Daz Studio Pro BETA - version 4.9.0.21!

13468932

Comments

  • SkirikiSkiriki Posts: 4,972
    icecrmn said:

    This would require the user to download, install , and execute the script.

    This is one of the reasons why items found on warez sites should not be trusted.It may not be your Daz Studio content they are after, it maybe your bank account instead.

    "Hey, I just uploaded to ShareCG/Rendo this script which will do this thingamagic X you've been asking for!"

    Sure, it does do that. But since like 99% of users don't have any formal background in coding or system security or whatever, what if it contains an extra payload?

    Do not assume that everyone gets infected via illegitimate means.

    http://www.slate.com/articles/technology/technology/2012/05/malware_and_computer_viruses_they_ve_left_porn_sites_for_religious_sites_.html

  • DAZ_RawbDAZ_Rawb Posts: 817
    SimonJM said:

    This has not been a fun read.  I have no problem with protecting the work of the PAs who produce the content that I buy (I even sometimes use it!), I really do not like piracy.  I also really do not like 'the cloud', Steam (or Steam-like things to the effect of that despite loving the game Morrowind, I refuse to buy the sequel which requires a Steam account to authenticate).  I have no opinion on DRM (beyond a wish to be able to 'use' what I buy where I like) as I do not have anything that uses it :)

    I think some of my concerns (which are deep enough to make me step away from DAZ as a vendor) have been addressed and the fears mainly allayed.

    Change is inevitable, and I will (often reluctantly) go along in the knowledge that I am not yet enough of an old dog to be unable to learn new tricks.  One of my concerns is all the references to 'products available ..' in the menu structure, implying an active network connection to determine the data.  I really do not want that, even if it's only a few KB of metadata.  If you TRULY want to stuff up an application or program (or even OS) have it choke on a bad connection (for whatever reason).  If I opt (which I suspect I will) to upgrade to 5.9 (and no, I am not installing the beta to try it) I think I am going to be disabling this Connect service.

    I don't care about encryption, really.  Yes, I have looked through files to correct paths, etc., in the past but I can live without doing so :)  What I DO care about is the ability to download content on one machine (and NOT install it there) to an external HDD and then, later, install that downloaded content on another computer.  With DIM I can, and do, do this.  I get the distinct impression this will be a thing of the past very soon.

    After products are downloaded a limited subset of the files (Daz specific ones, not textures and the like) are reencrypted using a user specific key. This means that if you are sharing a hard drive (or just the files) between multiple machines all of those machines will happily read those files without issue. We have some features to build out to make this more transparent, but it is intended to be a fully supported configuration.

    SimonJM said:

    Without Smart Content a LOT of things in DS do not work: auto-fit, etc.  As I mention above there are a LOT of suggestions in the menu structure that options require Connect.  So one question is: what will not work with Connect inactive.  Another question is: how badly will general Daz Studio performance be impacted by laggy network connections?

    Smart content got some large feature upgrades to it in order to allow it to better work for things such as auto-fit and other items where it filtered your available items too far.

     

    To speak to laggy network connections it would only slow down fetching metadata and downloading/updating products. You could also work offline if you prefer, there is no requirement to keep online in order to keep using your content.

  • SyndarylSyndaryl Posts: 521
    edited October 2015

    I've been a loyal customer with DAZ since 3rd generation, not as long as some, but I've spent a horrendous amount of money here (it looks like six or seven thousand dollars, possibly more). I was looking forward to spending another horrendous amount of money in the future, but frankly this is enough to make me seriously reconsider my entire relationship with DAZ.

    I do not have unmetered internet. "The Cloud" is short hand for "extra charges every month".

    I frankly do not believe DAZ, DAZ Connect, or any other internet service will be there when my harddrive goes tits up and I need to restore. I may be broke and had to cancel my internet, or downgrade to dialup, or moved to bass ackwards nowhere and have internet via a little antenna on the roof. Not having sensible, simple local backups that don't rely on proprietary technology is crazy.

    Needing keys to unlock my legitimately licensed downloads is a really bad long term idea.

    What's worse immediately is the decision to lock me into a single piece of software. This kind of monopoly-grab is skummy. It's low. 

    Frankly, I thought DAZ was better than this.

    This has nothing to do with software piracy and everything to do with forcing me to only use Studio. I don't use Poser, I don't use Carrara, I don't use ZBrush, I don't use 3D Studio Max, I don't use Maya, etc. All the big software might eventually get some sort of bridge although I'm certain we'll have to pay for the privelage. Carrara is in house so it might get a bridge eventually, and OK, Poser's probably dead to DAZ, whatever.

    I use Blender. Somehow I doubt a bridge to Blender will be written. What other minority programs are we being locked out of? What software coming up in the future will we never be able to use, because of this?

    DAZ has gone to so much effort to make the new DUF format easily accessible, using common data formats, changing the figures to be general weight mapped, changing the UV layout... why turn around and lock everyone out?

    Post edited by Syndaryl on
  • nicsttnicstt Posts: 11,714
    Skiriki said:

    I want answers as pertains to security of dealing with cloud, store and purchases.

    DRM is not a guarantee of safety. DRM will be cracked. Your product will be cracked; all you've done is put a challenge in front of horde of ten thousand brogrammers out of job, and looking to make a name.

