Independent Developers Fight Piracy & Lose

An anonymous reader writes "The author of the Echelon decided to take his fight against software piracy to the next level and then threw in the towel. After someone began posting new serial numbers on a well known hacking site, the author took matters into his own hands. With version 1.0, entering a hacked serial number causes the software deleted the user's Home directory. Yes, you read it right, the software completely erases it (aka rm -rf ~). A variety of people have voiced some some strong opinions on this. While some argue that piracy is good for established companies, a few large companies are battling piracy and having limited success. Small, independent developers, however, are recognising this is a serious problem and are generally stumped by what to do about it."

Too Far?

[Oculus+Habent]

I think deleting the entire user's directory is a little harsh. If I were going for vandalism, I'd go for things that cause problems, but shuouldn't do serious damage. Something along this line:

• Delete Perl
• Stop Apache, Samba, & nfsd and remove their startup scripts.
• Delete X
• Delete ftp, grep, ssh, or other important programs.

The key is to piss off the user. Each of these things are replaceable, but a PITA.

Re:Too Far?

[praxis]

Well, go ahead and do that, if the software is running with access to those things. If, for example, the software is running with only write access to the user's home directory, then what?

Re:Too Far?

[NemesisEnforcer]

Or how about something reasonable like deleting the software that the user was trying to pirate?

I don't think he'd have faced a lot of criticism if the software's reaction was that mild. However, he might have caught a lot of heat if it happened accidentally with a legit user.

Re:Too Far?

[QuantumRiff]

How can that go to far, you do read those EULA don't you ? I'm sure its written in there somewhere.. Maybe if more software developers did this, there would be a nasty lawsuit. Then, maybe, just maybe, EULA's would finaly get a chance to fail in court, and that would really shake shit up....

Is clearing the Home directory much worse than inserting files into the network stack, creating Viral software that is almost impossible to remove, and that reinstalls itself when it detects part of it was removed?

Worst thing that comes out of this is that people learn to back up their data, and EULA's become trash..

Re:Too Far?

[lowe0]

The only bad thing (and it's a big deal) about this is the possibility of damage to legitimate customers.

Other than that, you ran the guy's code without permission - the consequences are entirely your problem.

Measures such as this are a bad idea because of the potential for accidental damage, but if that problem were solvable (it's not) we'd have a great tool for preventing unlicensed use of intellectual property.

Re:Too Far?

[Gudlyf]

At first glance, you might think, "Yeah! Serves 'em right! Delete their home dir!" The thing is, it's akin to setting up a trap in your car or home for burglars that hurts or kills them (although deleting ~user shouldn't be physically harmful, at least directly). In short, going on the offensive in an equally or more sinister way doesn't always make it the right thing to do.

Re:Too Far?

[walendo]

How about encrypting the user's home directory (or whatever) - and offering the decrypt password for the same price as the pirated software. :-)

Re:Too Far?

[rd_syringe]

Why is it harsh? If you crack the software, you pay the consequences. You're not owed anything at that point. As far as ethics is concerned, the app could do anything it wanted.

Warez is a result of this lame sense of entitlement that today's computer users have. Arguing piracy is "good" for companies doesn't matter--it's not provable, but more importantly you don't have the permission from the copyright owners to do it. Pirates are just freeloaders who get bitter when the free ride is taken away.

id Software lost over a million dollars to record-breaking piracy the weekend before Doom 3's release. Ask Carmack sometime how he feels about that.

We've already seen game companies transitioning more and more to consoles (and the games suffering as a result). They're doing this because of the extra protection from piracy. As more and more people pirate the fuck out of everything, the system will eventually completely crumble, and nobody will be able to make a living off of any software. We won't have the Photoshops or 3D Studio Maxes or Cubases of the world, because there won't be businesses behind them doing the development. It's not like OSS is answering the call or anything--all the major software revolutions have been spawned by capitalist endeavors. I'm a musician, and I can load up fantastic plug-ins like FXpansion BFD as a VSTi in Cubase. Piracy hurts innovation like that because there's no incentive for people to make developing software their career. Little college dorm room kiddies will just come along and download it and then run to boards like Slashdot and justify it as "free advertising."

At some point, the issue will come to head and a resolution will be reached, going either way--all-out piracy or full-on copyright protection. But right now, it's just a tense string being pulled tighter and tighter...

Re:Too Far?

[sparcnut]

I think even deleting system programs is way too far. Suppose you have a user (an eye dee ten tee) who has his only copy of his master's thesis in his home directory... you can imagine what happens next. You can make the argument that he deserved it, but it doesn't justify wiping out his thesis.

If the program instead followed your suggestion (never minding the permission issues - it would have to be run as root) and deleted system software, what would happen if the program was run on a production server? Sure, it really ticks off the user, but a lot of things on the server for all users would grind to a halt until the deleted files are replaced. You just can't justify doing something this drastic.

Re:Too Far?

[Oculus+Habent]

Perhaps grabbing files from the home directory and encrypting them. Contact the author for resolution.

Tools like these should also have a built-in sunset date. If, in fifteen years, someone is using this ancient copy of your software b/c they can't purchase it... just let it go.

Re:Too Far?

[jcr]

Have a look in Black's Law Dictionary for "extortion".

-jcr

Re:Too Far?

[vadim_t]

Well, to begin with, it's completely unreasonable, as the amount of damage is pretty much random. A *long* time ago, the idea of "eye for an eye" was established as reasonable punishment. Yes, reasonable, since before people would do things like "You break my arm, I set your house fire with your family inside". Eye for an eye set a reasonable upper bound which wasn't that bad in those times. Trying to go back to before that by this kind of completely unreasonable revenge is ridiculous.

Besides that you have a legal problem. I'm fairly sure that somebody could argue that even though they caused you a $100 of loss (or whatever it costs), the nuked home directory caused $10K of loss. That kind of thing could turn out *really* ugly.

Re:Too Far?

[operagost]

What's the point? The user's system is vandalized without reason. The loss of revenue does not equate to the destruction of the user's data. There is always the possibility that the user mistyped the serial number, or has a legitimate serial number which has unwittingly fallen into a pirate's hands.

Re:Too Far?

[Zangief]

Yeah, and then pirates just need to alter the date te software thinks it is really, and away they go.

Re:Too Far?

[Minna+Kirai]

Something along this line:

RTFA. It's a Macintosh program. So there's no reason to expect that programs like X and Apache are even installed. (They can be installed, and a few are by default, but users might not care)

However, depending on how the installer is run, the application might not have write permissions to do that kind of damage. The home directory is both more likely to be vulnerable, and much much more important to the victim.

Here's some other, milder ways to punish the offender:

1. ROT13 the documents in her home directory
2. Randomly rename some of the documents in her home directory, by adding prefixes like pirate_.
3. Send emails to the application developer containing the user's name, to record her on a list for eventual legal retaliation.

Re:Too Far?

[gcaseye6677]

I realize that doing something like this may make the developer feel better, but it accomplishes absolutely nothing other than petty revenge.

The purpose of anti-piracy measures is, presumably, to reduce piracy. When you decide you're going to take revenge on anyone who pirates, all you are going to do is drive away people who might otherwise pay for the software. Nobody says "gee that guy wiped out my hard drive. I should pay for the software I stole from him." Would you do it if you were in that position?

The pirates will continue to pirate, while finding a way to make the program work without permissions to do anything harmful. The innocent user who enters the activation key incorrectly will likely be harmed by this. And the developer will lose future business, and rightly so. And if serious damage were caused, they will face a lawsuit.

If there are any developers out there thinking about doing something stupid like this, please reconsider. It will not help you in any way; it will only hurt you. I for one will never install software that has provisions to wipe out my home directory. What if it does so by mistake?

Re:Too Far?

[clifyt]

"Little college dorm room kiddies will just come along and download it and then run to boards like Slashdot and justify it as "free advertising." "

Whats funny is you mention this in the terms of being a musician.

I have worked on a number of music software applications over the last few years from anything from being a beta tester to designing the GUI for guys that have a great product, but a shitty interface.

And this is this same exact arguement used everywhere -- its just free advertisement. Or if I use it to make money, I'll pay for it. Or I'm just a little guy, and the pros should have to pay since I haven't had my first hit yet.

In this area, I've *NEVER* seen a pro pay for professional music software...if you are making money off of it, you will more than likely get it given to you for free. Hell, I haven't paid for 90% of the software I've been given -- and most of it sits in its box on the shelf as the software I *USE* is almost the inverse of this (for some reason, I'm more likely to use the stuff I pay for -- it has real value to me).

But the thinking goes, being a paid musician is like winning a spot on a basketball team -- there are only so many spots opening a year, and most likely its not going to be you. So the software is given to the professionals to advertise to the little guys...I don't know how many times folks will come to my studio and ask what I'm using, only to run out and buy it thinking that it means they can leave me outta the mix, so to speak...only to realize you can't buy talent out of a box -- it comes from years of hard work.

So honestly, the software is sold entirely to the guys that can't make a buck and most likely will never make a buck. Great guys -- and a lot with real talent, but really don't want to do anything but play on weekends with a bunch of friends.

Anywho, the companies advertise as they feel like advertising and need no help from anyone else. I wish there was a decent way to prevent piracy but the folks that want everyone elses hardwork without doing anything for it want to be rebels. Its like the fuckwad kids that think stealing their instruments make them an authentic punk band even though they are from the suburbs.

I love free software and have contributed to some of it -- in my day job we give away several packages I've solely designed and developed, but all in all, folks need to respect the opinion of those that provided the software...even if there were no laws preventing the copying of software or music or whatever, you'd think folks would have the decency to understand that if someone creates something they should have the ultimate say on how its used. If ya don't like that, you are free to develop your own...its not like the ideas are that hard to come up with, and an army of OSS programmers should be able to replicate anything who can give their software away under the ideals they wish it to be released...

Re:Too Far?

[Yartrebo]

It's quite common for me to loose the original packaging (and the SN#) to a game, and then get a serial number from online. I still have the CD.

Now if my hard drive were trashed by such a program, I would sue (yeah, it's probably in the EULA that they can do that, but there's a good chance that such a clause will be neemed null and void).

In normal (non-internet) society, such an action would be the revenge a phycho would extract by killing the person sleeping with his girlfriend.

Re:Too Far?

[MechaStreisand]

The thing is, though, what's wrong with setting traps for burglars? If they don't want to get maimed or killed, maybe they should have picked a different job. Why do we always have so much sympathy for criminal scum in this society, and none for the victims?

Re:Too Far?

[freakmn]

Would it still be extortion if you gave the key away for free? Say, if they e-mail you a request for it, you could mail it back? People might be caught in a decision between admitting piracy and recovering the contents of their home directory. If they do admit to it, they have a good chance of getting caught. If not, the contents are as good as deleted.

Re:Too Far?

[Waffle+Iron]

If you crack the software, you pay the consequences.

In a civilized society, consequences are doled out by a court of law, not by vigilantes their software.

Re:Too Far?

[Cat_Byte]

That really sucks. The only pirated software I have is stuff that I actually own but would rather have a version that doesn't require the CD or something I own that the CD was damaged & I refused to pay $10 or whatever for a new CD. I have the license keys to back them up. If a pirated copy deleted my important calls you can bet I would be on the phone with support for hours until they restored all of my data they messed up.

Re:Too Far?

[strictfoo]

then you know that the user is attempting to steal from you

Untrue

It's not common, but when I lose my key to a software product I have paid for, I don't bother with the (sometimes) huge hassle of trying to get it again. Over the past 7-8 years I'm sure I've registered many different software packages with many different email addresses so I usually have no idea what one goes with what software package.

