"i cheated for a tux" - Is this going to get fixed?...

[Yulike]

There's an application floating around that allows Windows users to run an EXE that will trick TF2 into thinking it's a Linux client thus allowing them to get the item. Now I don't think this is fair or should be allowed. This is a bug, they should be able to manipulate Steam like this.

It also changes their name to "i cheated for a tux" when they get the item. This allows us to see everyone who has used it.

See here; http://steamcommunity.com/actions/SearchFriends?p=1&K=i+cheated+for+a+tux

[gdrewb-valve]

We're looking to see what we can do.

[ghost]

I suggest something like the Cheater's Lament: http://wiki.teamfortress.com/wiki/Cheater%27s_Lament

Upgrade the Tux to Genuine for every honest player and remove the Tux of every cheating player.

Also do not upgrade the Tux to Genuine if people just used VirtualBox and launched Steam once to get the Tux. Imho this is cheating as well.

[Yulike]

I agree - Like perhaps let them keep the Tux but it's remodelled to look like the Cheater's Lament. Then us who actually use Linux gets to keep the proper Tux. I don't know how you would go about seeing if they're using a VM though.

[Majkl578]

Actually, there might some ways how to determine whether OS is running under VM or not, see this thread on serverfault.

[Yulike]

Yeah I was just reading up on it, you can read the hardware footprint or something similar. Would be good if this was implemented.

[heinrich5991]

What's wrong with using an VM?

[FloFluoro]

There might be people who legitimately use Linux distros on virtual machines, they should not have any action taken against them. If innocent people are caught in the crossfire, then it's not worth it to pursue those who only used Virtualbox to get the Tux.

People using gibtuxpls.exe are completely circumventing using Linux at all, which is inexcusable and something that no one with good intentions would do.

[voided]

@Flotilla I venture to ask how you have been harmed by people using gibtuxpls. Explain to me the difference between an individual spending a few hours to setup a VM (that they would never otherwise have done) to launch TF2 within it, and using a simple program to get a tux. Why is one "inexcusable"?

Ubuntu is free software, as is Steam and TF2. The only cost involved with acquiring a Tux is the time/effort investment, which is what gibtuxpls is circumventing.

[FloFluoro]

@VoiDed One is done through legitimate means, and the other isn't.

In the same way that idling in a server is okay but using DrunkenF00l's idling program isn't, or how farming achievements in a server for weapon unlocks is okay but using Steam Achievement Manager isn't, it's not okay to get the Tux using an external program instead of running Linux. Valve has a solid history of punishing people who use third party programs like gibtuxpls, because it completely circumvents what they intended people to do. They intended people to install Linux and play TF2 on it, not for people to download an .exe that spoofs your Steam account starting up TF2 on a Linux distro.

[voided]

Isn't farming achievements in a server circumventing what Valve intended people do to as well? I think using a linux VM for the sole purpose of getting a tux also falls into that category.

[FloFluoro]

@VoiDeD No, not in the way that matters. What matters is that they are still getting the achievement in the way that it was technically intended; ingame, by achieving the goals required to get the achievement. Steam Achievement Manager circumvents going ingame at all, much less actually doing what the achievement demands.

Tux was meant to be rewarded to people who installed Linux, downloaded Steam, then started up TF2. Although using a VM solely to get the Tux is a bit dumb, it still falls under what Valve said was the way to get him. They downloaded Linux and Steam and started up TF2.

People who use gibtuxpls do not download Linux at all. They are getting an item that they shouldn't be, because they fail to meet the criteria for getting it entirely. Imagine if there was, say, a "gibmaxheadpls" that gave you a free Max Head by telling Steam that you had The Devil's Playhouse in your Steam inventory when you really didn't. They are equally unjust.

[Yulike]

@VoiDeD the promotion is to encourage people to try Linux, if they do so in a VM at least they have tried linux, albeit in a horrible manner. Using an external application is completely voiding the point of the promotion because they can stay ignorant and not even touch Linux. In my opinion, and you may not like it, I think Tux should stay Non Tradable. Just to kick the cheaters in the teeth, but that's unfair on the people who actually use Linux. Also one would assume you only wonder because you used the application yourself and wish to know the consequence? I hope the most that happens is the item gets removed from cheaters and left at that.

http://steamcommunity.com/id/VoiDeD

[voided]

@Yulike I created the application

[AndrewKirfman]

You shouldn't count out people with VM's. I'm a programmer, and several compilers that I use are simplest in a linux environment. I can only have 1 hard drive in my laptop, so I just use virtualbox to run ubuntu with windows 7 as my main os.