    If a product DRM is based on my user account details in DAZ Store, what will happen when the inevitable happens and crackers break the security of either store, user account or content?

    What details content will sing out to the world about user who bought it when it gets inevitably cracked? Because it will.

    What security protocol DStudio will use to contact cloud or store?

    Is the encryption protocol based on something in common use (such as openSSL) or something "done in-house"?

    What level of encryption is used? 256 bit? 512 bit? 1024 bit? 2048 bit? 4096 bit?

    Who has signed the security cert? Are users able to view it, like they can view browser security certs?

    I'm not sure how a possible crack of the encryption would place your detaisl at risk - they'd already need access to your machine or your account to get the files keyed to your account in th first place. You won't be online (unless you choose to be) while working in DS itself and not installing content (assuming you don't install via the separate download and offline mode that's been mentioned).

    As I understand from what Rawb just said, there's encryption on the files, and a separate keyfile that's actually keyed to your account, similar to the metadata files they send us with the existing DIMs. If you don't have the keyfile in question, the content won't work. If they don't have the keyfile, then your account would be secure. Those of us who make things would have to use DIM or manual installation to send things to the testing team.

    So for me, nothing changes except being able to stack eight G3Fs in their clothes on a Stonemason set without the memory corruption errors that have plagued me since adopting Iray, the loveable scamp.

    This looks like it is some sort of implementation of PGP; or at least the idea behind it.

  • DAZ_SpookyDAZ_Spooky Posts: 3,100
    SimonJM said:

    One of my concerns is all the references to 'products available ..' in the menu structure, implying an active network connection to determine the data.  I really do not want that, even if it's only a few KB of metadata.  

    Products available is available for download. So yes, you will have to be connected to the Internet to know what you can download and will not send or receive anything unless you tell Daz Studio to log in. The same is true of "Product Updates"

    It has nothing to do with what content you have installed. 

  • DavidGBDavidGB Posts: 565
    SimonJM said:
     

    Without Smart Content a LOT of things in DS do not work: auto-fit, etc.  As I mention above there are a LOT of suggestions in the menu structure that options require Connect.  So one question is: what will not work with Connect inactive.  Another question is: how badly will general Daz Studio performance be impacted by laggy network connections?

    What doesn't work without Smart Content? Autofit certainly works on things without smart content - most of the things I want autofit to work on are V4/M4/V3/M3/D3/SP3 things that are not smart content. In fact my main problem with Autofit is it jumping up and working on things I DON'T want it to work on.

     

  • DAZ_SpookyDAZ_Spooky Posts: 3,100
    SimonJM said:

     

    Without Smart Content a LOT of things in DS do not work: auto-fit, etc.  As I mention above there are a LOT of suggestions in the menu structure that options require Connect.  So one question is: what will not work with Connect inactive.  Another question is: how badly will general Daz Studio performance be impacted by laggy network connections?

    The only parts of Daz Studio that require a network connection, or are impacted by a network connection is to connect to the store to download, update, or shop for content. 

     

    Nothing else is impacted in a positive or negative way. 

  • nicsttnicstt Posts: 11,714
    edited October 2015

    Just doing a pile of backups before i try it out; 100GB of downloads, and there are some folks with far more. If this is going to mess folks stuff up, they'll be able to hear the screams from all over the world. :)

    Glad its an SSD

    I'll restore everything from a disk image, including Windows 8, if I don't like what it does.

    Post edited by nicstt on
  • shadowhawk1shadowhawk1 Posts: 2,184
    DAZ_Rawb said:

    My biggest issue is that I am working in Iraq and my internet is barely above dialup and prone to yo-yo'ing up and down at any give time. Going to a cloud based system for new purchases is something that will make things extremely difficult or impossible. When it took me 3 hours to download the esential setup for G2 and has taken me anywhere from 35 minutes to over an hour to download a file that is in the 80mb to 120mb range, this will will take unacceptable amounts of time to work this way. What options are goint to be made available for myself and others that have less than high speed connections? 

    With the default online mode for Daz Connect it should probably give you a better shot at good downloads because the packages are split into individual file downloads so it is easier to resume and complete smaller files. If you sometimes have access to a higher speed connection then downloading the offline packages (which are still a work in progress) would be an option, then you can just bring them back to your computer with Daz Studio on it.

    Unfortunately that is not an option here, I work with secure systems that do not allow the use of usb drives or unauthorized CD's for reasons that you can imagine are pretty obvious. The personal internet is not fast enough to allow streaming skype video,most of the time. I realize that a big part of this is to stop the torrent sites and pirates from stealing from the PA's which I think is great, but it is at the expense of artist that modify thier libraries to create a better workflow, people who have poor or limited internet connection, or for those that keep thier render machines off the net. Were these issues considered when developing this "cloud" approach? And with this age of hacking what steps are going to be taken to prevent malicious persons from doing what they seem to do best? 

    You do not need to be online to use your content. You only need to be online to download content, either new or updates, or to use the in application purchase functionality. Of course you needed to be online to download content or purchase content before 4.9, that aspect has not really changed. The difference is that now you will only have to download those parts of a product that have been updated, or failed to properly download when you were on before.  

