Slashdot Mirror
More On Policing Shareware
RHW22 writes "Washington Post's Rob Pegoraro looks at shareware, focusing on the question of whether or not this industry can survive if people never actually cough up $$ for the product. He mentions Ambrosia Software, 'a developer of Macintosh games and utilities in Rochester, N.Y., could stop guessing after it revised its payment system last year. The new system aims to stop people from using pirated registration codes in two ways.' Read his column here." We mentioned this several weeks ago, with a link to Ambrosia's description of their system and what led to its adoption.
IMHO, most stuff marketed as shareware is really demoware.
If it can't save - It's a demo
If it pops up excessive nag screens - It's a demo
If major functionality is locked - It's a demo
TODO: Something witty here...
The way I see it, shareware authors shouldn't expect to turn a profit. They should just see being profitable as a nice perk. The majority of people out there won't pay for what they can get for free. If that involves running a serial number generator or a simple crack, then that's what people will do. The only reasonable way to get people to register is to do like Doom and offer a sample that can be expanded upon once the cash is coughed up. Most importantly, it can't be an unlock code, it must be an entirely different program. Of course that doesn't prevent people from giving their buddies copies of the registered version, but that's an unwinnable war.
This is a philosophy that more and more companies should be following: realize that no, not every customer is a thief (or at least make them think that you don't believe that)
It's nice to see some one with an idea like that
Have you thought about what you're looking at today?
It would be interesting to really see the comparison of piracy to shrink wrapped software and sharewares.
;)
On one hand, people pirate shrink wrapped cos it's too expensive too buy. On the other hand, they pirate shareware cos it's convinient (erase registry entry, anyone?).
I guess I'll still stick with my GNU Linux and all the freebies.
geek page at KY speaks
"First, after a user buys a program, Ambrosia e-mails him or her a personalized registration code stamped with the date of purchase. Entering this code into the program activates it and ends any trial-period limits -- but the software won't accept a code older than 30 days. (Once the code checks out, Ambrosia programmer Matt Slot said, the program won't run any further tests.)"
Looks great until someone writes a keygen. If it doesen't auth with their server how secure is it?
Looks like more fluff to me.
09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
"But in the shareware industry, which can't function without Internet distribution, this freedom of theft can be much worse."
Surely I remember having Wolf3d and Doom on floppies... Nonetheless, I'm sure Internet distribution is much cheaper for the Shareware developer over floppy distribution. This protection scheme doesn't seem all that different from numerous other copy protection systems for software whether it be commercial or shareware. It will be broken like all the rest and then the poor shareware developers relying on it will get screwed like they would've before. It's unfortunate because there are worthwhile shareware products, and while I'm sure a lot of people here might scream "well just go open source." I'm sure some of these shareware developers are deservant of some monetary gain for their toil. Then again I don't think some shareware products are worth a bloody nickel, thusly I don't use them. I guess the trick is to get them hooked, ala Doom, and sell them more content. However, instead I see things that function then break, or function only partially, neither of these solutions lend me to want to purchase a program.
You want to make money on shareware? Charge less. Make it very convenient to pay. And don't annoy the end user.
Headlight Software has made lots of money from Getright registrations, despite some people having pirated it. I've registered it myself. (I think it was $20, not $25, when I did, though.)
If a software company wants too much money for a piece of shareware, users will get a patch or key generator rather than pay. If the software nags the hell out of the user when he installs it, he'll get mad. I know I do.
This stuff is easy to defeat. If you wanted to pirate this stuff you would not try to do it with a shared registration code. That is just 5tup1d. It would be done in one of 2 ways:
:oP
1) A key generator: Create your own personalized registration key. This was my favorite way to pirate and it usually doesnt take the professionals long to create a keygen either.
2) A crack: completely disables the 'time checking' on the shareware by altering the binaries in some way
The piracy prevention methods outlined in the article won't have any effect on key generators or cracks.
P.S. This is such old stuff. I remember shareware companies keeping blacklists and time stamping keys in 1997. It did not slow me down at all
Why is this news?
When I purchase software, I own the product. The problem with expiring registration codes is that you only own the software as long as the company is in business.
What happens when Ambrosia goes out of business and the software code expires? Your product that you PAID FOR stops working.
Can you imagine the impact of GM going out of business and then finding your car doesn't start the next morning? You paid for that car, and you expect it to function correctly for the expected life of that car.
Expiring codes, WPA, and all the other software piracy/protection schemes out there remove control of the software from the end user and shift it to the software vendor. It is only a small step to software as a subscription service after that.
I'm really glad my Linux machine is totally free and if Microsoft, or Ambrosia goes out of business it will still keep working.
-ted
The way I see it, shareware authors shouldn't expect to turn a profit. They should just see being profitable as a nice perk.
Why shouldn't shareware authors expect to make a profit? Because you say so?
Shareware is a distribution model - you like it so you register it, recommend it to your friends, etc - nothing more, nothing less.
Too many people equate shareware with free, and those that resort to password cracks are the worst kind as they can't even use the "I just wanted to see if it was what I wanted" defence.
Sure, most people will take advantage of the situation and never register software that they decide to use beyond the trial period, but some people are more honest and will happily pony up $20 for a package that does the job they want done.
But saying that the authors, the people who invested their time and effort into code that other people benefit from, shouldn't expect to see a return on their work is downright unbelievable.
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
I find it disturbing that so many people continually show such complete ignorance of the history of this industry.
Shareware is fully-functional software for which you are *encouraged* to pay the developer (if you find it useful). You are also encouraged to share it with your friends, hence the name shareware. It is not time limited. It is not missing any functionality necessary for normal operation. It may have annoying messages nagging you to please pay, but if it is hampered in any way in which you must pay to get the fully-functional version, it is a commercial demo.
It's offensive that so many people these days seem to be freeloading off the good will and generosity of the shareware community in order to sell their commercial products!
maybe they shouldn't be so GULLIBLE to expect that someone would want to fork over money for something if they dont have to. if a business model relies on honesty, it's not gonna work in the year 2002.
Show me (and the authors) a distribution model that gets as much potential exposure with next to no marketing spend and perhaps I'll consider your argument.
Relying on the honesty of others might not be as profitable in 2002 as it was in 1952 but to say that it can't work at all is foolish. Ever heard of WinZip?
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
Actually, I'll just quote Linus: " In my opinion, shareware tends to combine the worst of commercial software (no sources) with the worst of free software (no finishing touches). I simply do not believe in the shareware market at all. "
Perhaps I've been spoiled by Linux, but I'm getting into Mac OS X now, and there are tons of little apps that on Linux would be free, but some chump wants $9 for on OS X. Yeah, part of it is me being cheap, but I keep going back to Linus's quote and end up not buying it.
"Shareware + source" might be interesting, even with a non-RMS-compliant license, but I haven't seen it. (And of course, I'd prefer full GPL if possible.)
it's been said earlier, but if you compare the ratio of sales of a product like CuteFTP to pirated / trial versions, it's ridiculous.
let's examine it in depth.
What are 94% of FTP client users doing? WAREZING
now that we know that, we can assume, that most people won't pay $35 or whatever.
So the solution would be to make it ultra cheap, say in the neighborhood of $5 a license. That would greatly expand the user base, and if they implemented payment via paypal as well as credit cards, people would be more likely to impulse buy.
$5 is nothing, i'll spend that impulsively. Even $10, after that, we move into the area where we stop caring about the company (think of how many sharware progs you use, (wellyou linux people dont')). If they were that cheap, i'd by each one that I use.
Photos.
If shareware didn't make money, companies would not make shareware versions of their software. Why do games companies make shareware? Because shareware is great advertisement. If 5% of their clients buy the full version of the software, that is 5% more than what they would have had anyway. To check out a shareware success story, check out Dexterity Software. In particular, check out the articles section. The dude outlines how he successfuly created a shareware company and how he can still make money at it.
This won't work for the same reasons that RIAA won't succeed in stopping music sharing, and Microsoft won't stop people from pirating Office: in a competitive capitalist economy, the natural price of an item is the marginal cost of reproduction.
For digital information, the marginal cost of reproduction is $0 - nil - nada. So no matter how low the price of my software gets, I can always get it from another provider (like Gnutella) for free.
Lowering the price won't help. Copy protection won't help.
There are only two ways to ensure the creation of quality information, art and software:
Shareware is just a temporary path on the road to open source - no matter how many copy protection methods it uses to prop itself up with.
I fail to see how this amounts to theft. It is a violation of a modern law, but theft is almost so obvious one has to think about it to even define it. Theft is the act of depriving someone of some 'thing' that they have exclusive rights to, either by earning it, or having been given it by someone who themselves earned it.
In this way, it's obvious that if you take a Ferrari from the dealer without paying, there is one less Ferrari the dealer can sell. This is not the case with 'intellectual property'. What's more, it is concievable, that were the authors so inclined, every single computer on the planet might have this shareware. The cost would be negligible. No matter how generous the exotic car dealer is though, there are a finite number of Ferraris. These are too completely seperate things.
I'm not sure that there are any moral rights to what modern law calls intellectual property. Certainly, someone has the right to take credit for software that they have written, and those attempting to infringe that right are in the wrong. Do they have a right to make certain no one is playing the shareware game, unless they have paid an arbitrary sum? Should the exotic car dealer be allowed to forbid you from loaning your Ferrari to a friend (not that he would have to, it would have to be a damn good friend) ? If the exotic car dealer has no rights once the car has left his possession, how can a software author? Can the author be certain, that the pirated copy they are trying to prevent, isn't just a legit copy that was loaned to another person? Lots of questions.
You could claim that I'm comparing apples and oranges, and that these are new laws for new problems. Except that I don't see a real problem. People with vested interests have decided they want to make a profit this way, and when normal human *non-pathological* nature gets in their way, they buy a bunch of laws. I think that deep down, most people can see how twisted this is... as I'm sure that shareware titles vs. open source titles statistics will show.
What's really needed are more people learning how to port some of the freeware utilities from Linux and other *nixes over to OSX binaries, using Cocoa. I sure as hell can't do these things, but there're a ton of other developers out there that can.
Mostly what needs to be ported, IMHO, are small things. Network and system monitoring tools that can go in the dock, or other little things like that. Sure, the big stuff would be nice too, but I'm certain there are a ton of little apps that might even only take a few days to port for someone who can get used to Cocoa.
My own pointless vanity vintage computing page
I would expect Ambrosia to put out a fix for this when they went under.
According to a moderator on an Ambrosia board, if Ambrosia Software goes out of business, it will release source code for all its software, essentially turning it into free(beer)ware, if not free software.
Will I retire or break 10K?
I'll make a install key which is only valid when the sum of the digits is evenly divisable by seven. Nobody will ever guess the algorithm.
I had a shareware program that did the "registered to" name hard-coding that the article talks about. I hated it. See, I used this particular program to print out pretty pieces of source code side-by-side with output. At the top I had a header. In the header was my name. Or actually, the name from the email headers at the time of registration, which was something no one actually ever calls me. They could have just asked what name I wanted to use, but instead every time I used the software I saw that wrong name.