Anyway, the point is that there are people out there like me who have legitimate reasons to be using a VM.

On a side point, imo, it would be overcomplicating things to give people who didn't cheat a genuine tux as opposed to a normal one. It seems simplest to just delete the ill gotten items instead of separating them into two qualities.

[ghost]

@VoiDed A for effort and execution, F- for the idea. You get a few extra points for changing the username, I like the idea and I'm glad you put that in there. But that doesn't save you.* You failed, see me after class.

* Coding the whole thing in C# and releasing a completely unobfuscated binary along with the freaking source code honestly was a dumb idea, because people already compiled their own versions that don't change the user's name and distribute them.

[yaakov-h]

releasing a completely unobfuscated binary along with the freaking source code honestly was a dumb idea

And you think anybody would put their Steam credentials into an obfuscated closed-source third-party application with no idea what it does?

[MrSchism]

And you think anybody would put their Steam credentials into an obfuscated closed-source third-party application with no idea what it does?

Based on what I've seen from the gaming community as a whole.... yes.

[ghost]

And you think anybody would put their Steam credentials into an obfuscated closed-source third-party application with no idea what it does?

If people wouldn't do that, there wouldn't be hundreds of account phisher download links in the descriptions of YouTube videos that promise to the watchers that they'll get an advantage over their fellow players.

[crameth]

too many complains over a virtual item that has no game-changing effect in the game itself and isn't even trade-able to begin with.

[MrSchism]

too many complains over a virtual item that has no game-changing effect in the game itself and isn't even trade-able to begin with.

Well, there's a reason for that.

1. First, it tries to draw new Linux users.
2. Second, Tux is a gift to the Linux community who pushed for a Linux client and beta tested TF2's client.
3. Third, Tux is the linux mascot. By not using linux, but equipping Tux, you misrepresent yourself to others for an item that, as you said, is not able to be traded nor does it make any change to the game and....
4. It violates the Steam Subscriber Agreement.

[crameth]

Well, there's a reason for that.

1. First, it tries to draw new Linux users.
2. Second, Tux is a gift to the Linux community who pushed for a Linux client and beta tested TF2's client.
3. Third, Tux is the linux mascot. By not using linux, but equipping Tux, you misrepresent yourself to others for an item that, as you said, is not able to be traded nor does it make any change to the game and....
4. It violates the Steam Subscriber Agreement.
5. agree.
6. agree... somewhat. i think giving those who actually beta-tested TF2 prior to it being "publicly released" would have been a much better idea to avoid problems like this.
7. people can install linux just to get this item, uninstall linux and never use it again. in that case, wouldn't they still be misrepresenting themselves?
8. thank you. that's the appropriate reason we should all be looking at, not "unfair" or "bug".

[MrSchism]

In regards to point 3, no. It's not a misrepresentation because they had to use linux to get it. They used it; they don't have to continue using it. Tux is for people who log in to get him. If you didn't log in and you have him, you're misrepresenting yourself. If you try Linux and like it, great. If not, that's okay too. At least you got on and tried it.

[PedroLobo]

From what I searched the third party programs used to give the tux tricked Steam to think it was a "Linux" Operating System.

Well, "Linux" is not an OS, Ubuntu 12.04 is, Ubuntu 12.04 64 bits is, but "Linux" certainly is not.

If Valve keeps track of his users (and I think they do), they just need to find people that logged in from the "Linux" Operating System and use the appropriate procedures

[MrSchism]

"Linux" can be an OS if you're using a specially compiled kernel or anyone who happened to make their own 'buntu-based distro....

Or anyone who, just for the lulz, changed their /etc/os-release and /etc/lsb-release files to say something OTHER than Ubuntu.... like "Linux".

[voided]

Steam reports the Linux kernel version to determine if the client is running on Linux or not.

Gibtuxpls specifically reports version 2.4, so it's definitely possible for Valve to know who used it.

[MrSchism]

Now that's more like what's needed to get on the path of a solution.

[voided]

@MrSchism I think that, first, you should find a problem that needs a solution.

[MrSchism]

They violated the Steam Service Agreement. That's a problem

[heinrich5991]

That's not your problem. That's just how you justify your wants. :)

[MrSchism]

I never said it was my problem, just that it was a problem.

[PedroLobo]

That's Valve's problem, were are just discussing ways that this could be solved, or the people that cheated (because it's a cheat) be found.

