AnonTechie writes:
"Echoing a question asked on programmers.stackexchange.com - How can software be protected from piracy ?
It just seems a little hard to believe that with all of our technological advances and the billions of dollars spent on engineering the most unbelievable and mind-blowing software, we still have no other means of protecting against piracy than a "serial number/activation key." I'm sure a ton of money, maybe even billions, went into creating Windows 7 or Office and even Snow Leopard, yet I can get it for free in less than 20 minutes. Same for all of Adobe's products, which are probably the easiest. Can there exist a fool-proof and hack-proof method of protecting your software against piracy? If not realistically, could it be theoretically possible? Or no matter what mechanisms these companies deploy, can hackers always find a way around it ?"
(Score: 5, Insightful) by The Mighty Buzzard on Friday March 21 2014, @10:50PM
123
456
789
(Score: 5, Insightful) by Angry Jesus on Friday March 21 2014, @11:05PM
> Anything you do will be cracked.
Indeed. The question is like saying, "it is hard to believe that with all of our technological advances and the billions of dollars spent on engineering we still have not invented a perpetual motion machine."
(Score: 5, Insightful) by The Mighty Buzzard on Friday March 21 2014, @11:18PM
123
456
789
(Score: 1, Troll) by Angry Jesus on Saturday March 22 2014, @07:59AM
> Anything that can be built by humans can be taken apart by humans.
That's why private key crypto is such a waste of time!
(Score: 2) by The Mighty Buzzard on Saturday March 22 2014, @08:15AM
123
456
789
(Score: 2) by Angry Jesus on Saturday March 22 2014, @02:19PM
My issue is that your entire point revolved around the use of the word anything which is false. Your response seems to be to cite a case of the mis-application of private-key crypto -- where the keys are not private. That still doesn't negate the fact that not everything built by humans can be taken apart by humans.
This isn't a case of pedantry either, your whole post relies on that one falsehood. A correct version of your statement would be, "Most things that can be built by humans can be taken apart by humans." That's not on the same level as a perpetual motion machine, nevermind "worse than that."
(Score: 5, Informative) by frojack on Friday March 21 2014, @11:19PM
Never charge so much for your software that anybody bothers to crack it. You can do like AutoCad did, and charge mercenary prices, and try to make everybody pay, or you can go a lot cheaper, and hope most people pay.
Our company has tried dongles, commercial protection etc and finally the problems just got so troublesome the powers that be decided activation key only.
Our customers know the software will call home to check for updates once a month. They can turn that off if they want. But because we do update it frequently with improvements, most don't. And when it does check it sends its serial number as part of the query.
Se we know the level of piracy. We know who those serial numbers were assigned to.
But it has never reached the level that we feel we have to do something about it. When a good customer with installs it on another machine, we aren't going to go after them. Not worth turning a good customer to someone else's customer.
(We have a continuing revenue stream from our customers, and losing that would cost us more than one or two additional licenses.
Discussion should abhor vacuity, as space does a vacuum.
(Score: 3, Informative) by mcgrew on Saturday March 22 2014, @09:47AM
When a good customer with installs it on another machine, we aren't going to go after them. Not worth turning a good customer to someone else's customer.
You're a smarter businessman than Microsoft employs. How to lose customers. [cnet.com] Thanks to Microsoft and the BSA, the Ernie Ball corporation is running Linux and using very little proprietary software and nothing from Microsoft.
Look how hated the RIAA is. They're idiots, too.
Free Nobots! [mcgrewbooks.com]
(Score: 2, Interesting) by Aiwendil on Saturday March 22 2014, @02:05PM
I have seen an interesting variation on this once. Pretty much the same setup but on a duplicate key it simply (on updates) popped up a simple:
"You are using a duplicate key. Do you want to:
a) Proceed [default]
b) reassign the key to this machine as primary installation
c) purchase a new key for $Y"
and acted accordingly, was nice enough, impled the extra install was a simple change of machine of installation, and allowed a small discount if you went thru the hassle (this software was mainly distributed with a printed manual and such, the discount was less then the cost of ordering the manual separatly)
(Score: 2, Interesting) by Anonymous Coward on Saturday March 22 2014, @12:27AM
That's an interesting and provocative statement, but I think it's too broad to be absolutely true. I happen to sell some very specialized software that's a tool for a professional engineering niche and sells in small volume. For the first several years, it had a pretty simple-minded registration keying system that I put together in one evening. It soon got cracked, and somebody even created a key generator for it.
I wasn't happy about that (no one enjoys being vandalized), but a friend who also sells small-volume software advised me not to worry about it. After all, how many paying customers did I really lose in the process? The professionals who might buy the software probably wouldn't use the cracks anyway. The main purpose of the registration key was to keep honest people honest.
Even so, the crack and key generator really bugged me. The worst part is that the top slots of Google's search results were dominated by the cracks, with my own page about the product appearing in about the middle. (That's PageRank at its finest...) So I decided to fight back. I found a nice article that explained how to remove trails within the software that crackers might follow, so I did that. I then spent several weeks putting together a very complicated registration keying system that uses layer upon layer of cryptography. It's so complicated that I barely understood it myself at the time (I don't by now.) It's certainly not impossible to crack, but I figure if it took me that long to develop it, no cracker would spend that much time on it since the software is specialized and small-volume.
Several years later, I'm not sure if it's been cracked or not. It does appear in some crack sites in search results, but all of them seem to want a credit card now, so I haven't been able to check if their advertised cracks are real or not. (When the software was originally cracked, the cracks were given away freely so that was easy to check.) Anyway, I figure that anybody who gives their credit card to crackers deserves what they get. So, even in the unlikely event that the cracks are real, it's OK. I got enough moral satisfaction out of at least putting up a good fight to make it all worth it. I also learned a lot about cryptography in the process, which ain't all bad.