Ok, strange that slashdot posts something like this just as I am in the process of writing some copy protection (due in the morning!). I just read the Ambrosia Software story while searching google for some tips and techniques for writing copy protection. I am trying to avoid the very problems they had. All I hear is that the key is "use polynomials!," wherever I go. If you can't tell yet, I'm a complete newbie to this, I've been programming a while but haven't had to protect my applications before. So how about some helpful advice on how to write a decently secure registration system. Some links with mathematical explanations would be nice.
... + 2^N * charN), with a 31 char limit to keep the number 32 bits. I'm wondering if there are ways to check parts of such a hash without actually regenerating it, so that I don't give away the key generation algorithm in the software. I know it can't be bulletproof, I just need something that's not so simple it'll be breakable by a casual cracker.
Right now I am just creating a 32-bit value from a random 32-bit number the application gives the user and a name. The name is hashed using something like (2^0 * char0 + 2^1 * char1 +
According to this article jacksonville is going to try and prosecute people they catch using unregistered shareware for longer than the trial peroid. They aren't really going after end users, only government offices and contractors...scary precedent though...who will they go after next?
It seems most "shareware" these days has forgot the true meaning of the word. True shareware just used to have a screen at the beginning that says (basically) "Hey, if you like this program, how about send some $$$ the developer's way for his troubles... and pass this on to a friend if you'd think they'd like it!" and let you go on your merry way... If you didn't want to send them money, then you didn't have to, unless the program expired after X days, or X uses and you wanted to continue using it.
One of my friends is the co-developer of Cover Your Tracks and I joked with him once that he made it to the "big time" when there were cracks published for his program's licensing code algorithm.
There are only 10 kinds of people in this world... those who understand binary and those who don't
Time-based registration keys are basically useless. In most cases all you need to do is simply reset your systems time back to a date close to when the serial number was obtained.
In the case of internet based time-registration, just disconnect from the net (pull the ethernet cable) and click "register" after entering your serial, then click the "o.k." button that tells you you're not connected to the net, 9 times out of 10 your software will show up (upon restart) that it's fully registered.
It goes to show you that a program truly worth paying for is also worth the time and effort to crack/or make a keygen for it.
All the more reason to buy it, if it proves usefull.
IAASA (I am a Shareware Author), and started off with the unlock key method - it was cracked, but hey, the extra warez links boosted up my listing on the search engines, which is free advertising.
Basically, this is what shareware is : 'A really good way of advertising' - the users get to see exactly what the program does, if it has bugs, is it crap, etc. so they can try it out before buying it
regards,
Duncan Murray
http://www.acutesoftware.com.au Australian Developed Software
I'll think of a funny sig later on
If they go out of business, their assets belong to their creditors. (Unless they shut down gracefully, but how often do you see that happening?) So, even if everyone wants to release the source code, the likelyhood that a judge would let them make their most valuble asset worthless is minimal.
No, it's NOT how shareware has always been.
Okay, you want to write your own key generator.
My advice:
1) Use RECOGNIZED encryption & hashing algorithms. Do NOT invent your own!
2) Don't shorten the result from a hash. I recommend at least 128 bits of entropy in the key (if you use Base64 to represent your key, you need 22 characters)
3) Use public key encryption to prevent giving away your secrets.
An example protocol:
User sends his name (case sensitive) and the current timestamp (both of which the client stores to use in future validation) to the "authentication server" which also takes his credit card number. After receiving payment and validating the timestamp, it generates the registration code as follows:
1) Take the username, timestamp, and a secret symetric string (which will be embedded into the client, but, thus, vulnerable to attack). Concatenate them together with some sort of seperator (like a NUL character).
2) Take this new concatenated string and do some bit scrambling if needed. Take the MD5 hash of this new string and use for the next step.
3) Using RSA and a PRIVATE KEY (*NOT* embedded in your application!), encrypt this hash. Send the encrypted hash value in Base64 to the user. Remember he may need the timestamp as well to re-enter this value. The timestamp can be simply a day/month/year string.
To VALIDATE a registration string,
1) Decrypt the encrypted hash string using the PUBLIC KEY (embedded in your application). Because it is a public key, it doesn't matter if anyone knows it.
2) Verify that that hash equals the value of a hash constructed on a client using the user's name, his registration timestamp, and the shared secret embedded in the application.
Really, this isn't a secret science. But every game designer seems to think he is more creative then hundreds of experts on encryption. This is basically no different then a FFI (Friend or Foe Identification) system used on a military aircraft.
I was thinking about that as well. What about a license that forbade distrubition of binaries, but which the source could be distributed freely? This way the people who want to simply use it, with no ability to actually make changes to it must buy it, whilst those capable enough to compile the source (and thus potentially able to improve it) can hack at it all they wish. Of course, breaking such a license is so easy, trivial even, and just being able to compile something says almost nothing about one's ability to modify it.
True shareware has absolutely no limitations whatsoever. I would still consider software with nag screens shareware, but I suppose that might be something of a grey area.
"The question of whether a computer can think is no more interesting than that of whether a submarine can swim" -EWD
Of course if you find where in the code this all happens, you just patch the binary to jump right around it and that's the end of that story.
PayPal isn't that bad. You are worried about being fucked out of $5? I use it all the time, and while it has its problems, I don't think a PayPal type subscription system would be so bad as an option.
The software piracy capitol of the world is the triad of mainland China, Hong Kong, and Taiwan. All of my Chinese acquaintances laugh and chuckle at people who write shareware. Why? My Chinese acquaintances just download the stuff with glee and intentionally pay nothing to the authors.
Make sure to take advice you receive here...it will guarantee that your stuf is that much easier to crack (meaning everyone can tell you their ideas and lead you into a false sense of success).
Newbies taste best when eaten raw.
A quick run on Dict.org to check shareware.. well, according to this, I was somewhat right. Again, there is not a definition that will be accepted by everyone.
/sheir'weir/ {Freeware} for which the author
From The Free On-line Dictionary of Computing (13 Mar 01):
shareware
requests some payment, usually in the accompanying
documentation files or in an announcement made by the software
itself. Such payment may buy additional support,
documentation or functionality.
See also {careware}, {charityware}, {crippleware},
{guiltware}, {nagware}, {postcardware}, and {-ware}; compare
{payware}.
{The Conception of Shareware
(http://www.halcyon.com/knopf/history.htm)}.
[{Jargon File}]
(1997-10-11)
geek page at KY speaks
Unless you subscribed to a magazine that was really grainy black and white, that listed about 10,000 program descriptions... you put a check by the ones you liked.. than filled out a small form and paid about $1 for each 5.25 media floppy to have it mailed to your house to operate on your Pc Jr... You don't know crap about shareware ;)
The internet defeats the purpose of shareware. Back in the day shareware was distributed by one person sharing his collection of shareware floppies with another friend. If someone liked the program, they could mail a check to the author.
The only limitation ever put on shareware back then was like... a game that had maybe 1 episode. You could mail money to the author and get 10 extra episodes.
When oh when will the software publishers learn? COPY PROTECTION DOESN'T WORK. IT D O E S N ' T WORK! So long as the 'puter can execute the code, I can:
Trace the code
Debug the code
Disassemble the code
Then once I discover the point(s) at which the 'valid/not valid' software check is done, I just jump right past it to where the software runs...
Pseudocode for the masses:
Run program
Get serial number
Valid?
Yes, continue running
No, Set flag to say it's yes, continue running
OR
Run program
Set flag to say serial number is valid
Jump around all the BS that checks the code
Keep running...
-----------
c.f. Apple ][ copy protection software wars, particularlly, half-tracks, quarter tracks, relocated directory tracks, track 40 additions, etc...
What you never heard of a bbs or something?
What I don't like is when companies lobby the government to try and do that work for them by making new laws that make criminals out of ordinary citizens and try to make every thought or idea someone's property for centuries.
The government should not be involved with copy protection at all. It is the software company's responsibility to protect its work, not the government's. Taxpayers should not have to foot the bill for enforcing and protecting a company's "intellectual property." That is the company's problem, not the people's problem.
If the methods for registration are too annoying or expensive, then the developer will see a drop in sales or an increase in piracy. It is the free market at work, and you cannot mandate the market (unless you are a monopoly like Microsoft, of course)
I agree that it is irrational to expect to make money from shareware. Traditionally, shareware is software that you only have to buy IF YOU WANT TO. It has the word 'share' right in it.
The major problem with software payment systems today is that everyone is trying to sell crap. When I download shareware, I am really just letting someone's VB virus replicate to my computer. That's not my privilege, it's theirs, and the GPL backs me up on this.
Game companies, however, have a limited piracy problem. Why? Because game software is at an altogether higher level than anything written in VB. Games are fast, stable, and have a value that is correlated with simply running the program. But simply owning or running Photoshop doesn't provide value. Using it to make a magazine cover does.
Thus, shareware. Individual users pay as they please.
A better system would be to tie payment to actual productivity, i.e. pay once when you've saved 100 files. Or, 100 saved files and no crashes. Or better yet, 100 saved files, no crashes, and no carpal tunnel from a poorly-written GUI.
See? Software value is highly variable and hard to judge. That's why shareware lets people judge for themselves. Until programmers learn how to write really stable software, payment shouldn't be a right, but a reward.
Ok, I follow you through most of that except one part. Where can I learn a little more about implementing public/private key encryption? The thought occured to me to use this, but I'm not certain how it works or where to find the algorithms to implement it. It would seem that it is impossible with current technology to create a keygen for such a system.
I realize as another poster noted that some assembly work to skip the check routine could be done, but that is another problem. Maybe by varying releases with different checks in different places I can minimize that effect.
On a side note - yeesh, why do I feel like I'm treating my users like criminals here? I've done a bit of pirating myself in the past, particularly as a student. I don't really blame them, since their not exactly rolling in the dough. I just want to thwart all but the most determined users, typically the students who have the time to search all over IRC for the right crack. In some strange way I can relate to them, and consider it an acceptable loss. People earning money usually don't care enough or have the time to do that, the cost is too high to find the right crack so they'll buy it.
You realize how expensive that got to be, pulling software over a 1200 baud modem from a BBS that had a monthly subscription cost to get enough minutes to download anything useful, and paying long distance on the whole thing?
Sometimes actually ordering the floppies was the cheapest way 'round it.
We actually have names for these things. Not being able to save and major functionality being locked is a redundancy situation, if you know what I mean, BTW. If you have that condition, the software is crippleware. If you have excessive nag screens, it's nagware.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Yes, I remember looking at those magazine ads and trying to understand what kind of fool would pay a dollar a diskette for shareware and freeware applications that I was downloading (at 300 baud at first, then at 1200 baud) for free from BBSes.
That was after I got a DOS machine, of course. I was online BBSing for awhile first with a CP/M machine, and I don't recall seeing ads selling diskettes of CP/M software, though I am sure they were out there.
