Tag Archives: CPY

[$] Who should see Python deprecation warnings?

Post Syndicated from corbet original https://lwn.net/Articles/740804/rss

As all Python developers discover sooner or later, Python is a rapidly
evolving language whose community occasionally makes changes that can break
existing programs. The switch to Python 3 is the most prominent
example, but minor releases can include significant changes as well. The
CPython interpreter can emit warnings for upcoming incompatible changes,
giving developers time to prepare their code, but those warnings are
suppressed and invisible by default. Work is afoot to make them visible,
but doing so is not as straightforward as it might seem.

The Evil Within 2 Used Denuvo, Then Dumped it Before Launch

Post Syndicated from Andy original https://torrentfreak.com/the-evil-within-2-used-denuvo-then-dumped-it-before-launch-171013/

At the end of September we reported on a nightmare scenario for videogame anti-tamper technology Denuvo.

With cracking groups chipping away at the system for the past few months, progressing in leaps and bounds, the race to the bottom was almost complete. After aiming to hold off pirates for the first few lucrative weeks and months after launch, the Denuvo-protected Total War: Warhammer 2 fell to pirates in a matter of hours.

In the less than two weeks that have passed since, things haven’t improved much. By most measurements, in fact, the situation appears to have gotten worse.

On Wednesday, action role-playing game Middle Earth: Shadow of War was cracked a day after launch. While this didn’t beat the record set by Warhammer 2, the scene was given an unexpected gift.

Instead of the crack appearing courtesy of scene groups STEAMPUNKS or CPY, which has largely been the tradition thus far this year, old favorite CODEX stepped up to the mark with their own efforts. This means there are now close to half a dozen entities with the ability to defeat Denuvo, which isn’t a good look for the anti-piracy outfit.

A CODEX crack for Denuvo, from nowhere

Needless to say, this development was met with absolute glee by pirates, who forgave the additional day taken to crack the game in order to welcome CODEX into the anti-Denuvo club. But while this is bad news for the anti-tamper technology, there could be a worse enemy crossing the horizon – no confidence.

This Tuesday, DSO Gaming reported that it had received a review copy of Bethesda’s then-upcoming survival horror game, The Evil Within 2. The site, which is often a reliable source for Denuvo-related news, confirmed that the code was indeed protected by Denuvo.

“Another upcoming title that will be using Denuvo is The Evil Within 2,” the site reported. “Bethesda has provided us with a review code for The Evil Within 2. As such, we can confirm that Denuvo is present in it.”

As you read this, October 13, 2017, The Evil Within 2 is enjoying its official worldwide launch. Early yesterday afternoon, however, the title leaked early onto the Internet, courtesy of cracking group CODEX.

At first view, it looked like CODEX had cracked Denuvo before the game’s official launch but the reality was somewhat different after the dust had settled. For reasons best known to developer Bethesda, Denuvo was completely absent from the title. As shown by the title’s NFO (information) file, the only protection present was that provided by Steam.

Denuvo? What Denuvo?

This raises a number of scenarios, none of them good for Denuvo.

One possibility is that all along Bethesda never intended to use Denuvo on the final release. Exactly why we’ll likely never know, but the theory doesn’t really gel with them including it in the review code reviewed by DSO Gaming earlier this week.

The other proposition is that Bethesda witnessed the fiasco around Denuvo’s ‘protection’ in recent days and decided not to invest in something that wasn’t going to provide value for money.

Of course, these theories are going to be pretty difficult to confirm. Denuvo are a pretty confident bunch when things are going their way but they go suspiciously quiet when the tide is turning. Equally, developers tend to keep quiet about their anti-piracy strategies too.

The bottom line though is that if the protection really works and turns in valuable cash, why wouldn’t Bethesda use it as they have done on previous titles including Doom and Prey?

With that question apparently answering itself at the moment, all eyes now turn to Denuvo. Although it has a history of being one of the most successful anti-piracy systems overall, it has taken a massive battering in recent times. Will it recover? Only time will tell but at the moment things couldn’t get much worse.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Denuvo Crisis After Total Warhammer 2 Gets Pirated in Hours

Post Syndicated from Andy original https://torrentfreak.com/denuvo-crisis-after-total-warhammer-2-gets-pirated-in-hours-170929/

Needing little introduction, the anti-piracy system sold by Denuvo Software Solutions of Austria is probably the most well-known product of its type of the planet.

For years, Denuvo was considered pretty much impenetrable, with its presence a virtual stamp of assurance that a game being protected by it would not fall victim to piracy, potentially for years. In recent times, however, things have begun to crumble.

Strangely, it started in early 2016 with bad news. Chinese cracking group 3DM declared that Denuvo was probably uncrackable and no protected games would appear online during the next two years.

By June, however, hope appeared on the horizon, with hints that progress was being made. By August 2016, all doubts were removed when a group called CONSPIR4CY (a reported collaboration between CPY and CODEX) released Rise of the Tomb Raider.

After that, Denuvo-protected titles began dropping like flies, with some getting cracked weeks after their launch. Then things got serious.

Early this year, Resident Evil 7 fell in less than a week. In the summer, RiME fell in a few days, four days exactly for Tekken 7.

Now, however, Denuvo has suffered its biggest failure yet, with strategy game Total War: Warhammer 2 falling to pirates in less than a day, arguably just a few hours. It was cracked by STEAMPUNKS, a group that’s been dumping cracked games on the Internet at quite a rate for the past few months.

TOTAL.WAR.WARHAMMER.2-STEAMPUNKS

“Take this advice, DO NOT CODE a new installer when you have very hot Babes dancing in their bikini just in front of you. Never again,” the group said in a statement. “This time we locked ourselves inside and produced a new installer.”

The fall of this game in such a short space of time will be of major concern to Denuvo Software Solutions. After Resident Evil 7 was cracked in days earlier this year, Denuvo Marketing Director Thomas Goebl told Eurogamer that some protection was better than nothing.

“Given the fact that every unprotected title is cracked on the day of release — as well as every update of games — our solution made a difference for this title,” he said.

With yesterday’s 0-day crack of Total War: Warhammer 2, it can be argued that Denuvo made absolutely no difference whatsoever to the availability of the title. It didn’t even protect the initial launch window.

Goebl’s additional comment in the summer was that “so far only one piracy group has been able to bypass [Denuvo].” Now, just a handful of months later, there are several groups with the ability. That’s not a good look for the company.

Back in 2016, Denuvo co-founder Robert Hernandez told Kotaku that the company does not give refunds. It would be interesting to know if anything has changed there too.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Cook: Security things in Linux v4.13

Post Syndicated from corbet original https://lwn.net/Articles/733095/rss

Kees Cook highlights
the security-related changes
in the 4.13 kernel.
Daniel Micay created a version of glibc’s FORTIFY_SOURCE
compile-time and run-time protection for finding overflows in the common
string (e.g. strcpy, strcmp) and memory (e.g. memcpy, memcmp)
functions. The idea is that since the compiler already knows the size of
many of the buffer arguments used by these functions, it can already build
in checks for buffer overflows. When all the sizes are known at compile
time, this can actually allow the compiler to fail the build instead of
continuing with a proven overflow. When only some of the sizes are known
(e.g. destination size is known at compile-time, but source size is only
known at run-time) run-time checks are added to catch any cases where an
overflow might happen. Adding this found several places where minor leaks
were happening, and Daniel and I chased down fixes for them.