    OK Spooky, you are not really answering my question at all. You keep telling me I don't need to be online to use my content, and I am asking about this cloud feature being hacked and our PPI being stollen from either your end or ours. Not all of us have lightning fast internet where we can download content in mere seconds. It takes me on average an hour or more to download a file via DIM or zip download, and we have all seen the news where secure servers maintained by the US Government as well as SONY, Apple and others. How well is your server security compared to theirs? That is what I am asking.

  • DAZ_RawbDAZ_Rawb Posts: 817
    DAZ_Vince said:

    How can I get new products through Daz Connect?

    At the bottom of the Smart Content pane you will see a page titled “Store.”  This will show you the most popular products related to what is selected in your library and scene.  For example, if you are looking at hair in your library to choose one for your scene, the Store page will show you some of the most popular hair items that you do not own yet and may want to consider.

    Nice. (Merchandizing.) Horror. :)

    It was mentioned by other DAZ employees (Daz_Rawb: We went out of our way to make sure that Daz Connect doesn't send any detailed information up to the server. Even the store pane was specially programmed to handle the filtering of products without sending information about what is selected to the server (unless you manually type in a search term into the store pane)) - but this would be I guess a rather important thing:

    We customers would definately not like our loaded scenes get scanned/analyzed by DAZ: "Oh, your model seems to wear only lingerie - you might want to purchase this Business Suit." Or: "Your M6 and F7" seem to perform some actions which are not covered with our family-orientated guidelines" or "What are these dildo or tentacle props in your scene - they are certainly not purchased in our DAZ Shop, you pervert ?" :)  

    There is certainly a thing named privacy, and you should respect it in any case - certainly it will be essential for your further business. You should repeat it again and again or make it very clear once more - if there is a default channel which is sending information about my scene and my used items up to DAZ - it's over.

    I'm having to repeat myself a bunch, but that's okay as long as somebody is listening.

     

    Daz Connect does not send any information about your selected items, loaded items or your scene to anyplace even in online mode except for one very specific instance: If you have an item selected in the main viewport, load the store panel AND SEARCH in the store panel.

     

    While we were able to send down enough data so that the store panel could handle it's own filtering sending down enough data to power search would end up shipping down a ridiculous amount of data so instead we have to send what data you are filtering by up to the website along with your search parameters. Even then it only sends basic information about what is the current selected item up, so regardless of what heroic action you have selected for Michael 7 all we send even it that one limited instance is that you have selected "Genesis 3 Male's hand" and search for "laser gun"

  • SpottedKittySpottedKitty Posts: 7,232

    No answer to my questions yet, so I'll repeat. And I'll continue repeating until I get answers.

    I don't use DIM.

    I don't use Smart Content.

    I don't use the content database or Categories.

    I do rearrange the content files in a way that makes sense to me.

    How will this affect the way I work? Am I going to be forced to use DIM and CMS?

    Will I still be able to download content manually using the Content Library page?

    I don't like the sound of this DAZ Connect system. It's extra complexity. Can I just not use it, in the same way I don't use Smart Content?

  • Gr00vusGr00vus Posts: 366

    Another data point for the DAZ suits and designers here.

    I've been a long time Poser user. I just started trying out Studio 4.8 to have access to G3 back in June. I've bought a decent number of things for G3 and Iray between that time and now - sever hundred dollars worth I think - and got a 1 year platinum club membership.

    I won't use 4.9 (or any other version of Studio) if it's phoning home. I don't use smart content, I still get other stuff from other vendor sites, and smart content is useless to me. I do use my own custom categories, I'm not against the database managed approach, giving me tools to help organize is great, but I don't need your software telling me how to organize stuff. You don't know better than me how I'd like to find stuff, you never will. 

    I won't buy DRMed content. If you continue down this path, I will not buy your products, and I will not use any version of Studio that forces cloud on me and phones home. Maybe I will go back to Poser (though it sounds like they'll be phoning home too, so probaby not), or maybe start exploring Blender again. I'll probably do a last gasp here to pick up some of the non-iray, non-g3 stuff currently on my wish list to use in other software and that'll be it. If I buy a thing, I own it, and, within the confines of a reasonable licensing agreement, I get to use it how I want. You aren't serving the vendors either - it'll just take 2 days instead of 1 for crackers to get what they want up on the warez sites. The people using warez were never going to pay for product anyway - we all know this. But now you won't get my money anymore either. No, I won't participate in copyright infringment by using for sale stuff without paying for it, I just won't use that stuff at all. So by inflicting DRM on us you're definitely costing yourself sales rather than gaining phantom revenue lost to warzers. Probably not that big a deal, you'll only be losing a few hundred, maybe a thousand dollars a year from me. Still it seems like you're making some pretty bad decisions here in terms of customer friendliness, might cost you a few more like me who were almost won over. Just thought you should know. Looks like my DAZ/Studio experiment ends with 4.8 and G2.

    Yet another lesson about the difference between free and Free.

  • DAZ_RawbDAZ_Rawb Posts: 817
    DAZ_Rawb said:

    My biggest issue is that I am working in Iraq and my internet is barely above dialup and prone to yo-yo'ing up and down at any give time. Going to a cloud based system for new purchases is something that will make things extremely difficult or impossible. When it took me 3 hours to download the esential setup for G2 and has taken me anywhere from 35 minutes to over an hour to download a file that is in the 80mb to 120mb range, this will will take unacceptable amounts of time to work this way. What options are goint to be made available for myself and others that have less than high speed connections? 