(BTW, if you folks think I deserve what I get for selling software, that's OK too. :-)
(Score: 3, Funny) by chromas on Saturday March 22 2014, @02:23AM
Actually, I just find it hilarious that you implemented a security scheme you barely understood and you don't know if it's effective. But we'll forgive you since it's just copy protection instead of bank transactions plus you learned crypto.
(Score: 1, Funny) by Anonymous Coward on Saturday March 22 2014, @09:09AM
Good point. But remember, it was mainly about moral satisfaction. In that regard, it's been a huge success.
(Score: 3, Insightful) by Tork on Saturday March 22 2014, @04:30AM
Slashdolt logic: 1600 x 1200 > 1920 x 1200
(Score: 5, Interesting) by anubi on Saturday March 22 2014, @08:17AM
I have been burned before over software with protection schemes. The first sniff I had of it was purchase of Circuit City "divx" disks. When they turned the servers off, the disks were useless.
Imagine my chagrin when I am tasked by the company to implement our first CAD system ( this was MANY years ago!) , and I knew we were probably going to use this system for 50 years. ( Yes, it was an oil refinery ). When I invest the time and trouble to implement something, I expect it to last. I do not build refinery supports out of lumber. I do not use cheap pumps. I am not running a topsy-turvy try-to-keep-it-running operation. Once installed, stuff is expected to work - for all practical purposes: forever. I have plenty of problems as it is without having to worry about finicky crap. I looked at most technology offerings the way I looked at bad concrete... looks good for the acceptance handshaking, but would it last under the stresses of production?
I ended up going with Futurenet ( Dash-2 ), under DOS at the time. I had a crack for it. The only reason I felt comfortable with this is because I knew at least if I could maintain compatible hardware, I could keep this thing going.
Yes, as anticipated, the dongles eventually failed. The program became obsolete and no longer supported. For all I know, its now abandonware.
Its now going on 30 years old. You know what? IT STILL WORKS!
I still pull it up once in a while if I need to see how I had wired something years ago. I have that and the companion PCB layout program PADS pwork for DOS. Both still work albeit I have to refresh myself every time I bring it up because I am doing all my new stuff on EAGLE... which was selected for the exact same reason. I expect it to be working 30 years from now as well.
I have watched a lot of stuff come and go - especially word processors and office type stuff. I consider most of the kind of stuff that software kept track of was extremely ephemeral in nature, as I no longer give much of a damm how many resistors I had in a bin four months ago, but the wiring diagrams to a refinery is to me a horse of a completely different color. You simply do not throw a manufacturing plant away because some MBA did not like the color of one of the distillation columns.
I no longer work for the company, however I can still use the tools, just as I can still use old screwdrivers and pliers. Finicky software to me is like a wrench that cannot be counted on to do the job. As far as I am concerned, finicky software is mostly to give PHB's a sense of accomplishment by signing for it.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by Kell on Saturday March 22 2014, @09:34AM
Thank you! This is the most interesting thing I have read all day.
Scientists point out problems. Engineers fix them.
(Score: 2) by Runaway1956 on Saturday March 22 2014, @01:50PM
"Finicky software to me is like a wrench that cannot be counted on to do the job."
Or, as I was taught, "Always use the right sized wrench!" A Crescent or a Monkey wrench (or some cheap knockoff) may be convenient, but it will never fit as securely as an open and box end wrench that was made to turn that one specific sized nut. Million upon millions of rounded off nuts and bolts prove that you should use the correct wrench!
(Score: 2, Interesting) by el_oscuro on Saturday March 22 2014, @05:40PM
I would agree, as long as I can find the correct size wrench. Unfortunately, the correct size is always the one that is missing. If you were look up "correct size wrench" in the dictionary, it would have a picture of an empty slot in my tool chest. :)
So sometimes you need to use a crescent. Just make sure to get the original, actual Crescent wrench. They are still made in the USA, and will hold a bolt a lot better than the cheap made in China crap. Same thing goes for Channellock pliers, also still made in the USA. While almost everyone has some knock-off of them in their toolchest, try picking up a Channellock 440. You will not believe the difference in quality.
(Score: 2) by Reziac on Sunday March 23 2014, @12:04AM
The difference is that you'll only buy ONE of the tool made in USA or Germany or Finland, since it will last pretty much forever, and A BUNCH of the cheap Chinese knockoff (or worse, the cheap Indian knockoff) since they keep breaking.
(Score: 2) by Runaway1956 on Sunday March 23 2014, @05:34AM
Uhhhmmm, while I tend to agree with your statement, the conversation wasn't directed that way.
No matter how well made a crescent wrench might be, it is a general purpose tool, lacking in precision. It might be "good enough" to turn your nuts and bolts most of the time, but it can't be counted on. A precision built hex wrench or socket will fit the appropriate nuts and bolts exactly, time after time, with no slipping. It only takes one broken knuckle to convince a more intelligent person that precision tools are worth the extra cost. I do own and use slip joint pliers and channel locks, but I never use them on nuts and bolts. Even expensive high dollar crescent wrenches are known to slip when a lot of torque is applied to them. The monkey wrenches I mentioned will take more torque than a crescent, but they will slip too.
(Score: 2) by Reziac on Sunday March 23 2014, @02:18PM
This too, tho sometimes a person can't be arsed to go find the correct wrench or socket, and vise-grips do the job well enough. Or the damned socket won't FIT in the spot, but vise-grips do.... a situation I have a lot of experience with thanks to the vagaries of fence clamps and irregular fence panels. :( And then there's the crescent wrench I use mostly as a hammer, because it fits conveniently into narrow spots. We won't even discuss how I use the tire iron. :)
I'd say the software market, DRM and all has much in common with both situations.