[$] Rationalizing Python’s APIs

Post Syndicated from jake original https://lwn.net/Articles/727973/rss

CPython is the reference implementation of Python, so it is,
unsurprisingly, the target for various language-extension modules. But the
API and ABI it provides to those extensions ends up limiting what
alternative Python implementations—and even CPython itself—can do, since
those interfaces must continue to be supported. Beyond that, though, the
interfaces
are not clearly delineated, so changes can unexpectedly affect extensions
that have come to depend on them. A recent thread on the python-ideas
mailing list looks at how to clean that situation up.

[$] Memory use in CPython and MicroPython

Post Syndicated from jake original https://lwn.net/Articles/725508/rss

At PyCon 2017, Kavya Joshi looked
at some of the differences between the Python reference implementation
(known as “CPython”) and
that of MicroPython. In particular,
she described the differences in memory use and handling between the two.
Those differences are
part of
what allows MicroPython to run on the severely memory-constrained
microcontrollers it targets—an environment that could never support CPython.

Mysterious Group Lands Denuvo Anti-Piracy Body Blow

Post Syndicated from Andy original https://torrentfreak.com/mysterious-group-lands-denuvo-anti-piracy-body-blow-170607/

While there’s always excitement in piracy land over the release of a new movie or TV show, video gaming fans really know how to party when a previously uncracked game appears online.

When that game was protected by the infamous Denuvo anti-piracy system, champagne corks explode.

There’s been a lot of activity in this area during recent months but more recently there’s been a noticeable crescendo. As more groups have become involved in trying to defeat the system, Denuvo has looked increasingly vulnerable. Over the past 24 hours, it’s looked in serious danger.

The latest drama surrounds DISHONORED.2-STEAMPUNKS, which is a pirate release of the previously uncracked action adventure game Dishonored 2. The game uses Denuvo protection and at the rate titles have been falling to pirates lately, it’s appearance wasn’t a surprise. However, the manner in which the release landed online has sent shockwaves through the scene.

The cracking scene is relatively open these days, in that people tend to have a rough idea of who the major players are. Their real-life identities are less obvious, of course, but names like CPY, Voksi, and Baldman regularly appear in discussions.

The same cannot be said about SteamPunks. With their topsite presence, they appear to be a proper ‘Scene’ group but up until yesterday, they were an unknown entity.

It’s fair to say that this dramatic appearance from nowhere raised quite a few eyebrows among the more suspicious crack aficionados. That being said, SteamPunks absolutely delivered – and then some.

Rather than simply pre-crack (remove the protection) from Dishonored 2 and then deliver it to the public, the SteamPunks release appears to contain code which enables the user to generate Denuvo licenses on a machine-by-machine basis.

If that hasn’t sunk in, the theory is that the ‘key generator’ might be able to do the same with all Denuvo-protected releases in future, blowing the system out of the water.

While that enormous feat remains to be seen, there is an unusual amount of excitement surrounding this release and the emergence of the previously unknown SteamPunks. In the words of one Reddit user, the group has delivered the cracking equivalent of The Holy Hand Grenade of Antioch, yet no one appears to have had any knowledge of them before yesterday.

Only adding to the mystery is the lack of knowledge relating to how their tool works. Perhaps ironically, perhaps importantly, SteamPunks have chosen to protect their code with VMProtect, the software system that Denuvo itself previously deployed to stop people reverse-engineering its own code.

This raises two issues. One, people could have difficulty finding out how the license generator works and two, it could potentially contain something nefarious besides the means to play Dishonored 2 for free.

With the latter in mind, a number of people in the cracking community have been testing the release but thus far, no one has found anything untoward. That doesn’t guarantee that it’s entirely clean but it does help to calm nerves. Indeed, cracking something as difficult as Denuvo in order to put out some malware seems a lot of effort when the same could be achieved much more easily.

“There is no need to break into Fort Knox to give out flyers for your pyramid scheme,” one user’s great analogy reads.

That being said, people with experience are still urging caution, which should be the case for anyone running a cracked game, no matter who released it.

Finally, another twist in the Denuvo saga arrived yesterday courtesy of VMProtect. As widely reported, someone from the company previously indicated that Denuvo had been using its VMProtect system without securing an appropriate license.

The source said that legal action was on the horizon but an announcement from VMProtect yesterday suggests that the companies are now seeing eye to eye.

“We were informed that there are open questions and some uncertainty about the use of our software by DENUVO GmbH,” VMProtect said.

“Referring to this circumstance we want to clarify that DENUVO GmbH had the right to use our software in the past and has the right to use it currently as well as in the future. In summary, no open issues exist between DENUVO GmbH and VMProtect Software for which reason you may ignore any other divergent information.”

While the above tends to imply there’s never been an issue, a little more information from VMProtect dev Ivan Permyakov may indicate that an old dispute has since been settled.

“Information about our relationship with Denuvo Software has long been outdated and irrelevant,” he said.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

[$] Progress on the Gilectomy

Post Syndicated from jake original https://lwn.net/Articles/723514/rss

At the 2016 Python Language Summit, Larry Hastings introduced Gilectomy, his project to remove
the global interpreter lock (GIL) from CPython. The GIL serializes access
to the Python interpreter, so it severely limits the performance of
multi-threaded Python programs. At the 2017 summit, Hastings was back to
update attendees on the progress he has made and where Gilectomy is headed.

[$] New CPython workflow issues

Post Syndicated from jake original https://lwn.net/Articles/723418/rss

As part of a discussion in 2014 about where to host some of
the Python repositories,
Brett Cannon was delegated the task of determining where they should end
up. In early 2016, he decided that Python’s
code and
other repositories (e.g. PEPs) should land at GitHub;
at last year’s language
summit, he gave an overview of where things
stood with a few repositories that had made the conversion. Since that
time, the CPython
repository has made the switch and he wanted to discuss some of the
workflow issues surrounding that move at this year’s summit.

Game Pirates Celebrate Fall of Denuvo’s Brand New Protection

Post Syndicated from Andy original https://torrentfreak.com/game-pirates-celebrate-fall-of-denuvos-brand-new-protection-170414/

When file-sharing was first getting off the ground, groups like the RIAA and MPAA were public enemy number one. They’re not exactly popular now but neither receive the hatred liberally poured on Denuvo.

The brainchild of Austria-based Denuvo Software Solutions GmbH, Denuvo is an anti-tamper technology designed to protect underlying DRM products. It’s been successfully deployed on gaming titles but just recently it’s iron skin has been showing the cracks.

After all previous versions were defeated, in January version three of Denuvo fell to pirates with the release of Resident Evil 7: Biohazard just five days after its street date. It was a landmark moment for a scene that had grown accustomed to Denuvo-protected games trickling down into the piracy scene months after their retail debut.

But while celebrations got underway, it seemed unlikely that Denuvo would simply sit back and take a beating. Indeed, within days of the crack, Denuvo marketing director Thomas Goebl told Eurogamer that improvements to Denuvo were underway.

“As always, we continue working to improve our solution to create security updates for upcoming Anti-Tamper versions. We will do the same with the learning from this bypass,” Goebl said.

