Hi there,
i'm sorry, but i'm forced to temporary delete my devices from z.
The reason is that santa claus has revealed me a trick to grab the entire circuitery of a protected device and use it on a new one....
I'm seeing what devices are affected by this bug/trick and i know what devices are not and I'm disappointed about the cospiracy of silence shown by who is aware of the trick.
I liked very much to spend entire days discovering solutions and "how to" make an idea working with the unavailability of a user manual, with no support from cw audio, with no examples, but malicious sdk users aware of the bug/trick are able to grab every part of a circuit and make a new device, so if i've spent 200 hours to find how to use a dsp inside a circuit, someone could have copied the core parts on a new device in minutes, then make a good GUI and the device is ready to be applauded.
So, i've decided to temporary move my devices off line and i'll share my stuff again when it will be safe.
Thanks to all and Merry Christmas
Sal
About my devices
hi red muze,
what i mean is opening a device such as flexor lp4 legend and seeing the device circuit as it was not protected.
I still have not checked if your devices are subjected to the bug i'm talking for, but i'll send an explanation to the developers that have realized devices without taking care of the bug exposure.....
what i mean is opening a device such as flexor lp4 legend and seeing the device circuit as it was not protected.
I still have not checked if your devices are subjected to the bug i'm talking for, but i'll send an explanation to the developers that have realized devices without taking care of the bug exposure.....
Yes it's related to what warp69 was talking for, but warp69 has said about a tool to watch inside protected devices and what i'm talking for is a way to watch inside protected devices without the need of additional tools.
Tere is an operation to do to avoid the exposure of protected devices to the bug and i'm writing to the exposed developers to explain how to...
Tere is an operation to do to avoid the exposure of protected devices to the bug and i'm writing to the exposed developers to explain how to...
If it works, very smart to put this out publicly 
more has been done with less
https://soundcloud.com/at0m-studio
https://soundcloud.com/at0m-studio
you misunderstood at0m's wink, Stardust.
obviously even Quantec knew about it before 2000 as they seized their plans to develope for Scope explicitely for 'weakness' of the protection.
Most developers (imho) simply ignored it as the high entry fee of DP worked as a filter to reduce the circle of applicants to a highly professional group.
You may remember that I was strictly against releasing SDK more or less to the public - for safety's sake. It's unavoidable that one or the other not so 'integral' person starts 'fiddling' with it.
I agree with at0m that leaving the cat out of the bag in public wasn't that smart - he better had pm'ed the respective developers
cheers, Tom
obviously even Quantec knew about it before 2000 as they seized their plans to develope for Scope explicitely for 'weakness' of the protection.
Most developers (imho) simply ignored it as the high entry fee of DP worked as a filter to reduce the circle of applicants to a highly professional group.
You may remember that I was strictly against releasing SDK more or less to the public - for safety's sake. It's unavoidable that one or the other not so 'integral' person starts 'fiddling' with it.
I agree with at0m that leaving the cat out of the bag in public wasn't that smart - he better had pm'ed the respective developers
cheers, Tom
astroman,
i have not spread news about how the bug works.
I have privately informed the developers who have released devices exposed to the protection bug.
The main reason of why i have started this thread is to explain why i have removed my devices from z and the second reason is to show my disappointing about the behavior of who knows about the bug and have not informed the others sdk users.
I'm surprised to be called stupid about this thread, but i think that the real stupid is who was spying inside the protected devices.
i have not spread news about how the bug works.
I have privately informed the developers who have released devices exposed to the protection bug.
The main reason of why i have started this thread is to explain why i have removed my devices from z and the second reason is to show my disappointing about the behavior of who knows about the bug and have not informed the others sdk users.
I'm surprised to be called stupid about this thread, but i think that the real stupid is who was spying inside the protected devices.
I'm with Salvatore, I make gladly my (poordjmicron wrote:astroman,
I'm surprised to be called stupid about this thread, but i think that the real stupid is who was spying inside the protected devices.
) circuits available to whom desired it, but all must be done with the correct credits of the gorup of developers.I am very sad in to know that someone can copy my job without sharing his knowledges.
This is against the philosophy of free SDK, and this damages the correct development of community.
To this point I propose to create a private forum for developers in which can be made his own circuits free available (after an official request). This would be very more honest and useful for a fast improvement of the quality of the plugins. I've seen something similar in Sytnthedit forums...
Scope can survive only with this free sharing policy and not with the small (& it looks like, deceitful) "starlet system".
I would also like to know how Wavelength create his oscillators/filters or as CW makes the oversampling in his synths... but not in this way!
4PC + Scope 5.0 + no more Xite + 2xScope Pro + 6xPulsarII + 2xLunaII + SDK + a lot of devices (Flexor III & Solaris 4.1 etc.) + Plugiator.
just to make things clear,
sdk 4.0 is not available to the public.
To obtain it, you must send a signed form to cw audio and you must have a 14 dsp card.
Scope dp is outside from the market, so scope sdk 4.0 at the moment is the only available tool for who would develop devices for scope platform and if DP had been still available i would had bought it.
On the sdk form creamware wrote "let us know about your devices", so it's not necessarily true that all devices must be free and if a developer have a good device he can do an agreement with creamware audio to sell it.
Anyway, making free devices does not mean to make the circuits/algos available to the public and it is why on scope sdk you can protect your devices.
I agree about working in team and making the circuits available to all, but not for all of my works.
Regards
Salvatore
sdk 4.0 is not available to the public.
To obtain it, you must send a signed form to cw audio and you must have a 14 dsp card.
Scope dp is outside from the market, so scope sdk 4.0 at the moment is the only available tool for who would develop devices for scope platform and if DP had been still available i would had bought it.