What was the question? :)
(Score: 2) by Runaway1956 on Monday March 24 2014, @12:05AM
LMAO at the crescent wrench hammer - that is just to damned true!! Not to mention that the crescent wrench fits into a hip pocket, but a hammer normally stays in the drawer of my toolbox because it doesn't fit into a pocket.
(Score: 2) by Reziac on Monday March 24 2014, @01:03AM
Nonsense. This ball-peen with the busted-off handle (er, without the busted-off handle) that I found in the mud today fits in my pocket just fine!
(Score: 0) by Anonymous Coward on Saturday March 22 2014, @09:23AM
I don't have any real data on this because this software sells in such small volume (both before and after) that statistics are nearly meaningless. The one data point that I do have is that the crack results no longer appear in the first page or two of search results unless you put in terms like "crack" or "registration key" alongside the product name. I think that's pretty good evidence that it was worth the several weeks I spent on it about four years ago. Or, maybe my marketing or Google search algorithm has simply gotten better.
That may be true, but it was never about that in my case (see the advice quoted from my friend above). It was about fighting back against vandalism. The people who might use the cracks are thieves, but at least they're getting some benefit from it: when they steal it, I can take some satisfaction in the fact that I'm helping somebody in some way. OTOH, the people who create the cracks are just plain vandals: they damage someone else's property without getting anything out of it themselves.
Oh, except that they get a fun puzzle to solve. And if that's what they're looking for, I've given them an even funner puzzle to solve. (You're welcome. ;-)
(Score: 3, Interesting) by mcgrew on Saturday March 22 2014, @09:54AM
Expected, considering a study a book publisher did a couple of years ago. He wanted to know how badly piracy was hurting sales so he commissioned a study. Unlike a movie or song it takes a few weeks for a book to be scanned, OCRed and uploaded so they looked for a dip in sales when the book hit the internet.
Rather than a dip in sales there was a spike in sales. Piracy results in more revenue.
Free Nobots! [mcgrewbooks.com]
(Score: 2) by Reziac on Sunday March 23 2014, @12:13AM
That would be Baen, I presume.
What they also found was that suddenly there was renewed demand for older stuff. Which meant not only was Baen profiting, their authors were profiting, from works that normally would be past their shelf life.
Baen found this all so enlightening, that they started releasing big swaths of their stuff on redistributable CDs, as a bonus with printed works. Frex:
http://baencd.thefifthimperium.com/ [thefifthimperium.com]
(Score: 2) by mcgrew on Sunday March 23 2014, @01:21PM
Thanks, I didn't remember everything from the article. It probably was Baen.
Free Nobots! [mcgrewbooks.com]
(Score: 1) by khakipuce on Monday March 24 2014, @05:38AM
The thing is it is analogous to process that causes string to be tangled. There are very many ways in which a piece of string can be tangled and only one way in which it is untangled. So statistically it pretty much always ends up tangled.
Your software is the same, there are very many ways of cracking a software activation code and you have to find and block each and every one. An attacked only has to find one of the many that you have missed.
(Score: 5, Insightful) by Tork on Friday March 21 2014, @10:55PM
Slashdolt logic: 1600 x 1200 > 1920 x 1200
(Score: 5, Insightful) by chromas on Friday March 21 2014, @11:20PM
And support costs. There are even legitimate paying customers who crack the software just to get around any problems the copy protection introduces.
The software mentioned, and many others products, are as easy to get as download demo, insert key. Some do require a little patching. Nothing more complex. Yet the companies are still in business making software (even if it is buggy) and raking in moneys. Doesn't it say something that Adobe, Corel, MAXON, Microsoft (recently) and even Sony Creative Software (who acquired Sonic Foundry's products when they went Beta) just aren't that worried over buttpiracy?
(Score: 1, Offtopic) by Tork on Saturday March 22 2014, @12:02AM
Slashdolt logic: 1600 x 1200 > 1920 x 1200
(Score: 5, Funny) by chromas on Saturday March 22 2014, @12:12AM
There's only one possible explanation: A DRM salesman has modpoints ☺
(Score: 2, Interesting) by Tork on Saturday March 22 2014, @02:57AM
Slashdolt logic: 1600 x 1200 > 1920 x 1200
(Score: 5, Insightful) by clone141166 on Saturday March 22 2014, @03:17AM
If you scan through the comments you'll see that someone has gone through and modded most of the comments pointing out that anti-piracy measures are not the best approach to stopping piracy as -1 Overrated.
I think the moderation system on SoylentNews is still in need of a rework. It was okay while the site was just starting out, but giving users 10 mod points all at once that expire very quickly seems to promote these sort of "mod attacks". 10 mod points is too much power to be placed in the hands of a single user all at once. At least moderation is limited to one-per-comment, which helps mitigate this.
I have also noticed that sometimes a single moderator will go through and mod all of a user's posts (even on unrelated stories) -1 Overrated simply because the user has made a single comment somewhere that has angered the moderator. A privacy option to prevent non-friended users from being able to view the list of comments you have made would stop this, but alas, no such option exists.
(Score: 2, Insightful) by Tork on Saturday March 22 2014, @04:18AM
Slashdolt logic: 1600 x 1200 > 1920 x 1200
(Score: 1, Insightful) by Anonymous Coward on Saturday March 22 2014, @06:24AM
I don't think a quick expiry time is a big factor in this kind of attack (assuming that's what has happened here). If expiry time was longer, someone tempted to be a bad moderator would then be more able to wait for a story that they were particularly keen to influence, and still be able to use all 10 mod points on that one story.
I know the expiry of points is tough psychologically, because it feels like you've wasted them. But actually the system can be (and I suspect already is) designed so that the overall amount of moderation happening is fairly constant, even on days when a higher proportion than normal of users failed to use their points.