With all eyes primed for a release of a game using the new technology (the cracking scene has labeled it Denuvo v4), earlier this month Mass Effect Andromeda was cracked by CPY, the group behind most of Denuvo’s recent pain. Despite some early claims, the title was actually protected by v3, so the big test was yet to arrive.

Yesterday it did so, in some style.

With its usual fanfare, cracking group CPY announced that it had defeated Denuvo v4 protection on 2Dark, a lesser-known stealth adventure game from the creator of Alone in the Dark.

As seen from the dates in the release notes above, the crack took a little over a month following 2Dark’s street date. Denuvo are still likely to claim that as a victory, since the first few weeks of sales were allowed to go ahead piracy-free. However, it’s worth keeping in mind that this is the new version of Denuvo which was supposed to put the anti-tamper company back out in front.

With celebrations now at fever pitch in game piracy land, there’s an interesting angle to the cracking of 2Dark. First of all, it’s apparent that the majority of people are more excited about Denuvo v4 being cracked than they are at the prospect of playing the game. However, the cracking of 2Dark is being seen as particularly sweet for other reasons.

About a month ago, a poster to Reddit’s /r/crackwatch highlighted that the developers of 2Dark had made some promises they later failed to keep.

It appears that during a 2014 crowdfunding campaign (French) for 2Dark, developer Gloomywood was asked whether there would be any DRM added to the game. For many game players this would be a deal-breaker, especially if they were the ones financing the game. Here’s the assurance that contributors received back.

On the game’s Steam page, the truth later emerged with a note confirming that the title would incorporate “3rd-party DRM: Denuvo Antitamper.” According to a subsequent interview with Techraptor, that was a result of Gloomywood having to team up with publisher Bigben Interactive who insisted on the protection.

Now all eyes are turning to potential forthcoming releases from CPY, each protected by Denuvo v4. Will Nier Automata, Dead Rising 4, and Bulletstorm: Full Clip Edition fall as well? It probably won’t be long before we find out.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

2017-02-22 FizzBuzz 2

Post Syndicated from Vasil Kolev original https://vasil.ludost.net/blog/?p=3343

Понеже идеята ми се мотае в главата от месец-два и тая нощ ми хрумна финалната оптимизация, ето продължението на post-а за fizzbuzz:

int i=0,p;
static void *pos[4]= {&&digit, &&fizz, &&buzz, &&fizzbuzz};
static void *loop[2] = { &&loopst, &&loopend};
int s3[3]={1,0,0},s5[5]={2,0,0,0,0};
char buff[2048];
char dgts[16]={'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'};
int buffpos=0;

loopst:
	i++;
	p= s3[i%3] | s5[i%5]; 
	goto *pos[p];

fizz:
	memcpy(&buff[buffpos],"Fizz", 4);
	buffpos+=4;
	goto end;
buzz:
	memcpy(&buff[buffpos],"Buzz", 4);
	buffpos+=4;
	goto end;
fizzbuzz:
	memcpy(&buff[buffpos],"FizzBuzz", 8);
	buffpos+=8;
	goto end;
digit:
	buff[buffpos++]=dgts[i/16];
	buff[buffpos++]=dgts[i%16];
end:
	buff[buffpos++]='\n';
	goto *loop[i/100];
loopend:
write(1, buff, buffpos);

Известно време се чудех как може цялото нещо да стане без никакъв branch, т.е. и без проверката за край на цикъла. Първоначалната ми идея беше да я карам на асемблер и да използвам като в exploit-ите NOP sled, нещо от типа (извинете ме за калпавия асемблер):

	JMP loopst
	JMP loopend
loopst:
	NOP
	NOP
...
	NOP
	; fizzbuzz implementation
	; i is in RAX
...
	MOV RBX, 0
	SUB RBX, RAX
	SUB RBX, $LENGTH
	SUB EIP, RBX
loopend:

Или, накратко, колкото повече се увеличава i, толкова повече скачам назад с релативния JMP (който съм написал като вадене на нещо от EIP, което най-вероятно изобщо не е валидно), докато не ударя JMP, който ме изхвърля. Като оптимизация бях решил, че мога да shift-вам стойността с 4, така че sled-а да е само 25 броя.

В един момент ми хрумна, че мога да мина и без sled-а, като правя деление (което е отвратителна операция, но спестява кофа nop-ове). Така се получи по-горния вариант на C, който не е съвсем C, а просто някаква странна асемблероподобна гняс.

Иначе, важно е да се отбележи, че на какъвто и да е модерен процесор по-горния код е далеч по-неефективен от простото решение с if-ове, най-вече защото branch prediction и всички други екстри се справят много добре с всякаквите if-ове, но доста по-трудно могат да се сетят тия jmp-ове към таблици базирани на някакви стойности къде точно ще идат, за да се прави спекулативното изпълнение. Не съм си играл да benchmark-вам (въпреки, че имам желание), но като цяло горния код има шанс да се справя по-добре само на неща като 8086 и компания.

И като идея за следващата подобна мизерия, може би може да се оптимизира истински чрез ползване на някое от разширенията за работа с вектори/големи стойности и се unroll-не цикъла, например да се прави на стъпки от по 4 с някаква инструкция, която смята делители (кой-знае какви странни неща има вкарани вече в x86 instruction set-а).

Denuvo Website Leaks Secret Information, Crackers Swarm

Post Syndicated from Andy original https://torrentfreak.com/crackers-swarm-as-denuvo-website-leaks-secret-information-170205/

denuvoAnti-piracy outfit Denuvo has taken a bit of a battering lately after chinks began appearing in the company’s armor. Last weekend, cracking group CPY defeated the protection on Resident Evil 7 in just five days, a record for the anti-tamper technology.

Just a week on, Denuvo has more problems to deal with. For reasons best known to them, the company has left several private directories on its website open to the public, as shown in the image below.

denuvo-directory

Most of the content appears relatively mundane but hidden away in the logs directory is an 11MB text file called Ajax.log, which appears to contain customer support emails dating back to 2014. While some are from companies looking to hire Denuvo, a notable email in slightly broken English appears to have been sent by Capcom.

“This is Jun Matsumoto from CAPCOM Japan. I have a interested in the Denuvo Anti-Tamper solution to protect our game software. If you have a white paper about details, please send me. (ex. platform, usage, price, etc…) And, if you have a sales agent in Japan, please tell me the contact point. Thank you for your cooperations,” it reads.

Another was sent by Jan Newger of Google, who wanted to learn more about Denuvo.

“I’m working in the security team at Google, and would like to evaluate the denuvo product to get an understanding on how it would integrate with existing solutions,” it reads.

“I’m specifically interested in further strengthening existing solutions to hinder understanding/tampering with binary programs. Is it possible to obtain some kind of demo version of the product? Also, could you send a quote to me?

But for every business opportunity, there are dozens of emails from angry pirates, each looking to vent their anger.

“Why do you have to make such shit software to fuck over pc gamers with DRM bullshit. Please inform the companies you work with that if your DRM is implemented on games they are selling, they will lose thousands of customers. Thanks,” wrote someone identifying themselves as Angry Customer.

While any leak of confidential data is a serious event, this developing situation appears to be getting worse. Within the last few minutes, more insecure directories have been discovered, some of them containing relatively large files.

denuvo-directory3

Needless to say, the contents of these files will be of great interest to Denuvo’s adversaries. With that in mind, TF headed over to a platform where crackers meet and sure enough, they are extremely excited and all over this breach. Thus far it appears that most of the files have been downloaded, including one that appears to contain access logs for Denuvo’s website and others which carry executables.