On the sdk form creamware wrote "let us know about your devices", so it's not necessarily true that all devices must be free and if a developer have a good device he can do an agreement with creamware audio to sell it.
Anyway, making free devices does not mean to make the circuits/algos available to the public and it is why on scope sdk you can protect your devices.
I agree about working in team and making the circuits available to all, but not for all of my works.
Regards
Salvatore
you may have had to 'cheat' a little bit about that, as Warp (most likely) cheated when he 'invented' a 'tool', to not draw more attention than necessary.djmicron wrote:...The main reason of why i have started this thread is to explain why i have removed my devices from z ...
You may remember that he really tried to avoid any statement about the subject at all.
That's my personal guess and I have no more information about the background than anyone else, but it's a long time since he decided not to continue his reverb series.
I don't have SDK or DP, so it's eventually not my business
understandable to a degree, but...and the second reason is to show my disappointing about the behavior of who knows about the bug and have not informed the others sdk users.
first of all it seems to be known for a very long time,
second the one who publishes it is the first to get under suspect (...why then did he intend to open the device... ?) and
third this is the job of CWA to point it out in the documentation.
in the latter case it falls under the NDA and is (to be) kept from public
you're not - 'to not act smart' has a different meaning, it's more like 'not suitable' or clumsy...I'm surprised to be called stupid about this thread, ...
don't be naive about who is peeking at what and where - everyone does it in IT (but of course everyone denies the question if asked personally), yet what do you think all those reports about code suspected to be unsafe (buffer overflows etc) are based on ?...but i think that the real stupid is who was spying inside the protected devices.
Each report about those safety leaks is an active and aware violation of the respective application's license (at least I haven't come across a single license in 20 years that does NOT prohibit disassembling).
Yet people report about their findings in public with their full name or company adress without consequences. It's an accepted matter of fact.
I don't have DP or SDK myself, but I'm in developement (not music related) for almost 20 years - when I've shared some insights about 'the dark side of engineering' then never anything exceeding common knowledge.
I'd never start a 'tips & tricks' section on that matter, but you can be absolutely sure that everything I've mentioned regarding 'safety' HAS BEEN TRIED by those with time and motivation.
cheers, Tom
astroman whe are on different view points,
as i already have said, i'm not spreading informations on how to use the bug, but i'm sending informations on how to fix it.
Where i have found bad protected devices, i have informed the developer about it and i have told him to fix it, but you are suggesting me to cheat about it and to shout my mouth and it's against my religion.
You don't have sdk or dp, but you know everything about it and i don't understand why you are against me on this discussion.
as i already have said, i'm not spreading informations on how to use the bug, but i'm sending informations on how to fix it.
Where i have found bad protected devices, i have informed the developer about it and i have told him to fix it, but you are suggesting me to cheat about it and to shout my mouth and it's against my religion.
i know how license agreements works, but you are misunderstanding me, because i'm talking more on the honesty side than in the business one.don't be naive about who is peeking at what and where - everyone does it in IT (but of course everyone denies the question if asked personally), yet what do you think all those reports about code suspected to be unsafe (buffer overflows etc) are based on ?
Each report about those safety leaks is an active and aware violation of the respective application's license (at least I haven't come across a single license in 20 years that does NOT prohibit disassembling).
You don't have sdk or dp, but you know everything about it and i don't understand why you are against me on this discussion.
As a software professional I've of course informed myself as good as it goes about Scope developement, long before I eventually bought a Pulsar One.djmicron wrote:...You don't have sdk or dp, but you know everything about it and i don't understand why you are against me on this discussion.
I've been involved in scientific (real-time) data processing for some time.
To be honest I know (and used) so many (and some pretty exotic) SDKs that it's not too difficult to figure out what Scope is about.
But I'm not at all 'against' you - for the respective developers it doesn't change anything to inform them private - for the 'reputation' of the system it makes a whole difference.
Things like this do draw attention - regardless if you like it or not - if there's one vulnerability, then why shouldn't there be another ? And so it starts...
Not your fault of course, but you might add to it in an unnecessary way.
Nevertheless it's a different viewpoint and yours is accepted.
Indeed there has been (!) a great community among several (long time) developers I know about, but don't rely too much on ethic values when it comes to money and esteem...
cheers, Tom
-
irrelevance
-
next to nothing
- Posts: 2521
- Joined: Mon Jul 29, 2002 4:00 pm
- Location: Bergen, Norway
well,
this 'hack' sort of gives developers a possibility to go inside a protected device and see if others have copied their schematics, instead of just guessing and making accusations , right?
A simple copyright would solve the case easily.
kind of ironic, isn't it; developers try to emulate the circuitry of existing physical devices (be it minimax or certain vintage reverbs), yet their emulations creations should not be "opened and studied" under any circumstances
Its also kind of funny that, if it really is this easy to "hack" protected devices, no "scene group" has ever released a safe, working package of hacked devices for scope. And we all know they have tried.
I understand the concern of developers getting "ripped off" their glory, but hey, atleast now we know you have a real possibility to check devices to see if they are just copies of existing technology or really has a unique design.
this 'hack' sort of gives developers a possibility to go inside a protected device and see if others have copied their schematics, instead of just guessing and making accusations , right?
A simple copyright would solve the case easily.
kind of ironic, isn't it; developers try to emulate the circuitry of existing physical devices (be it minimax or certain vintage reverbs), yet their emulations creations should not be "opened and studied" under any circumstances
Its also kind of funny that, if it really is this easy to "hack" protected devices, no "scene group" has ever released a safe, working package of hacked devices for scope. And we all know they have tried.
I understand the concern of developers getting "ripped off" their glory, but hey, atleast now we know you have a real possibility to check devices to see if they are just copies of existing technology or really has a unique design.