I am in no way stealing. This guy is out of line. Removing the home directory of a user is ridiculous. Just delete the f'en product directory.

Re:Too Far?

[Gudlyf]

Yes, I believe there are laws against just that. I recall a store owner rigging his ceiling windows with electrified wire, where he killed someone trying to break in. Anyway, he went to jail for manslaughter or something like that.

You'd actually be able to sleep at night knowing you killed some poor drug addict who was strung out looking for a little cash for his latest fix, or some drunk college kid just looking to pull a prank? You're talking about killing someone!

Re:Too Far?

[Zangief]

Well, if they trust the system to provide the app the date, you just give the app another library; your system can still use the right lib, so your dates are okay.

If the app phones home to get the date, you just study the packets and eventually, you get to find out the right message.

Re:Too Far?

[Blakey+Rat]

The X makes it sound cool.

Re:Too Far?

[PReDiToR]

to make sure that hacking requires maximum effort with minimum reward

IANAH, but I play one on hackthissite dot org.

I have spent hours learning to hack websites, applications and databases, I'm not great, but I found the process of learning fun.
I don't think you can dissuade people from cracking your apps by making it hard work, the harder it is, the more credibility you get in cracking circles.

The thing that gets to me is that coders and packagers can spend so long trying to lock up their apps that they spend time on that which could be spent debugging or advertising, fundraising for the next version or putting eye candy in the app so that the people who actually pay for software will find it attractive and pay for it because it looks professional.

Re:Too Far?

[gfxguy]

And that's more worth it than, say, just paying for the program you so desperately need?

Re:Too Far?

[Znork]

"If they don't want to get maimed or killed, maybe they should have picked a different job."

Does that go for any policemen, firemen, small children, spouses, relatives, housesitters, etc, who might actually have a reason to be there too?

Or have you invented a new form of trap that magically springs only on the guilty?

Re:Too Far?

[Fweeky]

"If you crack the software, you pay the consequences. You're not owed anything at that point. As far as ethics is concerned, the app could do anything it wanted."

Your software *thinks* I pirated it, ergo it can do anything it wants and get away with it? Nuh uh. What happens when a pirate releases a keygenned key that happens to match mine? What happens when I hit a bug in the key verification code? What happens when a cosmic ray flips a bit in the relevent code and a FALSE turns into TRUE?

"id Software lost over a million dollars to record-breaking piracy the weekend before Doom 3's release"

Says who? Based on what evidence? I pirated it, saw that it sucked, and then did exactly what I would have done anyway; I didn't buy it. Did they lose $60 on me anyway? Maybe they would have if I'd cancelled my preorder based on that, but then I'm just using my increased knowledge of the products available to spend my money more wisely. Is that still a bad thing? Maybe for Id, but not for me, and I don't think for the market either; mindless shooters with crappy atmosphere and insanely repetetive gameplay should not a blockbuster make.

"As more and more people pirate the fuck out of everything, the system will eventually completely crumble, and nobody will be able to make a living off of any software."

Kindly provide statistics and sources that show more and more people are pirating software, and that as a result the amount of purchased software is going down. Or are you just assuming that's what's happening?

Re:Too Far?

[thedillybar]

>If a pirated copy deleted my important calls you can bet I would be on the phone with support for hours until they restored all of my data they messed up.

Almost modded this funny, then I realized you weren't try to be funny. Anyone who does this isn't going to have a support number, and isn't going to put up with your BS if they do. Clearly they don't care about customer satisfaction if they're wiping home directories. What makes you think they'll be able to recover your rm -rf ~ better than you can anyway?

Re:Too Far?

[drakaan]

They said "hacked serial numbers", not "pirated copies". You would have used your (legitimate) serial number and would have been unaffected, presumably.

Re:Too Far?

[Carewolf]

The funny thing is, this has gotten to point where the only "vendors" of shareware you can trust was essentially warez-sites, as the crackers compete in removing all the spyware, nackware, crippleware, and other attached diseases.

When you download something of the official site, it will not work, spy on you, advertise random crap and now delete you home directory; but if you download it from a warez site, it is clean and functional. This counts even for software bought in shops, like Windows XP, which doesnt require "activation" in the cracked versions.

No wonder piracy is on a rise!

Re:Too Far?

[ifwm]

"You'd actually be able to sleep at night knowing you killed some poor drug addict who was strung out looking for a little cash for his latest fix"

Your emphasis is on the wrong guilty party there fella. While it is illegal to set traps to injure or kill people, no one MAKES junkies break into houses. If I did trap my place, I would sleep very well knowing they killed THEMSELVES.

Re:Too Far?

I will warn you, then kill you if you do not leave. I dont have time to see if you have a gun, or even find out why you are there. I will shot at you till I am out of ammo

You are just the exact kind of idiot who ends up in prison for manslaughter. I believe in the right to own guns but when I see people like you it really makes me wonder if letting the average Joe Idiot own a gun is such a great idea.

Re:Too Far?

[clifyt]

Whats the problem?

They don't develop for Windows any more, but they do support it.

I run one of the largest Emagic users groups on the net. Hell, half the folks that help moderate my site are Windows only and they have no problems using the software on Windows.

Heck, the latest version of Logic Pro allows windows users to upgrade to all the latest plugins (excetp space designer) for around $200. I cashed my Windows license in, picked this up and bought myself a Mac. I know PLENTY of Mac users that got pissed off at this deal because they already bought most of the plugins and felt cheated.

So what exactly did you loose? Nothing -- you got the software that works on your machine.

Yeah -- this is one piece of software I have paid for...no free handouts for this one because I need it and it always takes Emagic to hand out the free auths for anyone I know that gets them.

And that Oxygen copy -- its an alpha 'crack'. Lots of shit that doesn't work. Its not as bad as the Radium hack (they were the 'zero day' and still the biggest distributed version) but still unusable if you are a real musician (ie., lots of intonation problems as the auth codes were actually built into the tuning tables -- the crackers never could figure out a way around that).

All in all, the point is software isn't like cake -- it doesn't get get rotten with age. You can still use it...I actually prefer 5.5 for a lot of things as the 6 series wasn't an update that I needed -- lots of hacks from the programmers to make nontechnical folks happy that pissed off the rest of us...you aren't missing a damn thing.

Re:Too Far?

[XMyth]

That's the thing though...."extra sales" ? There will be none. No one is going to say "well, it deleted my home dir...maybe I'll buy it!" This is pure retribution...plain and simple. Very short sighted, IMHO.

Re:Too Far?

[hazem]

And what happens when a bit error causes a JNE (Jump Not Equal) to become a JE (Jump Equal), and the correct information leads to your data being erased? All these checks are great, but it all really comes down to:

if status=valid,
run normally
else
delete all files
end if

If the stupid program can tell when a fake number is entered, it should simply refuse to run.

Re:Too Far?

This actually isn't a new idea. I remember an early version of Lotus 1-2-3 (for DOS) that did something like this. If the program thought it had been pirated, it deleted its main .exe files. This forced you to have to re-install it (assuming you were the legal owner), but didn't damage any of your data or other programs.

At the time, they weren't using serial numbers as copy control. The floppy had some kind of copy protection on it (a "diskcopy" wouldn't work), and it wrote some files in the install directory that were marked system and read-only. You couldn't touch these files. If they got moved by a defrag program (for example), the program would zap itself. (I found that out the hard way. It was not mentioned anywhere in the manual.)

Doing this is probably the only legally defendable kind of destructive copy-protection. If the user pirates your software, he has done something illegal. That does not give you the right to do something illegal back to him. If he has no right to run your software in the first place, then there's nothing wrong with your software deleting itself, since he shouldn't have it in the first place.

As with my example above, when implementing destructive copy-protection, you must be very careful to make sure it won't backfire on legitimate users. I did own a legal copy of Lotus 1-2-3, which I had installed from the original disks. I didn't know that allowing the file to be moved by my defragger would cause the program to think it was pirated. Suppose Lotus had decided to delete my data files (no "home directory" on DOS) instead of just the 123 program? Then I would have lost my data even though I was a legitimate owner of the program and I was doing nothing wrong, according to the software manual. As it was, instead of losing my data, I only lost about half an hour of time performing a re-install.

Re:Too Far?

[rock_climbing_guy]

Hey everyone, my name is Bill Gates. I just wanted to let everyone here know that if you develop your new software for Windows Lower^h^h^hnghorn, we'll protect your software from piracy with strong DRM. We'll make sure those nasty pirates can't change their system date, unless we say so.

Re:Too Far?

[IckySplat]

I hate to break it to you but sharing is not
pirating. Your Bell Labs to Berkley analogy is broken because they agreed to share their code.

If you pirate someones software it is theft.
Pure and simple. No amount of handwaving will
change that. You can tell yourself all sorts of stories to make it sound nice,
but at the end of the day it's theft.

The F/OSS has ideals of sharing at its core
Closed source & Shareware means if you want it,
you must pay for it. The guy who writes the code
is the only one who has the right to decide that.
Not you or anyone else.

Re:Too Far?

[Gherald]

Yes it is worth it because usually one guy figures it out and posts a crack to keygen.us or somesuch. That is the (ahem) beauty of 3rd party software "fixes."

Re:Too Far?

[clifyt]

If ya want to nitpick,

Quite honestly, I think the creator of a work should be able to indefinitely control his work no matter how long that may be.

There is *NOTHING* in a work of art that is considered a need to humanity. Nothing. Remember -- copyrights protect works of art, not ideas. Patents are for ideas and I think 7 years is more than long enough to protect an idea.

But copyright? Nothing that can save a mans life. Feed a starving nations children. Stop a speeding plane from hitting your building. Its a trivial work. As trivial as it is, the creator should be able to control it for as long as he wants.

I believe works should come from a person -- anything that is written from the perspective of a business should not be copyrightable. A person should be able to allow a business to manage his copyrights, but the business should not be able to own it. Upon death of the author, the family should have a short while to profit off the copyright so as not to induce hardships. A short time would be far shorter than it is today.

But all in all, I believe intellectual properties should be respected even if the law does not require it.

"Talent, originality, and determination made the intellectual property back then."

And it makes it today...unfortunately every motherfucker with a CD Burner or an internet connection now claims that they should have the right to reproduce this stuff -- and not require any talent to do so. Or at least one would think this is the popular group think from this site.

"You're in the industry so you tell me, did all the artists that made it to the big leagues in your industry have money coming out of their behinds to actually pay for all the crap they needed to make a good impression and get signed?"

What are your trying to prove with this question. Its goes to bias when you ask did ALL. No -- there are some thieves out there. In the hiphop world, folks brag about being thieves. Folks seem to like this and treat these idiots like ghetto kings. Yeah, Rock and Roll is all about being a rebel as well.

So no, I don't think that all musicians made it there legitimately. Personally, I think if you have to make your art by ripping someone else off, you aren't an artist. Probably why some genrea have gone to idiots not calling themselves artists but entrepreneurs. They think its a big word and they look educated by using it. At least they aren't calling themselves artists and I can respect that.

I don't know about you, but back in the day it cost me money to build my studio. I have two synths worth around $10k sitting in the studio. I had to earn those. I bought a decent Mac because thats what they big guys were using...my PC was much cheaper and was build from scraps. But thats what you did to be a pro.

In the visual arts? My roommate spends around $100 on canvases every week or two. Can't be bothered to do that? Can't really steal it can you? Well ya can, just not as easily. His airbrush? Cost him around $350 before he ripped out the guts and replaces everything once or twice. His large format camera...Its like $6 or $7 per shot in the damn thing.