I remember how cool it was the first time I connected at 1200 baud. woo hoo.
I shelled out the $10 for the registration of WinZip in 1995. It has been extremely worth it, as long as the upgrades are free. If they started charging for each upgrade, then I wouldn't buy it.
$.02,
--Christian
So, even if everyone wants to release the source code, the likelyhood that a judge would let them make their most valuble asset worthless is minimal.
...unless the code is already in escrow (as the link discusses), in which it's too late to do anything about it.
Sometimes it takes two whole days to crack two years of R&D by ignorant people TAGES was used on "Motoracer 3" It was cracked fully in 48 hours (actually 40).
Macrovision Secure Disc 2 (SD2) is partially craked a lot but no reason to crack it because people trade the entire disk images in CloneCD image format or in BlindRead/BlindWrite file images.
However a competent set of engineers coupld make something very difficult to crack.
but it is not that simple for you to assume you can use debuggers/hardware ice/analyzers/etc because those woudl all be thwarted if know commercially.. you would lose (or at least have to spend several days cracking it).
Yes some apple 2 games can be cracked in under 7 minutes : Mr KrackMan, The Nova, and others did it frequently when thye were 14 and 15 years old. The Necromancer did it rather quickly too, but he was in his late teens.
I watched all these and many other krackers, live, in front of keyboards, and they wrote strings of hex straight into the debugger from memory... their own track read-write routines for floppy drives, their own debugging tools, all memorized or assembled in their heads.
But time has moved one and software is allowed to chew up millions of cycles for encryption, data motion, antitracking tricsks and much more.
I defy a person to crack a commercial app in less than 5 minutes this decade.
And I bet it may take days in some cases.
And I bet you are not the guy to do the krack.... You speak so authoritatively.. What have you kracked in the last 4 years?
People will gladly pay for a piece of software if it (a) works (b) gets the job done (c) is worth the price.
Developers who want to turn a profit have to stop treating users like thieves and produce something that's useful.
Right now, it is more CONVENIENT to go to google and find a crack/serial (about 30 seconds) than to pay the author. I think if there was a more convenient way to pay, people would be more likely to buy.
One way to do this would be a centrallized ewallet... PayPal works reasonably well for this, and I imagine Microsoft will try to add something like this to Passport. Assuming that it becomes easy enough to pay, shareware/trialware will probably become much more profitable.
My server
I can crack this protection (and have done so many times) in my sleep. How? Just NOP the comparison function and ret 1 (or whatever).
Support T(H)GSB Apr 21-27, 2002
In case you are wondering who the often-referenced Captain Hector is, he is a character that would appear in Escape Velocity: Overrride.
You would be cruising along the galaxy when a ship buzzed by and a Captain Hector would send you a message reminding you to register if you liked the game.
If you waited too long to register, or just never bothered, Captain Hector wouldn't just buzz by anymore. He would stop, and train his guns on you and blast away at your ship.
He proved to be quite effective, to say the least.
Eh? No... using the public key system proposed above really is secure as any other as far as it goes (excluding systems that have functionality exported over the network or to hardware dongles). The problem is that no copy protection system can avoid having its checks be patched around; none.
Sure, the code itself can be encrypted -- but it has to be run at some point, and at that point it can be captured. Following the advice here won't make software easier to crack; it simply won't do anything about the innate weaknesses that any software-based copy protection system suffers from.
Not to mention I could buy HUNDREDS of shareware applications for the price of 300 baud modem for the PC Jr.
I collect pirated software. Terabytes. Never That!
I collect pirated software. Terabytes of it over the years (no miscalculation). But Never Shareware such as Ambrosia's!
Its offensive to say that major softeware traders copy Ambrosias software... they dont. They avoid it.
Its hard to explain why.
Mac and most PC Software collectors collect software they never run, and have no time to run, and never give it out to often, they collect too many leeches wasting their time if they do.
They just collect it for the sake of it.
If they run out of stuff to download they go for VCDs, MP3, MPEG porn, Dreamcast images, PS2 images, CLoneCD PC game images, EBooks, Etc.
Its a compulsive illness.
But they NEVER EVER EVER knowingly collect shareware, or Hypercard Stacks, or demoware, or old betas that were released a long time back.
I know I do not collect Shareware, or Demware.
ITS USUALLY CRAP. Or it begs for money, or is timebombed, or crash prone, or hard to deinstall (on Wintel).
Plus there is no feeling of "sneaky illicit pleasure"
No heartbeat rise, no thrill.
"Taking Candy from a Baby" too easy and not much of a kick.
People boast " I have another 40 gigs this week, not one shareware or Shovelware Multimedia CD"
Shovelware is Kiosk stuff in Macromind Director for kids.
But this amrbosia guy, actually is good enough for commercial grade distribution and quite talented actually (source code collecters whom trade only private source code to shrinkwrapped applications and major OSes have some Ambrosia source code... good stuff truly)
But if you go to giganews.com or Supernews.com or Newsscene.com and buy a subscription to usenet servers with good retention you can download quite a lot of software yourself.
alt.binaries.dreamcast the last two days has over 12 games on it
alt.binaries.emulators.misc had 3200 different MAME roms the last couple weeks, as well as lots of other games ofr other desktops pcs.
alt.binaries.warez.0-day.games is usually updated in batches with fully cracked and fully stripped games every weekend.
There are alt.binaries.misc and the "chello" groups too.
And still hundreds of Mac Hotline servers with pc and mac wares.
but one thing is certain... shareware is not copied much.
And you will hardly EVER find shareware, though you will find cracks to shareware and keys to shareware and keygenerators to shareware.
(sorry for reposting this but my original post #3179601 got marked as a -1 troll)
To avoid being marked as a troll again Please heed the following reequest: dont bother remarking if you think this is a troll, because it is not I am not interested in your relies. There. That should do it. Only Trolls want relies (the "definition" of Troll)
Court Order.
As for me, I don't use such shareware at all; I just write my own. It's more fun than dealing with some crappy piece of VB, and a little Perl script will often do what a $30 piece of shareware does. If it looks like it's useful to others, I put it up on my web site.
DIVX media was useless when Circuit City backed servers shut down 24 months after the last disk was sold as per agreements.
True, YOU could upgradea DIVX to "gold" to make it immirtal but "GOLD" was tied to your machine and you needed a credit card.
But timebombs are not why pirates avoid Sahreware.
I collect pirated software. Terabytes of it over the years (no miscalculation). But Never Shareware such as Ambrosia's!
Its offensive to say that major softeware traders copy Ambrosias software... they dont. They avoid it.
Its hard to explain why.
Mac and most PC Software collectors collect software they never run, and have no time to run, and never give it out to often, they collect too many leeches wasting their time if they do.
They just collect it for the sake of it.
If they run out of stuff to download they go for VCDs, MP3, MPEG porn, Dreamcast images, PS2 images, CLoneCD PC game images, EBooks, Etc.
Its a compulsive illness.
But they NEVER EVER EVER knowingly collect shareware, or Hypercard Stacks, or demoware, or old betas that were released a long time back.
I know I do not collect Shareware, or Demware.
ITS USUALLY CRAP. Or it begs for money, or is timebombed, or crash prone, or hard to deinstall (on Wintel).
Plus there is no feeling of "sneaky illicit pleasure"
No heartbeat rise, no thrill.
"Taking Candy from a Baby" too easy and not much of a kick.
People boast " I have another 40 gigs this week, not one shareware or Shovelware Multimedia CD"
Shovelware is Kiosk stuff in Macromind Director for kids.
But this amrbosia guy, actually is good enough for commercial grade distribution and quite talented actually (source code collecters whom trade only private source code to shrinkwrapped applications and major OSes have some Ambrosia source code... good stuff truly)
But if you go to giganews.com or Supernews.com or Newsscene.com and buy a subscription to usenet servers with good retention you can download quite a lot of software yourself.
alt.binaries.dreamcast the last two days has over 12 games on it
alt.binaries.emulators.misc had 3200 different MAME roms the last couple weeks, as well as lots of other games ofr other desktops pcs.
alt.binaries.warez.0-day.games is usually updated in batches with fully cracked and fully stripped games every weekend.
There are alt.binaries.misc and the "chello" groups too.
And still hundreds of Mac Hotline servers with pc and mac wares.
but one thing is certain... shareware is not copied much.
And you will hardly EVER find shareware, though you will find cracks to shareware and keys to shareware and keygenerators to shareware.
(sorry for reposting this but my original post #3179601 got marked as a -1 troll)
To avoid being marked as a troll again Please heed the following reequest: dont bother remarking if you think this is a troll, because it is not I am not interested in your relies. There. That should do it. Only Trolls want relies (the "definition" of Troll)
In my opinion this is an informative post
Shareware can exists but the secret recipe is Quality of Service. I've got some shareware I have been using and buying from time to time. If I feel that the product is neat, but misses something I want, contact the author and then get an answer in a timely fashion with either explanation or some comments, then my next move is to buy the software. The last time I did that it was on Sunday at 8pm and the guy replied to me half an hour after I hit SEND.
On the other hand, I found most of the time that the people behind the shareware I was using just unreliable. The kind of programmers who worked on some quick home project and didn't feel like finishing it, but still expect a ROI. It is this kind of people who are putting a bad image on the word "shareware". So, the end of the story is I guess, no pain, no gain.
PPA, the girl next door.
-- I feel better now. Thanks for asking.
Comment removed based on user account deletion
I think, with shareware, is that there are times when the author is just insane with what s/he thinks the program is worth. I'll fully admit I'm a bad person for not registering all of the shareware that I love and use often. I should, it is irresponsible of me. However, there are other pieces of shareware where the cost is just insane compared to what it does. "Download this program to change your mouse arrow to one of five colors, only $20!" Come on. Just because you put work into something doesn't mean you then have valid reason to charge for it. What happened to writing a program or whatever because you want to better YOUR computing experience, and then just putting it out there to share with the rest of the world? That way of thinking seems to be less and less anymore. There is shareware that is more than worth the price asked, and there is shareware that should be freeware or $10 or less. Some of these shareware programs out there that are $25, $30, or more, and do very simple things, that's just crazy.
"But in the shareware industry, which can't function without Internet distribution, this freedom of theft can be much worse."
Hmm... Sharware worked fine on BBS's and through mail order in the late 80's and early 90's. In fact, at least 75% of the software my family used when we started in the computer world was mail order shareware through regular old snail mail. WE didn't even have a modem until we had the PC for about 3 and a half years.
In fact, it was truly shareware... These days, whats called shareware is little more than functional demos. If it dies after a period of time, lacks critical abilities, etc... it isn't shareware.
Shareware registration normally wasn't required to use the program. REgistration generally got you nice things like automatically mailed upgrades, clip art collections(in the case of programs that used such things) printed manuals, document templates, level editors, stuff like that... Cool stuff that made the program more useful, but the program still did all that it was advertised to do even without registration.
These days, it may do all its advertised to do... For 30 days.