    With the default online mode for Daz Connect it should probably give you a better shot at good downloads because the packages are split into individual file downloads so it is easier to resume and complete smaller files. If you sometimes have access to a higher speed connection then downloading the offline packages (which are still a work in progress) would be an option, then you can just bring them back to your computer with Daz Studio on it.

    Unfortunately that is not an option here, I work with secure systems that do not allow the use of usb drives or unauthorized CD's for reasons that you can imagine are pretty obvious. The personal internet is not fast enough to allow streaming skype video,most of the time. I realize that a big part of this is to stop the torrent sites and pirates from stealing from the PA's which I think is great, but it is at the expense of artist that modify thier libraries to create a better workflow, people who have poor or limited internet connection, or for those that keep thier render machines off the net. Were these issues considered when developing this "cloud" approach? And with this age of hacking what steps are going to be taken to prevent malicious persons from doing what they seem to do best? 

    You do not need to be online to use your content. You only need to be online to download content, either new or updates, or to use the in application purchase functionality. Of course you needed to be online to download content or purchase content before 4.9, that aspect has not really changed. The difference is that now you will only have to download those parts of a product that have been updated, or failed to properly download when you were on before.  

    OK Spooky, you are not really answering my question at all. You keep telling me I don't need to be online to use my content, and I am asking about this cloud feature being hacked and our PPI being stollen from either your end or ours. Not all of us have lightning fast internet where we can download content in mere seconds. It takes me on average an hour or more to download a file via DIM or zip download, and we have all seen the news where secure servers maintained by the US Government as well as SONY, Apple and others. How well is your server security compared to theirs? That is what I am asking.

    Daz Connect uses https based communication in order to login and fetch metadata from the servers. Those servers commuicate to our main store servers through a second set of https connections. We have a fully PCI compliant datacenter infrastructure setup at a secure remote location and have not had any leaks or hacks to our site.

  • Skiriki said:

    I'm not sure how a possible crack of the encryption would place your detaisl at risk - they'd already need access to your machine or your account to get the files keyed to your account in th first place. You won't be online (unless you choose to be) while working in DS itself and not installing content (assuming you don't install via the separate download and offline mode that's been mentioned).

    Is it possible for someone to write a DS script which maliciously tries to lift user details and then forward them to a third party? An attack from inside, much like macro-viruses for Microsoft Word.

    Laptop/desktop theft? There is a tick for "remember me" in 4.9's login details.

    But the question of security protocol is important in these days of data snooping.

    Could we just have the darn details here. angry Please. This should be basic information.

    I think this is a valid concern. In DS4.8 i have to enter my serial number. If some bad person gets (steals) this serial number, i do not care much. It cannot be used for anything except running DS. In DS4.9 i have to enter my account name and password. These can be used in many more interesting ways, for example it might be used to verify the often heard assumption "forum opinions are not representative". Now i trust DAZ3d not to do that, i have some real names and an address of DAZ3d. But i do not trust script- and plugin-vendors, People i practically do not know anything about. Yet they run their plugins on my computer. Now i have to enter my account details into DS and those vendors have access to that information. What would that guy that sells that Reality-plugin do, if i would offer him, say 50K, to build some tracking functionality into his plugin, to tell me detailed information about something like forum activity of his users?

    I think in the long run, DS has to become more of a closed system. I.e. no third-party plugins and no scripts. Also with the DRM to be effective the SDK has to be disabled anyway, since as it is today i can easily write a plugin or a script that simply exports the content in any format i like.

     

  • RAMWolffRAMWolff Posts: 10,140
    DAZ_Jon said:
    CypherFOX said:

    Greetings,

    I have a feeling this is going to absolutely !#$^%#! my workflow.

    I install content using DIM on one machine; it syncs via Dropbox to a second machine.  The machine I install on is my Mac, the machine it syncs to is a Windows box.  I sync my scenes the same way.  I can save a scene in DAZ Studio, and open it on the Windows box in around 30 seconds, with the new changes in it.

    Am I right that this workflow won't work anymore, and that the media is encrypted 'at rest' on my Mac tied to that box, and not 'syncable' to my Windows box?

    Does this mean that if I want to install the same content on two systems, both living under the same account, I need to download it twice?  That seems a little absurd...especially with HDRI packs pushing 1.5GB.

    --  Morgan

     

    The files that are encrypted are encrypted to your store account. So if you have it working with a version you have logged in at least once on and copy it over to another machine that you have it on at least once on, it will be able to open and read the file. You only need to download once. It doesn't lock the file per machine, just per store account.The only thing that would potentially be missing is the database entries for that product which might require some sort of sync / import of data so the local database knows it is installed (I honestly don't know how it works if both machines are pointed to the same Postgres instance, someone else would have to answer that). 

    Edit: in regards to content which isn't Daz Studio content, like Ron's brushes which are photoshop files, you'll still download and "install" them with Install Manager. Those won't (or shouldn't) show up in Studio unless it is content actually useable by Studio.