So what is different between the way the old skool is with having to pay to learn the art and idiot children thinking they need to steal to get into their art? I learned 3D from using POVRay on a 486. It sounds like this is the area you are in...POVRay was free. Lots of free front ends for it that are probably much easier than it was back when I was using this crap. 48hours for a render was not uncalled for...come back over the weekend and find out its crap and start over.

I've always seen the educations versions very inexpense and far cheaper than what it cost to get into my field.

In my day job, I am a researcher and educator. My department is always trying to dodge why enrollments are down any particular year. Folks try to blame one department or another. This year they were claiming my department was pa

Re:Too Far?

[CodeBuster]

The timestamp is almost always retreived from a secure server using a proprietary protocol for precisely this reason. The only people who trust the system clock for operations like this are amateur programmers who either don't know better or don't care.

Re:Too Far?

[bahwi]

Because the damage is then minimal. Re-install and try it again. It really isn't a deterrent. It's like if you steal something from a store, all you have to do if you get caught is give the item back. That's not a deterent.

Re:Too Far?

[eV_x]

Technically - yes, it is and you could go to jail. But your example is a little off - really, a better example would be you built many of these devices and sat them out in front of your house with a tip jar to pay. Then it blows up if they didn't drop in the tip jar.

A slightly different take: If you "boobytrap" your house with a shotgun and a burglar enters... and gets their head blown off, it's illegal.

Building an explosive device and sending it into the public is illegal. Boobytrapping with malicious intent, even in self defense, is illegal.

Re:Too Far?

[dioxide]

if someone stole your car and i bought it from him would you have *me* responsible?
.. you are responisble for any stolen property you possess, whether or not you stole it. (in the us)

Re:Too Far?

[vadim_t]

1. It's not straightforward. There's no attempt to make a matching punishment. Say, what if due to the loss of the home directory you lose $1000? Some people have years of personal data there. This is about the equivalent of stripping somebody's house clean of all documents as revenge for a $30 theft.

2. I'm an atheist. I couldn't care less about what Christians think about revenge, but my intelligence tells me randomly destroying people's data is going to backfire sooner or later, and it's wrong to begin with.

Yes, actually I want the government to get involved. In fact, I'd even like to see this guy charged. This despite that I'm very far-left by US standards. While I think that the less government intervention the better, I think that allowing anybody who thinks they have been wronged to exact revenge in some arbitrary manner won't help maintain a stable society.

Even as a developer, I don't think any program is so important as to destroy an user's data when it thinks it's been pirated. Programmers aren't perfect, we make mistakes. The damage could be done to the wrong person. It's also not our job to pronounce judgement over those who ilegally copy our works.

This kind of revenge is also harmful if you want the small developers to prosper. If every developer out there did this kind of thing, eventually users would get annoyed enough with this. From there I can see several things they could do: Use exclusively software made by big companies, use only Free Software, or decide all this stuff is too dangerous and complicated. None of those options will do much good to small commercial software developers.

Just take a look at those links in this article. This programmer got a *lot* of negative pubicity. Myself, I'll bookmark this to make sure I never buy anything from them. This isn't resulting in more capital, it resulted in stopping the development completely.

Re:Too Far?

[Mr.+Slippery]

Why do we always have so much sympathy for criminal scum in this society, and none for the victims?

Oh, please. The US has the highest percentage of people incarcerated in the world, and is one of the few industrialized nations whose governement claims the right to kill citizens. Conditions in our overcrowded prisons have degenerated to the point where prisoner-on-prisoner sexual assault is considered a normal part of the sentence and a basis for jokes.

Many of them are young men who can still grow up to be fine citizens, if placed in a decent environment.

Allegations of "coddled criminals" don't withstand the lightest scrutiny. But it makes for damn fine politics..."My opponent is a wuss! I will be tough on crime!" Yeah, that's working really well.

Every politician makes noise about the rights of victims; no one talks about the right of the accused except in the abstract, and any talk about the rights of a convict brings out the "tough on crime" blowhards, who seem to think that criminal acts indicate some kind of demonic possession that must be beaten out of a perpitrator.

I'm all for the right to self-defense; I'm a gun owner and a martial arts instructor. But that right does not include killing or maiming another human being over a piece of property.

Re:Too Far?

[SnappleMaster]

Do what I do: write the CD key onto the CD itself.

If I was not a nice person I would also say something like "and don't be such a retard - take care of your stuff".

Re:Too Far?

[Mycroft_VIII]

"ooh, I lost my car keys, I'll just steal this one instead"

Actually it's more like 'I lost my car keys and the dealer/manufacturer won't sell me a replace for less than the cost of the whole car so I guess I'll have to just hotwire my own car"

As far as using an online found key screwing the one guy who bought a copy with that key, well that's the fault of the game maker for using such a system and NOT printing the key on the cd at least.
I've learned to copy my keys both into a blank book I bought and on the cd.
I have one game I can't play because the key is missing, the funny thing is I lost it twice (my screw up) because after loosing the first time I went online for clues and found out the publisher had screwed up the cd key system on the release of the 'gold' edition with extras and had put up a key that worked on thier website in plain view for anyone who followed any one of many links. then a few months later win98 had one of it's classic total meltdowns and I lost it again during re-install. This is what taught me about cd keys on the CD itself, and backed up somewhere else just in case.

Mycroft

Re:Too Far?

[fucksl4shd0t]

Doing this is probably the only legally defendable kind of destructive copy-protection.

Actually, there is no legally defendible copy protection of any sort. A pretty important nit to pick, really. The DMCA itself should actually be declared unconstitutional, because it is.

You see, copy-protection violates the sacred arrangement that copyright represents: it prevents the software from entering the public domain upon expiration.

The DMCA should be declared unconstitutional for this reason exactly, because it protects a method that is used to prevent copyrighted materials from being copied without the owner's permission, more or less indefinitely. Copyright is supposed to expire, and unless your copyprotection accounts for it, you're in violation.

I'm still very much in favor of revoking copyright for people who use copy protection on their stuff and immediately forcing it into the public domain. So it should be legal to break the copy protection. If you want protection from the law, honor your end of the bargain and place the work into the public domain upon expiration of the copyright. If you don't want protection from the law, then go ahead and use copy protection. but don't whine about piracy, you had your choice.

Re:Too Far?

[tftp]

The purchase of serial numbers is usually done over email, and guess how easy it is to lose the whole account with some free email provider?

Of course the email asks you to print it in triplicate and keep it in a safe place, but how many people do that? If they lose the serial and have to reinstall, what they are to do? It would not be illegal for them to use a pirated serial since they paid their due and they can even show the expense on the credit card bill.

Re:Too Far?

[farble1670]

i don't think it's unreasonable to ask you to hang onto the CD and CD key. that's part of the deal.

suppose you bought tix to a sporting event, and lost them. would it be okay if you broke into the venue through a back entrance? no problem right? you paid for the tickets right? or maybe they should just have an "i forget / lost my tickets" entrance you people like you.

if you could ensure that everyone that enters in such a manner actually purchased tickets, then this really would not be a problem. the point is that THE TICKET IS THE ENSURANCE. the ticket how they verify that you paid for the event. by the same token, the software key is the ensurance that you actually purchased the software.

by your reasoning, all software should be registration-less, key-less and based on the honor system. i'm guessing that won't work. nice idea though.

Re:Too Far?

[Kjella]

...and if you go 5MPH over the limit, it's okay for your car to blow up? Nobody MADE you go 5MPH over, you killed YOURSELF. I suspect the bomb planter wouldn't get away with "As a speeder, he was a menace to everybody on the road. As another trafficant, it was my right to booby-trap his car."

The punishment should fit the crime, and it is certainly not the victim's right to choose the appropriate punishment. That is what the court system is for, and why we have laws against vigilante justice.

Kjella

Re:Too Far?

Of course the email asks you to print it in triplicate and keep it in a safe place, but how many people do that? If they lose the serial and have to reinstall, what they are to do? It would not be illegal for them to use a pirated serial since they paid their due and they can even show the expense on the credit card bill.

Try to say that to the BSA when they knock down your doors and confiscate your computers.

Re:Too Far?

[drakaan]

If you can show the expense on the credit card bill, it shouldn't be hard to contact the software vendor and get a new key. Going to a site to get a hacked key is not only illegal, it's lazy and pointless, if you actually paid for it. If you're not savvy enough to have a copy of the serial number somewhere, does that mean the vendor should just say "oh, okay, use a hacked key"? How, exactly is he supposed to know that you bought the software but were too lazy to ask for a replacement key?

Re:Too Far?

[bentcd]

The court tends to care a lot about intent, and
if the software developer's intent can reasonably
be said to have been to cause damage to the
computers of copyright violators, then this would
be governed by any number of anti intrusion and
sabotage laws.
It wouldn't help the developer _at all_ that this
is also a clear case of vigilantism. The courts
like to maintain a monopoly on punishment :-)

FADE

[thrill12]

I guess FADE is something comparable. But it didn't get out of the realm of the game (Operation Flashpoint in this case), but simply degraded controls and ammunition inside the game. It proved not to hold long (as any protection), but I think it enouraged some people to buy the game they liked.

Oh dear...

Imagine the developers face when he realizes that he forgot a ! in his if statement, while testing that piece of code.

Really immature.

[Azureflare]

What happened to making a fullscreen popup saying "Stop pirating my program!" or opening a browser to a page on your website telling the user they're using a hacked serial?

Anyway, this guy's product and any future products will definitely not be getting any of my money (and I certainly won't be downloading his apps).

Ha, who am I kidding, I wouldn't download it anyway. Open source all the way baby!

Re:Really immature.

[rd_syringe]

Yeah, opening a website or having a nag popup will really stop the spread of piracy; just see how effective *that's* been in the past. Hell, someone will just code a nag crack to remove even that! Lame.

What's really immature is pirating the software to begin with. But hey, someone protecting their software from theft means they're the bad guy, right?

A Better Idea

Instead of deleting the files, they should encrypt the files.

The decryption key will be provided when the product is registered. :-)))))))

-Mike

Re:A Better Idea

[mpe]

Instead of deleting the files, they should encrypt the files.
The decryption key will be provided when the product is registered. :-)))))))

This is likely to be only slightly less illegal than deleting someone's files.
Effectivly you'd be holding someone's data to ransom.

what if the sw makes a mistake?

[whowho]

and by accident nukes the home dir? is there any responsibility from the part of the software designer?

Re:what if the sw makes a mistake?

[gcaseye6677]

Can I add a line that says I get your first born child if you pirate the software? You know, to provide a good court test of the power of EULAs.

Common contract law would not allow you to just include any terms you want to in the agreement, even if someone accepts. And contracts cannot be used to justify illegal activity.

Not portable

[Kippesoep]

Deleting a user's home directory is a bad idea. It's not portable. How about those poor folks running Windows 9x. They don't have proper home directories. Even the ones in WinXP are half-baked. You'd have to build in a routine that'll erase the C:\ drive for those poor saps.

Re:Not portable

[kannibal_klown]

Yeh, the most that would happen to me if they delete my PC's home directory is my settings, bookmarks, and a few other minor things. At most, I might need to perform a repair on SOME installs to get an app working correctly.

But I don't store anything in "My Documents," "My Pictures," or the like. Sure, some games default their saved games there, but boo hoo.

My Powerbook on the other hand, I'd have to kill someone. Seriously, I'd wring their little necks.

But I don't pirate software. I make enough money that if I need software X, I buy it, ESPECIALLY if it was designed / published by a small house.

Personally, I hate it when someone pirates software from a small software company. I mean, is it that friggin hard to pay $27 USD for "Gish" or some other delightful game gauranteed to keep you happy for days on end, or $30 USD for TextPad if you use it every day? MS Ofice I could understand (though I paid for mine), but little apps like Textpad are usually worth it.