Instead, maybe we shouldn't get to choose which stories we could use mod points in? So, the system chooses potential stories for us? Again, there's a psychological issue there, but perhaps not insurmountable.
Maybe we should limit to 5 points per story? But in the past I've used all 10 points on just 1 story and felt justified in doing so.
Perhaps rather than countermeasures for this specific issue, and for the other issue you mentioned (one person being targeted), we just need to promote more heavily what counts as good moderation in general. To start with, instead of saying "you have 10 mod points", it could say "you have the possibility of 10 mod points. Click here to accept" which then takes you to the screen of moderation guidelines, "Do you understand these guidelines? Yes / No".
And maybe meta-moderation is part of the answer?
(Posting AC to avoid un-un-doing the example of bad moderation that triggered this discussion.)
(N.B. I had already decided to cancel out Tork's down-mod even before I saw his complaint about it, so please have some faith that 1 bad apple will normally be buried under 20 good apples, so to speak.)
(Score: 1) by Refugee from beyond on Saturday March 22 2014, @08:55AM
>Maybe we should limit to 5 points per story?
Where can I vote for 3?
(Score: 3, Interesting) by lhsi on Saturday March 22 2014, @09:11AM
I've had an overrated mod on a post that was otherwise unrated, which made no sense.
I think if someone uses most of their mod points on negative mods their moderations should be reviewed to avoid abuses like that. The guidelines say to try to stick to positive mods anyway.
(Score: 1) by el_oscuro on Saturday March 22 2014, @05:55PM
The same thing happened to me on my first moderated comment on The Other Site, almost 10 years ago. My karma sucked for months afterwards. SN should have a preview button moderation too, as well as a meta moderation system.
(Score: 2) by TheloniousToady on Saturday March 22 2014, @10:09AM
In my own case, the fact that they expire so quickly means that I virtually never use them. If I got 5 points that lasted for three days rather than 10 points that last 3 hours (or less?), I'd start using them. On the other site, I had gotten into the habit of deploying my mod points with great deliberation.
That said, I apologize for the dereliction of duty. I'm glad that others of you are using them - we all enjoy getting modded up. :-)
(Score: 2, Insightful) by DNied on Saturday March 22 2014, @01:11PM
Where "mod attack" is defined as "moderation you don't agree with" ?
(Score: 2) by clone141166 on Saturday March 22 2014, @11:27PM
Fair point; the definition in my mind would be more along the lines of a "mod attack" being the use of moderation points by a *single* user to *disproportionately* influence the moderation of comments in relation to the moderations applied by other users (regardless of whether they are down-modding or up-modding).
A single user modding up every comment questioning anti-piracy measures would be equally bad, though obviously much less likely to provoke a response.
It is my belief that the transient nature of the mod points in the current moderation system causes them to be somewhat devalued. If you are given $100 of credit that expires in 4 hours, you will probably purchase some necessary/useful items, but whatever is left over you are *probably* (will vary on personality and circumstance) going to waste it on something frivolous rather than not buying anything at all. Whereas if you are given $50 of credit that has to last you a week or a month, you are much more likely to hold on to it and only spend it on things that you absolutely need.
I just think that smaller quantities of longer lasting points would promote a more frugal application of mod points. If someone under these circumstances were to save up 10 mod points and apply them ALL to one story, similar to what has happened here, then you know that at least it was something they *really* cared about, rather than it just being something they did haphazardly to use up mod points before they expire because why-the-heck-not.
It's not really a big deal though, most of the time moderations applied by other users will drown out the problem. For the most part the current moderation system seems to work okay, but there's always room for improvement in any system.
(Score: 2) by Reziac on Sunday March 23 2014, @12:19AM
That's my feeling too, and I take moderating seriously. I'd rather not have to rush around... well, what really happens is that I wind up not using most of 'em. When I have 3 days to spend 'em, I too feel that I can be more judicious in how I spend them.
(Score: 2) by Foobar Bazbot on Saturday March 22 2014, @01:30PM
That option exists; it's called "[X] Post Anonymously". If that's not what you had in mind, perhaps you should take a moment to consider the implications of sophisticated spidering tools such as wget...
userscript: Expand/Collapse buttons on every comment [userscripts.org]
(Score: 2) by clone141166 on Saturday March 22 2014, @10:57PM
Posting anonymously could be used to mitigate the problem, however it is a suboptimal solution. I love that SN has the ability to post anonymously, although I have never used this functionality yet. That said, suggesting that registered users should hide by posting anonymously just because their comments might incite debate or disagreement is hardly something that we should be promoting.
And yes there are ways to scrape all comments from a user beyond looking at their user profile. But all of these methods require additional skill and effort, creating a higher technical barrier to performing this kind of abuse (no I don't need a wget example pasted in response; I realise it's not that difficult, but it requires effort beyond just clicking on hyperlinks).
Ignoring the effort required to implement the feature, I don't see what the down-side of having the *choice* to prevent unfriended users from being able to view your list of recent comments would be?
(Score: 2) by Foobar Bazbot on Sunday March 23 2014, @03:42AM
Well, I agree. But you're the one advocating that registered users should hide for fear of mod abuse; I'm just saying anyone who does feel the need to hide should hide behind an opaque object, while you're saying we should hand them a sheet of plexiglass and assure them that it's good concealment, and can't be seen through without "additional skill and effort".
"Ignoring the effort required" is silly, because absent any real benefit, the effort required is enough reason not to implement it.
But I'll play along: ignoring the cost of implementation, the downside is providing users a false sense of security, leading them to post pieces of information across many posts that, in total, represents a profile they'd rather not share, in the belief that any aggregation of these pieces will be limited by human memory.
userscript: Expand/Collapse buttons on every comment [userscripts.org]
(Score: 0) by Anonymous Coward on Sunday March 23 2014, @01:25PM
Being able to look at a user's posting history can also help you determine whether someone has a history of trolling or astroturfing. Another option would be to use Big Data analysis techniques to identify trolls. That would be expensive, but perhaps could be sold as a value-added service.
