I heard that Jesper Kyd composed the soundtrack for the game I had high hopes and I wasn't disappointed. I personally think that he didn't outdo his work in Silent Assassin, but the score is still great: subtle enough not to intrude on your experience, yet dramatic enough to establish the appropriate mood.

I also liked the way NPCs contribute to the game's atmosphere: preachers, beggars, merchants and passers-by all have something to say and they do it in a way that successfully recreates the bustle of a living city. Of course, they have their limitations. If you start paying a lot of attention to them, you'll find them repetitive; but if you focus on your mission, like an assassin is supposed to, they'll provide a rich auditive tapestry to serve as a background.

Good Plot

I firmly believe that games are essentially stories created, in part, by players. Whenever you find yourself gushing with enthusiasm while you describe a match of Unreal Tournament to your friends, you're telling them a story. That said, games don't necessarily need a plot. But if you're going to play an assassin, it's good to have something to motivate you to kill your victims, right?

I'm usually quite critical about plots. It comes from being a fan of books in an age where most people read only newspapers or technical books, if that. I am glad to say that Assassin's Creed has a rather good plot. It's interesting and it's not shallow. Not one among the characters is what he or she seems to be at the first glance. There are layers to be peeled and they reveal that the world around you is not black and white, even though it would be a lot easier on your conscience that way.

Altaïr himself, the character which you control, is a decidedly unpleasant person at the beginning, not likeable at all. You might think it's dangerous gamble to do that to the character with whom you're supposed to identify, but it works out surprisingly well.

Major Cliffhanger

Few are the works that can get away with a cliffhanger. Endymion pulled it off and lived to tell (the rest of) the tale. Assassin's Creed tried to pull it off and excelled at pissing me off. And everyone else, judging by the reactions.

Yes, it's true that almost all of the mysteries that plagued you during the game are resolved at the end. But that's not enough for a satisfying ending. I don't know about people at Ubisoft, but I like closure at the end of the game. It doesn't hurt the sequel at all, just look at the Sands of Time. Here's an idea, Ubisoft: go read Jim Butcher's article about story climaxes. Just in case it doesn't help immediately, the ingredient you're missing is what he calls "resolution".

Cheesy Dialogue

Like I said, I'm a fan of books. That makes me spoiled when it comes to things like plot, dialogue and character development. I'm aware of that and I try to keep it under control when I'm criticizing a game. After all, games are a different medium and one of the worst kinds of game designer is the failed writer.

That said, I have to draw the line somewhere. In case of Assassin's Creed, I drew it here:
Rafiq: He must be stopped!
Altaïr: That's why I'm here.
I don't mind a certain amount of cliché in games. I don't require voice actors to be perfect. But some of Altaïr's lines are way too cheesy to tolerate. It doesn't help that Philip Shahbaz, the voice of Altaïr, seems to have exactly one tone of voice. I guess it's supposed to sound arrogant and menacing, which suits Altaïr's personality admirably, but even so, you cannot apply it to everything you say. Sooner or later, your players start perceiving you as sulky instead of menacing.

To be fair, I should state that not all of the dialogue is cheesy. Al Mualim has some excellent lines and his voice, Peter Renaday, did a very good job.

In-yer-face Interface

Just as I started with the most gushing praise of the best features, so I kept the worst for the last. Many reviews complain about the repetitive nature of the gameplay, but I don't find that to be such a big problem. Solving it would have been quite costly and the developers did their best to mitigate it by offering the player a variety of investigation missions and giving him the liberty to choose which to play and which to skip.

The worst problem, however, comes from some monumentally bad decisions that were perfectly avoidable. All of them have to do with the interface, but the crown jewel among them is the decision to give the player the freedom to move during the cut scenes.

Picture the following situation: After doing lots of investigative work that helped you decided where, when and how you'll assassinate your victim, you finally have him in sight. He's talking to someone else and nobody is paying any attention to you at all. You're free to move, so you start creeping towards his back. You're in position, the moment is perfect and you press the button. And nothing happens. You press the button repeatedly, muttering "stab him, dammit!" It's useless. You're in a cut scene and nothing you do will have any effect. The developers gave you a completely useless freedom and the only thing they achieved is to confuse you.

And they took away a number of very useful freedoms from you, such as the freedom to skip a cut scene or a tutorial. It's an old lesson, but people at Ubisoft haven't learned it. They didn't let you skip the cutscenes in Prince of Persia and they don't let you do it in Assassin's Creed either. Come on, people, it's a Twinkie Denial Condition!

They also took away your freedom to load and save as you wish, which is another Twinkie Denial Condition. While I appreciate that the game saves automatically whenever I finish a task or get to a checkpoint, I still hate it that I have to let the guards kill me if my assassination attempt didn't go the way I wanted, so that the game will reload the last save.

Then there's also the matter of quitting the game or switching the profile. To exit the game, I first have to exit to the Animus, then exit from the Animus, then "quit" the game, then select a profile (which one? doesn't matter, I want to quit) and then finally exit the game. Oh, and I have to confirm that I wish to exit, just in case I went through all that work by accident. Yes, I know this is probably only a PC issue and that the PC version suffers a lot more from not being properly adapted to keyboard and mouse, but it's still incredibly annoying. The keyboard and mouse problem can at least be solved, by plugging in a gamepad.

Conclusion

Don't get me wrong. I loved Assassin's Creed and I can't wait for the sequel, even though Philip Shahbaz will again be Altaïr's voice. I mean, let's give the guy a second chance, right? Seriously, though, I loved the game. Despite the obvious and perfectly avoidable problems, I recommend it warmly.

And if Ubisoft learns from their mistakes, the sequel should be even better.

Back in Blog

Well, I think I finally got the hang of this being-a-dad thing; at least enough to get back to blogging. Suuuure, blame it all on the baby, that's convenient. Heh.

Anyway, things have been hectic in my life, but I'm back and I have stuff to rant about again. That said, I'm probably going to blog less code and include more variety. Oh and the posts are probably going to be shorter. Like this one. Not everything has to be a great story or an essay, right?