These jerks had it coming.

Boobytraps are illegal.

[etymxris]

It seems that this would break some law or other. Mantraps are quite illegal, and while the stakes are not as high, this is conceptually the exact same thing.

A few things...

[telemonster]

First, at least he didn't start emailing parts of the user's mailspool to address book entries!

I always thought it was kind of ironic when the small people back the groups like SPA / BSA. Those "industry" groups represent those who fund them, and AFAIK will do nothing for the little guy. They are funded by the big players.

There have been a few other similiar cases. I believe one of the popular Windows CD recording packages would burn garbage CDs if you entered the wrong serial number, or entered one of the popular serial numbers found on google.

While I sympathize, this is going to far.

[Kenja]

I too have been stung by rampant piracy, however I would never do what these authors did for fear of the potential legal and ethical problems it could cause to knowingly sabotage someone's system. In my case the software in question is Net Weasel, a small HTML editor that has had millions of downloads, has several thousand active users bugging me for support and zero registrations (that's right, not a single person willing to pony up any money). Yet people still email me claiming to have a legitimate copy and demanding that I fix bugs or release a new version. As it happens I do have an updated version I use myself and I'm working on a 2.0, but until I come up with a way to stop people from writing cracks its just not worth my time to release. I'm already compressing and encrypting the executable, there's a point when the copy protection gets to be a bigger project then the application itself.

Re:While I sympathize, this is going to far.

[jandrese]

Have you ever considered that perhaps you're charging too much for your software? Also, if people are flooding you with support requests for shareware, there is a good chance that they won't actually plop down $$$ for the software until it works as advertised. No matter how much work you put into your anti-piracy system, people won't pay for crap.

I don't want to sound too harsh here, but if you take a hostile view of your customers, they will respond in kind. This might be a good opportunity to step back and see if there is anything you could be doing differently to make your product more buyable in the eyes of your consumers.

Re:While I sympathize, this is going to far.

[Jerf]

zero registrations... I'm working on a 2.0

Why?

If your goal is to make money, I submit the market has already shown you what people are willing to pay for an HTML editor.

Your decision, of course, but it is possible you are running on sheer inertia. Have you stopped for a moment and asked yourself if you really want to be doing this?

Re:While I sympathize, this is going to far.

[Dracolytch]

I find it hard to believe that nobody has bought your software with millions of downloads. I find that a really good program gets about a 1% (ouch) download/purchase rate.

I'm working on designing my site so that the keys are available on a web-based DB. Do an MD5 on the key, and match hashes with with the one on-line at program startup. No match, no save capability. Too many people going for one key? Disable that key.

Have the program run OK if it fails once or twice in a row, but the third time, the program dies until it can check its key.

People may still be able to crack your software (No real defense against people rewriting your program...), but keygens and re-used keys become a rarity.

~D

Re:While I sympathize, this is going to far.

[TedTschopp]

I don't want to sound too harsh here, but if you take a hostile view of your customers, they will respond in kind.

Ummmmm.... By definition, they are not customers becuase they haven't purchased anything yet.

Re:While I sympathize, this is going to far.

[Kenja]

"Why? If your goal is to make money, I submit the market has already shown you what people are willing to pay for an HTML editor."

Because I use the program myself. In addition, the market has indeed shown what its willing to pay for a HTML editor, just look at programs like Home Site Builder.

Re:While I sympathize, this is going to far.

[DunbarTheInept]

No. Party one didn't necessarily steal the software. Perhaps Party One merely made a typo in the registration screen - a typo for which he'd like the program to tell him it's wrong and let him type it again.

The problem with automated anti-piracy smack-downs like this is that they are going to register false positives. Like when the MPAA assumed that seeing a file by the name of "one.mpg" meant that the file must be the song "One" by Metallica, and that it must be a song for which you don't own the legal copy on CD or tape, and then acted accordingly.

Re:While I sympathize, this is going to far.

[Wah]

Woah, slow down there TedT.

By that definition, a customer has never walked into a store.

I think that illustrates the point the other poster was trying to make. If there are thousands of people using the software, and many asking for support, then I can't see how directing them to a website that explains how one gets support (by buying the product) would be so difficult.

It's got to be pay to work, because the scarcity properties of digital artifacts and our understanding of economics makes paying a hefty price more difficult than it would be normally. Especially if all we are paying for is the right to flip bits in a certain direction and in a prescribed consistent pattern.

I'm not being a jerk, or saying everything should be free. Far from it. It's just a difficult problem to solve that involves changing the way certain ideas are concieved of. Looking at how difficult the problme is, at its core, is all I'm trying to get at with the above.

However, the 'customer' thing goes back to the bazaars, and anybody who walks by your place is a 'potentail customer'. This, as it turns out statistically, make them part of a customer, and if you treat the part like the whole, it will become it.

Re:While I sympathize, this is going to far.

[Lumpy]

AMEN.

Here's an example,

there are gobs of DVD authoring apps out there, Most in the $199-$399 price range with the most expensive beign Scenerist at $30K+ All the cheap DVD authoring apps suck and make you do their "templates" that all look cheezy and crappy. So DVD authoring apps are pirated by most Indie and enthusiast movie makers.

A year ago I found DVDlab, something with almost as much power as Scenarist and it costs $99.00.

out of the 20 or so Indoe film Makers that had pirated versions of other DVD authoring apps, all but 3 of them have bought DVDlab.

why?

because it's affordable.

software price is the #1 cause of piracy. why the hell pirate something when it's easier and cheaper to simply buy it?

Most people are suspicious of software today. they are used to spending big $$$ for utter crap that only barely does what is promised. (Final Draft for example!) They are tired of being extored at every turn and paying huge $$$ to some guy that thinks being a programmer is worth more per hour than the engineers making high end bikes and other physical items that they know they own.

Software is overpriced, espically consumer grade software.

Re:While I sympathize, this is going to far.

[taustin]

The system you describe is, from what I understand, trivial to defeat with a hex editor. Simply flip the if/then check on the key, so that the program only works when it can't check the key.

Re:While I sympathize, this is going to far.

[Lumpy]

and software you and your company writes will never EVER be purchased by me or my company. NOR will I be able to honestly reccomend your software to anyone based on that "time-bomb" you use.

you can not guarentee to me that you will exist in 10 years, or that you wont decide to ru a "forced upgrade" on users by killing all key's or the server it's self.

I have users that are using critical software that is over 10 years old (I know they are evil and steaking from the developer's mouths.... yadda,yadda)

Anything that requires external authentication to install or run is unacceptable and get's put on a blackball list that I distribute to associaltes and clients.

And people wonder why OSS get's more and more popular with companies pulling crap like this on the paying customers.

Re:While I sympathize, this is going to far.

[HiThere]

If your application is already net-dependant, then that might be a reasonable approach. Otherwise... I often run without any net connectivity, and would find your approach extremely abusive.

Re:While I sympathize, this is going to far.

[gfody]

keygens only really popup for apps where its easy to modify the code that checks the key to make the key. most cracks are a single thoughtfully placed NOP instruction or two.

its amazing the effort some developers will put in to securing their shareware at a high level but then have no idea how easy it is to circumvent at a low level. a compiled binary is no more secure than your source code. you can use a program like asprotect to encrypt the binary but it still needs to be decrypted at some point.

until cpus have the ability to natively run encrypted/secured binaries there will always be cracks. and even then who knows

one thing I find funny is that the developers of these $10-$20 shareware apps try like hell to make there own uncrackable key system or something. then the professional and enterprise software just uses some 3rd party library with cracks already available the day they release it.

my advice for shareware develoeprs is to just make it easier to purchase! accept paypal, mastercard, visa, epay whatever.. put the ui right in the app, run a live key server, don't make me wait for an email before I can start using the software.

Typo in the headline!

[jvmatthe]

Should read;

"Independent Developers Fight Piracy & Lose Your Data".

The original version said "...Lose Your Pr0n Collection" but it was too long. The new shorter version is too terse.

Wow, what was his clickthru license like?

[mveloso]

I'd love to read his license agreement.

This guy is a criminal, and douche.

[autopr0n]

If anyone lost any critical data due to this 'feature', there could be serious consequences. I'm not sure if rm -rf ~ on OSX makes the files unrecoverable, but the author ought to be liable to pay to recover the data.

In fact, simply writing the software may have been illegal.

If someone steals some CDs from you, you don't have the right to burn their house down.

And, as a matter of fact the software in question may have been violating the GPL. It was basically a front-end to FFMPEG, which is GPL'd, and it may have come bundled with it.

So basically the guy wrote an easy to use front end to some free software, and then trashed people's work when he stopped getting money from it.

Re:This guy is a criminal, and douche.

[rd_syringe]

Bad analogy. It's more like he's letting you know that if someone steals the CDs, they will ignite into flames...so don't steal them.

Frankly, I don't see what the big deal is here. Why should anyone care if they're not pirating software? Oh, wait...

A New Slogan

[MankyD]

Echelon - Redifining the Meaning of BOFH (or perhaps BDFH?)

Use the carrot not the whip

[Neil+Watson]

How about offering incentives to people who purchase the software and register?

• Free tech support.
• Discounts on upgrades.
• Discounts on related software.

This author should be arrested.

[pclminion]

I cannot see any reason why this shouldn't be classified as a trojan. The program does something vastly different than its expected purpose. The fact that the user was attempting to use the program without a valid serial number is immaterial.

The author wrote and distributed a program with malicious intent and should be convicted of whichever computer-related offenses are most appropriate. Perhaps probation would be preferable to jail time, but I see no way to excuse this person's behavior.

Any software developer with even a remote sense of reality realized long, long ago that preventing piracy is impossible. Make a product that people are willing to pay for, and they will pay for it. That's the best you can do.

Re:This author should be arrested.

[pclminion]

Of course, all the witnesses involved in a conviction would be providing evidence against themselves for a more serious crime, software piracy

Are you sure that simply typing in an unauthorized serial code is "piracy?" The program is freely downloadable. The fact that the user has possession of the software is not, in and of itself, a copyright violation, since the author has explicitly designed his business model this way.

I know of no instance where a person was convicted of copyright violation merely because they entered an incorrect code into a computer program. IMHO, it would be absurd.

As for software piracy being more "serious" than the malicious destruction of data, I must ask: are you kidding?

Not to mention that the copyright violation would certainly fall into the civil category, not the criminal. OTOH, what this author did is something like a criminal misuse of computer resources with nameable damages. Thus, the case against the author could be prosecuted without a plaintiff, but in order for the author to sue the pirates he would need a lawyer. That would be difficult, considering he'd be in a jail cell.

A bunch of people coming forward with sworn statements to the effect that the software they stole did bad things to their computer could change that, I suppose...

I'd still like you to explain how typing an unauthorized serial code into a dialog box is even remotely like theft. I'm not even sure that it's equivalent to copyright violation.

What the h*ll?

[Kalroth]

I'm a professional software developer myself and while the software I work on isn't piracy prone, I'd never go this far.
Disable your own software, do bad encodes, draw goatse/tubgirl images on the encodings, but dont, DONT mess with files that doesn't belong to your program.

This is just plain immature, not to mention very wrong.
And yes, it seems like the author already removed it, but putting it there in the first place is bad.

Illegal?

I've read that adding timebombs to commercial binaries was potentially illegal. Wouldn't willful destruction of property (rm -rf ~) be even worse as victims would have an easier claim for damages?

Mixed feelings about piracy

[31415926535897]

I have some mixed feelings about piracy. I believe that, at the core, software piracy is morally reprehensible (sorry about using the term piracy for those of you that quibble about that, but it is the term used in the summary).