    I am SO glad that CyberFox brought this up.  I back up ten ways to Sunday as I've lost ALLOT of stuff in the past NOT backing up and don't really feel like redownloading and installing all those files over and over again so I have My Library backed up on TWO backup drives so things are downloaded once, installed once and then backed up twice to make sure stuff is safe.  As long as that's cool then I'm cool with all these changes. 

  • Ghosty12Ghosty12 Posts: 1,955
    DAZ_Rawb said:
    DAZ_Rawb said:

    My biggest issue is that I am working in Iraq and my internet is barely above dialup and prone to yo-yo'ing up and down at any give time. Going to a cloud based system for new purchases is something that will make things extremely difficult or impossible. When it took me 3 hours to download the esential setup for G2 and has taken me anywhere from 35 minutes to over an hour to download a file that is in the 80mb to 120mb range, this will will take unacceptable amounts of time to work this way. What options are goint to be made available for myself and others that have less than high speed connections? 

    With the default online mode for Daz Connect it should probably give you a better shot at good downloads because the packages are split into individual file downloads so it is easier to resume and complete smaller files. If you sometimes have access to a higher speed connection then downloading the offline packages (which are still a work in progress) would be an option, then you can just bring them back to your computer with Daz Studio on it.

    Unfortunately that is not an option here, I work with secure systems that do not allow the use of usb drives or unauthorized CD's for reasons that you can imagine are pretty obvious. The personal internet is not fast enough to allow streaming skype video,most of the time. I realize that a big part of this is to stop the torrent sites and pirates from stealing from the PA's which I think is great, but it is at the expense of artist that modify thier libraries to create a better workflow, people who have poor or limited internet connection, or for those that keep thier render machines off the net. Were these issues considered when developing this "cloud" approach? And with this age of hacking what steps are going to be taken to prevent malicious persons from doing what they seem to do best? 

    You do not need to be online to use your content. You only need to be online to download content, either new or updates, or to use the in application purchase functionality. Of course you needed to be online to download content or purchase content before 4.9, that aspect has not really changed. The difference is that now you will only have to download those parts of a product that have been updated, or failed to properly download when you were on before.  

    OK Spooky, you are not really answering my question at all. You keep telling me I don't need to be online to use my content, and I am asking about this cloud feature being hacked and our PPI being stollen from either your end or ours. Not all of us have lightning fast internet where we can download content in mere seconds. It takes me on average an hour or more to download a file via DIM or zip download, and we have all seen the news where secure servers maintained by the US Government as well as SONY, Apple and others. How well is your server security compared to theirs? That is what I am asking.

    Daz Connect uses https based communication in order to login and fetch metadata from the servers. Those servers commuicate to our main store servers through a second set of https connections. We have a fully PCI compliant datacenter infrastructure setup at a secure remote location and have not had any leaks or hacks to our site.

    Hopefully you threw salt over your shoulder, knocked on wood, crossed fingers and toes amongst other things.. Because as sure as the sun shines there will be some scumbag hacker that for kicks will try to break in..

  • DAZ_JonDAZ_Jon Posts: 582
    DAZ_Rawb said:

    My biggest issue is that I am working in Iraq and my internet is barely above dialup and prone to yo-yo'ing up and down at any give time. Going to a cloud based system for new purchases is something that will make things extremely difficult or impossible. When it took me 3 hours to download the esential setup for G2 and has taken me anywhere from 35 minutes to over an hour to download a file that is in the 80mb to 120mb range, this will will take unacceptable amounts of time to work this way. What options are goint to be made available for myself and others that have less than high speed connections? 

    With the default online mode for Daz Connect it should probably give you a better shot at good downloads because the packages are split into individual file downloads so it is easier to resume and complete smaller files. If you sometimes have access to a higher speed connection then downloading the offline packages (which are still a work in progress) would be an option, then you can just bring them back to your computer with Daz Studio on it.

    Unfortunately that is not an option here, I work with secure systems that do not allow the use of usb drives or unauthorized CD's for reasons that you can imagine are pretty obvious. The personal internet is not fast enough to allow streaming skype video,most of the time. I realize that a big part of this is to stop the torrent sites and pirates from stealing from the PA's which I think is great, but it is at the expense of artist that modify thier libraries to create a better workflow, people who have poor or limited internet connection, or for those that keep thier render machines off the net. Were these issues considered when developing this "cloud" approach? And with this age of hacking what steps are going to be taken to prevent malicious persons from doing what they seem to do best? 

    You do not need to be online to use your content. You only need to be online to download content, either new or updates, or to use the in application purchase functionality. Of course you needed to be online to download content or purchase content before 4.9, that aspect has not really changed. The difference is that now you will only have to download those parts of a product that have been updated, or failed to properly download when you were on before.  

    OK Spooky, you are not really answering my question at all. You keep telling me I don't need to be online to use my content, and I am asking about this cloud feature being hacked and our PPI being stollen from either your end or ours. Not all of us have lightning fast internet where we can download content in mere seconds. It takes me on average an hour or more to download a file via DIM or zip download, and we have all seen the news where secure servers maintained by the US Government as well as SONY, Apple and others. How well is your server security compared to theirs? That is what I am asking.

    On a user account level, the least secure part is your username and password. Those are the keys to your account and it is as secure / insecure as you make them. 