(Score: 5, Insightful) by Sir Garlon on Saturday March 22 2014, @07:30AM
Try asking yourself, "how much profit do you make by preventing unlicensed copying?"
Answer: negative money. You make money by getting people to pay for your software, not by stopping them from not-paying for it. This is a subtle distinction but it is a critical one to understand because the harder you fight against "piracy," the more money you will lose. This, BTW, explains why no one does a better job of it. That would cost more and not improve revenue.
The real question you should be asking is "how do I get people to pay more money for my software?" There are two answers, equally obvious: convince them it's worth more money, or sell to more people. DRM does not help you with either.
[Sir Garlon] is the marvellest knight who is now living, for he destroyeth many good knights, for he goeth invisible.
(Score: 0) by Anonymous Coward on Sunday March 23 2014, @08:35PM
You make the key point - a lot of companies have yet to learn this lesson. (Typical attorneys hate to lose anything, including a possible license fee.) In my experience you lose customers/revenue or have to refund customers because of DRM problems.
We could spend X hundred hours building a hack-proof DRM system which cash paying customers would hate and not add any value to the product. Or put the same time into adding new value to our products and services. Which will increase sales?
Another twist to the DRM debate is that some large companies apparently don't really care about piracy in some markets because they know their pirated copies are preventing local competitors/startups from making sales and getting established.
(Score: 5, Insightful) by clone141166 on Friday March 21 2014, @11:02PM
Why are your users choosing to pirate your software?
The question in this story is akin to a government saying "We spent all this money on the police and non-lethal weaponry, why can't we disperse riots quickly?" Instead of asking why the riots are occurring in the first place.
(Score: 2, Interesting) by Konomi on Friday March 21 2014, @11:06PM
You can't, anything you do will lose you more customers due to frustration. I have dumped many software projects that make things harder. If you want to stay with a pay me for the compiled binaries model, I recommend appealing to peoples generosity and trying to bother them as little as possible.
Or just switch to a better model for your software to make money...
(Score: 4, Insightful) by akinliat on Friday March 21 2014, @11:07PM
Yes. Charge a fair price.
It's really just that simple. Take Snow Leopard, for instance. I could have pirated it, because I really wouldn't have wanted to spend money on something that I wasn't really going to use or need (I was just curious and wanted to play with it a bit).
But Apple only charged $40 for a CD. Forty lousy bucks. I pay more for a tank of gas. For that little money, it just wasn't worth the effort to pirate a copy.
(Score: 1) by ramloss on Saturday March 22 2014, @12:29AM
In addition to a fair price, sell it to me! Please shut up and take my money!. Look, I'm not in the USA or Europe; but I can walk into a Walmart or equivalent and buy an iTunes card with cold, hard cash an then proceed to buy apps for my ipod or mac. No (international) credit card, nothing, just cash and I can buy reasonably priced software. Imagine selling hundreds of millions of copies of your software, that way you can afford to sell it for a few US$. Think about India, China, Latin America or Africa, there are literally billions of people that could potentially buy your software if only you could sell it to them, bonus points if it doesn't cost more than one month's salary.
On the other hand, if you software is so specialized that only a few people would want it, just use a hardware dongle and be done with it; hell, in that case just keep a registry of all your clients, make the software phone home and contact the client that dares to install it in more machines that you allow them to. Better yet, make your lawyers contact them, that'll teach those bastards!.
(Score: 1) by spxero on Saturday March 22 2014, @12:22PM
I agree wholeheartedly with this- make it easy, but if only a few people use your software make it phone home and require a USB dongle.
The only other option if you want to completely lock down AND charge a premium for your software is to change to a SaaS model. Supply your app in a terminal server environment, Citrix, or some other VDI environment. But also be prepared to keep up with supporting the infrastructure, keeping a tight grip on customers, and rely heavy on support.
(Score: 0) by Anonymous Coward on Saturday March 22 2014, @02:13AM
But Apple only charged $40 for a CD.
I chucled at the prices on eBay for it since
you can buy it today for $20 from Apple.
(Score: 1) by Cyberdyne on Sunday March 23 2014, @02:55AM
"Charge a fair price. It's really just that simple."
Not quite. It is also a matter of "available payment options" and issues with identity theft. i.e. I wouldn't buy anything with Paypal, no matter how cheap it was. I get stuff for free because it's quicker and more anonymous. Price rarely has anything to do with it.
(Score: 3, Interesting) by kristian on Friday March 21 2014, @11:29PM
Piracy is difficult to prevent and hasn't even been shown to be a net bad. Piracy can be great for publicity and can boost sales. Microsoft knows this. They turned blind eye to Windows piracy in China because they knew that if they didn't they would lose the market.
The opinions expressed in this post are those of the individual sender and not those of Kristian Picon.
(Score: 2) by Reziac on Sunday March 23 2014, @12:27AM
Back in the olden days, WordPerfect Corp's support was extended even to pirated copies. The goodwill that generated sold a lot of upgrades. In my observation, WP's market decline wasn't initiated by the Windows/Word thing, but rather by a shift of policy to only supporting proven-paid customers... which kinda killed that previously-healthy "chomping at the bit to buy an upgrade" market generated by pirated copies.
(Score: 2, Insightful) by Anonymous Coward on Friday March 21 2014, @11:37PM
Security is not about perfect protection. It is about the cost involved.
Your front door is easy to kick in. Why not have a door made of steel? Right. Because the thief gets taken by officers of the law if caught. Same thing in software. They are not '100% fool proof protecting' their software. Too expensive. They are making it costly enough that most people will pay.