The software industry is basicly driven by two factors. Enlightened self interest or greed. It doesn't matter if it's closed source or open source, both sides have enough people within their camps that are there for one reason or the other.
It's rare that you see someone complaining about anything whose price ranges from free to cheap, but yet the two highest rated posts in this thread as I write this do exactly that. They complain about software whose full functionality isn't available for free and about the greed involved with liscenses that expire over time.
But the real case of greed is simple. The industry and the open source movement is filled with it. From software pirates to the people who support but fail to contribute to the open source movement, the goal seems to be to watch out for person number one.
If you're a geek there are two simple rules of life you should know by now. Writing software takes time and food and shelter costs money. Unless you have someone else to support you, the best way to provide food and shelter for your family is to sell your software.
But people don't pay. And if you charge for your efforts, people complain and attempt to enforce their will upon your creation.
Let's be honest. When Microsoft commits and act of pure greed we scream bloody murder. Why then do we not scream bloody murder at every software pirate out there? Why are we outraged at the actions of a large company but not at the actions of a band of warez distributors? Is it because we have become so selfish that we only care about people stealing from us and we're willing to turn a blind eye to people stealing from other programmers?
"Software wants to be free"
Bull. It's software. It doesn't care one way or the other. Greedy people want it to be free for them. The software is too dumb to care.
In my opinion, the biggest problem facing the open source movement is that someone has to figure out how, in a world where people are unwilling to pay for a good product, we're going to feed our families. Because if there's anything I've seen in the past year it's the fact that the Open Source movement has definatly attracted a large number of people interested in Free Software.
Free as in beer that is.
No Zen is good zen
Because you can freely download a shareware copy from the authors website and all you need is a crack or keygen? DUH?
Does your rant have a point?I used to collect shareware from all my favorite dialup BBS's... Ah, those were the times. I'd forgotten all about shareware. Man was a lot of that stuff crap. I guess I stopped using shareware when I realized I could make 90% of that stuff myself anyway.
----
All of whose base are belong to the what-now?
This is an interesting debate.
/dev/null..
..
I think shareware authors should be paid for their work. Shareware is cheap, shareware is great..
But...
In fact, I tried on 3 instances to buy/register shareware.. and this is what happened.. I think this is part of the problem...
1)Trumpet (a TCP IP stack from several years ago).
Buy the program, registration never shows up in m ail.. wait.. email back and forth..wait some more.. in meantime, trial expires, re-install wait somemore. Client I am billing hours for is getting unhappy.. Calling to Australia to get it sorted out was not fun either.
2)DFX (an sound effects addin for winamp)
Liked it, and tried to buy a copy with their VISA card purchase screen... then.. nothing happens.. no registration comes.. nothing..wait days... nothing happens, no reply, no program... nothing.. I write email to them.. nothing happens..no reply..
Finally I *CALLED* the company, to ask them what is going on. They said that my visa transaction was rejected (but they never bothered to inform me of this, even though they collected my email address (just to send me spam I guess?). When I asked the sales rep at DFX what is wrong, they told me that my destination address and billing address were different, (I am an expat overseas) so.. transaction just gets automatically rejected, bin'ed.. period. No mail, no reply, no followup, nothing.. rejects just goes to
They didn't email me when the Visa was rejected (or ask where I live.. or anything), nor did they even bother to reply my original emails.
The answer the DFX rep gave me on the phone to all this was... "well, it is just a $15 program, so we can't spend too much effort (ie any!) to deal with things that might come up".
3)NJstar
It is a great program. But they wanted me to send checks to Australia or something in AUS dollars.. gee.. how to I do that.. the bank will charge me $50 in processing fees (after waiting in 3 lines at 20 minutes a pop because no one would know how to draw up a foreign denominated check), for a $25 program..
Those are my stories..
..and people wonder why they don't register their shareware...?!.
...because it is too complicated
to pay for it, thats why.. fix that, and then
I am ready to buy lots of great stuff.. but
right now it is just too much hassle I discovered,
so I just stay away from it..
Shareware is perhaps the largest abuse of the legal system. Not only does the software developer retain most rights to the software, they forbid their customer the right to use the software for any purpose. Whether by locking out certain functionality ("crippleware") or by having a legal clause saying that the user must delete the software after a certain amount of time.
Shareware authors must have a distorted belief that software users deserve no rights at all without direct compensation. Then they might allow their customers the right to use the software and thats all. They still forbid rights to modify and distribute the software. This seems to me to be rather a large breach of ethics.
Good thing we have free software and can avoid all this crap.
You're missing a vital point here... the word "copy".
If someone loans his car to a friend, then he can't use the car at the same time. You can't make a "copy" of a car like you can a computer program.
If someone uses program X and burns a copy onto a cd and gives it to his friend... they can BOTH use it at the same time. Therein lies the problem and what I would believe to be the software author's biggest objection.
just something to think about...
later,
thundercatzlair
You can suck my left testicle, while stroking my cock! How's that sound? Bitchez.
(Moderators, please moderate as +1, Insightful)
I frequently downloads share-/demoware and I have a practice of always cracking the software before I even run it.
This is not because I'm a cheap lousy bastard, I'am but it is not becaus of that.
I want to give the program a fair trial and get the most out of it before I decide if its good or not. If I cant find a crack I won't even bother, I just find another program.
Then I face another problem, if I like the program I'm to lazy to get around paying for it.
Windows Commander is such a program. I've been using it for years and it is well worth the $20,
but I'm a lazy bastard...
Here are my tips:
Popups, banners and other anoying things, are just that: anoying. This will lower the score on the program.
Crippeling of the porgram won't even let me test it.
Skip all those. Just give me some friendly reminders in a few descreet places.
Paying should be a one click thing.
Windows has this Add/Remove program feature, how about extending this to Add/Remove/Pay.
I just fire upp that app, check the programs I like to pay for and click apply. The rest is automatic.
The only copyprotection needed is that the program refuses to install without this kind of payment handling app.
As copyprotections will be cracked anyway, it's enough with one app handling the protection.
Come to think about it, that would be a killer app to write, a copyprotection/paymeny handler.
Time to fire upp those C skills.
-
Man, there's nothing worse than having your credits stolen/ass kicked by a parrot.
Matt
I agree that factoring a timestamp into the key is a good idea from an anti-piracy stand point, however what I don't understand is why they let people upgrade the odes they KNOW are pirated.
If a code has been previously updated they should not allow the automatic process to update it again surely this is obvious? So in the majority of cases people will have to remember the latest code they recieve and all will be well. In the case where they genuinly forgot OR some pirate has already used that code then they need to make a phone call. Generally people that actually bought the software will think this is a hassle, but then again it should only be a few of them and it's their fault for losing the code. I'm betting the mojority of pirates won't be making phonecalls to get codes.
He who defends everything, defends nothing. -- Fredrick The Great
is that our country was founded on liberalism, a belief in a transcendetal natural law. Liberal notions of rights mean that you cannot use your rights in a way that is detrimental to another's rights. Therefore she has no right to tell me how I can use it anymore than I have a right to tell her how she can use the hardware I sold her which she used to develop it on. The only exception to this is open source because open source contracts require both parties to respect each other's rights.
oh wow you are so l33t, what a deep insight into the warez scene d00d!
what a lamer...
Keep spreading the good word baby ;)
1. Make a demo/free version that is actually useful instead of annoying.
2. Don't make the demo time limited.
3. Let the full product have extended functionality.
4. Give registered users a key to always download the latest version.
5. Make the registration process a breeze.
(1) You need the goodwill of your customers - unless they really depend on your product.
(2) They'd feel annoyed that something was taken away, and look for countermeasures.
(3) People don't pay for what they already got.
(4) A clean and simple way. Doesn't prevent piracy, see 1.
(5) How often did you turn away from complex or insecure registration forms?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
Using any kind of strong encryption, even for something like registeration keys, will make the program subject to export restrictions.
[1] B. Preneel and P. van Oorschot, "MDx-MAC and building fast MACs from hash functions," Advances in Cryptology - CRYPTO'95, LNCS 963, Springer-Verlag, 1995, pp. 1-14.
ftp://ftp.esat.kuleuven.ac.be/pub/COSIC/preneel/m
There is a variant of this system that would be virtually impossible to crack... Intel & AMD would have to embed a private key in the CPU core. When buying software, you would present the public key that corresponds to your CPU. The software vendor would check this against a list of valid keys published by Intel (to prevent people from making their own key pairs), encrypt the software using your public key, and then send it to you. Your CPU would decrypt the code as it executes using the private key embedded in it. The binary would not work on any other CPU.
A hardware-based system like this is many orders of magnitude more secure than a software-based system, because the software remains encrypted all the way up to the CPU. The only way to break it would be to find one of the embedded private keys ($$$ equipment)... Or to convince a software vendor to encrypt with a made-up key that you know both public & private parts of...
BTW, this is also the basic framework for audio/video copy-prevention systems. (CSS works like this, except there are only a handful of private keys, and the CSS encryption algorithm is flawed)
There are several (at least two) books out there that describe several solutions (or degrees of paranoia) which may be applied to this sort of problem.
One such book, which I recently picked up, was "Building Secure Software" ISBN 0-201-72152-X. It is in hardcover currently, though I got it at 30% off at Borders a few months ago. The book is well written and gets a good bit right.
Definately don't roll your own scheme.
You might also try and find the writeup by the guys who cracked the net blocking software. The software was Cyber Cop or something and the crack was cp4hack, I believe. They describe in detail what they did to break the app's poor security, a great example of someone rolling their own.
Peace,
Johnny
That may prevent unauthorised use of a program, however it will keep me from registering. I don't buy any software that can't be restored and function after a hard drive failure. I travel and anything that makes me spend hours on hold for consumer support after a crash is lost field production time. Stuff I use must be able to be loaded from it's instalation program and run without any internet connection or phone call after a system crash. That is one of my non-negotiable requirements. That is like a remote dongle that the software must phone home. I don't do dongles real or virtual.
I get software that is above most shareware in quality and features off the 9.95 rack in the office supply store. Why pay more for less?
Lables Unlimited II by softkey ($12) is far better than any shareware I checked. Any halfway decent shareware wanted over double the price to support half as many barcodes. None of the overpriced shareware would support photos and clipart. Why is a bargan rack title generaly a much better product at a much lower price? I'm serious, not trolling even if it may look like a troll. It's just my experiance with shareware features verses price (value) compared to off the rack software.
The truth shall set you free!
Export regs specifically don't apply to authentication systems. If your reg code system can only be used for authentication, it is OK to export. I imagine this would almost universally be the case.
I would venture a guess that your experiences have been atypical. I'm pretty sure that Ambrosia has done what they can to ensure that people will have an easy path to registration.
I've only registered two shareware programs, both times it was a snap.
Since I started using Linux there isn't much that I want to do that isn't solved by Free/Open Source software. But, when I was doing the Windows thing I found a few shareware proggys that I liked and I registered them when they became programs that I relied on. However, I never would have mailed in a check -- if I wouldn't have been able to pay online I wouldn't have registered.