    From a systems stand point, we maintain regular security patches and practices to stay at a level 1 PCI compliance for our store. Those same security practices and diligence is done for all our web services, including the service that Install Manager and Daz Connect use (very similar backend services for both of those). Are we vulnerable to be hacked? Everyone is. Do we do everything we can to maintain best practices to guard against it and are diligent on our security scans and audits? Yes. If anyone is genuinely concerned about this, feel free to read up on the standards we adhere to at https://www.pcisecuritystandards.org/security_standards/documents.php on the PCI DSS v3.1 standards we have to maintain.

  • shadowhawk1shadowhawk1 Posts: 2,184
    DAZ_Rawb said:
    DAZ_Rawb said:

    My biggest issue is that I am working in Iraq and my internet is barely above dialup and prone to yo-yo'ing up and down at any give time. Going to a cloud based system for new purchases is something that will make things extremely difficult or impossible. When it took me 3 hours to download the esential setup for G2 and has taken me anywhere from 35 minutes to over an hour to download a file that is in the 80mb to 120mb range, this will will take unacceptable amounts of time to work this way. What options are goint to be made available for myself and others that have less than high speed connections? 

    With the default online mode for Daz Connect it should probably give you a better shot at good downloads because the packages are split into individual file downloads so it is easier to resume and complete smaller files. If you sometimes have access to a higher speed connection then downloading the offline packages (which are still a work in progress) would be an option, then you can just bring them back to your computer with Daz Studio on it.

    Unfortunately that is not an option here, I work with secure systems that do not allow the use of usb drives or unauthorized CD's for reasons that you can imagine are pretty obvious. The personal internet is not fast enough to allow streaming skype video,most of the time. I realize that a big part of this is to stop the torrent sites and pirates from stealing from the PA's which I think is great, but it is at the expense of artist that modify thier libraries to create a better workflow, people who have poor or limited internet connection, or for those that keep thier render machines off the net. Were these issues considered when developing this "cloud" approach? And with this age of hacking what steps are going to be taken to prevent malicious persons from doing what they seem to do best? 

    You do not need to be online to use your content. You only need to be online to download content, either new or updates, or to use the in application purchase functionality. Of course you needed to be online to download content or purchase content before 4.9, that aspect has not really changed. The difference is that now you will only have to download those parts of a product that have been updated, or failed to properly download when you were on before.  

    OK Spooky, you are not really answering my question at all. You keep telling me I don't need to be online to use my content, and I am asking about this cloud feature being hacked and our PPI being stollen from either your end or ours. Not all of us have lightning fast internet where we can download content in mere seconds. It takes me on average an hour or more to download a file via DIM or zip download, and we have all seen the news where secure servers maintained by the US Government as well as SONY, Apple and others. How well is your server security compared to theirs? That is what I am asking.

    Daz Connect uses https based communication in order to login and fetch metadata from the servers. Those servers commuicate to our main store servers through a second set of https connections. We have a fully PCI compliant datacenter infrastructure setup at a secure remote location and have not had any leaks or hacks to our site.

    YET! Using that as a shield is an invite for disaster. No I am not a doomsayer I am a realist. I work with secure computers all day long and I have seen hackers at work first hand, recently in fact. I am sure that SONY thought they were hack proof and look what happened to them. I am very leary of anything that has me buy something and I get no phyical copy and have to log online to use it. Call me a product of a Law Enforcement / Security background. I like to see facts and put my hands on things to verify. Putting a downloaded file that I don't have to go back online to claim again and again is not ownership, its a rental and at anytime that can be taken away. I have several products that are no longer sold because f either copyright or the PA is no longer at DAZ. What happens to our purchased items then?

     

  • SnowSultanSnowSultan Posts: 3,495
    edited October 2015

    I have a fairly simple question that echos what SpottedKitty asked before.

    * I manually sort my 3D content. They get installed with DIM and then I move the files to folders where I can find them, thus breaking the Smart Content metadata links. If these products need reinstalling or updating at some point in the future, will this new Content system be able to locate them if they've been moved?

     

     

    >>SpottedKitty said:

    I don't use Smart Content.

    I don't use the content database or Categories.

    I do rearrange the content files in a way that makes sense to me.<<

     

    Same here. While I don't mind working from the cloud or some of the other features added in this release, there are two things I absolutely must have: the ability to manually sort my own content, and the ability to access and edit any texture file from any product I purchase. If someone could confirm those things will still be possible, I'd very much appreciate it.

    Post edited by SnowSultan on
  • RAMWolffRAMWolff Posts: 10,140
    prixat said:

    Is activating DAZ Connect a one way conversion?

    Can I revert a specific item to DIM if needed?

    As I understand it, yes - just uninstall the cloud version and install the DIM version.

    So as end users we can choose to keep using DIM as our default and NOT install the recommended Cloud software?  The only cloud software I allow on my computer is DropBox, all others are uninstalled or disabled.  I don't like allot of what I'm reading here... this is just too drastic all at once. 

  • DAZ_SpookyDAZ_Spooky Posts: 3,100
    edited October 2015
     

    No answer to my questions yet, so I'll repeat. And I'll continue repeating until I get answers.I don't use DIM.

    I don't use Smart Content.

    I don't use the content database or Categories.

    I do rearrange the content files in a way that makes sense to me.