It’s too early to say exactly what these files do but crackers will be hoping for any piece of information or clue explaining how Denuvo works and how it can be defeated. Another bad week for Denuvo is quickly getting worse.

Breaking news, updates to follow.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Denuvo Piracy Crisis as Resident Evil 7 Gets Cracked in Record Time

Post Syndicated from Andy original https://torrentfreak.com/denuvo-piracy-crisis-as-resident-evil-7-gets-cracked-in-record-time-170130/

denuvoDeath. Taxes. Immediate PC games piracy. That was pretty much the state of play before anti-piracy technology company Denuvo Software Solutions came along a few years back.

With its anti-tamper system of the same name, Denuvo took the inevitability of day-of-release PC games piracy and pushed back the boundaries in a way never seen before. Indeed, some older Denuvo-protected games are still piracy free to this day.

In recent times, however, the company has found itself under increasing pressure. In August 2016, cracking group CONSPIR4CY (CPY) dumped a Denuvo-removed version of Rise of the Tomb Raider on torrent sites, some five months after its release. Despite the long delay, it was a landmark moment. Denuvo had been defeated.

Just days later, CPY doubled down by giving puzzle-platformer ‘Inside‘ the same treatment, but in a record time of just six weeks from launch. What followed was a cascade of cracked games, including Doom, Mirror’s Edge Catalyst, Deus Ex: Mankind Divided, and Watch Dogs 2, to name just a few. Now, however, Denuvo is facing its biggest threat yet.

Yesterday, just five days after its January 24th retail date, Resident Evil 7: Biohazard was cracked by CPY. The self-proclaimed Italian group placed RE7 on a so-called top site, with the ‘piracy pyramid‘ doing the rest of the work by cascading it to torrent sites in a matter of minutes. Currently, tens of thousands of pirates are grabbing the 23GB download.

resident-evil

In its defense, Denuvo has never marketed its product as an uncrackable system. The plan, the company insists, is to give games producers a piracy-free window of opportunity, from the day of launch to some undefined point in the future. Protecting those lucrative early months from pirates is the aim.

In some respects, Denuvo is still doing its job, with AAA titles such as Just Cause 3 still protected from piracy months after launch. No one but groups like CPY know why JC3 has avoided the same fate as the other titles. It could just be that they can’t be bothered to crack it. Clearly, the same cannot be said about Resident Evil 7.

Denuvo is obviously a tough system to crack but less than a week’s protection is only marginally better than having no protection at all. Pirates are notoriously impatient but a sizeable majority can probably wait a handful of days for a free game, if they believe CPY can keep pulling this off. That in itself is a problem for Denuvo and the games publishers it’s attempting to protect.

In December, Denuvo refuted claims that it gives publishers refunds if the protection it offers subsequently gets removed.

“We can’t comment on our deals with specific customers, but we do not have any deals in place that offer refunds if a game is cracked within a specific time frame,” Denuvo co-founder Robert Hernandez said.

That being said, publishers must be paying something to have Denuvo protect their titles so it’s reasonable to assume that a year’s protection must be worth more than a month. But when we get down to five days? That surely must involve some kind of discount to deter a debate over whether the protection is worth having at all.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Grumpy: Go running Python

Post Syndicated from corbet original http://lwn.net/Articles/710634/rss

The Google Open Source Blog introduces
the Grumpy project
. “Grumpy is an experimental Python runtime
for Go. It translates Python code into Go programs, and those transpiled
programs run seamlessly within the Go runtime. We needed to support a large
existing Python codebase, so it was important to have a high degree of
compatibility with CPython (quirks and all). The goal is for Grumpy to be a
drop-in replacement runtime for any pure-Python project.

Denuvo: We Don’t Give Refunds When Games Get Cracked

Post Syndicated from Andy original https://torrentfreak.com/denuvo-we-dont-give-refunds-when-games-get-cracked-161219/

First-person shooter Doom is among 2016’s biggest AAA releases. A highly desirable title with an outstanding back-story and pedigree, it was bound to be a target for pirates.

However, following its release in May, Doom did not immediately hit pirate networks. Like so many other big games, its makers had invested in anti-piracy technology supplied by Austria’s Denuvo Software Solutions.

In the end it took around four months for Doom to appear in unauthorized form after being cracked by scene group CPY. Then, earlier this month, developer Bethesda removed Denuvo from the game altogether.

This development triggered much speculation which was only intensified by claims from a developer that Denuvo offers refunds to studios and publishers if their games are cracked within a set period.

“I do want to explain what happened here. Denuvo Software Solutions offers a guarantee, if your Denuvo game is cracked within a certain time (3 months is normal), you do not have to pay for Denuvo,” he said.

While the iteration of Denuvo protecting Doom was cracked just outside this period, the dev’s claims seemed to make sense. The only point of a copy protection technology is to stop games getting pirated, if only for a short length of time, so some kind of guarantee would be a reasonable requirement.

However, in an interview with Kotaku, Denuvo co-founder Robert Hernandez said that the protection was removed from Doom because it had served its purpose. He also denied issuing refunds.

“The simple reason why Denuvo Anti Tamper was removed from Doom was because it had accomplished its purpose by keeping the game safe from piracy during the initial sales window,” Hernandez said.

“The protection on Doom held up for nearly four months, which is an impressive accomplishment for such a high-profile game.”

In that respect, Hernandez is absolutely right. A third of a year is a respectable period for a game developer to begin recovering its costs and a far cry from the “cracked before launch” situation the PC games market was suffering from a few years ago.

However, even with Denuvo having outlived its usefulness on Doom, Hernandez denied anyone at Bethesda was getting their money back.

“We can’t comment on our deals with specific customers, but we do not have any deals in place that offer refunds if a game is cracked within a specific time frame,” he said.

Of course, all of these kinds of statements are open to interpretation. Clearly, Denuvo has to perform and no developer in the world is going to pay for something that fails to live up to its billing of being able to protect the title during its launch period.

So, if there really aren’t any cash-back guarantees and no crystal balls, it seems reasonable to presume that Denuvo customers pay for its protection based on real-world performance.

Denuvo obviously isn’t sharing its deals in public, but protecting the first month would definitely be the most valuable option (and potentially most costly) for developers. A further couple of months of protection would be desirable too but as sales go up and the potential customer base diminishes, so does the value of paying for protection.

If we believe Denuvo that there are no refunds, there seems to be little value in buying six months worth of protection up front on a gamble. Paying by actual performance and longevity would make the most sense.

The developer who made the original claims about refunds did insist that studios would have to remove Denuvo from their games after they stopped paying for protection. At least in some form, this appears to have happened with Doom. After all, one of the supposed selling points of Denuvo is that it doesn’t hurt gaming performance, so if it’s been paid for already, why not simply leave it in place?

That being said, Hernandez told Kotaku that the removal was the publisher’s decision.

“[E]ach publisher is of course free to remove our anti tamper tech from their title once they feel the protection has achieved its purpose in protecting the initial sales window, or if they have other reasons for doing so, such as selling the title on DRM-free platforms,” he said.