As a software developer, I feel that I ought to get paid for the work I do. I do work for a company that pays me to develop, so it's really their responsibility to make sure their software isn't pirated (if they want to protect their business).

Nevertheless, I feel that piracy can be benefically to any company, regardless of size. I think that it may even help smaller companies more than larger companies, because piracy may be the vehicle in which a particual software package becomes very popular. However, one has to realize that 100% of software can't be pirated, otherwise nobody would develop anything meaningful (excepting the free software movement, but that's something pretty special [and I do wholeheartedly support it, even with LOC when I can]--I am speaking in a manner of business). Like most things in economics, it probably requires the right critical mass (you need to have the right number/ratio of people buying your software to make you profitable, but you need to have a certian number/ratio of people pirating it to make it popular).

I never think that software should ever use measures that destroy your property (digital or otherwise) as a means to prevent piracy. I am glad that the author of the software mentioned above took out the folder deleting technique--I cannot believe he did that in the first place.

Re:pirates and all

[AlexTheBeast]

The one point this guy makes is that piracy does hurt the small niche programmer.

I have always been amazed that the large companies probably get a big benefit from releasing their software into world... people learn to use and depend on it... and eventually as the rep gets better, then sales improved.

However, I have no doubt that piracy has really hurt programmers like this guy. He reports a 30% decrease in sells. I can understand why he is so desperate.

Do two wrongs make a right?

If you know a kid is going to steal a coke, is it okay to put poision in that coke?

I don't know what is morally right or wrong, but I can understand why this guy is so worried.

AlexTheBeast

Addendum

I'd like to add that back when I was using windows, the first program that I ran into this with, bulletproof ftp, was actually able to detect a keygen'd serial number. It displayed a nasty message in the bpftp program and then opened up IE and took me to the ordering page on the bpftp site.

I was impressed. I was maybe 16, and I wasn't necessarily using keygens because I hated companies or wanted to be malignant, I just had no money. This was the first program that had been able to detect a keygen'd serial. So, I actually bought a license for bpftp... (it was cheap anyway).

Maybe I'm the only one who feels this way, but I had to hand it to 'em. It's a respect thing, I guess.

Or maybe it was just adolescent "logic" running through my head. Nowadays it seems kind of dumb. Oh well, thank god I don't use windows anymore.

basic anti-piracy

[CrazyJim1]

The system I use with my applications is:

Client-server architecture, you login once with a CDKEY. Everytime the program runs, it sends your IP and cdkey to a server.

Now if TOO MANY PEOPLE use a CDKEY, you can cancel it out... Then when people login with that CDKEY they see,"You are using a pirated CDKEY, please get a legitamate one. Email X@X.com"

Sure advanced hackers can skip past the client-server authentication, but its tough and they need to do it for every released version. For the most part people are stumbled here.

Good points:
1)You can track if your software is being pirated at all.
2)You cut people off who have used your software, so its like a free trial and if they like it, they can pay you for a copy... And they may not have bought the software to begin with.

www.geocities.com/James_Sager_PA

Completely Unacceptable

[spin2cool]

If the author of the software had simply deleted the software itself, or disabled it in some way, this could be acceptable, but deleting a user's home directory goes WAAAAY over the line.

A good general guideline for ethical behavior in CS is theACM Code of ethics. This violates several points, including:

1.2 Avoid harm to others.

1.3 Be honest and trustworthy.

1.7 Respect the privacy of others.

(1.2 is the most applicable here, I think)

Re:Completely Unacceptable

[yo303]

If the author of the software had simply deleted the software itself

Back in the days when we were cracking Commodore 64 games, I remember there was one game that did something similar.

The game floppy had its write-protect notch covered, as with most commercial software. We played around with the disk, changed some things, and then tried to run the game.

It turns out that the very first thing the program did was to attempt to format the floppy disk!! Of course, for most users nothing happened, because of the write-protect tab. But we had to go back to the store to get another copy. (First thing we did after that was to take out the format command.)

We were annoyed but respectful.

yo.

Don't try to fight piracy...

[kcbrown]

...at least, not in any traditional way.

Rather than spend a considerable amount of time and effort in a vain attempt to foil copyright violators, try simply putting out a decent product at a fair price. Those who are honest (who, I think, are most of us) will be willing to pay for something they believe is fairly priced, and those who are dishonest won't be willing to pay for something no matter what -- they'll do everything in their power to illicitly copy it instead.

Honestly, I suspect that the return on the money wasted on fighting copyright infringement by fringe elements is far less than the amount actually spent fighting it.

possibility

[Hanzie]

The bomb-code was only up for a few hours, and reputedly nobody got nailed, so why is this article in existance, anyway?

I mean, with MS you click "I Agree" to a box that says they can modify or delete anything on your PC anyway. I think the big licenses even include a "search anytime we want" language too.

Oh, wait -- This is a MAC program. They're not used to losing all their data instantly (viruses, hideous crashes... etc...)

Well, you Apple fans don't have any decent viruses yet, and you need something to share our pain...

Brilliant!

[meanfriend]

Make your software behave in such a way no one is willing to use it and then no one will pirate it!

Seriously, this is not the first time a program detects a hacked serial key and then [insert some behaviour], though this is the worst measure I have ever heard of.

Windows XP for instance doesnt allow you to install SP1 if you are using one of a few leaked keys.

IIRC, CDRWIN (a cd-burning program) would slowly 'degrade' your burns over time if you used an invalid key. Very insiduous, as it would seem to work at first then slowly get worse and worse.

What if you mis-type in your valid serial and the program thinks it now matches a banned key? Whoops!

If you insist on deleting something on the detection of a hacked serial, then trash the programs binary, *not* the users whole home directory. That's just assanine.

Good for him

[MarsDefenseMinister]

I'm a big supporter of free software, and am totally against software piracy. A contradiction? No SIR!

Free software depends on adherence by users to an agreement with the developers not to illegally use the software in a proprietary manner. If we expect people to abide by free software licenses, we have to abide by commercial software licenses too.

In my opinion, the only thing he did wrong was to not put a clause into his license that when the user clicks on it specifically authorizes the code to delete the home directory if it chooses to.

Stop stealing music, software, etc. while at the same time expecting free software to remain free. It's hypocrisy.

What about typos?

[The_Rippa]

What happens if you enter a serial number incorrectly and it triggers the "hacked" serial code that deletes your files?

And what about a random bug in the software that could end up doing the same?

Personally, I wouldn't even consider running a piece of software that has the capacity to delete all my stuff.

Wouldn't it make more sense to hit a webpage and save the ip number or something?

Just a question for everyone

[rd_syringe]

I can guess how the majority of this discussion will go, so I just have one question. Why do people always try to apply the ideas of OSS to commercial software? It's like people get so used to being able to download anything they want for free that they for some reason take that set of principles and apply it to software they weren't given permission to download without paying for. That's completely the opposite of the free spirit of OSS, which is that someone is purposely giving away their effort of their own volition, and you can contribute back to it for the good of the community. Pirating doesn't contribute anything except lost sales for the people who make a living and feed their families. It's not free advertising, it's not try-before-you-buy (that's what demos are for), it is nothing more than people not wanting to pay for something. Same thing with MP3 piracy, movie piracy, etc.

hitting back is illegal all the same

[l3v1]

No matter if they killed your dog first, if you kill theirs back in revenge you'll just as culpable as they are.

On the other hand, I can understand the difficult situation of small companies defending theirselves (we've also had to deal with similar situations lately).

I just don't accept this course of action. It just doesn't make him any different. Acting like this just proves his ignorance and inability to come up with a suitable defense (has not to be perfect, just enough to generate some reasonable income).

Re:Check the EULA

[themassiah]

This may be a troll, but I'll bite. Just because something is in writing, doesn't mean it's legit or legal! I could put a clause in my EULA saying "If you read this, I can take all your money and all your children's money", but that doesn't make it legal or enforceable.

Been tried before

[earthforce_1]

Anti-piracy sabotoge has been around for a long time - it dates back to the days of some manufacturers using 5.25 inch floppies that included an unused disk track containing sandpaper - attempting to copy the master disk would result in moving the floppy read head over the sandpaper covered track, thus destroying it.

This was stopped for probably the same reasons as discussed in the home security thread regarding booby traps. Destroying somebody's PC is illegal, even if they are making illegal copies of your software. Besides, what if they were using somebody else's PC to do it? And who would want to purchase a product that could destroy your PC if you make a mistake? Kind of like purchasing a car with a built in self-destruct as an anti-theft device. God help you if it malfunctions.

Doesn't Delete $HOME

[Unruly]

It simply moves it into /tmp/.

When the user reboots, however, /tmp/ is cleaned and the data is lost.

Re:Check the EULA

[ValourX]

No, that is not true. A license cannot violate the laws of your country, and in the U.S. a license cannot take away any of your constitutional rights.

A provision in a license does not give someone superpowers over you. The only remedy legally available to software distributors/makers/developers that have users who are breaking the terms of the license is: termination of the license. There is no way to legally destroy files on a user's machine no matter what they have done to you.

-Jem

Developers still don't get it

[Teddy+Beartuzzi]

Pirates *aren't* your customer base. They don't buy software. They may use your program without paying, but they aren't a lost sale.

Spending time trying to convert them into customers is completely wasted. Stop them from using your program with a perfect protection scheme, and all they'll do is use a different program.

Do it in a rediculous manner like this joker, and all you're going to do is drive away your legitimate customers. I wouldn't pay for this thing in a million years. Who knows what crap this thing could pull in the future? All it takes is one bug, and suddenly it thinks legit users are pirates...

This stunt he pulled has caused far more loss of sales for him than any software piracy.

Better yet...

[InThane]

Offer the codes for free. This way you get out of the extortion issue.

However, in order to get the code, the person in question must prove their own identity... Opening themselves to criminal and civil charges.

I like that.

How about enlightened self interest (Re:Too Far?)

[winwar]

Okay, so the person didn't have permission to use the software. I can certainly understand the urge to do something like this.

However, consider the consequences. The publisher could get sued. Sure, he probably will (might?) win, but it costs money to defend. Oops, there goes more profit. The publisher loses goodwill (hard to define-but not all publicity is good publicity....). Oh, and maybe the publisher gets hacked/cracked by someone he has pissed off (people pirating software may not have the strongest morals/ethics/logic but some may be good at computers). Oops. There goes more profit.

In short, I see a lot of downside and little upside. And I sure as heck wouldn't want to use a product as a LEGITIMATE user if I knew it was designed to screw up my system (even if only for illegitimate users).

Rediculous extremes

[87C751]

What ever happened to just not working when a bad S/N is entered? Not producing garbage output or destroying files, but just not working. If you're going to take the approach of pissing off the user, where's the justification in vandalizing the system to do it? Unless the programmer is trying to invite up-close-and-personal criticism.

Re:Rediculous extremes

[Just+Some+Guy]

What ever happened to just not working when a bad S/N is entered?

Or even a known-pirate S/N that the installer used because they left the legitimate number lying on a notepad on their desk at home, and need to get system at a remote site up and running now?

Back in the Windows 98 days, I found myself in the position more than once of having left the OS box with serial number at home, so I'd have to Google (well, AltaVista) for one of the popular warez versions so I could finish an install and go home. Note that I was not pirating anything; I had the legal right to install one copy of the OS, and I installed only one copy.

So now I'm visiting my mom's city on a long weekend, and helping my sister install Echelon so that she can burn copies of her vacation video. Dang, the legit serial number is sitting in my mailspool behind a ridiculously paranoid firewall 500 miles away. I know - I'll just grab a S/N from the 'net to get her system going until I get home. Oops, sorry 'bout that, sis! Hope you had backups!