Now that there are several easy ways for merchants to collect money online (Yahoo!, PayPal -- even though PayPal seems a little sleezy these days...) there should be no reason why it should be difficult.
Has any shareware author tried to encode the payee's VISA card details inside the registration code? That is to say, the payment details are just dressed up in a particular algorithm, with the date and whatever other security details? If users know this is the case, it makes the leaking of legit registration codes rather less likely. Yes, crackers can still generate their own codes but it's another idea to raise the bar to pirates without incoveniencing paying customers.
Matthew @ Bytemark Hosting
Someone who redsistributes will just reset the system clock. I've seen this kind of protection before and it makes no difference.
Probably the last thing a shareware developer wants is a really decent piece of software he's written selling wildy for $5 a copy. At only $5 a copy, if you had 60 new registrants a week, after a year you'd have 3000 users to support while only making a McDonalds salary. (Factor in the cost of the PC and IDE you used to write the software and it's less). One thing about warezed copies is, you dont have to support them. I personally would rather have 500 users paying $30 each. Honest users that rely on my software and need tech support, and realize $30 or $5 doesnt really matter because they "use" my software theyll pay either, than having thousands of people emailing me ignorant questions and requests and complaints when they paid less than burger and fries for my months of coding work. Something to think about anyway.
I'm Rick James with mod points biatch!
I can definately understand that people get a very strange idea of the Shareware market. Originally, Shareware was fully functional and often complex software packages that the author asked $10 or so for. Today it's often nagware or crippleware (i.e. not at all fully functional software), and the price is often set way to high.
Of course people get the idea that Shareware is (somewhat exaggerated) "expensive crap".
I think that if the Shareware market cleaned itself up, by making sure that crap software, or very simple software, is released as PD (or Open Source) as it "should", and also making sure that the prices asked are, in fact, cheap, things could be very different.
I personally am glad to pay $10 for a better datebook for my Palm, but I won't pay $15 for a program that edits one entry in the Windows registry. And the very fact that so many people release shareware waaay to expensively puts me off the entire market.
There are many people who will use "cracked" software (take cracked to mean made available by means other than as the author intended). And yes many of those people will try and use the channels of "legitimate" users to get upgrades, new keys, whatever.
What is important is that most of these people will not pay for the software if it is made inaccessible to them. This is the reason why the software industry has been pretty soft on places like China. If they force compliance they will just lose users because the people in question find the price (whatever it's level) a barrier to entry.
Look at a given game. You like it, you install it and you find the "crack" to make it forever playable. Play it lots and then find that the software stops working, you are miffed, (since no new crack can be found) but because its just a game, you move on to the next crackable game, or better yet an 80% as good freeware version. This _is_ the way a lot of software consumers work. A specific piece of software is worth nothing to them whilst "accessable" alternatives exist.
So there are two alternatives. Make all variants inaccessible (and oh how the media industry is burning cash to do that) or change the pricing model so that until you have a viable paying user base the software does not exist.
Oh and in case you didn't notice, Free Software falls into the latter category (really. It does).
"The first thing to do when you find yourself in a hole is stop digging."
Create your own (variously) broken keys and flood the market so that people will need to second guess any \/\/4R3z they find.
Xix.
"Everything is adjustable, provided you have the right tools"
Yeah, and if I knew how to do all these things do you think I would be spending my time writing shareware???
Solution. .
Shareware authors should accept travellers cheques - in any currency - and be ambigious - 10 dollars, or 10 dollars in your local currency. Travellers cheques OK
Rock up to American Exprees, buy some 10 buck cheques, countersign and post.
Receipitant jush rocks into amex, and deposits into his/her account (less questions that way).
Amex leaves the banks for dead. Cheaper sending TT's.
This makes the software rather less valuable to me. If my old processor dies or I want to upgrade . . . Of course if this means the author would reduce the registration fee by 50%, it would be just as good for the user in principle
Consolation prize? Nanotechnology; it should be maturing alongside AI, so no more starving artists/programmers thanks to an insanely low cost of living (in this theoretical uptopia)! :)
Too bad there's not much money to be made in the nanotech revolution either... because I'm not buying my "free lunch" when I can instead "warez" the "molecular blueprint" of a GREAT slice of open OR closed-source pizza (where 'pizza' can be anything imaginable - as long as you have enough molecular feedstock & energy to replicate it).
warning: this post has been a useless excersize in mental masturbation. :)
--
Power to the Peaceful
Actually, Ambrosia themselves admit they have a flawed design. They admit they have inconvenienced paying customers. The fact that I should ever have to interact with them after the initial purchase of their product, just to use the product is absurd. Their prices for their products are more than reasonable (except SnapzPro X, I can create an AppleScript that does everything it does with only a default install of Mac OS X), but if any time I go to run an application, and it won't run because of something the author has programmed, that sounds like a bug.
The story on their website is fascinating in terms of a study of human nature, but they have twisted the reality that they tried to base a business around their hobby (which is exactly what they said), then throw in the "baby factor" (which sounds suspiciously like stories you hear from welfare queens: "I need money for my baby I made without thinking about the fact I had to have money to support it.").
Their editorial would have been more effective if they had left out all of the starving artist ridiculousness, it only sells their talent short. I wish more shareware authors would just say, "I am a talented programmer that makes worthwhile applications, and I made them with the intent of being paid for it. Stop ripping me off." Instead you always hear, "You should pay me for my program so I can eat and put diapers on my baby."
The truth of it is that shareware is a sketchy business model, and if you're going into it without realising that, you're going to get burned. I also don't see any difference between these new shareware registration schemes and Windows XP's Activation.
Sorry if I sound like I'm downing shareware, I'm just downing shareware authors attitudes. It's just in my mind Shareware = Application one or a couple talented programmers have worked on, Open/Free (as in speech) = Application tens to hundreds of talented programmers have worked on, and you don't hear OpenSource or collaborative programmers spouting the "will program for food" mantra.
Not since Marie-Antoinette played milkmaid has looking simple and honest been so fake and complicated.
There's much more to protecting your apps than just a high tech registration code generator:
http://www.inner-smile.com/nocrack.phtml
http://www.senseofsecurity.com/sharenc.asp
Have fun. Just remember that if you application is worth it, it will be cracked despite any efforts you make. Take it as a compliment.
Cracking complex protection schemes is to hackers what a game of Doom is to others.
Jan Derk
Really, Ambrosia's products are by and large worth the asking price. As shareware companies go, they're a good example.
And the brethren went away edified.
NJStar is an unseemly pile of crap. I tried to install the WinCE version and it fucked my palmtop to shit. You can get a nice integrated IME from M$ from 9x, and NT/2000 (and XP I guess) just need the install CD.
autopr0n is like, down and stuff.
If these people want money, they should just sell their software like all the rest of the shrink-wrapped crap out there.
I mean, I donno their system seems well designed, but the whole point of 'shareware' is to share it... It's extremely disingenuous to bitch about piracy.
autopr0n is like, down and stuff.
Good idea to prevent leaking codes. But a very bad idea to get people to register at all.
Do you really think anyone will register knowing that the shareware author is playing games with their CC details?
I won't even register if the shareware author handles my CC data himself, instead of using a thrusted 3rd party like KAGI, Regsoft, Paypal or any big name bank.
His name is Robert Paulson.
His name is Robert Paulson.
His name is Robert Paulson.
His name is Robert Paulson.
"You're just scared like a little white pussy. I'll fuck you till you love me, you faggot!"
As I remember that lasted about 10 minutes.
It isn't a problem if they use some service like Kagi. I've registered shareware via Kagi before and its about as easy as it gets. I got my response instantly and was up and running the software within 5 minutes of going to the Kagi page. I guess it depends on how they are handling payments. Maybe you should email them to make sure they can use something like Kagi before you buy.
--Won't that be grand? Computers and the programs will start thinking and the people will stop. - Dr. Walter Gibbs
Way Way back, I used to run a small two line BBS running VBBS, mostly for carrying fido...and a whack of door games like BRE,LORD,The Pit etc. All of which including the bbs system was shareware, and all of which I registered without hassal, some via phone with a cc and others with a money order, the service was always great and shortly after I would recive my validation codes. Mind you this was 1990ish, perhaps the levels of service have gone way down, or the shareware vendors are so unused to people paying for stuff these days that they lack the skills to process a order.
Years ago, someone complained to me they wanted a "crack" for Netscape. Yes, Netscape Navigator. It seemed they had a beta that was going to expire soon (as in "go download a new one, since this one is getting out of date"), but their automatic assumption was that they needed a "crack" so they could keep using it. No attempt to see if you could download a newer one, no attempt to see how much it cost (sure it was free, but that's beside the point). Immediately go looking for a "crack". It's this sort of mentality that destroyed the shareware market.
to debate the same tired crap? "Software Piracy" is a lie. Using copyrighted material in a way that the author does not like or approve of IS NOT piracy. You can call it piracy, and you can spend lots of time and money on various copy protection schemes, but the average person isn't buying it (no pun intended).
.... Lotus is being destroyed by "piracy" but they made so much money that they can afford to pay their CEO $27 million. Something doesn't add up.
..... millions of people downloading millions of songs for free and yet there was no significant decrease in music sales.
In 1986 people were saying "Shareware is in trouble. If people don't start paying for shareware, it will disappear. 16 years later, there's more shareware than ever.
In 1989, the Wall Street Journal ran a front page article about "software piracy", citing the example of being able to walk into a Hong Kong store and buy a bootleg copy of Lotus 123 for $20. Right next to that story, was an article naming Jim Manzi, then CEO of Lotus, as the highest paid corporate executive in America with total compensation of $27 million. Hmmmm..... let's see now
The RIAA claims that music sales were down 10 pecent in 2001 compared to 2000. And of course Napster/Kaaza/Morpheus,et.al., are to blame. Taking into consideration that the entire economy took a major nosedive in the second half of 2001, a 10% drop in sales is trivial. If the events of 9/11 hadn't occured and the economy had stayed strong, it would not be out of line to say that music sales would have been the same or higher in 2001 compared to 2000. Now, think about that
The movie industry has now jumped on the bandwagon, claiming that they too are the "victims of rampant piracy" as people use their broadband internet connections to download moveis. Guess what. The movie industry just reported that 2001 had the largest box office receipts since they starting tracking that info in 1959.
The casual copying of material is irrelevant and has zero impact on the profits of the people who create the material.
>No, it's NOT how shareware has always been.
>
Quite right. The "current" crop of Shareware started poping up when Windows "programers" thought that by ripping off the people running bbs and bbs networks during 80's and 90's they had found a cheap and easy way to make a fast buck.
...few people ever actually ever see a profit from shareware.
Forget ethics, this is business.
What bugs me most is when people go on about legistlating this stuff into working, or demanding multi-billion dollar crackdowns because of flawed business models.