Finally, what is perhaps most interesting about Denuvo is the fact that despite it being a little more vulnerable in recent months, it still generates plenty of discussion. That in itself shows that the technology is still an irritant to pirates and for games developers, that’s nearly always something worth paying for.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Denuvo Removed From Doom After Game Gets Cracked

Post Syndicated from Andy original https://torrentfreak.com/denuvo-removed-from-doom-after-game-gets-cracked-161208/

denuvoWith piracy now an accepted part of video game culture, the main aim of developers is to stop their games leaking in the early days, weeks and months following their launch.

It’s suggested that this piracy-free window of opportunity might allow the bigger and more ambitious titles to recoup much of the money spent creating them. No surprise then that companies are offering solutions to achieve that aim.

The main technology facilitating this breathing space today is Denuvo. This anti-tamper technology sits on top of other DRM, making the majority of games completely uncrackable. However, in more recent months, Denuvo protection has come under fire from a group calling itself CPY.

As a result, more and more Denuvo-protected games are appearing free-to-play online, having had their protections circumvented. But as pirates celebrate, something unexpected is happening. Having been cracked by CPY, some games are having Denuvo removed by their developers.

The latest case involves first-person shooter, Doom. As one of 2016’s biggest AAA releases, Doom is a highly desirable title so it was no surprise it was protected by Denuvo following its release in May.

However, the game was cracked relatively quickly by CPY and began appearing on piracy networks early September. Now developer Bethesda has removed Denuvo from the game altogether.

NFO file from CPY announcing their defeat of Doom’s protectiondoom-nfo

If one looks at the situation logically, it makes some sense that after Denuvo has served its main purpose, it’s technically no longer needed and can be removed. However, after paying out for Denuvo protection (which is rumored to cost upwards of hundreds of thousands of dollars per game), why would developers like Bethesda just not leave it intact?

For some time there have been theories that some kind of refund might be available to developers if Denuvo protection fails to live up to its billing. Some meat has now been put on the bones of that suggestion by a Reddit user who claims to be a games developer at a company using Denuvo.

“Game dev here, I work for a large studio that started using Denuvo recently. I’m neutral on piracy and pirate TV shows a lot, so don’t give me a hard time, certainly not here to judge,” he wrote in a post a few hours ago.

“I do want to explain what happened here. Denuvo Software Solutions offers a guarantee, if your Denuvo game is cracked within a certain time (3 months is normal), you do not have to pay for Denuvo. Part of claiming the refund is you must remove Denuvo from your game.”

In the case of Doom, Denuvo was cracked by CPY four months after release but since it’s one of the bigger titles, it’s conceivable that a longer period could still be eligible for some kind of refund. Ultimately, Denuvo claims that its protection pays for itself so when a game appears online too soon, it may not have reached its goals.

“One of the reasons why the management of my company used it, they think it is a no lose situation. I personally think it is more nuanced,” the developer explains.

“Denuvo is expensive and my management think we lose a fortune to piracy because the industry inflates the figures as I think most of you all know. My management buy in to the inflated figures and Denuvo Software Solutions of course uses them also.

“Obviously I’m just a developer so not aware of the numbers but eventually I’ll find out if Denuvo helped, my educated guess is that it won’t help improve sales figures as much as the management hope. To protect a AAA game, Denuvo charge high 7 figure sums,” he concludes.

Last month, Denuvo was also removed from the adventure game ‘Inside’. That title was released in July but was cracked by CPY in just six weeks, the fastest Denuvo defeat on record.

With two titles setting the trend and another on the horizon, we shouldn’t have to wait long to see if a pattern emerges. Deus Ex: Mankind Divided was released in August and exactly three months later it was cracked by CPY. If the pattern follows, Denuvo should disappear from that title in a couple of months.

How all of this will affect Denuvo’s sales remains to be seen since the company’s protection, while still formidable, is not the titan it once was. It does, however, still cover those crucial early months pretty well and that’s probably acceptable to most of those involved.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Denuvo Says It’s Still Winning the War Against Games Pirates

Post Syndicated from Andy original https://torrentfreak.com/denuvo-says-its-still-winning-the-war-against-games-pirates-161017/

There have been a number of anti-piracy technologies that have become loathed by video games pirates over the years. Some are hated due to their tendency to reduce the quality of the gaming experience. Others are predictably hated due to their effectiveness.

In fact, if one took the time to map dislike of a particular technology and place it on a timeline of how long it takes it to get bypassed or ‘cracked’, those graphs would look very similar indeed. So, when we say that Denuvo is currently the most-hated of all anti-piracy technologies, there’s no real need to ask why.

Just recently, however, pirates have had reason to celebrate. In a matter of months, Denuvo has gone from pretty much uncrackable to a little bit vulnerable.

Early August, a cracker known as Voksi found a loophole in Steam which allowed many Denuvo-protected titles to be played for free. It was a Denuvo bypass, not a full crack, but pirates were grateful. Then, just a few days later the gratitude developed into glee when the first full crack of Denuvo appeared online courtesy of cracking group CPY.

But pirates are always hungry for more and immediately wanted to know when new games would become available. They didn’t have to wait long. Just a couple of weeks later the iteration of Denuvo protecting ‘Inside’ was cracked in record time.

Not long after, those victories were followed by cracks for new games including Doom and Mirror’s Edge Catalyst, so was this the beginning of the end for Denuvo? Well, it all depends on one’s perspective.

Over the years, anti-piracy companies have learned that claiming their technology is flawless has always come back to bite them. Denuvo is no different. In a new interview with MCVUK, the company explains that being uncrackable is neither the claim nor the aim.

“You have to have a realistic view of anti-piracy measures,” marketing director Thomas Goebl explains.

“There is no such thing as unbreakable protection. That’s something we always tell our clients to help manage their expectations. Our scope is to prevent early cracks for every title. We want to allow an initial window when a game is released to have an uncracked version and thus guarantee sales.”

When one considers the effort and funds expended leading up to a game’s release, it’s no surprise that the first few days and weeks are the most important in terms of sales. For so-called ‘AAA titles’ (a big target market for Denuvo), marketing expenses can run into millions of dollars, with every cent designed to make gamers salivate with anticipation while moving their hands ever closer to their wallets. Any delay on stopping a pirate copy appearing quickly translates to more sales, Denuvo says.

But despite notable recent setbacks, Denuvo-protected titles still do not appear online on day one. Or week one. Or even month one. If people want these games, they’re going to have to pay for them. In fact, it is not unusual for games to remain unpirated for months, something that was unthinkable only a year or two ago when titles often appeared online before launch.

Denuvo CEO Reinhard Blaukovitsch told MCVUK that there are a number of strategies that can be employed by developers in order to recoup their development costs and Denuvo is just one piece of the puzzle.

“Some trust in DRM solutions, ones that are user-friendly. They also trust in our solution. There may be other solutions, where you go DRM free or do different price ranges in different territories. This is a marketing decision and strategy that the publishers may want to use. If they decide on some DRM technology or techniques, we can help them,” Blaukovitsch says.

Marketing man Thomas Goebl says that good games will always sell well but as soon as a working pirated version is available online, suddenly developers have to compete with free.

“Even if the service is good, if it has nice community features and so on, those people who don’t want to pay for it simply won’t pay because there is free competition,” he says.