(Score: 4, Interesting) by ancientt on Friday March 21 2014, @11:47PM
You can't sell a series of bits that can be copied easily without having some people decide to skip the buying part. However, you can sell the service that your software provides if you run the software on your own computers to provide the service your customers want. Google, Facebook, Twitter etc prove this. You might be able to get any of those systems to run on your own computers but the service they provide isn't the same as the software they use to provide it. The key to making big money with software is not to sell the software, but run it to provide the service that you do sell.
On the other hand, if you provide software that people can run on their own computers at a reasonable price and provide good service and regular updates to your customers, most will be willing to pay for it. I was working for a small software company (golden geek card to you if you can name it) which provided software which was useful on its own. It came with basic piracy prevention and an activation process to remove a "demo" watermark. I still remember the call where the customer explained that he had been paying for the software but hadn't gotten the paid version because it was so easy to bypass the protection. I was shocked because I hadn't realized how easy it was to remove the protection and at the same time, my faith in humanity was a little renewed to know that even people who could steal wouldn't necessarily steal simply because it was easy.
This post brought to you by Database Barbie
(Score: 0) by Anonymous Coward on Saturday March 22 2014, @10:55AM
There are many revenue models for software, and the online-service-with-advertising model such as Google et. al. use certainly can be successful. But it doesn't apply to every case. In particular, it only works for very large user bases. Maybe they get a fraction of a cent or whatever for each page view. Essentially, advertising is an efficient form of micro-payment. But those folks are all trying to figure out how to best monetize mobile, which isn't well suited to advertising due to the high premium that users place on screen space.
OTOH, if you sell specialized software in small volume, this sort of model doesn't work at all. My experience has been that most users won't pay unless you motivate them. There certainly are exceptions. One of my customers got what he needed from the trial version, then paid for the real thing out of gratitude. Very nice - and very exceptional.
In my own case, I'm unlikely to pay unless I have to simply due to the time and trouble involved, even though I've been on the other side of that. For example, I used WinZip for many years but never paid for it because they never made me, though I would have if they had. Luckily, 7-Zip came along to relieve my guilt.
Piracy may actually be part of a business plan, as has been mentioned with Microsoft. A related example is authors who provide their book for free in .pdf form on the web in order to help sell copies. In effect, buying it is a form of supportive donation. But I don't think it works for everybody. There's a reason that various forms of DRM still exist: although it doesn't work in every case, it still works in selected cases. For example, I use Matlab via a Flex license, and each time we run out of license seats (which is purely artificial scarcity) we are a little more motivated to buy more seats. Meanwhile, the Matlab folks nearly give away the student version (to sell expensive seats when students become professionals), and, of course, Octave, a high-quality Matlab clone, is available for free. But I can't imagine the Matlab revenue going up if they removed the Flex license.
(Score: 4, Insightful) by The Archon V2.0 on Friday March 21 2014, @11:50PM
The second the compile completes, toss your PC in a volcano. Literally. Code on a laptop, take it to the rim of an active volcano, away from any wifi connections or other link to the outside world, compile, and toss it in. If you distribute it, someone will pirate it. If there's no DRM, people will distribute it. If there is DRM, people will crack it - if only for the bragging rights - and distribute it. I forget what game it was (I'm thinking The Witcher...?), but there was one game that came out in DRM and DRM-free flavors. The first popular torrent was a cracked DRM copy.
Asking for a foolproof way to stop piracy is like asking for a foolproof way to stop robberies or shoplifting or littering or jaywalking or literally any other crime. If it were possible to bring defection to nil someone would have figured it out because every dictatorship in the world would do anything to anyone for any amount of money to make certain crimes (like plotting against the government) impossible. If it is possible someone will do it.
One must strike the right balance, but the problem is the balance has dozens of pans, not just two. It's not cost of piracy vs. cost of DRM, it's cost of piracy vs. cost of DRM vs. convenience to customer vs. keeping investors happy vs. cost of support vs. cost of lost goodwill (people don't like being treated like crooks) vs. bad word-of-mouth (any security will catch a few innocents in its net, and you can bet they'll take to Twitter to rant about it) vs. etc. etc. etc.
Ultimately, what's best depends on what you're selling. Games, if you're not AAA then about the most onerous you can get is Steam (and for some of us, even that's too much). The more in-demand the product, the worse you can get because people will put up with more before giving up. High-demand games can require their own user account/login/Origin-type affair. Rare things like software for running a vinyl cutter or screen reader software for the blind can get away with everything short of murder simply because their software so expensive that any level of DRM is fiscally justified and their competition is nonexistent. What are you going to do? Cut all your vinyl by hand? Regrow your eyes? If it's too rare to be on cracker's radar and critical to someone's livelihood, you can make the software one-install only and boo hoo if your HDD crashes.
"Serial number/activation key" isn't the best, perhaps, but it strikes the best balance for the companies that use it.
(Score: 2) by chromas on Saturday March 22 2014, @12:26AM
You're right on, there. While software copy protection itself is fairly new, the ideas behind it are not. People trying to keep each other compliant is ancient. DRM is just that…but…on a computer!
(Score: 2, Informative) by Ken_g6 on Friday March 21 2014, @11:56PM
Back in the day, this was the way to protect really expensive software. Have the dongle sign something with a PGP key, protect the hardware from hacking (I hear there are ways), and that should do it.
(Score: 1) by axsdenied on Saturday March 22 2014, @12:10AM
Dongles are still in use (for some software). However, they increase the cost and this approach is not hack proof. Nothing is...
(Score: 1) by The Archon V2.0 on Saturday March 22 2014, @01:10PM
These days, though, that makes the sale harder (because digital distribution is impossible - the customer is going to have to wait for something to arrive via mail, which is a tick against you if there's a competitor who doesn't have that). Also, the software itself is still a target, so you need to harden the software so it's not a matter of changing the right JE opcode to a JNE. And while the software is an easier attack because you can't break your only copy, little hardware is truly tamper-proof, especially if you need that hardware to work on any PC with a USB port or hub.