NOOOOOOO!! You might as well send cash in the transactee's currency. A countersigned traveller's cheque is as good as cash, and can easily be stolen by anyone. All post/parcels state clearly Do not send cash in the mail. A cheque is much harder to steal, and you *can* make out a cheque to anyone worldwide, just do the currency conversion and pay 2%-5% extra in anticipation of the target's bank transaction fees and fluctuations in foreign currency. I've cashed lots of cheques this way and the bank clerk doesn't even bat an eyelid. It's real unlikely that currencies will collapse by the time your checque gets there. It'll be worldwide frontpage news if it does (Argentina). With cash/TT the transactee can just lie and say "never got it, lost in the post"
A caveman dreams of being us, the incalculable power and riches. We dream of being Q, then what?
The latter of those three things is usually the thing that stops me: they want payment in dollars, in return for access to a 1-800 number I can't call. Or they take Visa, as long as I can call their 1-800 number...
This was the point I stopped using shareware at all, because I felt guilty about using the stuff without paying, and paying for it is too hard work, and by the time one has paid for a cheque in dollars from a UK bank, it starts looking like commercial price software with less than commercial production.
Being basically honest at heart, I just stopped using the odd few bits I ever did properly try out.
Possible solution: group in each country set up to collect the money in local currency, convert it to other things en mass (which will make the conversions cheaper) and forward it on to whoever, after taking a small percentage cut to pay for all that to happen. It would take some organising, but would it work?
Isn't that more or less what M$ wanted to do with WPA? It checked what you've got in your box, then called home and told them what you had, so next time your serial was used they could check and see if the config was the same. Good idea in theory, but I don't think any of us would want machine specific binaries anyway.
11 was a racehorse
12 was 12
1111 Race
12112
is that those annoying EULAs are contracts. If you click through my EULA, you're agreeing to the terms i've decided on (there's a cancel button if you don't want to agree to them).
-c
I have discovered a truly remarkable proof which this margin is too small to contain.
I think I read the same article in PC magazine in 1985.
I have never registered a shareware program in my life. If some fool is going to give me something for free, and then expect me to pay $30 to remove some annoyance window, god bless them.
Shareware really existed because compilers are expensive and people wanted to recoup the costs of purchasing expensive development software. Now that free compilers and development environments are available, I think shareware is obsolete.
But then again, I suppose there is always a market for one-off utilities and WinZip.
Conformity is the jailer of freedom and enemy of growth. -JFK
is that our country was founded on liberalism, a belief in a transcendetal natural law. Liberal notions of rights mean that you cannot use your rights in a way that is detrimental to another's rights.
Though the way I read your definition, it supports the arguments of the poster, and not yours.
Presumably you cannot use your right to redistribute it without her consent, because it would be detrimental to her right to distribute her software licensed in the way she saw fit.
The liberal notions of rights both grant her the ability to do what the hell she wants with her program (her right), and to say 'If you want this program, I will only give it to you, if you abide by this set of conditions' (her right). You are welcome to either accept or reject the proposal (your right).
thenerd.
The camels are coming. I'm in love.
prove it.
as a shareware author, i get plenty of people who register because they "couldn't find a crack". each of these is a sale i would have lost.
-c
I have discovered a truly remarkable proof which this margin is too small to contain.
How about if the author said, "As soon as I make $X from this, which is what I figure I put into it, I will release it under the FOO open source license." Would that satisfy people? I believe that open source is great for other developers, but also believe that getting paid is great for the original developer.
Constitutionally Correct
A few points:
Doing everything mentioned in the third bullet is obviously a significant amount of work, probably more than you put into the software to begin with. You decide how much effort is enough. If your software is both very good and very expensive, you'll need a lot of protection. If your software is really cheap, you don't need much protection at all. If your software sucks, find another hobby, because chances are you aren't a good enough programmer to implement a good and bug-free registration system. Also keep in mind that this sort of registration checking may prevent some amount of infringement, but it's also likely to piss off some customers who would have paid a reasonable fee if you'd just asked nicely and made it easy to do so.
IMO, however much effort you spend on making it hard to crack, you should spend ten times that much on making payment easy.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Maybe if you read to the end of the article, and the company's comments at the end of said article, you'd notice that two main points were made.
One was about how companies will get more buisiness by treating their customers more like customers and less like theives.
It's nice to see that some companies are finally admitting that yeah, they do see customers as such but hey, that's not the way to treat your buyers.
Have you thought about what you're looking at today?
Certainly they were available in the UK. IIRC PD-Sig was one of the bigger shareware libraries over here. Catalogue used to list the formats they could support - you had to send in your own formatted disks though.
BUT, those rights include the rights of each of us to make whatever private agreements between each other that we want. Let me ask you: do you have a right to rent your car to someone? Do you have the right to lend someone your car for a limited time and with conditions that they agree to? When you "buy" most software you are actually licensing something that belongs to someone else. You are renting the software and have VOLUNTARILY agreed to their terms. If you don't like the terms don't license that software! If you want to really own the software either truly buy it (rather than license the right from the owner to use it), find someone who is giving it away (GPL doesn't count - see the note below), or write it yourself.
Note: you do not OWN GPL software either - The "L" stands for license, exactly like commercial software - he owns to software which he licenses to you and you voluntarily agree to HIS CONDITIONS. You do NOT own it, he retains all the rights of owning his intellectual property and if you do not abide by the terms of your agreement he will attempt to compel you to do so through the governments recognition of his rights of his ownership of his intellectual property.
I take it, then, that you scanned through the summary at the bottom and then posted based on that?
It's humorous because the rest of the article was basically saying exactly the opposite: That many customers are thieves (thieves of convenience in many cases, in a world where a lot of people have a misguided notion about if stealing software is stealing), so you have to build in mechanisms to prevent them from stealing. The whole article detailed the fact that you HAVE to put in comprehensive checks and security.
Note to overzealous protectors of GPL: OpenSSL is distributed under a BSD-style license.
Yes it is a BSD-license, but it contains the nasty adevrtising clause as well, which makes it GPL incompatible.
Worse yet the LICENSE ITSELF contains and anti-GPL screed, specifically forbidding combination with the GPL.
After reading this license that pretty much ended the "BSD in more free" argument in my mind. (I was interested in reusing bits in code I planned to GPL)
Your going to send your CPU's public key over the network? Good for you. Others will send some other public key, specifically one which they know the private key for. Then theyll have a cleartext binary- which compresses well and makes it onto the p2p nets.
Its no problem to reencrypt the binary, say if you have a CPU that only runs encrypted binaries.
They say you can never trust a third party's hardware/software. True, but you can trust their network traffic even less.
int stuff[]={10,46,46,46,116,104, 101,110,32,101,109,97,105,108,32,
109,101,32,97,116,32, 114,118,105,114,97,103, 104,64,98,105,103,102,
111,111,116,46,99,111, 109,46,46,46,10,40,89, 101,97,104,44,32,73,32,
107,110,111,119,32,116, 104,105,115,32,105,115, 110,39,116,32,97,115,
32,99,111,111,108,32, 97,115,32,97,32,80, 101,114,108,32,112, 97,99,107,
40,41,32,119,111, 117,108,100,32,98, 101,44,10,98,117, 116,32,116,104,
101,110,32,121, 111,117,39,114, 101,32,110,111, 116,32,97, 32,80,101,114,
108,32,107,105, 110,100,97,39,32, 103,117,121,46, 46,46,119,104,97,116,
32,119,97, 115,32,105,116,44,32, 111,98,106,101,99, 116,105,118,101,32,
67,63,32, 58,41,32, 32,41,'\0'};for(int *p=stuff;*p;p++) printf("%c",*p);
I use a half dozen packages without paying for them. I have a registered legal version of a similar product from another company but have a slight preference for the "illegal" version. If I was forced to pay for the product, i'd simply use the other one. Most of these products I use a couple of times a year. File converters, disk burners, etc. Anything I use regularly I buy.
In many cases, if my usage picks up and I want a legal current version of a product i've been "testing", I buy it.
Any system that reliably cuts back on piracy will annoy the crap out of real users. There is no effective system that isnt visible, and there are no visible systems that wont screw up real users.
These guys are shooting themselves in the foot. Piracy is a problem, no doubt. Limiting it with easy and invisible methods is a good idea. Killing your business to try to stop something that (come on!) really isnt costing you anything, may be giving you good free marketing, and may result in incremental sales that otherwise wouldnt have existed...dumb, dumb, dumb.
He's got the idea behind communism. It's that everybody shares for the good of the people or the community. Hence communism.
Thats quite different from what happened in nations that normaly get called communist. Lets brand them Stalinist and Maoist communism. These have little resemblance to the idealogical communist system. They have multiple well defined tiers of power, communism idealy should be one tier. They also traditionally hold the welfare of the ruling party over the welfare of the people.
Most people I know who lean towards communism in their political leanings believe in the ideal not Stalinist or Maoist communism. The ideal communism is closer to some of the highly socialized democracies found in northern europe, than to the Cold War communisms.
Forget all that. Just do something simple. Serials only affect the casual users, and for casual users the simplest code is just as opaque as the most complex. Spend your time on making the program better.
A while ago, I was using an audio editing program with a nagware system that would lock the program for a minute at a time while displaying its please-pay message. Eventually, I decided I wanted to get rid of the nag, but as it turned out, the program required you to print out and snail-mail an order form to get your precious registration number.
I decided that if I were going to pay for the program, I might as well get the latest version. But while searching VersionTracker, I found another editor with more features, more frequent upgrades -- and an online registration account. I had the program and an unlock code within a few hours.
--- Work, worry, consume, die. It's a wonderful life. -- Bill Griffith
The real problem for Shareware is that is can not reach the IS department where the real money is located. IS departments are very carefull to Not violate any EULAs so they WILL pay for Shareware if it is the best solution for them. You need to look at it from your customer's perspective (I know this is a radical idea, but the software industry does have customers)
Shareware authors need to have published policies for corporate sales including extended trials periods (3 to 12 months) after it has been qualified on an IS worker's sandbox. The author must also be prepared to give generous discounts for volume, accept PO and to not get paid for 90 to 120 days on the PO. And yes you have to generate a bill to these companies. In short, if you want to be in the Shareware business you need to be In Business and Act like a Business. If you act like some jerkwater hillbilly don't expect to get any business sales.
If you don't follow your customers needs, including helping them pay for it in ways they are used to you are not going to sell any software.
-s
You and others are getting stuck in vocabulary. It doesn't matter what you think shareware used to be, or what you think programs that limit functionality should be called. What matters is that most people are not supporting software they consider to be useful, and that could kill shareware, even your definition of it.
Ambrosia is a small shop that makes some seriously cool products. They used to ask that if you found the product useful to pay. Then they grew up, needed money to survive, and found that though people really used their products, most didn't pay. So now instead of just asking, they are doing something about it.
Software, and other strings of bits that are useful, are unique in that their marginal cost is near zero. Most economists will tell you that these constitute a public good, and that the most efficient way to pay for them is /not/ to charge individual users. The problem is that no one has come up with an acceptable way to reimburse the little guys like Ambrosia who are trying to save for their kids' college, and your quibbling over the term shareware is missing these important issues.