Interestingly, Goebl notes something that many pirates will understand already. Multi-player games that require constant access to an online service are in many cases less vulnerable than variants that can also be played substantially offline. Just Cause 3 (released 11 months ago but yet to be cracked) might be considered one such example.

“Especially for single player games, or if there’s a big single player portion to the game, it makes perfect sense to use an anti-tamper solution like ours to prevent any cracks during the launch window time frame,” Goebl says.

Some pirates might be asking why it’s possible to quickly crack Inside, for example, but not other games that have been released since. The partial answer to that is while crackers like CPY burn the midnight oil circumventing Denuvo, the developers at Denuvo are doing the same with CPY’s work.

“The procedure [after a crack] is the same every time. We analyze how the crack was done and then we update our protection. It’s a game of cat and mouse that we play,” Blaukovitsch says.

“There are many techniques we use to prevent people from debugging, reverse engineering and otherwise tampering with our software. We are improving that technology or those techniques on a day-to-day basis, and coming up with new ideas that are almost entirely new inventions on a monthly basis on how we improve our service.”

The end result, no matter how unpopular with pirates, is that by the company’s own metrics, Denuvo is winning. In the majority of cases the technology does indeed stop games being pirated before, during and after launch, and indeed many months on in most cases.

Whether that will continue to be the case moving forward is unclear, but right now Denuvo is still the most-hated anti-piracy technology on the market. As long as it remains that way, it will be doing its job.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Denuvo Weakens After ‘Inside’ Gets Cracked in Record Time

Post Syndicated from Andy original https://torrentfreak.com/denuvo-weakens-after-inside-cracked-in-record-time-160824/

denuvoDozens of anti-piracy techniques have been tested over the years on formats ranging from cassette tapes to digital downloads, but for pirates the lure of free content is both intoxicating and enduring.

In recent years, games developers have come to accept that piracy cannot be eradicated entirely, but it can be slowed down. The main aim in the modern era is to stop games leaking in the days, weeks and early months following their launch. This allows titles, especially those with high production costs, to make the best of those crucial early days.

In no insignificant terms that breathing room has been provided by Austrian anti-piracy outfit Denuvo. Its anti-tamper technology is quite possibly the best there is and as a result, many so-called AAA titles have remained piracy free since their launch. Just recently, however, significant cracks (excuse the pun) have appeared in its armor.

Early this month, a ‘Scene’ group called CONSPIR4CY properly cracked an iteration of Denuvo that had been protecting Rise of the Tomb Raider (ROTTR). The news had many pirates extremely excited.

While undoubtedly a momentous occasion, ROTTR had been released in January, meaning that in theory CONSPIR4CY might have worked on the crack for six or seven months, a lifetime for most pirates. Furthermore, half a year’s head start is huge for the title’s developers in terms of sales, so without doubt Denuvo had done its job.

Yesterday, however, there was a new development which might represent a more worrying chink in Denuvo’s defenses.

With a lack of fanfare usually associated with some of the Scene’s more mature groups, CONSPIR4CY (a reported collaboration between the CPY and CODEX groups) released a fully cracked version of puzzle-platformer ‘Inside

inside-nfo

The importance here is that while ROTTR enjoyed six months without having to compete with free, Inside was released for Windows on July 7, 2016. No one but CONSPIR4CY knows precisely when they began chipping away at the game’s protection but even if they started on day one, it has taken only six weeks to defeat it.

There is some speculation that Inside took less time to crack because in storage terms it’s a smaller sized game that ROTTR. That being said, it will be of little consolation to Danish developer Playdead who will have paid Denuvo handsomely for their protection.

With CONSPIR4CY all but impossible to find, let alone obtain a comment from, TorrentFreak asked game cracker Royalgamer06, a colleague of Voksi who found a Denuvo workaround earlier this month, for his thoughts on the new release.

“It’s quite obvious that CONSPIR4CY is beating Denuvo. At least the current Denuvo protection,” Royalgamer06 told TF.

“Inside’s Denuvo protection is quite recent and therefore we could expect all sorts of Denuvo (Steam) games coming from [CONSPIR4CY].”

Royalgamer06 believes that it may have only taken CONSPIR4CY two weeks to crack Inside and that another big game’s debut (also Denuvo protected) might have influenced the pirate release yesterday.

“It took [CONSPIR4CY] two weeks. They either waited to release it (just before the new Deus Ex game is nice timing) or it’s all the time it took them to patch all in-game triggers and polish the crack,” he explains.

So all eyes now turn to the brand new release of Deus Ex Mankind Divided. If that game is quickly cracked by CONSPIR4CY, Denuvo could be coming out in a cold sweat. In the meantime, others are also attempting to dismantle their empire.

“Voksi is also up to something,” Royalgamer06 concludes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Denuvo Properly Cracked, “Rise of the Tomb Raider” First Victim

Post Syndicated from Andy original https://torrentfreak.com/denuvo-properly-cracked-rise-of-the-tomb-raider-first-victim-160809/

denuvoOver the years, many anti-piracy systems have ruffled the feathers of video game pirates but none have done so to the extent Denuvo has.

Not a DRM technology its own right, Denuvo is software that acts as an anti-tamper mechanism, thwarting the efforts of so-called crackers who want to make games available for free.

Before this weekend, just one Denuvo-protected title had appeared online. FIFA 16’s protection was bypassed, not cracked (a subtle but important detail), by Turk DM. Nevertheless, pirates never take even a bypass for granted – free games are free games, after all.

Then this weekend, the floodgates opened. A cracker known as Voksi found a loophole in Steam which allowed many Denuvo-protected titles to be played for free. It was another bypass, one powered by a secret sauce.

“His secret method for defeating Denuvo was beer, tons of it,” Voksi colleague Royalgamer06 told TorrentFreak.

Royalgamer06 confirms that Voksi hails from Bulgaria and the pair met on a forum where they shared a passion for cracking games.

“Voksi has been cracking for a number of years now. We met each other on [a Russian forum]. We both were releasing so-called ‘Steamworks fixed’, which allowed pirates to play cracked games online through Steam,” he says.

“Somehow he found out about this exploit. At first, he couldn’t believe it himself. But after several tests it really worked. And then he got really excited and released it. This got the whole piracy community excited, which motivated Voksi even more.”

And exciting it was too. After the Doom release came several other titles including Return of the Tomb Raider, Just Cause 3, Homefront: The Revolution, ABZU, INSIDE and Total War WARHAMMER.

“It’s a Denuvo bypass technically,” Royalgamer06 explains

“It relies on an exploit using the DOOM Demo Denuvo activation. Voksi had to make different memory patches for each game to work. But the principle remained the same. So many pirates have been able to play and finish these games.”

Indeed, according to stats provided by Voksi, an estimated 650K people used his bypass method over the weekend. It apparently somehow calls back home to him, hence the figures.

But then yesterday, as thousands of pirates celebrated the surprise fall of Denuvo, misery struck. Voksi’s workaround was defeated.

“Voksi’s exploit has been patched by Denuvo now,” Royalgamer06 told TF last night.

“They disabled activations for the DOOM demo, which the bypass relied on. It took them three days to do it. Seems the Denuvo guys don’t work at the weekend.”

But as the storm clouds gathered over pirate haunts everywhere and the sun beamed down on Denuvo in Austria, even bigger news appeared on the horizon. A single line of text on so-called pre-databases (sites that signal pirate releases) indicated that a big name in the piracy scene had made amazing progress.