PGP is encryption, meant to stop attacker A from intercepting or faking a communication between B and C. Simple. But in this scenario (or scenarios like CSS on a DVD), who are A, B, and C?
Are B and C the customer and the software package? Then A is B. This is like using encryption to protect your e-mails from the NSA, when you only e-mail someone who works in the NSA's SIGINT section.
Are B and C the software and the dongle? Well, then A OWNS both of them and the infrastructure by which they communicate, and can do as he pleases with them. Even if Jehovah can't factor the product of large primes, he can crack open the heads of B and C and make them more amenable to his plans.
This is the core problem with copy protection: The customer is the attacker. You have to give easy access to the person who you want to keep from accessing it, because when someone with cracking skills buys your software his evil bit isn't set for you to check.
(Score: 2, Insightful) by M. Baranczak on Saturday March 22 2014, @12:09AM
If you want people to use your ones and zeros, they must be able to read them. If they can read them, they can copy them. You can prevent this if you have complete control over the hardware, but in practice that's pretty difficult, since it's not actually your hardware.
(Score: 2, Insightful) by bill_mcgonigle on Saturday March 22 2014, @12:10AM
Yes, you can stop copying if you never give them the code. Whether that's running a web service or existing in a sealed device. It just won't work on a general purpose computer.
But allow me to suggest you worry more about making money than stopping copying. Redhat gives away its code and is worth billions of dollars. Microsoft worth even more and its software is widely copied.
If there's some reason why stopping software copying is more important than making money, then you should explain those reasons.
(Score: 5, Insightful) by TheLink on Saturday March 22 2014, @12:11AM
Sure: Software as a Service or similar.
People are still paying Blizzard for WoW. You can hack the client and play it on your own servers if you want, but it ain't gonna be the same thing ;).
Works as long as you can put some/most of the stuff that the users need/want on hardware that you control. The more of the stuff is on hardware you control the harder for someone to create a substitute for it.
If the user's machine is a mere "terminal" and you control the "mainframe", it's not so easy for the user to pirate your software.
(Score: 1) by SuperCharlie on Saturday March 22 2014, @12:24PM
This was also my first thought. It is also one of the things I would never buy since even the mighty Google has good/great SaaS they regularly kill. The downside for this is it has to be sold as a subscription as you have ongoing server costs or priced with an EOL in mind which would throw in major costs upfront. In the scheme of things this is the only way to do it imho, and it still stinks :)
(Score: 4, Insightful) by dcollins on Saturday March 22 2014, @12:12AM
(Score: 0) by Anonymous Coward on Saturday March 22 2014, @12:30AM
open source it
(Score: 0) by Anonymous Coward on Saturday March 22 2014, @06:21AM
Although "open source" should be "free software" and "piracy" should be "unauthorized copying".
This is the only way.
(Score: 1) by HiThere on Saturday March 22 2014, @03:21PM
That's my favorite answer. Actually, I prefer the AGPL3, but any of the GPLs so far is acceptable. So is BSD or MIT, though I'd prefer not to use them. (For some purposed they are really the superior choice, but I'm not trying to implement standards.)
FWIW, offering code under a GPL license doesn't prevent you from also selling it...though it puts limits on what you can charge.
Put not your faith in princes.
(Score: 4, Interesting) by keplr on Saturday March 22 2014, @01:54AM
Make great software, sell it at a decent price, and don't try to restrict your users. That's the best you can do, and it's surprisingly effective.
(Score: 2, Interesting) by Anonymous Coward on Saturday March 22 2014, @08:22AM
don't try to restrict your users
Years back, it was decided by Cadsoft to add DRM to their product, EAGLE (an ECAD for producing printed circuit boards).
If you don't use the product exactly the way they intended, your work product becomes locked.
The presence of DRM is, of course, not mentioned anywhere in the license.
Paid-up users got sucker-punched by this and tried to get their work unlocked by the company.
The company said NO.
I mention this every chance I get.
I don't know the total number of people I convinced to bypass Cadsoft, but I do know the number is not zero.
This shit only hurts your real customers, Don't ever do it. It backfires.
-- gewg_
(Score: 2) by neagix on Saturday March 22 2014, @04:10AM
You can't because the CPU has to execute instructions that are transmitted "in clear".
To make you happy we would have to run DRM-protected software and/or an extension of TPM.
No thanks.
(Score: 3, Insightful) by Debvgger on Saturday March 22 2014, @04:39AM
Implement it as an ASIC. But you will be broke fast.
(Score: 2) by sjames on Saturday March 22 2014, @05:15AM
The closest you can get is to have a server that the software depends on. That might fly for games (though you will lose some of your customers), but not for an OS or many other apps. Even that isn't imposssible to overcome but it raises the bar.
(Score: 1, Insightful) by Anonymous Coward on Saturday March 22 2014, @05:19AM
(Score: 3, Interesting) by einar on Saturday March 22 2014, @05:36AM
Simple example: MythTV, a linux-based media center suffered from the lack of an electronic program guide; at least for central Europe. Collecting the program data and distributing it would have cost money. Some TV stations charged you for this information. So, you have to invest money which you might later get back over license or subscription fees. Years ago, on a popular German MythTV board, I started a small survey to learn who would be willing to pay a monthly subscription for an electronic program guide. The survey showed interest but also revealed that the majority would be willing to pay one euro "because they can then share the data". Estimating the user base, my business case felt apart. Back then, I did not establish an EPG for MythTV for central Europe.
