Slashdot Mirror

← Back to Stories (view on slashdot.org)

Delivering Software, Electronically?

Posted by Cliff on from the beyond-simple-file-transfers dept.

zpengo asks: "I'm trying to find the best way to implement a large-scale Electronic Software Delivery (ESD) service for my software company. I've been able to find very little information online (after weeks of research) so I must take it to America's best and brightest. Have you ever worked with ESD on a higher than plain-vanilla FTP level, and if so, what did you learn from it? When do you consider the product 'delivered'? Was it worth it? (I'm planning to put together a public domain whitepaper on the subject with the information I gather, to help fill in the gaps I found while researching online)."

20 of 202 comments (clear)

  1. Product delivery by Anonymous Coward · · Score: 5, Funny

    When do you consider the product 'delivered'?

    When it's available on Kazaa?

  2. ximian's red carpet by j1mmy · · Score: 4, Informative

    it's now available for anyone to use as a server or client. www.ximian.com

  3. Ehem... by ekrout · · Score: 5, Funny

    I've been able to find very little information online (after weeks of research) so I must take it to America's best and brightest.

    Um, this is Slashdot, dude...

    --

    If you celebrate Xmas, befriend me (538
  4. Java? You could try Java Web Start by atomray · · Score: 4, Informative

    I've worked with this before on a project, and it's usefulness depends on your needs. It's essentially an extension applets; it does not run in a browser, but does run in a secure sandbox.

    If you have a pure java swing application, this is probably the way to go. If not, read more about it and decide whether it's appropriate.

    The technology was a little rough at first, but I assume it's matured somewhat, considering that it's now part of the standard java environment.

    Java Web Start

    --
    take your sig and shove it
  5. .....tell...us...more... by jukal · · Score: 5, Insightful
    I'm trying to find the best way to implement a large-scale Electronic Software Delivery (ESD) service for my software company.

    What software, which audience, which principles? It makes a difference whether you are building ESD like tucows or for a special product for a special market - for example. It might be possible for you to get some real information out from here, but you will have to tell more. Don't be scared, if someone wants to look up your company, he is already well capable of doing it :)

    1. Re:.....tell...us...more... by scott1853 · · Score: 5, Funny

      Don't be scared, if someone wants to look up your company, he is already well capable of doing it

      Like somebody smart enough to click on his name in the story ;)

    2. Re:.....tell...us...more... by Alsee · · Score: 4, Funny

      Like somebody smart enough to click on his name in the story ;)

      Not everyone who reads slashdot is a computer brainiac ya know. Why can't you just say what the damn AOL keyword is, so we can all find it?

      -

      --
      - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
  6. ESD by cscx · · Score: 5, Funny

    Always make sure you're wearing one of those wrist-strap thingies.

  7. rsync and rdist by jutpm · · Score: 4, Informative
    What is wrong with rsync and rdist?

    From the rdist website: "RDist is an open source program to maintain identical copies of files over multiple hosts. It preserves the owner, group, mode, and mtime of files if possible and can update programs that are executing."

    From the rsync website: "rsync is an open source utility that provides fast incremental file transfer. rsync is freely available under the GNU General Public License"

  8. Web Based Software Delivery by BuildMonkey · · Score: 5, Informative

    My business is software configuration management. Electronic software delivery is a critical part of many solutions. Typically we use a web site. The system has access control, software submital, notification, approvals at various levels, retrieval based on approval level, and logging.

    For examply, only users identified as Development can submit software. At that point Software Configuration Management is notified to reproduce the software (can SCM build the same binaries as the developers?) SCM retrieves the software from the web site. Once SCM approves the software, Test is notified.

    Test retrieves the software and puts it through its paces. If it passes Test grants its approval through the web site. Otherwise the software fails and Test provides a URL explaining the problems. And on...

    At any point program management can see the state of the software in its track to customer delivery. PM has override ability to approve software for customer delivery even if it has, for example, failed testing.

    The web site makes it easy to access. Access control and approval manage the software delivery process. Notification keeps everyone on the ball. And logging provides CYA - and has covered my butt on numerous occasions.