    How will this affect the way I work? Am I going to be forced to use DIM and CMS?

    Will I still be able to download content manually using the Content Library page?

    I don't like the sound of this DAZ Connect system. It's extra complexity. Can I just not use it, in the same way I don't use Smart Content?

    You can keep using everything you have exactly as you use it now. 

    Post edited by DAZ_Spooky on
  • DAZ_JonDAZ_Jon Posts: 582
    DAZ_Rawb said:
    DAZ_Rawb said:

    My biggest issue is that I am working in Iraq and my internet is barely above dialup and prone to yo-yo'ing up and down at any give time. Going to a cloud based system for new purchases is something that will make things extremely difficult or impossible. When it took me 3 hours to download the esential setup for G2 and has taken me anywhere from 35 minutes to over an hour to download a file that is in the 80mb to 120mb range, this will will take unacceptable amounts of time to work this way. What options are goint to be made available for myself and others that have less than high speed connections? 

    With the default online mode for Daz Connect it should probably give you a better shot at good downloads because the packages are split into individual file downloads so it is easier to resume and complete smaller files. If you sometimes have access to a higher speed connection then downloading the offline packages (which are still a work in progress) would be an option, then you can just bring them back to your computer with Daz Studio on it.

    Unfortunately that is not an option here, I work with secure systems that do not allow the use of usb drives or unauthorized CD's for reasons that you can imagine are pretty obvious. The personal internet is not fast enough to allow streaming skype video,most of the time. I realize that a big part of this is to stop the torrent sites and pirates from stealing from the PA's which I think is great, but it is at the expense of artist that modify thier libraries to create a better workflow, people who have poor or limited internet connection, or for those that keep thier render machines off the net. Were these issues considered when developing this "cloud" approach? And with this age of hacking what steps are going to be taken to prevent malicious persons from doing what they seem to do best? 

    You do not need to be online to use your content. You only need to be online to download content, either new or updates, or to use the in application purchase functionality. Of course you needed to be online to download content or purchase content before 4.9, that aspect has not really changed. The difference is that now you will only have to download those parts of a product that have been updated, or failed to properly download when you were on before.  

    OK Spooky, you are not really answering my question at all. You keep telling me I don't need to be online to use my content, and I am asking about this cloud feature being hacked and our PPI being stollen from either your end or ours. Not all of us have lightning fast internet where we can download content in mere seconds. It takes me on average an hour or more to download a file via DIM or zip download, and we have all seen the news where secure servers maintained by the US Government as well as SONY, Apple and others. How well is your server security compared to theirs? That is what I am asking.

    Daz Connect uses https based communication in order to login and fetch metadata from the servers. Those servers commuicate to our main store servers through a second set of https connections. We have a fully PCI compliant datacenter infrastructure setup at a secure remote location and have not had any leaks or hacks to our site.

    YET! Using that as a shield is an invite for disaster. No I am not a doomsayer I am a realist. I work with secure computers all day long and I have seen hackers at work first hand, recently in fact. I am sure that SONY thought they were hack proof and look what happened to them. I am very leary of anything that has me buy something and I get no phyical copy and have to log online to use it. Call me a product of a Law Enforcement / Security background. I like to see facts and put my hands on things to verify. Putting a downloaded file that I don't have to go back online to claim again and again is not ownership, its a rental and at anytime that can be taken away. I have several products that are no longer sold because f either copyright or the PA is no longer at DAZ. What happens to our purchased items then?

     

    It is literally the same level of security, backup-ability, "having an actual copy", or however you want to phrase it as if you downloaded it from the store directly or in Install Manager. The only difference is the authentication which happens automatically if you're online, or requires an offline auth file you can download and store indefinitely. 

    In regards to systems security, that is a completely different topic than asset ownership. We don't claim to be hackproof, just we do everything we can within our resources to protect against it. 

  • IceCrMnIceCrMn Posts: 2,103
    Skiriki said:
    icecrmn said:

    according to this estimate, it will take around 1 Billion years to brute force a 128bit key. http://www.eetimes.com/document.asp?doc_id=1279619

    The real problems are man in the middle, and phising.

    I'm sure most of you have already heard about the recent Experian breach, and how it was done.

    So to answer your question, No security measure is perfect.That doesn't mean we should stop using them.

    Brute force is not the only method of attack.

    http://arstechnica.com/security/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/

    About DRM-cracking: Once you have enough study-samples of things -- say, a bunch of people create accounts and buy some cheap item or two, all of them get the same product, and then pool them for comparison, and since this is just a test run, they know the usernames and passwords and can do testing 'till they find it; servers can be cracked for master key; buildings and data houses aren't impenetrable.

    Once again, I repeat: I have more experience about running into problems with DRM-enabled content rather than DRM-free content. And I, the grouchy I-will-rip-your-guts-out system person, must deal with people who give me puppy-eyes and expect me to do miracles 1,000+ miles away.

    If some governement agency with an 11 billion dollar computer is after the new panties I just bought for my A6 dollies, they will most likely get them, I wouldn't be able to do anything about that. I would just have to buy new panites, or my girls will have to go without until I can workout something better. :)

  • SpottedKittySpottedKitty Posts: 7,232
    I don't like the sound of this DAZ Connect system. It's extra complexity. Can I just not use it, in the same way I don't use Smart Content?