Lies about crimes
Most cases of shareware gone wrong have turned out with the author refunding my money (credit cards are the ultimate safety for this).
However, I've had a few authors not answer support questions or just say "That's not supported" and not refund my money.
I didn't buy a shareware program that got glowing reviews from people on _their_ systems but hung mine--and not a peep from the developer after an email query or in an on-line forum. I suppose that's proof that shareware works, but I don't think so. Are you listening, authors of Extension Overload?
In another instance, I've had Dialog View and OtherMenu, both written by James Walker caused system instability or just not work with new releases of the MacOS. He's been adamant about not being willing to investigate or fix this. After using them a couple years, I don't think I have a right to ask for a refund as I got my use out the program but I did pay for support and didn't get any.
One author wouldn't take payment except by check and never mailed me the floppy. He got the $47.50 and all I got was a cancelled check. I filed a Post Office fraud complaint but am not willing to sue in Small Claims. If I could provide feedback on his tactics in a public forum, I would. (Jim Lewis / Golden State Graphics / 9080 Bloomfield Avenue #251 / Cypress, CA 90630-2445)
Most times, shareware works. I support it--it's my acknowledgement of the author's time and skill. The moaning and complaining that shareware is crap mostly seems to come from those not used to supporting it. There's lots of freeware for those people anyway.
I suppose if you're used to paying for a bottomless cup of coffee, then you go to Europe and must pay, its a culture shock.
I didn't get mugged at the St. Paddy's day parade yesterday. I'm not a big intimidating guy, so it wasn't out of fear. The only way I can understand it is that people generally respect my right to walk the public streets without taking advantage of me.
I wrote a shareware program. It's still available. As far as I know no one knows about it, has any need for it, or can't afford to pay for it.
I'm not bent out of shape about the state of affairs. What Does bug me is the volume of posts here to the effect that people have a right to take advantage of me.
It seems to me that you guys are throwing a lot of different types of programs in the same pot when you say shareware. For quick single function utilities that you could do just as well your self - write you're own. If it's bad software. Don't use it. If it is worth keeping an icon on your desktop - then it deserves the name shareware.
My opinion is that shareware is like freeware but with some self respect. Share ware is like commercial software, but magnanimous.
If you believe some shareware should be open source, why not send the owner an e-mail. State why you want/need a different terms.
In any case, don't encourage with you're posts that shareware authors deserve to be taken advantage of. You don't expect that on a public street. You should not expect it on the net.
No, no, you interleave the code to do this with other critical functions. It's quite simple, really, say decript at the beginning of the program, but don't check it yet. Check the code in several places, like in the save routine. Maybe even add some fake checks that are supposed to fail.
Optimally you'd have some critical constant encoded as well, so if you manage to find and hack out all the pieces of the validation routine the program doesn't work.
Yep, I committed acts of piracy, and it was precisedly because of Ambrosia. I remember the good times, I had... I flew into Voinian space, built up a fleet of capture Voinian transport ships, and then filled them up with pirated goods. I even used Voinian interceptors and fighters to refill on rocket ammo. Then I took my pirated goods back to U.E. space or the wimps with the wooden spaceships (!) up north, and sold my ill-gotten goods there... only to return for another sortie. Ambrosia should be ashamed for enabling this behavior!
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
> In fact, I tried on 3 instances to buy/register shareware.. and this is what happened.. I think this is part of the problem...
Shareware for Palm OS devices have a nice solution for this: they have agreements with various online sites to take payment for them, & apparently have ways to accept foreign currencies. (For an example of this see http://www.tealpoint.com/register.htm.)
Is there an equivalent service for Windows & Mac customers?
Geoff
I think I see a trend here. Maybe for them it really would be easier to muzzle the entire internet than to produce p
That's not true, you can sign and counter sign a travelers check, but also put a name on it. That way it works like a check in that only the person who's name is on it can cash/deposit the travelers check.
The advantage over a normal check is that you _don't_ have to pay the 2-5% transaction fee.
ustr: Managed string API with ave. 44% overhead over strdup(), for 0-20B
We wouldn't necessarily open source everything, but we would release the tools necessary to activate our products at your convenience. Fair enough?
Matt Slot / Bitwise Operator / Ambrosia Software, Inc.
Matt Slot / Bitwise Operator / Ambrosia Software, Inc.
we would release the tools necessary to activate our products at your convenience.
In other words, we'll get free crack for all Ambrosia products. Just hope it doesn't get to the moderators.
The thing to do is generate a number that passes about twenty tests. Check two-three (all the similar tests) at code entry. Check other ones later and trigger delayed problems.
For instance (a very basic instance), generate keys that, are evenly divisble by 7, 13, and 23, and 29.
At the time of key entry check if the key is divisible by 7 and 29. If it is, pass it. Later on, when the user does something like "cut", check if it's divisible by 13. If not, set a flag to do something later, like crash, scramble output, etc.
When the next version comes out, check if the keys (for upgrading) are divisible by 23. If they are, it's a valid key. If not, it was a key for the old version.
With some checks causing later delayed issues you make the key generation a nightmare simple because most crackers won't spend as much time in the program as a user and won't notice subtle errors.
By saving a few checks for later versions (If you allow upgrades withing 2.x for example) you force people to use a new crack for new versions.
This way there are tons of cracks floating around for your program, most for old versions which aren't on your website anymore. And half of them miss something and the program doesn't work well.
Now, picking a number composed of certain primes isn't terribly secure, so use your own method. But really, the two points above (1: checks not just at startup, 2: new checks with each version) are more important than the specific key strength. (Really though, no reason to skimp.)
There are other important issues too. Ease of use is an important one. Instead of Base64, I'd recommend using alpha/num in pairs, storing 9 bits per two characters. Avoid 0/O and 1/I/l issues.
Print the key with a few check digits. Don't use simple addition (or digital root, or any other commutative idea) for it, otherwise you'll miss transposed digits. (One idea is multiple the first character by 3, the next by 5, etc. Then take the lowest five bits, compress a little (get rid of 0/1, etc) and use it as a check character.
This measure will save you a *ton* of support email. I can't count the number of issues that relate to keys being case sensitive, to '1's being 'L's, and the like.
(Horror story: My company ordered Perfect Keyboard licenses. They were to be tied to the workstations, not users, so we didn't give a name. Now, PK requires you enter ALL your info exactly or it won't work. The issue is that the name field must be left blank, though a blank name field is usually a prompt to enter your name. I think everyone who used it ran into this issue a few times.)
Adding this security to the key does make it longer. From using 6 to 4.8 bits, you go from 22 chars to 26. Not a bad tradeoff. Then add a three or four check characters. Still below thirty.
--
As for the later checks, you could introduce some subtle "bugs" into the code. If you were keeping track of the number of characters in an editor (for display) you could use an intentionally awkward piece of code. In some circumstances (deleting a character to from from 10,000 to 9,999 perhaps) it'd drop through a loop and perform a key check before updating the display properly. If the check fails then the key settings are corrupted when quitting, or the edit menu stops working (Make it look accidental, set the high bit on a few characters, remap "copy" to SaveAs, etc...)
You need to make sure that you inline your key checks, otherwise the cracker only need patch the main routine to always return true.
It's funny you mention "bulletproof" in your post, because BulletProofFTP uses a complex scheme like this and there are a ton of non-working cracks for it.
The id model wouldn't work if the engine were open source. A person could build the source themselves, and have a version that could play all the custom levels and mods. Granted, only a few users would bother, but once such copies were available on the net, they would spread quickly.
I don't think IS is that diligent in general. I work as a consultant, and visit a number of companies. Before that, I worked as an employee for a handful more. Every single one of these companies uses WinZip internally, and exactly one of them paid for it...and that was because I wrote a PO, and made my boss sign it.
Even though I have a one-person business out of my home, I paid for my copy of WinZip. It bugs the shit out of me to have to go to work sites, and click through the nag screen on WinZip to unpack code. And these aren't tiny companies; one is a major defense contractor worth billions.
This isn't an unbreakable scheme. It's basically a dongle, but built into the CPU.
.5% are expert enough to code self modifying code that won't thrash the cache, yet doesn't keep much of itself in memory. It requires interleaving the decryption code, a few bytes at a time, in the execution code. And either decrypting the code like this, or storing decryption code for the next segment in all code segments you write.) Stuff much more complex than this has been hacked.
You let the software call the built-in decrypt function and then once it's decrypted itself you suspend operation and write it out to file. Fix up the loader and you've got a working application.
So never have it decrypt the whole app you say. So you have to save it in smaller chunks.
So it checks file integrity. So you edit that out.
You can make it a pain, but never more than that. Plus this requires assembly programming which few people can do these days. (Seriously, ask any group of programmers. Maybe 20% have done it, and 5% are capable of it. Perhaps
I remember an old game that used diagonal tracks on the Apple 2. You read a sector, after having given a head movement command. If your code isn't cycle for cycle identical you'll start to get dropped bits. But that's part of the trick, their code took a little too long in a storage loop and eventually got a bit out of sync, which was intentional. Ugh. Nasty stuff.
But those protection methods took a lot of programmer time and meant that they had to write the disks themselves in modified drives, instead of paying a duplication company. It's just not feasible.
It's almost never feasible, especially these days, to muck with hardware protection schemes. (Look at how useful it is with CDs. There are point-and-click cracker programs for all the common laser-burn protections.)
I understand, many years ago I tried to purchase Magic WB for the Amiga. Sent the Money Order off, and got nothing in return.
The bottom line is, if you want to write shareware you're screwed. Just write Freeware, GPL it, and use that to leverage your way into a real job. Because the effort you spend trying to secure it and register it could probably be spent more prodicively elsewhere.
I know it can't be bulletproof, I just need something that's not so simple it'll be breakable by a casual cracker.
:)
Unfortuantly, as previously pointed out, a tough-to-crack key algorithm isnt all that you need.
Why? It'll end up just coming down to a simple compare.
if(key_is_good(key)) unlock_program();
else DisplayMessage("Invalid registration key.");
Oi. That is insecure! I dont _need_ to make a key generator. All I need to do is change the instructions of the if statement.
cmp eax, ebx
jnz NotGood -- change this to jz. bam.
call unlock_program
They key must have someway of making the unlock_program function working.. this will prevent the above flaw. But even that is flawed, because once the unlock_program function is 'decrypted', perhaps via one valid registration, it could be dumped and patched in the binary.
Shrug.
Companies wouldn't invest time and money in developing copy protection if they didn't have to. If people didn't pirate the game, the companies wouldn't put in this protection that you're complaining about.
In the old days, games weren't protected (anyone else remember those pleas in manuals to not copy the game?), and thieving scum like me used to copy them from friends. The problem was that if you didn't know anyone who had a copy, you couldn't make a copy of the game. So, you ended up buying it instead of stealing it.
That was then...now, finding a illegal copy is easier than going down to the store to buy the game. It's even easier than registering to buy a copy online. Can you blame companies for trying to at least deter the piracy?