    My boss particularly loves to be sitting in a Change Control Meeting and hear the development manager say, "The software's been delivered to SCM. We're waiting on them." And he can say with confidence, "Not yet it hasn't."

  9. I do! by Superfreaker · · Score: 5, Insightful

    I developed (insert plug here-http://payloadz.com)

    We do about 5,000 transactions per month.

    Our method is this (note, this is after 5 iterations of delivery systems- all of which had issues):

    - When a customer pays, we create a unique copy of the purchased product and place it in a queue directy for download. This unique file is prefixed with the customers transaction ID, so
    "filename.zip" becomes "a1dys3ad4a-filename.zip"

    We then provide a direct link to the file. We also send this direct link in an email to the person.

    After 48 hours the file is deleted. after which time, the customer must request more downloads from the merchant.

    We tried many other methods but there always arose a browser/platform issue. The ONLY reliable method has been to provide a direct link to the file for download.

    It can create server load and file storage issues if you have a large scale site.

    Hope that helps, feel free to contact me off list.

    1. Re:I do! by Superfreaker · · Score: 5, Funny

      erm, that should read 5,000 per week. Shit, I even used that damn preview button. I should walk my fat ass into oncoming traffic.

    2. Re:I do! by sfe_software · · Score: 4, Interesting

      How would you create a unique link to the file?

      Either use a symbolic link (most Unix filesystems), or even a bit of mod_rewrite (Apache). The user will never see the true filename, and if you're smart the actual file is not within a web- or ftp-accessible location anyway.

      Eg: /home/joblo/public_html/[unique_number]filename.zi p --> /home/joblo/.private/filename.zip

      on the filesystem.

      Or use a script that authenticates (using the unique ID) and sends the file data; this can be done with PHP, Perl, ASP, or just about any language that can read the QUERY_STRING environment and open/read files. You can store the user's ID and expiration time in a database, flat file, whatever. No browser issues as long as you send the appropriate headers.

      I could think of many other ways do accomplish this; copying the file for each user is just nuts... you might as well email it to them.

      --
      NGWave - Fast Sound Editor for Windows
    3. Re:I do! by sfe_software · · Score: 4, Informative

      The borwser/platform issues arise with writing headers to the client. There is NO 100% method for doing so.

      Tell me this: what is different between your script writing headers, and the Apache server writing headers, to describe the content about to be sent?

      Honestly, use 'wget' or 'lynx -dump' and really examine the headers that are sent when you download a file. Apache is sending those headers. This is what tells the browser what is being sent, and it's the *only* thing telling the browser what is being sent.

      Simply mimic those headers (substituting the proper filename and size etc), and the browser will happily prompt the user to download.

      We built an inventory system for a manufacturer, and having pre-built Excel reports was one of their requirements. We simply send an HTML table, but sending the headers to appear as a .xls file binary attachment. Guess what? Either the user is prompted to download the "xsl file", or the browser runs Excel (depending on the user's settings).

      It just takes some trial and error, but the biggest clue is to look at the headers that are sent when you actually download a file directly. The browser doesn't know (or care) whether it's a binary webserver program, or a bash shell script, sending the headers.

      And if that's too much work, again, create a symlink:

      ln -s filename.zip [unique-id]-filename.zip

      And give a hyperlink to the symlink. That's about as simple as it gets. In Windows you could probably create a "shortcut", but I really don't know/care about that. If you're running Unix, you have a ton of options here.

      --
      NGWave - Fast Sound Editor for Windows
    4. Re:I do! by sfe_software · · Score: 4, Informative

      Replying to my own post, but...

      I do recall there being one issue, with Mozilla/Netscape specifically, where the filename it prompts you to save is the filename of the *script*. But we got around this using mod_rewrite. So a link like this:

      [unique-id]-filename.zip

      becomes:

      script.php?id=[unique-id]

      And, since the browser is seeing "...zip" as the filename, it prompts with the correct default "Save As" filename. That's what we actually did for the Excel file, we just linked to (eg) Report.xls, which was actually a script.

      Personally, I say go with the symlink idea. It's probably the easiest for you to change from your current setup; simply change your 'cp' command to 'ln -s'... the deletion of the link, downloading of the link, etc will work just the same as if it were truly a redundant copy of the file.