Make no mistake, Valve WILL do something, it's just a matter of time

[timjp87]

How about giving special Tux's to people who got invited into the beta via e-Mail and have write permission for the Limited Beta Forum but have no chance to get the Tux, because they are learning for their college exams and use their 7 years old laptop so they don't end up gaming the whole day. Such as me? :D Make it a little Tux with a crown that has the earbuds on. ^^

[Shished]

Using some 3rd-party programs is cheating. They must be banned. But if it changes their names, it can do more like stealing accs or mimics cheat to get they VAC banned.

UPD I found 5,005 "i cheated for a tux" players. Maybe its bigger than total TF2 on Linux palyers.

[wareya]

It's absolutely a problem if people are entirely circumventing having to use Linux for the tux, regardless of what they believe it's Just Like. Nothing can be done about achievement farming without affecting innocents in the crossfire, but the number of false positives on detecting whether someone cheated a tux would be so low they could be dealt with on a case by case basis. Even without that reasoning, it's still awful to say something like "This other unrelated 'exploit' isn't fixed so why should this be".

If someone's using a VM, though, I don't think that's "illegitimate" enough to treat them like the gibtuxpls users in any case, especially since it probably couldn't be as consistent to detect.

[timjp87]

I don't think it is about people getting an item without using Linux. It's about people using unauthorized applications to access steam and probably getting their account information compromised.

Here is a tutorial: http://www.youtube.com/watch?v=9sNb54uOc4c&feature=player_embedded

1. Run random program from unknown source as admin
2. Enter your login information and password

facepalm

You could analyze the outgoing packages and connections with wireshark or tcpdump but it would surprise if if this is NOT a phising attempt. Why would the program lable them otherwise by changing the profile name? Because the programmer was a saint and just wanted them to get an item without installing Linux? There is a a high chance that these people use the same information for their webmail and that opens up everything in terms of password recovery for other services like eBay and so on.

[ghost]

@tjpld: @VoiDeD wrote that program, for your information. Yes, the VoiDeD that's in this thread. The original application shipped with the source code, and as it's written in a .NET language, it can be decompiled again with ease to reveal what it does. The name change's not a marker for him to find people to phish, but instead it's a form of proof that somebody cheated to get their Tux. The OP's link shows how this works.

The real problem, which is much more relevant to what you just said, is that people probably are modifying the application or creating fake imitator programs. Those new programs might try to phish the user. That's not @VoiDeD's fault, and the release of the source code doesn't really have much to do with it, either - it only makes it a little easier. It's not an uncommon thing that a legitimate program that gives you something through illegitimate means is cloned or modified by third parties to add malicious code.

Oh, and about the "getting Tux legitimately" issue: Just plop TF2 onto your laptop (copy the GCFs if you don't want to redownload them), start it and wait until you're in the main menu. That's enough to earn you a Tux.

[voided]

Because the programmer was a saint and just wanted them to get an item without installing Linux?

But... That's exactly why I created the app in the first place...

The name change is simply an added gimmick. After all, what's life without a little humor?

I mean, really, I even provided the source code for the app in the package, and the underlying networking library, SteamKit, is also open source software.

[ghost]

@VoiDeD

The name change is simply an added gimmick.

I like it.

[wareya]

The name change encourages people to download a modified copy that claims not to have it, which may be dangerous.

[ghost]

@wareya Honestly... their fault for downloading a random untrusted third party program that asks for their Steam login info. It's common sense to not enter any of your credentials for something valuable into a random program or web site. Especially if it already looks fishy. And I'm pretty sure command prompts look fishy to the average user because they usually don't ever see one these days.

[wareya]

@melonstorm You say you like the gimmick, then you say it's their fault for acting in their own interests within the context of which version of an application to use? Good grief, it's like you're cherrypicking your beliefs.

[ghost]

@wareya Was there ever a guarantee that @VoiDeD's release of the software isn't malicious? Adding a .cs file doesn't really help anyone, the compiled code in the .exe could be different. And, besides, a great majority of users probably doesn't even know what a .cs file is and would ignore it upon stumbling onto it. I'm pretty sure that the average gamer is not interested in programming.

[wareya]

@melonstorm That is exactly the point, there is no inherent security in using @VoiDeD's release of the executable over one that doesn't change the name. The only way to have security in using the application is to compile it yourself, which I know you understand, so it's not like they're making a judgment mistake if they go download it from another third party who seems as trustworthy as VoiDeD and it happens to be a phising app too, other than the fact that it happens to be a phising app that they chose. Let's blame the victim, guys. Guys?

[yaakov-h]

Why not blame the victim? You seem to be forgetting that they're technically cheating. Why do you feel the need to protect cheaters from themselves?

[wareya]

What are you talking about? I'm not defending cheating a Tux at all, but the fact that people will rationally try to avoid the downsides of using a cheating program for it.