I keep hearing this on the forum: just give away your code in the hopes that you can find a job. I don't want a stinkin' job. I want to work for myself, not make some frickin' suits richer.
Nobody encrypts their programs these days. It's a hurdle, it takes an expert and advanced assembler knowledge to do it right (right = not trivial to bypass). Knowing what the call to create a window is (rara ... CreateWindow or CreateWindowEx) is enough to immediately locate places in the program where a window is created (automatically by a debugger) as the program runs. You basically change the routine that is called by a CreateWindowEx() instruction)
... hmmm repeat but find the call above that, it generally doesn't go up more than 3 levels)
Removing that dialogbox is trivial. 99% of those screens are implemented with a modal dialog box (the program partially suspends execution and only the shown window is accessible). From that point on it is a trivial matter to find the last routine call (a CALL assembler instruction, you know it's address as it's on the stack) and change thel CALL xxxxx to NOP (5 nops)
re-run the progam and I'll bet you that dialogbox isn't there anymore. (but generally the program crashes
This process can, once you know the address involved (and to be honestly, you can't miss it in a debugger) easily be automated by a patch.
It is so trivial people just don't bother for smaller programs (only if someone asks them)
Fascinating discussion here--especially in the way it follows much of the pattern of the postings at Ambrosia's own forum.
:).
I see Matt Slot has been busy replying to various items in context; I will leave the technical points to him (he can attest how many e-mails it took for me to grok how the system works
Two comments I'd like to offer:
1) I thought I had emphasized this point enough in the column: Ambrosia's system aims to stop *casual* privacy, not the sort of determined attack that people have sketched out here. But most losses from theft aren't the result of a determind attack--as I've written elsewhere, people are cheap, but they also tend to be lazy.
2) Much of the hostility people seem to display towards Ambrosia's registration system seems to be based on how other companies' copy-protection measures work, or are perceived to work. I hadn't thought before about this sort of collateral damage, but it's something I'll have to consider for the next column on this topic.
- R
I think you missed my point - by embedding the encryption into the CPU, you would *never* expose the decrypted code, not even in RAM. (the CPU could decrypt the instruction stream on the way from the L1 cache into the execution pipeline). With any software-based encryption scheme your method works fine - just use a debugger to dump the decrypted bytes. But a hardware scheme like this is not vulnerable to these attacks. (you'd literally have to open up the CPU core and probe the circuits to find the decrypted code or better yet the private key... I'm not sure that's even possible; at the very least you'd need some mega-expensive equipment)
Several people have pointed out that encrypted binaries would only be valid for one CPU. Yep... Since when do software companies care? I once got delayed by several days on a real project because my Ethernet card died, and I was using an expensive program that locks itself to your MAC address... (anyone know how to spoof a MAC address in Windows?)
The freedoms of free software don't require you to be a programmer. You can take advantage of them by hiring someone to modify software for you (which is how some consultants make money) or learn a small bit of programming to do an easy job without becoming a well-versed in programming. We collectively leverage the benefits of software freedom when people inspect source code and engage in openly sharing bugs and security/privacy flaws.
The free software movement speaks to all computer users, not just programmers.
Also, not all free software is available for no money. I advocate that people should charge as much as they can for distributing free software. It's an opportunity to make some money to fund free software development that shouldn't be wasted.
Your namecalling deserves a troll moderation. But more importantly, you assume that because someone intends to make money from software they deserve to make money from software. The free market says that this assumption is not valid. Microsoft antitrust problems aside, a competitive marketplace determines how much money one makes selling software and software services. It is unreasonable to think you are owed money merely because you expect to be paid.
It's great that more people are talking about freedom and not at all unusual that most of these people are not programmers. After all, most people are not programmers.
Digital Citizen
This is one of the most insightful articles posted to /. ever! Mod parent appropriately!
Contrary to popular belief, coding is not all free blow-jobs and beer. Those things cost MONEY!
What happens when I want to run the program on my other computer? Or on my laptop and on my desktop?
T Money
World Domination with a plastic spoon since 1984
GameSpy (Which used to be QuakeSpy before it got popular), Eudora Lite, FreeAgent Lite, etc, I think demonstrate where shareware is heading.
These shareware programs have basic working functionality, but with ads. When you register, the ads are gone. What I liked about GameSpy was that lifetime membership is $20 -- "free upgrades!" It's not nickling and diming me to death, say like Microsoft does with Windows.
Policing shareware is futile --- there will always be people who use keygens, etc, no matter what. The *only* effective way to reduce piracy is to teach people the results of their actions: i.e. By not paying for shareware, developers have a harder time paying bills, less incentive to produce it the future, etc.
I did read the entire article, and what I chose to comment on what the portion that included remarks from the company.
/. is all about, right?
As you can see, many others have posted remarks on the rest of the article and I felt that it would be more productive to offer an alternative viewpoint.
That's what
Have you thought about what you're looking at today?
you assume that because someone intends to make money from software they deserve to make money from software
Where did he say that? Come to think of it, I don't know anybody who sells software who thinks they deserve to make money from it. They put it out there for a price, and they know that people may or may not buy it at that price. They think that if people use it, they deserve to get that price; but they do *not* think that they deserve to make money simply because they wrote tbe software. Do you see the difference? The only people I've ever seen who think that they deserve to get paid simply because they write software are not in the payware community. No, if anything that attitude is prevalent in the Free Software community, where you can find people who advocate strongly for government funding of software development.
The freedoms of free software don't require you to be a programmer. You can take advantage of them by hiring someone to modify software for you (which is how some consultants make money) or learn a small bit of programming to do an easy job without becoming a well-versed in programming.
Mommy, this game won't play on machine! That's OK sweetheart, I found a consultant for $100/hr who said he could fix your game in 2 weeks. :)
The second part of your statement contradicts the first! You don't have to be a programmer... followed by... you can learn a little programming. Sheesh! Where did you get your education? Public School?
Even Ambrosia realizes that their high quality programs (which IMHO is worth the $30 they usualy charge), will get pirated by people that want it cheaper. That's why once or twice a year, Ambrosia has "Forgiveness Week" (or something to that effect) and for that week, any registration you buy is only $10. That way, they get a bunch of the cheapskates who otherwise wouldn't pay, to pay them for a code.
T Money
World Domination with a plastic spoon since 1984
Paying a license fee to tie your shoes, because somebody else invented the algorithm.
Paying to have a conversation, because you're taking in somebody's "intellectual property".
Bullshit.
Did you ever stop to consider how much better the software world would be today if all software was free? Alot of people, including me, would be out of work, and alot of companies would be out of business, but that wouldn't matter. All those people and dollars could go towards making better hardware and buying more of it.
So, who would make the software? Well, it would be a combination of people making it because they wanted functionality, and companies making it to utilize the hardware they wanted to sell.
Some software would be proprietary to a specific piece of hardware, but most of it would be designed to be open ended and compatible. If it was all free, everything we have now would be much better. Think about it.
Don't let these sad stories cloud your head. I think it's nice that this guy would love to make lots of money off of his software, but that doesn't mean it is his inherent right to do so.
"I am a cipher, a cipher, wrapped in an enigma, smothered in secret sauce" -Jimmy James
I'm just downing shareware authors attitudes
Exactly.. a long time ago (11 years or so), I wrote some shareware.. I originally wrote it to 'scratch an itch', but others I knew told me it was useful, so I uploaded it to a couple of local BBSes, along with a README that asked for $10 or equivalent.
I didn't get rich (not that I was expecting to), but in a couple of weeks, I got responses from as far away as Europe.. one guy even sent me 10 blank floppies! (which were appreciated.)
I can't believe the attitude some shareware authors have - they expect you to jump through hoops to use their software, which they release because they want to get rich..
If they want more people to send them money, they should make it easy to do so. If they get charged a fee for currency conversion, they should build it into the price.
I see your point now. I think it's infeasible, but at least it makes sense.
Yeah, companies in general can be asses. I'm in the middle of RMAing my IBM HD right now. They won't ship me a different model until this fails twice, and then it'll only be a 120GXP which isn't great either.
I think there's a way to change the MAC address on most cards, but you have to have a working card. Google could help more than I could.
The real question is, if you have spent so much effort on the program, and so few people give you cash, is it worth spending more effort writing a keygen and trying to make sure it's not easily crackable?
Chances are, if it's crackable, you've just wasted more effort for nil.
If it's not, if people didn't love you before, will this make them love you?
Every protection scheme out there still relies on one thing:
Is this software registered: Yes or No
You just change the No(0) to always say Yes(1).
End of story.
It doesn't matter how fancy your key is or what encryption it uses, the software always has to ask if it's valid. It always comes down to a yes or no, true or false question.
I remember when 3D Studio tried to get around this with the dongle (putting code onto a piece of hardware that has to be plugged into the serial port). The people that cracked it just ripped the code off of the dongle into a file and told the program to look at the file for the info it needed instead of looking for the dongle.
Running back home to a server doesn't work either. You just stop the program from calling home, and tell the program that everything is just fine.
I don't see why this is news, reporting your great new "un-beatable" copy protection scheme is self-defeating. Every cracker out there is going to release a crack for it just to show that they can defeat it.
It's a good thing the world sucks or we'd all fall off.
if his name is really Robert Paulson, how do you know?
It's a troll. Maybe you missed the first 4 times he posted it?
Here's an idea I've been mulling over for a way to enforce shareware "unlocking".
First, you only accept credit cards as payment.
Then, you have a registration key that uses only works for the combination of credit card number + name on the credit card + card expiry date.
Of course, you only issue the registration number when the credit card transaction is accepted.
Now here's the sneaky bit: you display the credit card details on the startup splash screen of the registered product.
This way, if they give a copy of the registered program to their friends, they are compromising the secrecy of their credit card number.
It's not foolproof (won't stop stolen cards or hacking the program with an assembler), but it might work well against casual piracy.
For companies that purchase your program, you might use the company name + company registration number - this is not as good, so you would charge a higher "company rate" for the product (which includes a site license, so you don't have to worry about a single-user license being copied within the same company).
The problem with piracy, as I see it, is not the technical aspect of protection, but the lack of penalty if you do so.
Oh right I didn't realise that, sorry :'-( cool, thanks. I still think a cheque is better just because everyone fills in loads of cheques all the time though, that's how I'm selling my shareware - I tell everyone to use Bloomberg's currency calculator to work out how much my software will cost in their currency, add 10%, that's it. A cheque issued by a foreign bank is no problem apart from the fees and exchange rate (usually small - look at currency futures exchange).
A caveman dreams of being us, the incalculable power and riches. We dream of being Q, then what?
>Shareware authors should accept travellers cheques
> - in any currency - and be ambigious - 10 dollars,
>or 10 dollars in your local currency. Travellers
So your saying if I want to register a program in the US for where the asking price is ten dollars and I'm in the Czech Republic I should just send ten crown? FYI that is about 25 cents. and yes here a dollar is a crown, don't use cents too much. Or how about Japan send ten yen?????