      Of course Apache must be set to follow symlinks; don't forget to check that first.

      --
      NGWave - Fast Sound Editor for Windows
  10. Please restrain the knee-jerk reaction by Jucius+Maximus · · Score: 5, Informative
    As much as we like to poke fun at Steve Gibson, you might want to take a look at the way he delivers his flagship product SpinRite.

    It's also similar to the way F-Prot Antivirus is delivered.

    Basically each customer gets a login for the web site and can download from there. It avoids serial generators and cracks because you can't just download the shareware and then apply a crack. The only people who even get the opportunity to download the software are those who have paid so it's less likely (but still inevitable) that they will give it away, share it on kazaa, etc.

  11. Kagi.com by DreamerFi · · Score: 5, Informative

    Kagi has a lot of experience with this. Check them out.

    -John

  12. Too Vague.... No Doughnut :( by TechnoGrl · · Score: 5, Insightful
    ESD is just another buzzword until you actually understand what it is that you want. What DO you want?

    Do you want to deliver upgrades or patches?

    Do you want to tie your system into a point of sale mechanism?

    Are you worried about security? (you should be)

    What security mechanisms are you able to implement?

    How many people will download your software each day? Each hour? How many do you expect to do so next year?

    What platforms will your target audience be running?

    I could go on and on....but my point is that you cannot go to anyone, even "America's Best and Brightest" (whereever they are) and ask for a one-size-fits-all solution to a software delivery system - even if you do have a fancy buzzword like ESD to make it sound sort of sexy.

    You first step here (AS ALWAYS) is to define your specifications. You can *start* with the questions above but if you haven't thought of 4 times that many yourself in your specs then you don't really know what you want... and hence can be offered no real solution.

    --
    ----- In Your Cubicle No One Can Hear You Scream...
  13. Confirmation by Anonymous Coward · · Score: 5, Interesting


    I am currently adding ESD capability to my eCommerce software, so that I can deliver electronic goods to customers.

    The approach I am looking at is one where after payment has been accepted, the user gets a secure account where they can download the files they have a valid licence for, and the file is passed through a script which checks that the user has authenticated properly. This means they cannot simply post a URL to allow everyone access to the file.

    In order to authenticate, and so that they can download this file again at a later date (maybe their hard disk blew up or whatever), they must enter a random 4 digits of the credit card used to purchase the file. This means they would not simply post a username/password and allow everyone access to their account.

    When they receive the file it will be archived. When they unarchive the file, the custom unarchiver will request authorisation from my server, informing me they have the file, and what the md5 hash is. This confirms to me they have a valid file and helps against credit card refunds.

    Inside the archive, I will look for ways to have unique ID's hidden inside various files, so I can then track the file's owner should it appear on any file sharing sites/networks. This doesnt have to be done in realtime, you can prepare 1000 files in advance and assign them to customers. I will look to write into the EULA a clause that states it is their sole responsibility to keep the file and contents secure, and that any lost sales will be charged to them if it could be proven they were neglegent in securing their computer/network.

    I think that the above will be a good set of measures to take. Of course, it all depends on how important/valuable your software is.

    Remember, if someone is really persistant, they will find away to share your files without detection. So things like great customer service, and value add will be your biggest help in keeping your customers loyal to you.

    :o)

  14. But who is going to write your Draconian EULA? by Proudrooster · · Score: 5, Funny

    Don't forget that once you have distributed your software over the Internet to an untrustworthy, evil user, s/he is going to give it away for free. S/he is going to start buring illegal copies of the software he downloaded for all his friends and will probably download it right into his P2P upload directory.

    After the Electronic Software Delivery (ESD) is complete, the user has to get through the EULA so he can install it.

    Just who are you going to get to write that EULA?

    Might I humbly suggest,

    http://www.evil-lawyers-who-write-eulas.com

    These guys specialize in incomprehensible leagaleze and by the time they are done, your EULA will stand a proud 250 lines long and allow you to have your way with both the user of your software and his/her computer.

    Good Luck!@