‘Rise.Of.The.Tomb.Raider.READNFO-CONSPIR4CY’ references a release by a ‘Scene’ group known as CONSPIR4CY, a reported collaboration between CPY and CODEX.

More than a bypass of Denuvo, this release of the latest Tomb Raider game appears to contain the Holy Grail – a bona fide crack of Denuvo.

denuvo-cpy

Predictably and despite its size, the 31GB file is now hot property on file-sharing sites. It comes updated with the latest patch and includes three DLCs including Baba Yaga: The Temple of the Witch, Cold Darkness Awakened and Endurance Mode.

But while CONSPIR4CY (whose motto is “Always Outnumbered, Never Outgunned) have undoubtedly achieved something amazing in pirate terms, the Denuvo battle is probably far from won.

Thus far only Tomb Raider has fallen, and that was released in January this year, meaning that the title had more than six months clear run at piracy-free sales. That being said, no one knows when CONSPIR4CY began working on Denuvo.

In any event, optimism is high for more Denuvo titles being released soon.

“Who knows what more Denuvo games get released now,” Royalgamer06 says.

“Denuvo’s reputation will get crushed at this rate for sure. First they let this big [Voksi] exploit happen and now their infamous protection gets fully cracked by CONSPIR4CY.

“Seems like there really is no way to beat piracy,” he concludes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

systemd for Developers I

Post Syndicated from Lennart Poettering original http://0pointer.net/blog/projects/socket-activation.html

systemd
not only brings improvements for administrators and users, it also
brings a (small) number of new APIs with it. In this blog story (which might
become the first of a series) I hope to shed some light on one of the
most important new APIs in systemd:

Socket Activation

In the original blog
story about systemd
I tried to explain why socket activation is a
wonderful technology to spawn services. Let’s reiterate the background
here a bit.

The basic idea of socket activation is not new. The inetd
superserver was a standard component of most Linux and Unix systems
since time began: instead of spawning all local Internet services
already at boot, the superserver would listen on behalf of the
services and whenever a connection would come in an instance of the
respective service would be spawned. This allowed relatively weak
machines with few resources to offer a big variety of services at the
same time. However it quickly got a reputation for being somewhat
slow: since daemons would be spawned for each incoming connection a
lot of time was spent on forking and initialization of the services
— once for each connection, instead of once for them all.

Spawning one instance per connection was how inetd was primarily
used, even though inetd actually understood another mode: on the first
incoming connection it would notice this via poll() (or
select()) and spawn a single instance for all future
connections. (This was controllable with the
wait/nowait options.) That way the first connection
would be slow to set up, but subsequent ones would be as fast as with
a standalone service. In this mode inetd would work in a true
on-demand mode: a service would be made available lazily when it was
required.

inetd’s focus was clearly on AF_INET (i.e. Internet) sockets. As
time progressed and Linux/Unix left the server niche and became
increasingly relevant on desktops, mobile and embedded environments
inetd was somehow lost in the troubles of time. Its reputation for
being slow, and the fact that Linux’ focus shifted away from only
Internet servers made a Linux machine running inetd (or one of its newer
implementations, like xinetd) the exception, not the rule.

When Apple engineers worked on optimizing the MacOS boot time they
found a new way to make use of the idea of socket activation: they
shifted the focus away from AF_INET sockets towards AF_UNIX
sockets. And they noticed that on-demand socket activation was only
part of the story: much more powerful is socket activation when used
for all local services including those which need to be started
anyway on boot. They implemented these ideas in launchd, a central building
block of modern MacOS X systems, and probably the main reason why
MacOS is so fast booting up.

But, before we continue, let’s have a closer look what the benefits
of socket activation for non-on-demand, non-Internet services in
detail are. Consider the four services Syslog, D-Bus, Avahi and the
Bluetooth daemon. D-Bus logs to Syslog, hence on traditional Linux
systems it would get started after Syslog. Similarly, Avahi requires
Syslog and D-Bus, hence would get started after both. Finally
Bluetooth is similar to Avahi and also requires Syslog and D-Bus but
does not interface at all with Avahi. Sinceoin a traditional
SysV-based system only one service can be in the process of getting
started at a time, the following serialization of startup would take
place: Syslog → D-Bus → Avahi → Bluetooth (Of course, Avahi and
Bluetooth could be started in the opposite order too, but we have to
pick one here, so let’s simply go alphabetically.). To illustrate
this, here’s a plot showing the order of startup beginning with system
startup (at the top).

Parallelization plot

Certain distributions tried to improve this strictly serialized
start-up: since Avahi and Bluetooth are independent from each other,
they can be started simultaneously. The parallelization is increased,
the overall startup time slightly smaller. (This is visualized in the
middle part of the plot.)

Socket activation makes it possible to start all four services
completely simultaneously, without any kind of ordering. Since the
creation of the listening sockets is moved outside of the daemons
themselves we can start them all at the same time, and they are able
to connect to each other’s sockets right-away. I.e. in a single step
the /dev/log and /run/dbus/system_bus_socket sockets
are created, and in the next step all four services are spawned
simultaneously. When D-Bus then wants to log to syslog, it just writes
its messages to /dev/log. As long as the socket buffer does
not run full it can go on immediately with what else it wants to do
for initialization. As soon as the syslog service catches up it will
process the queued messages. And if the socket buffer runs full then
the client logging will temporarily block until the socket is writable
again, and continue the moment it can write its log messages. That
means the scheduling of our services is entirely done by the kernel:
from the userspace perspective all services are run at the same time,
and when one service cannot keep up the others needing it will
temporarily block on their request but go on as soon as these
requests are dispatched. All of this is completely automatic and
invisible to userspace. Socket activation hence allows us to
drastically parallelize start-up, enabling simultaneous start-up of
services which previously were thought to strictly require
serialization. Most Linux services use sockets as communication
channel. Socket activation allows starting of clients and servers of
these channels at the same time.

But it’s not just about parallelization. It offers a number of
other benefits:

  • We no longer need to configure dependencies explicitly. Since the
    sockets are initialized before all services they are simply available,
    and no userspace ordering of service start-up needs to take place
    anymore. Socket activation hence drastically simplifies configuration
    and development of services.
  • If a service dies its listening socket stays around, not losing a
    single message. After a restart of the crashed service it can continue
    right where it left off.
  • If a service is upgraded we can restart the service while keeping
    around its sockets, thus ensuring the service is continously
    responsive. Not a single connection is lost during the upgrade.
  • We can even replace a service during runtime in a way that is
    invisible to the client. For example, all systems running systemd
    start up with a tiny syslog daemon at boot which passes all log
    messages written to /dev/log on to the kernel message
    buffer. That way we provide reliable userspace logging starting from
    the first instant of boot-up. Then, when the actual rsyslog daemon is
    ready to start we terminate the mini daemon and replace it with the
    real daemon. And all that while keeping around the original logging
    socket and sharing it between the two daemons and not losing a single
    message. Since rsyslog flushes the kernel log buffer to disk after
    start-up all log messages from the kernel, from early-boot and from
    runtime end up on disk.

For another explanation of this idea consult the original blog
story about systemd
.