Re:Rediculous extremes

[Just+Some+Guy]

Justify it all you want, it is still illegal. You have a serial number, misplacing it does not give you the right to use someone else's.

No, it's not. It may be against your particular Terms Of Service, but it's not illegal. First off, I can't imagine any software company in the world that would object to this as long as you stick to the correct number of seats / connections / whatever. Second, try explaining that to the judge:

Them: "Your Honor, the defendant paid $39.95 to buy this sequence of digits that would allow him to use our software, but he really used that sequence."
Judge: "And he using features that he wasn't entitled to, under the terms of the correct sequence?"
Them: "No."
Judge: "Oh. So, then he sold the 'legitimate' sequence while still using the one he downloaded from Google?"
Them: "No, Your Honor. The thieving pirate went home, printed out the legitimate sequence, mailed it to the customer whose machine he illegally installed our software on, then deleted it."
Judge: "Are you on crack, or does this really make sense to you?"

Re:Rediculous extremes

[Old+Wolf]

I like the approach of IceEdit (a message editor from the old BBS days). If you registered with a hacked key, then everything appeared to work fine, but it would actually post your message backwards (ie. each line was reversed), causing great humiliation.

Re:pirates and all

[MORTAR_COMBAT!]

If you know a kid is going to steal a coke, is it okay to put poision in that coke?

I think a better analogy is: if you know a kid is going to steal a coke, is it okay to put laxatives in that coke, along with a sign on the coke saying "if you didn't pay for this it has laxatives in it"?

Bad Idea

[onkelonkel]

Bad Idea if you end up hurting a paying customer.

Back in about '82 an acquaintance bought a C64, floppy drive and accounting software. Painstakingly entered data for his employees, customers etc. Took him about 2 weeks of hunt and peck. Program ran great for about a month and then one day when he loaded it up, his master data file had every record replaced with "PIRATE","PIRATE","PIRATE"...

It turned out that the copy protection could be triggered by a slightly misaligned drive head. The program thought it was a pirated copy and activated its anti-piracy code. OOPS!

Buddy was not impressed, since it cost him much time and money. After several nasty letters from lawyers the developer ended up having to pay to have the data re-entered, as well as supplying a version of the software without the anti-pirate code.

This has been tried before

[dokebi]

Anyone remember Jeff Arnold's CDRWIN program? His program was popular years ago for its ability to copy Playstation games. As his program became popular target for pirates, he implemented something similar. But as I recall, the user outrage was enormous, and he had to remove the new "feature". Even then, people didn't trust his software for a long time afterwards.

It's just like physical security...

[blcamp]

...you do what makes sense. You put locks on the doors. You put wooden dowels in your sliding patio door and windows if you are going on vacation. But you can't rig your locks to blow someone up if they attempt to break in your house. That's insanity.

There's only so much you can (and should) do with software. Even the boys in Redmond have a line item to deal with lost sales due to hacked code - it's simply a fact of life that not everyone is going to be a paying customer; it's a cost of doing business.

Piracy is sometimes due to copy protection.

[vadim_t]

Seriously. It's much easier to pirate some games than to buy it. The amount of inconvenience involved in running the legal product is sometimes quite amazing.

For example, recently I bought Neverwinter Nights and both expansions. Previoulsly I had the pirated NWN, but of course I couldn't play online with it. So after I found I in fact like it, I bought two copies of NWN + SoU, and then a HotU one too.

Installing it on Linux was a bit unintuitive, but I can live with that. Next problem was that the font of the CD key was illegible, and "A", "R", and "O", "D" and "0" look the same. Just great, with a pirated CD it installs directly, and with the legal one I need to spend 15 minutes trying to figure out which is the right key. And what if I happen to find another valid one, but which is not mine?

For the SoU expansion, Bioware forgot to include some background music. The sad thing about this is that the pirate copy of SoU probably comes with the sound files on the CD, or at least it's something that could be easily done.

Then there are some games in which copy protection goes to ridiculous levels, like installing special drivers. I *hate* this kind of crap, which is almost all the games I play are on Linux, where this stuff hopefully will never become common.

Undesired side effects

[nv5]

This type of action is a bit like a war. Bombing an apparently guilty party may make you feel better, and maybe even act as a deterrent to others.

However, there will be innocent bystanders caught in the crossfire. And the author is giving up the moral (and in some jurisdictions the legal) high ground.

I somehow doubt, that this software behaviour will increase his sales - possibly the opposite might happen, i.e. sales will tank, because legitimate users might be afraid to be caught in the crossfire. So while he may be able to re-appear (or have the software re-appear) under a different name, he therefore would lose the goodwill associated with his and the current software name.

It is very understandable that someone reacts harshly to being under attack, but it does not necessarily make it the wisest thing to do, even for oneself.

Was there a warning?

[ugen]

I wonder if there was a warning. If BEFORE prompting user for a serial number there is a BIG RED warning stating that entering a "stolen" serial number will DELETE ALL YOUR DATA, then may be, just may be, I can see this as a legitimate, if boneheaded method. Of course if it were me, I'd cancel the installation and put this guy on a mental blacklist forever - who wants to deal with an a-hole. Still, that method would at least be remotely legal. As it stands, lots of you have said it before but I'll repeat it - erasing private data is a crime, period.

Ah, on the topic of cost of software. The interesting thing is that software market is NO MARKET AT ALL! To be a market, one has to be provided with choices of a product doing substantially similar things with prices set by supply and demand and some competition to boot.
Often in software there is no choice - there is one product doing one thing and sold at a fixed price set by developers. When there is a true choice of products, prices still don't seem to be set by the market. Rather, developers randomly set the price and users excercise their market power by pirating (i.e. leveragint their fear of illegal action or acting immorally vs. the cost being too high for functionality provided.) Want to reduce pirating - auction your software. The real price will be found very soon, but it will very likely be a lot lower then $20 most seem to be asking for. BTW, $20 is an astronomical price for all but the most complicated software packages geared for ahome user. I would bet that market set prices would be somwhere between 5 cents and 2$.

rm -rf *

[cperciva]

There was a bug in the vBuild component of InstallShield last summer which could result in an accidental `rm -rf ~`. After being bitten by it once (fortunately I noticed the disk activity before it deleted anything for which I didn't have backups), I helped to track down the problem; apparently at one point there was a "mkdir /cachedir; cd /cachedir; rm -rf *" (or rather, the equivalent in C) and they never checked the return codes of the first two operations.

So, to everyone who is asking "what if he made a mistake?": Mistakes can result in data loss even if you don't intend to delete anyone's data.

Most effective forms are-

[celerityfm]

First off I am dumbfounded that you have not sold a single copy of your software :( It looks really nice though and I'm sure if I had a need for an HTML editor I would consider your software!

But I believe we already have some glowing examples of effective anti-piracy measures:

#1) Counter-strike. The video game. Yes, Valve's CD-KEY system actually works here because in order to play the game you have to connect to a server. To be able to connect to a server your CDKEY has to match one of the keys in their database. To be able to play your EXE cannot be cracked/modified as MD5 checksums stop you from joining. I'm sure there are ways around this but I haven't read about anyone who has effectively cracked this mechanism for multiplayer yet. MMORPGs are another good example.

#2) Windows. Microsoft gave up on focusing on the individual user a long, long time ago as Bill Gates realized the real money isn't in individual sales as much as it is in contracts with pc manufacturers to have windows preloaded on new PCs. It would be a little harder for DELL to put a pirated copy of Windows XP on every single computer they sell, so Microsoft eliminates piracy here by making the user buy Windows before they get the computer. Of course, there are ways around this too.

#3) Extreme dongles. Forcing the users to attach a dongle to the computer while running the program makes things harder on the crackers. Not impossible to crack, but more effective then not having it.

But overall the most effective copy protections involve some sort of online "serial # check" or program integerity check of some kind. Since your users are web developers then they'll most likely be online anyways this may work. But another poster pointed out that as long as you are letting people download a "time limited trial version" that unlocks by simply entering a serial code then you've got a problem since the most effective crack is to simply fool your program into thinking trial mode never ends.

It may be better to just distribute a "crippled" version that cannot unlock and let people who buy the software get an "unlocked version" that pings you with a serial number. You start to see 2 serials pinging you, then you block the serial and tell the owner to contact you for a new #, etc.

Course people will think your software is spying on them by pinging back to you.. so definetely go out of your way to explain whats going on to the user.

Good luck!

Re:Most effective forms are-

[VistaBoy]

Dongles don't work too well.

Why? Because then the warez guys just go through the assembly code and replace all the code that checks the dongle with code that returns a "Yes, it's there" response. Poof! The copy protection is totally useless.

Well....

[SerpentMage]

1) The shareware can charge whatever price they feel is right. If the price is too high then nobody will register. It is the shareware author's choice.

2) If you have a copy of the software that does not work as you expect it, then DON'T BUY IT, and don't ask for support. If you use the software then buy it! It is that simple.

3) Piracy has NO justifications whatsoever. If you don't like it, use open source and don't pay a cent. But don't pirate because you are a cheap ass.

Re:Well....

Piracy has NO justifications whatsoever.

Blanket statements are rarely true. I infringe upon copyrights routinely. I believe that copyrights should have limited terms, and that the terms should be sensible. Therefore, I have no problem infringing upon ~15 year old copyrights, while respecting younger copyrights.

Stupid kneejerk blanket statements, on the other hand, have NO justifications whatsoever ;)

wrong, here's two examples

[poptones]

Way back when it was in about version 2.something I sent money to the writer of ez-cd extractor. Back then it was (although it may still be) one of the easiest *high quality* rippers around. Last I looked it was up to about version 7.3 or so. Now, in that time I have moved two or three times (email, I mean) so I sometimes have a hard time remember which address to use to request the latest reg code - and EVERY new version lately needs a new reg code. Mostly this resulted in me not worrying about it (there are other ways now that are nearly as easy) but sometimes I'll want one of the features so I install it. Then I have to wait 3 or 4 days until he gets arund to emailing me my new reg code.

often I have used "cracked" codes because the feature I wanted to use was not in the "free trial" version. So I am a legit user, but I am using a "cracked" code. So how is it right I am to be treated as a criminal?

I sent the developers of ReGet Deluxe 20 bucks because I found it to be the "absolut" best download manager for windows. Unfortunately those wacky russians have decided I never paypal'd them that twenty bucks at all and have denied me support for quite some time. As a result I felt no unease at all about using cracked versions of their software.

Of course, now that I no longer rely on windows they have been replaced by a very nice OSS package - RIP ReGet.) Quite frankly, I think ANY developer nowdays who tries to sell "consumer software" and worries about piracy is not too much different than, say, Dow suing that farmer in canada for growing "their" rape (or is it wheat?) when the seed blew in from neighboring pastureland.

There is so much open source software nowdays it's becoming harder to find "shareware" that ISN'T in some way based at least partly on OSS. I have no qualms with someone trying to make a living writing software, I just think they need to choose their market carefully. Nowhere in our law does it PROMISE you an income simply for offering something for sale, and there are limits to how far one is allowed to go to "police" behavior.

Guilt Trip

[Kalak]

The best anti-piracy serial number solution I've seen was one (I can't remember the program) that, when you entered a known pirated serial number, it said "You just entered a pirated serial number. I know I can't stop you, but I can sure make you feel guilty. You can use the program now withouth the nagging now, you cheap bastard" (Or similar, it's been a while.)