    You can keep using everything you have exactly as you use it now. 

    That doesn't answer my question about DAZ Connect. Do you mean it's entirely optional, and the current DIM-and-zips content download system will remain?

  • DAZ_SpookyDAZ_Spooky Posts: 3,100
    I don't like the sound of this DAZ Connect system. It's extra complexity. Can I just not use it, in the same way I don't use Smart Content?

    You can keep using everything you have exactly as you use it now. 

    That doesn't answer my question about DAZ Connect. Do you mean it's entirely optional, and the current DIM-and-zips content download system will remain

    It specifically answers your question. I am not going to make promisses about the future. 

  • SkirikiSkiriki Posts: 4,972
    icecrmn said:

    If some governement agency with an 11 billion dollar computer is after the new panties I just bought for my A6 dollies, they will most likely get them, I wouldn't be able to do anything about that. I would just have to buy new panites, or my girls will have to go without until I can workout something better. :)

    Cute, but not the point. I'm sorry, I'm just too serious today to get funny with this.

    The point is, if NSA and researchers can figure it out, then I'm going to note that credit card theft is one of the more profitable ends for criminal business, and they, too, have vested interest in seeing things leak.

    Also consider: most antiviral software know to detect and kill Microsoft Word macro-based viruses. Ditto for browsers.

    This represents a completely new vector of attack for hijacking user information.

  • DAZ_RawbDAZ_Rawb Posts: 817

    I have a fairly simple question that echos what SpottedKitty asked before.

    * I manually sort my 3D content. They get installed with DIM and then I move the files to folders where I can find them, thus breaking the Smart Content metadata links. If these products need reinstalling or updating at some point in the future, will this new Content system be able to locate them if they've been moved?

    This is the reason that Daz Connect products can't easily be manually shoved around on disk, in order to easily update/uninstall/install/repair the locations of the files on disk have to be known to Daz Connect. If you move those files around there is no easy way to figure out what files went where so you would lose the ability to update/uninstall/repair from within Daz Connect. So to manually sort your content you should sort it using the database sorting options. Additional functionality has been added in 4.9 to make this sorting easier. 

     

    >>SpottedKitty said:

    I don't use Smart Content.

    I don't use the content database or Categories.

    I do rearrange the content files in a way that makes sense to me.<<

     

    Same here. While I don't mind working from the cloud or some of the other features added in this release, there are two things I absolutely must have: the ability to manually sort my own content, and the ability to access and edit any texture file from any product I purchase. If someone could confirm those things will still be possible, I'd very much appreciate it.

    Texture files along with all files that aren't specific to Daz software are unencrypted when they are installed so you shouldn't have any problems getting to textures or other files. Interestingly, this is not the first time that Daz specific content has been encrypted, the script files have been encrypted for years already.

  • Gr00vusGr00vus Posts: 366

    Given that the FAQ clearly states that future releases will only be available via cloud with DRM from within Studio, I think you could say the answer will be "no it won't be optional, and no you won't be able to use DIM and zips" relatively soon if there's no change. 

    I don't like the sound of this DAZ Connect system. It's extra complexity. Can I just not use it, in the same way I don't use Smart Content?

    You can keep using everything you have exactly as you use it now. 

    That doesn't answer my question about DAZ Connect. Do you mean it's entirely optional, and the current DIM-and-zips content download system will remain

    It specifically answers your question. I am not going to make promisses about the future. 

     

  • SimonJMSimonJM Posts: 5,942

    Products available is available for download. So yes, you will have to be connected to the Internet to know what you can download and will not send or receive anything unless you tell Daz Studio to log in. The same is true of "Product Updates"

    It has nothing to do with what content you have installed. 

    One of the concerns I have is with network-enabled 'things': what they do if a) no network (for whatever reason); b) flaky network (again, for whatever reason); c) what they do when in 'offline mode'.  I'm old enough to have seen some truly bad examples, so I hope that will no be the case here!

  • andya_b341b7c5f5andya_b341b7c5f5 Posts: 694
    edited October 2015

    Oh dear.  The people selling 'cloud for everything' T-shirts must be very happy.  Why not have all content hosted in the cloud, and just download what you are currently using?  Why not host the application in the cloud - with access to a huge render farm (subscription-based naturally), based on Amazon Web Services?  Local installations are so last year.

    Encryption will be hacked, probably quickly, that's not the way to 'protect' artists.  Why join the DRM band-wagon when it has become so discredited?  It doesn't work, anyway, ask the music industry.

    Having online connections without being absolutely sure what they are doing - and which are I imagine unencrypted, ironically - I'll pass on.  Anyway, I don't have a choice, since the corporate firewall is never going to allow those outgoing connections through, so if they are essential then the application will be stone dead.  I suppose the home workers and hobbyists with the (insecure) default home router settings will be OK.

    Ads - ugh.  Just another form of spam, which we all love so much.

    In my crystal ball (nearly Halloween!) I see the integrated messaging client, the Twitter and Facebook access, recommendations from ITunes and Amazon...and not updating beyond 4.8 until I absolutely must, despite it's many shortcomings.

     

    Post edited by andya_b341b7c5f5 on
This discussion has been closed.