Socket activation has been available in systemd since its
inception. On Fedora 15 a number of services have been modified to
implement socket activation, including Avahi, D-Bus and rsyslog (to continue with the example above).

systemd’s socket activation is quite comprehensive. Not only classic
sockets are support but related technologies as well:

  • AF_UNIX sockets, in the flavours SOCK_DGRAM, SOCK_STREAM and SOCK_SEQPACKET; both in the filesystem and in the abstract namespace
  • AF_INET sockets, i.e. TCP/IP and UDP/IP; both IPv4 and IPv6
  • Unix named pipes/FIFOs in the filesystem
  • AF_NETLINK sockets, to subscribe to certain kernel features. This
    is currently used by udev, but could be useful for other
    netlink-related services too, such as audit.
  • Certain special files like /proc/kmsg or device nodes like /dev/input/*.
  • POSIX Message Queues

A service capable of socket activation must be able to receive its
preinitialized sockets from systemd, instead of creating them
internally. For most services this requires (minimal)
patching. However, since systemd actually provides inetd compatibility
a service working with inetd will also work with systemd — which is
quite useful for services like sshd for example.

So much about the background of socket activation, let’s now have a
look how to patch a service to make it socket activatable. Let’s start
with a theoretic service foobard. (In a later blog post we’ll focus on
real-life example.)

Our little (theoretic) service includes code like the following for
creating sockets (most services include code like this in one way or
another):

/* Source Code Example #1: ORIGINAL, NOT SOCKET-ACTIVATABLE SERVICE */
...
union {
        struct sockaddr sa;
        struct sockaddr_un un;
} sa;
int fd;

fd = socket(AF_UNIX, SOCK_STREAM, 0);
if (fd < 0) {
        fprintf(stderr, "socket(): %m\n");
        exit(1);
}

memset(&sa, 0, sizeof(sa));
sa.un.sun_family = AF_UNIX;
strncpy(sa.un.sun_path, "/run/foobar.sk", sizeof(sa.un.sun_path));

if (bind(fd, &sa.sa, sizeof(sa)) < 0) {
        fprintf(stderr, "bind(): %m\n");
        exit(1);
}

if (listen(fd, SOMAXCONN) < 0) {
        fprintf(stderr, "listen(): %m\n");
        exit(1);
}
...

A socket activatable service may use the following code instead:

/* Source Code Example #2: UPDATED, SOCKET-ACTIVATABLE SERVICE */
...
#include "sd-daemon.h"
...
int fd;

if (sd_listen_fds(0) != 1) {
        fprintf(stderr, "No or too many file descriptors received.\n");
        exit(1);
}

fd = SD_LISTEN_FDS_START + 0;
...

systemd might pass you more than one socket (based on
configuration, see below). In this example we are interested in one
only. sd_listen_fds()
returns how many file descriptors are passed. We simply compare that
with 1, and fail if we got more or less. The file descriptors systemd
passes to us are inherited one after the other beginning with fd
#3. (SD_LISTEN_FDS_START is a macro defined to 3). Our code hence just
takes possession of fd #3.

As you can see this code is actually much shorter than the
original. This of course comes at the price that our little service
with this change will no longer work in a non-socket-activation
environment. With minimal changes we can adapt our example to work nicely
both with and without socket activation:

/* Source Code Example #3: UPDATED, SOCKET-ACTIVATABLE SERVICE WITH COMPATIBILITY */
...
#include "sd-daemon.h"
...
int fd, n;

n = sd_listen_fds(0);
if (n > 1) {
        fprintf(stderr, "Too many file descriptors received.\n");
        exit(1);
} else if (n == 1)
        fd = SD_LISTEN_FDS_START + 0;
else {
        union {
                struct sockaddr sa;
                struct sockaddr_un un;
        } sa;

        fd = socket(AF_UNIX, SOCK_STREAM, 0);
        if (fd < 0) {
                fprintf(stderr, "socket(): %m\n");
                exit(1);
        }

        memset(&sa, 0, sizeof(sa));
        sa.un.sun_family = AF_UNIX;
        strncpy(sa.un.sun_path, "/run/foobar.sk", sizeof(sa.un.sun_path));

        if (bind(fd, &sa.sa, sizeof(sa)) < 0) {
                fprintf(stderr, "bind(): %m\n");
                exit(1);
        }

        if (listen(fd, SOMAXCONN) < 0) {
                fprintf(stderr, "listen(): %m\n");
                exit(1);
        }
}
...

With this simple change our service can now make use of socket
activation but still works unmodified in classic environments. Now,
let’s see how we can enable this service in systemd. For this we have
to write two systemd unit files: one describing the socket, the other
describing the service. First, here’s foobar.socket:

[Socket]
ListenStream=/run/foobar.sk

[Install]
WantedBy=sockets.target

And here’s the matching service file foobar.service:

[Service]
ExecStart=/usr/bin/foobard

If we place these two files in /etc/systemd/system we can
enable and start them:

# systemctl enable foobar.socket
# systemctl start foobar.socket

Now our little socket is listening, but our service not running
yet. If we now connect to /run/foobar.sk the service will be
automatically spawned, for on-demand service start-up. With a
modification of foobar.service we can start our service
already at startup, thus using socket activation only for
parallelization purposes, not for on-demand auto-spawning anymore:

[Service]
ExecStart=/usr/bin/foobard

[Install]
WantedBy=multi-user.target

And now let’s enable this too:

# systemctl enable foobar.service
# systemctl start foobar.service

Now our little daemon will be started at boot and on-demand,
whatever comes first. It can be started fully in parallel with its
clients, and when it dies it will be automatically restarted when it
is used the next time.

A single .socket file can include multiple ListenXXX stanzas, which
is useful for services that listen on more than one socket. In this
case all configured sockets will be passed to the service in the exact
order they are configured in the socket unit file. Also,
you may configure various socket settings in the .socket
files.

In real life it’s a good idea to include description strings in
these unit files, to keep things simple we’ll leave this out of our
example. Speaking of real-life: our next installment will cover an
actual real-life example. We’ll add socket activation to the CUPS
printing server.

The sd_listen_fds() function call is defined in sd-daemon.h
and sd-daemon.c. These
two files are currently drop-in .c sources which projects should
simply copy into their source tree. Eventually we plan to turn this
into a proper shared library, however using the drop-in files allows
you to compile your project in a way that is compatible with socket
activation even without any compile time dependencies on
systemd. sd-daemon.c is liberally licensed, should compile
fine on the most exotic Unixes and the algorithms are trivial enough
to be reimplemented with very little code if the license should
nonetheless be a problem for your project. sd-daemon.c
contains a couple of other API functions besides
sd_listen_fds() that are useful when implementing socket
activation in a project. For example, there’s sd_is_socket()
which can be used to distuingish and identify particular sockets when
a service gets passed more than one.

Let me point out that the interfaces used here are in no way bound
directly to systemd. They are generic enough to be implemented in
other systems as well. We deliberately designed them as simple and
minimal as possible to make it possible for others to adopt similar
schemes.

Stay tuned for the next installment. As mentioned, it will cover a
real-life example of turning an existing daemon into a
socket-activatable one: the CUPS printing service. However, I hope
this blog story might already be enough to get you started if you plan
to convert an existing service into a socket activatable one. We
invite everybody to convert upstream projects to this scheme. If you
have any questions join us on #systemd on freenode.