Now you can argue, ok, obviously not enough people wanted to have it. However, back then, I believe there would have been enough people interested in the software. MythTV users suffered really from not having one. Yet, already from the start you could feel that piracy would break your business plan. Better not to start.
(Score: 0, Interesting) by Anonymous Coward on Saturday March 22 2014, @07:23AM
Germs are good because they force organisms to react in ways that make the organism stronger. Sometimes they make the organism develop better germ fighting tools, sometimes they kill the weaker organisms and narrow the gene pool down to the fittest. If you raise children with no exposure to germs, they become very ill when they're later inevitably exposed to germs. If all the "bad" germs were completely eliminated one day then for a while people would seem to flourish, but eventually things that weren't considered dangerous before the bad germ elimination would become dangerous to those who hadn't developed defenses. Germs are bad because they make people sick and kill people, but there is a reasonable balance of some bad germ exposure being healthy.
Sometimes a germ will come along and kill off an entire species. That's almost never good. Sometimes someone will make it virtually impossible to incentivize good software. That's almost never good.
Software piracy is much like fighting bad germs. There are times when it is prudent, or even critical to combat it, but its existence and prevalence ensures that some work is put into researching and testing ways to stop it. That makes it possible for people who couldn't effectively minimize piracy on their own to learn or reuse strategies which are effective.
Don't go around licking people's shoes. Taking too many chances with germs is bad, just like having a software piracy free for all is bad. Do get enough exposure to the real world of germs and software piracy so that you are able to understand and react appropriately when you encounter them.
Sometimes the best way to fight piracy is to not bother fighting it because your standard defense of trusting reasonable people to compensate you is enough. Sometimes the best way to fight piracy is to force anyone who needs to use your software to come to your secured site and divest them of electronics and monitor everything they do. (Yes, there is such a case, and I'd love to have a tour but I don't expect they're giving any unless you're a money man... and maybe not then, plausible deniability and all.)
(Score: 2) by RamiK on Saturday March 22 2014, @06:46AM
It doesn't matter how much effort you put into it if there is no market for it. The truth is there is very little market for photo-editing software and even quality word-processing and spreadsheets. These are professional tools that people just like using as long as they don't have to pay for them.
The people that are buying them do so because everyone else seem to be using them and they don't know how to pirate them. Once all the semi-competent high-school students start installing Linux and LibreOffice since they can't get Word for free, how long would it take before everyone else follow suit? This isn't even a rhetorical question anymore since we've seen this happen with Google Docs.
TL;DR: Just because you're spending 30yr creating the ultimate word processor, doesn't mean 99% of word processor users need it or are willing to pay for it.
(Score: 2) by isostatic on Saturday March 22 2014, @09:39AM
Water canons, armed guards, and of course avoid the areas off Somalia, or even just fly your software (and hope it's not on MH370)
However you'll be better off sending your software via ip rather than shipping it, pretty hard to pirate it then!
(Score: 2) by sjames on Saturday March 22 2014, @01:45PM
Keep in mind that copy protection will also make your software fragile and so will lower user perception of quality.
Most software is designed to be robust (the objective in't always accomplished, but it is an objective), but copy prevention is necessarily the opposite.
(Score: 0) by Anonymous Coward on Saturday March 22 2014, @02:28PM
If there was only one impoverished child in this world who sought refuge and respite from depression and engaged in piracy as their only means of escape. Pirating tv-shows, games, software to keep their mind occupied with better things than thoughts of suicide.
Then that would be enough for me to stand by piracy as a force of good.
I am however fairly certain there are millions of these children, who either know none or have no other options.
There is nothing lost for humanity at large, in piracy, only gained. There is merely the theoretical loss for the small, self-serving individual.
Doesn't anyone else feel we do more harm than good when we value money over other human beings?
(Score: 1) by gander on Saturday March 22 2014, @02:55PM
Lots of good commentary here, but it really depends on the market. If it is something that a lot of people want Tinder [gotinder.com], then a small price to make it not worth the hassle of pirating and you will be hugely successful. Something with a very limited number of potential customers like EESof electronic EDA [eesof.com] will have a very different dynamic. A full package can cost $75K. Worth it? If you do high frequency microwave circuit design, it is essential.
Some people claim that that price should be free, but the number of people to develop, test and continuously revise that software is large. Of course, if you make it too difficult to keep legit, even after you charge that much money, you just feed the temptation to pirate.
No real easy answers
(Score: 1, Insightful) by Anonymous Coward on Saturday March 22 2014, @04:06PM
tl;dr answer: It can't.
Longer answer: Protecting it from piracy is equivalent to giving someone a locked box, along with the keys to the lock, then asking them "please - don't use the keys to steal what is in the box".
And that is just the trouble. No matter what you do to the software, it ultimately must be "released" from its shackles to be used by a legitimate user. But that same "releasement" for a legitimate user can also be exploited by a nefarious user to pirate the software.
(Score: 2, Funny) by Tork on Saturday March 22 2014, @05:36PM
Slashdolt logic: 1600 x 1200 > 1920 x 1200
(Score: 0) by Anonymous Coward on Saturday March 22 2014, @10:02PM
"In cryptography, a one-time pad (OTP) is an encryption technique that cannot be cracked if used correctly." http://en.wikipedia.org/wiki/One-time_pad [wikipedia.org]
Apply this concept from execution right up to authentication and your friendly neighborhood pirate is gonna have an easier time rewriting an application clone than trying to steal your bread and butter straight outta the fridge.
(Score: 1) by einar on Sunday March 23 2014, @09:17AM
A one time pad is a shared secret between parties. Now, try to securely share secrets between you and your many customers who bought your software. If it helps you to have a realistic background to come up with a good application of your "technology", think about selling mobile ups via the android store. And keep in my mind that the procedure for exchanging a one time pad should be smooth enough to not cut into your 2 USD price per app you sell.