It worked. I decided to delete the program until I could convince work to buy it for me. (New job, so the copy stayed with them.) I've never looked at pirating serial numbers the same since. I try hard to get work to buy the smaller software companies stuff that I use, or I delete it, or look for freeware so at least I'm being cheap but without the guilt.

Piracy is NOT a problem.

[baadfood]

Software developers that have a problem with piracy are making an incorrect assumption. And that is that anything other than a small fraction of their user base is willing to pay. They are, incorrectly, looking at the number of downloads, comparing that to the number of sales, and are seeing the difference as losses. They are not. I personally would never pay for Echelon. I may download it and use it if free, but if I had to pay for it, then it drops below my radar of things-I-want-to-do. Or, some other developer has a 30 day trial I can use. The point is, some random small shareware app very rarely does something Im willing to consider paying money for. 90% of things like echelon I download Ill run once, think "thats cute" then totally forget about. Im not willing to spend $10 or more a time simply because Im curious about something. Sheesh, Why these software authros think that their tool is going to become an indispensible part of my life such that I need to pay for it. Crikey. Anyway, if shareware authors stopped lamentin gthe rampant "piracy", which is users of their software who would never buy it anyway, and concentrated instead on expanding the base of paying users, then they just might get somewhere.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:A Better Idea - trashing output files

[mykepredko]

How illegal would it to be to have systems with pirated serial numbers produce trashed output files? If the Echelon developer was really cruel, the Mpegs could be good for a few megabytes, so the preview would be okay (along with a quick check of the video).

I admit that deleting the root directory is too far and I would agree encrypting somebody's files but surely a program using a pirated serial number could not be expected to work properly?

Maybe they could even catch a few pirates that asked for support for the "defective" software!

myke

Subject line?

[A+well+known+coward]

Shouldn't the subject line for this story read "Independent Developer Fight Piracy & Loses it?

chroot jail

[M51DPS]

You know guys, trying to delete the user's home directory or messing with them in other ways might seem clever, but what if they decide to run their program in a chroot jail?

Re:chroot jail

[jrockway]

My textbook "Exploiting Software" suggests that if you are able to overwrite the interrupt vector, you should do something malicious when a breakpoint is hit, like erase the disk. That should keep people from fucking with the internals of your program for a while. I see about 30 ways to get around this, but m0r0n h4c13r software cracker might not.

Still kind of funny that a textbook suggests this :)

Re:chroot jail

[Mycroft_VIII]

While Joe cracker might not start a lawsuit 'hey I used an illeagle copy of your software and it killed my pc'. What happens when innocent guy who bought a copy with a valid number, when it was shipped, but has since been generated and used by a crack program gets HIS files deleted (or maybe the protection software mistakenly thinks his serial is bad).?
I'd be suprised if he didn't get into trouble there.

Mycroft

Open Letter to Slashdot

[serutan]

Dear Slashdot,

I'm an independent car manufacturer. The cars I build are licensed to be driven only by the purchaser. Sort of like the airline industry selling non-transferable, non-refundable tickets. Recently I have been losing money to transporation pirates who loan their cars to friends. They keep defeating whatever user-identifying technology I build into the cars. Based on one new car purchase per unauthorized transport, I estimate that I lose $400 billion annually to these pirates.

I've already bribed Orrin Hatch to make it illegal to drive somebody else's car. I even got Congress to spend billions of taxpayer dollars to install anti-piracy, I mean anti-terrorism cameras on every freeway overpass, to photograph people driving other people's cars, in case they're terrorists. Transportation pirates soon discovered they could simply wear a paper mask of the car owner's face. Some driver-id protestors even wear opaque, featureless masks when they drive their own cars. I've tried randomly suing people, but the shock value wore off pretty quickly and I barely recovered my legal costs. But at least I proved that I'm right.

Accepting that my business model doesn't work in today's world and going into another line of business is not an option. I don't want to face reality, I want to change the world to be the way I want it to be, regardless of the side effects. I also want everybody to be on my side and admit that I'm right. What should I do?

yes

[zogger]

Totally illegal to set any sort of mechanical traps like that, BUT, there's a nifty loophole, it's called "rottweiler". Totally legal and effective in most cases.

Dont even think of defending this....

[lucason]

Seriously. Deleting a users data as direct revenge for him using a hacked serial is WRONG!

And in any case 2 wrongs don't make a right.

P.S. It wouldn't be the first time that I use a serial number from internet for a software I purchased, just because I forgot, lost or temporarily misplaced the original codes. Which by the way is a perfectly legal thing to do.
And I'm pretty sure I'm not the only one.

Besides, if you mess with my data, you better run god-damit!

Not quite...

[medscaper]

In normal (non-internet) society, such an action would be the revenge a phycho would extract[sic] by killing the person sleeping with his girlfriend.

No, I think in real-world terms, the psycho would, instead, leave you alive and kill all your friends, family and acquaintances.

Give something in return

[mcrbids]

We went the route of requiring licenese certificates. Since our business model is subscription-based, we issue software certificates that are good for about one month. (depending on the contract and payment terms)

Getting a certificate is an automated, push-button process - we made it as easy as humanly possible.

But, we didn't stop there. We decided to capitalize on this certificate process, and in fact perform a full backup of the user's database, along with publishing software updates.

Further, we allow them to use their software on any computer or any number of computers. We don't restrict when and where, or on what computers they can install the software, and everywhere the user goes, their data follows.

It's an ASP business model, with a sort of "rent-a-software" hosted application twist. Since we bill by the data size, we really don't care. And the benefits are enormous.

1) Since we keep redundant backups of the users' data, it's not a big deal if the user's computer crashes or is stolen.

2) We get paid for providing quality software.

3) Customers are happy to see software updates when hooking up to backup their data and get a new certificate.

4) Customers love the freedom to work on whatever computer and at whatever location they desire.

Just recently, we had a user in tears on the phone, thanking us for providing this service. Her computer had been thoroughly hosed by a worm, and she lost all her data. 100%, and no backups - months worth of work gone forever. Except for the extensive work she'd done with our software product. Because of the frequent backups obtained with the re-certifying of her software, we had a recent backup of all her stuff on our servers and she was able to recover it automatically!

Product registration is a pain in the 4ss, but you can either hate it, or find some way to make it really worthwhile to the consumer.

Don't compare car and software

[hsoft]

You can't buy a car and the clone a million time.

Slashbots

[HeghmoH]

When the RIAA proposes destroying people's stuff when they discover somebody who's pirated their music, everybody in the discussion is outraged.

When a software write actually tries to destroy people's stuff when people pirate his program, half the people in the discussion cheer him on.

Now, I know that slashdot's readership is a big group with diverse opinions. Even so, the sheer volume in both cases is staggering, and I'd have a hard time believing that there is no overlap.

Can't you people see past your noses? It's the same thing, and equally wrong in both cases.

Re:How about enlightened self interest (Re:Too Far

[dissy]

> The publisher could get sued.

More like -will- get sued.

I'd gladly admit to one count of copyright voilation and pay my dues if I could at the same time prove he deleted a million or two dollars worth of IP from my account.

Then on top of it, toss in any/all new malware and trojan horse laws at him, add a pinch of whatever they are calling 'cyber terrorism' nowadays, mix, stir, sit back and laugh all the way to the bank.

Worst part for the author about this, his software is 'out there'. It's not something he can easily take back.
One could spend a few months cleaning up any piracy connections they have, building/collecting this few million dollars in ligit IP, and install his software knowing what will happen. Its alot harder to prove someone isnt stupid than it is to prove this software author intended for his program to do this.

About the only recourse is posting a warning on his site that whichever version this is is seriously broken and will (read; WILL) cause damage to your system.
I'm sure there are even courts that will not look favourably at that, based fully on his intent.

Dude seriously needs some perspective.
It may feel good to pump 12 rounds into an unarmed tresspasser, but comon...

cliff notes

[neoThoth]

For those who didn't want to RTFA

This post below is from one of the developers friends. It's mostly a sob story about how broke the developer is. If you didn't bother to read the app automates encoding movie files which is, I must admit, a cool thing to write. The windows world doesn't have much of this. discreet makes Cleaner (purchased from Terran) but it costs way more then $20. For the price it really is a decent piece of ware. the closest the windows world has is TMPEG but last I checked it doesn't work with nearly as many formats (divx, etc).

"I happen to know the developer in question, and while I don't agree with what he did, I empathize with his frustration over this whole matter. He's spent many months getting ready for this release, and the next day, some brainless low-life had reverse-engineered his serial gen code, and released several working serials for it. Since the numbers were posted, registrations for his app completely stopped, and he's now facing the grim situation of possibly halting all development on this very useful program. He's in debt, and broke, and getting nothing for all his hard work. Seeing all his hard work getting flushed down the toilet made him understandably angry, and he was mainly trying to get revenge on the cracker, and to scare people away from attempting to pirate his software. That being said, he's already seen the error in his ways (so to speak), and the current build of his app has the home directory wiping code removed. If you download it now, the serials won't work, but it won't wipe your home directory anymore. He's contemplating less drastic measures, and new ways to protect his app, but won't be destroying user data anymore, even if they are just pirates. I think this was something that was done in the heat of the moment, in the frustration of seeing the thoughtless acts of a cracker destroy his income from this work, and went a bit overboard. I wouldn't be so hard on him, as I'm sure it's something many developers have thought of doing, and wished they had the balls to actually carry through. I think many in his position would have done something similar. At this point, the offending code is gone, and the pirates' data is safe, however the future of the (extremely useful) app is very uncertain, as registrations have all but stopped. I hope he doesn't have to stop development due to lack of support, but the actions of that cracker who shall not be named may well have forsaken this app's future."
Posted by: WiseWeasel on September 7, 2004 04:51 AM

Another of the developers friends fingers the cracker in another post

"C'mon. As its been stated, the scheme in question only targeted the cracker (iDave) and his cronies...and the specific serials created. What's more, since slava misreported this, the app didn't really delete the home directory; it obfuscated it. Only by further PIRATE THIEF ACTION would it actually have been wiped."

Posted by: JackHandy on September 7, 2004 12:25 PM

valid reason for illicit serials?

[saltydogdesign]

Here's a scenario that has happened to me a couple times:

I download something and either a) discover that the demo is too crippled to get a real feel for whether the software is worth the money, or b) I run it the first time and then don't have time to get back to it before the demo period expires. I have been known, on such occasions to grab an illicit serial number. If I like the software, though, I buy it. I mean, really, software from small developers is so cheap, why not buy it? A couple hundred bucks can by a lot of nifty little tools, or one big bloated MS product. I'll gladly give the small guy my money. But...

If one of the above scenarios were to occur to me and the software decided to delete my home directory in response, well, I would be inclined to put a severe dent in the developer's head.

My three cents.

Won't be buying your software.

[Godeke]

I have to agree with those who think that kind of "check the server" security is a kiss of death for software. Remember all the hoopla about Windows Activation? There was some foundation, which people seem to have forgotten, to the concern.

If Microsoft was a smaller company (and here we are talking about tiny shareware companies) I would be concerned about the fact that you can install XP for only 30 days without activation. After that it goes dark. Now if Microsoft stops activating people's XP installations, you had better have your money in hand. [I am aware that corporations use a activation-less version: there is a reason it was demanded]. Unlikely, due to the size of the company and the backlash they would get, but...

If TinyOneManShop goes under, I'm basically out my money. In this case it is $20, which probably wouldn't cause many tears. However, there are several games I bought on-line a while back. My machine got blown away and I replaced it. Put the games back on the new machine, but there was no way to actually play them because... suprise, they went out of business. Now I'm out $100 for entertainment product which no longer entertains. Or does anything. That pisses me off.

Now look at a company like Macromedia. I refuse to purchase the newer versions of their software because they are playing this exact game. Well, that's all well and good as long as Macromedia doesn't decide to use it as a method of forced upgrades ("Sorry, your software doesn't activate anymore because Spiffy Version X is out") or just go out of buisiness.

I have likewise had CAD/CAM software become unusable after Windows NT 4.0 SP6 because it nuked the hardware key drivers. I have had CD key checking software puke because I have a DVD and a CD-RW. Let's face it... either your software is good enough to survive some piracy or you probably shouldn't be in the market. People who *really* want a corporate package are willing to buy support. Heck, they buy support for OSS for goodness sake. Interesting: the one thing his users want is support, and he isn't willing to see *that*.

Suggestions

[metamatic]

Well, I just took a look at Net Weasel. It looks to me as if you've made a few fairly basic mistakes from the marketing perspective, so let me try and come up with some helpful comments as to why you're not getting the response you're looking for.

1. Firstly, as far as I can tell your product is an HTML editor with no CSS support. Well, these days that's like trying to sell a graphics editor that doesn't do PNG, or an e-mail program that doesn't handle attachments. Even people who don't want to do their entire site design in CSS still want to be able to do the neat stuff you can only do with CSS.

2. Related to the above, HTML standards have changed a bit in the last 5 years, and you haven't kept up to date by the looks of things. Not valid XHTML, no DTD statement, and so on.

3. You've chosen a field where there is massive amounts of competition, and that's never a good way to make money. Everyone and his dog has made a simple text editor that handles HTML and makes it a bit easier. So, even if you had the best HTML editor in the world, I still wouldn't expect you to be raking in big bucks, because you'd be up against at least half a dozen big companies with big advertising dollars, shelf space in every Best Buy, and major mindshare.

4. Think about who your target market is. You're not going to stand a chance of cracking the pro web designer market with the product you have; pro web designers need CSS, template libraries, DTD validation, image slicing, applet and plugin integration, and so on. At the opposite end, you're not going to get the Joe Sixpack market either, because they'll see raw HTML and recoil in horror. So, you're going after what I'll call the "dabbler" market--people who've learned a bit of HTML for fun and want to build a small personal web site. That's a pretty small niche to be in.

5. You don't have enough differentiation from the free offerings for that niche, in my view. Every half-decent free text editor can edit HTML with syntax coloring, and usually validate it and generate IMG tags too. You clearly know what your differentiators are, which is good: they're the table editor, the form editor and the frameset editor, and maybe the font dialog if it supported CSS, which it doesn't. Trouble is, dabblers generally don't need forms or tabular data--they use tables for layout, which it doesn't look as if your table editor is suitable for. They sometimes use framesets, but most of them know by now that frames suck. So, what can your product do that makes it an essential $20 upgrade from vim or jEdit? Nothing as far as I can see, and...

6. ...if I've missed some compelling must-have functionality your program offers, then your web site needs drastic improvement.

I don't honestly think that you can hope to make money in the market you're currently aiming at. To do so, you'd have to fix all the defects and shortcomings, and then come up with some "killer app" functionality to beat Mozilla Composer, jEdit and the rest.

So you'd have to get up to date with the standards, and support XHTML and CSS. Then you'd need to add all the other features the free text editors have that people just expect these days, like file browsers, folding, abbreviations/macros, regexp search and replace, autosave, bracket/tag matching, multiple cut/paste buffers, and spelling correction. And then, you'd need to add more compelling features, like a graphical color selector with tools to help users pick complementary colors, and something to search and replace across multiple pages.

That's a hell of a lot of work for a product which, realistically, people would still only pay $20 or $30 for. If I were you, I'd cut your losses and write software that does something nobody else has done yet, or nobody has done cheaply, or nobody else has done well.

Re:A little harsh?? IT IS STEALING!!!

[deacon]

I suppose you also think that if somebody steals your wallet, you have the right to chase them down and shoot them? No indictment, no trial, no judge nor jury, no conviction, no sentencing hearing... Straight to execution!

In Texas, that would be a yes.

Re:Oh, the irony...

[metamatic]

Yeah, damn right. His program was aimed at taking DivX and MPG movies in commonly downloaded formats, and turning them into DVDs.

So, he wrote a program whose main audience was people who violate copyright, and was then surprised to find people pirating his software? Oh, cry me a river.

I feel the same way about people who write shareware "file sharing" applications, and then act all irate when we share the registration codes for those applications. If you don't want your work to be ripped off, it'd help if you didn't go out of your way to assist people in ripping off the work of others. I've registered fifteen pieces of shareware, but I'm sure as hell not registering "file sharing" software.

Plus, the "meat" of his software was apparently GPLed projects such as ffmpeg anyway...

White House almost made this leagal!

[lazyatdayjob]

I'm surprised I haven't seen someone comment on this (or I'm too lazy to search the entire thread for this comment) is that the original US PATRIOT act included provisions that made it possible for copyright holders to hack your computers and even possibly due damages if they felt you were infringing on their copyrights. The "Deterrence and Prevention of Cyberterrorism" portion of the act would criminalize any act of hacking that caused damages or losses of over $5000 would be considered an acto fo terroism. The RIAA lobbied for a bypass so they could hack/destroy without any worries of criminal charges.

With this ammendment, they can hack into peoples computers, search for infringing materials, and add them to their "TO SUE" list. Not only that, they were wanting to be able to be proactive, in a sense find people that are supposedly using P2P software and hack their systems so that they are unable to trade copyrighted material, or delete any offending materials.

This ammendment did get knocked down, but then the MPAA tried a similar amendment. i believe this didn't make it either, but both these organizations have kept bringing up new forms of these bills in one way or another.

Sound familiar?

Here's more details...

Piracy is the worst enemy of free software

[seguso]

Here is why I hate piracy: piracy is the worst enemy of free software (free as in freedom). More than patents.

If everybody had to pay for every software he uses, common people (not just geeks) would become sensible and finally appreciate the value of free software.

If piracy were impossible, I imagine 90% of the software would be free, with the exception of games. Microsoft, in particular, would be relegated to a niche market.

If only "Palladium" were released, things could change --- OTOH we know it won't work: if it did, MS would commit suicide.

"But a man can dream... a man can dream." ----Professor Hubert Farnsworth

If the software got permission...

[i_r_sensitive]

Folks have mentioned other targets, and other methods (encrypting files etc.) as possible alternatives. The essential problem is that you are still modifying a user's personal files and system without their permission. In any case, the actions you are taking are malicious and unsanctioned, and the potential for legal exposure exists. At the very least devs should leave files not directly related to the app alone. Not only good programming practice, but ethical as well.

Having said that though, what about the case where the program detects a leaked serial number and immediately throws up a dialog. Said dialog tells you in no uncertain terms that the serial number supplied has been pirated, blah blah. Dialog then continues on to tell you that if you may continue the installation. Further the dialog explicitly and in horrifying detail tells you exactly what it will do if you do continue (erase ~, sleep with your wife, beat your kids, etc.) and then simply asks if you want to continue. If you're a nice guy, you make sure that they page down to the bottom of the dialog before allowing continue to be selected.

Voila! Now you have gotten the users permission to punish him for pirating your code. IANAL, but it's probably even legal. Best of all, you can curb one mailicious and one stupid tendency in one pass, piracy, and not reading dialogs...

Re:A little harsh?? IT IS STEALING!!!

[pclminion]

The only way your files get bonked is if you use a pirated number.

What if you entered one by accident, by making a typo? What if a bug in the program caused it to believe that the number was a pirated code when in fact it wasn't?

As far as the "presumption of innocence goes, think of it as getting a traffic ticket by a photo-red camera....:)

What if the camera was malfunctioning? What if another driver triggered it and moved out of the way and you got photographed instead of the offender? What if somebody hacked the camera to issue tickets to random drivers?

As soon as you remove "due process" from the justice system we fall back to something resembling a witch-hunt.

Re: Not far enough.

[ultranova]

Data Bombs and similar devices may not be the most effective detterants, but with all the brainpower behind the open source movement, there has to be something that can help closed source projects keep security intact without resorting to mass-lawsuit ventures. Without adequate protection, cracks come out within days, if not hours, and ISO's are released as soon as the CD's hit the market.

What, excatly speaking, does open source movement have to do with piracy ? Open source is all about making the source code of the program available to the end user; it has nothing whatsoever to do with removing copy protection from closed-source programs.

Furthermore, all the various stupid copy protections do is make cracks sometimes an absolutely neccessary part in getting the program to run. For example, the (legally bought) game Morrowind kept crashing on my machine at startup because of copy protection check; applying the no-cd crack solved the problem completely. Copy protection does not slow pirates in any significant way, it simply annoys legal users.

And deleting the users home directory simply ensures that no one will buy your products out of fear of them deleting their directories because of typos when entering serials or programming errors.

Only solution to piracy...service model

[Sivaram_Velauthapill]

The only solution to piracy is to move to a service-oriented model. Microsoft is moving towards this and I think all companies eventually will. For now, things like online activation will become more popular. These things are costly for a small company but perhaps some company will provide registration services to these companies (a business opportunity for an entrepreneur?).

As internet access proliferates, piracy will just keep increasing. It's possible to host pirated stuff in some foreign "lawless" (in a computer industry sense) country. I can probably list at least 60 countries where this can be done right now.

The increase in piracy is inevitable IMO. If piracy doesn't increase then it likely means that governments are cracking down on civil liberties. Civil liberties are more important than piracy and the only way for the software industry to do well is to move to a service-oriented or subscription-based system. In other words, DRM is very bad and should be rejected on civil liberty grounds; however, online activation is ok IMO...

Echelon's idea remings me of that Car Alarm

[rcastro0]

Did you see the ads? This is how it works.

The alarm is installed in your car, and can detect when someone breaks in and makes a direct connection to start the engine. At this point the car uses a mobile network to relay the fact that it is being hijacked, and sends off its GPS coordinates. This information triggers a loud buzzer in a control room full of trained operators with computer monitors. The operators generally run away from the room screaming, at this point. Anyway, once the signal is sent, the alarm takes over control. First thing it does is it cuts the gas to the engine. Then it starts to flash headlights and taillights. Then it turns the car so it is now riding on two of the side wheels, just before it goes for a tailspin which infalibly lands the car upside down. Alarm locks all doors. Then gas tank gets ignited, often with a flashy explosion, and thief burns, screaming, inside the stolen car.

They claim that one thief will never hit you again.

Ok well I'll thrown in my 2 cents

[Sycraft-fu]

Not about piracy, but about your program. I think the reason you aren't seeing registrations is because you've made a pretty much unmarketable product. Now I'm not going to go and extinsevly play with it, but it looks to me like a bit of a glorified text editor. Looks like you've added some things like syntax highlighting, a couple wizards for building tables n' such and, well, that's about it.

Ok, well that's nice. That is certianly more HTML related features than notepad, and even a bit more than my beloved UltraEdit. However, you still face the same problem: You have released a text editor. It has a couple nice features, but it's just a text editor in the end.

Well, that's the kind of thing that most people will take for free, but just aren't willing to pay for. I mean there are some nice features over a basic one, but I have a feeling if you made copying impossible, most people would just do without.

You aren't asking a lot, but then again, you don't give a lot. I mean your HTML wizards for tables and frames seem unique but, really, those aren't that useful. Your editor also lacks most of the advanced features that Ultraedit (slightly more expensive than you) or Textpad (slightly cheaper than you) have.

Finally, your stuff is out of date. Tables and frames are NOT the recommend way for doing layout anymore, layers are. If I was going to get an editor that could help me do something in HTML, layers would be my top choice.

So, what you need to do, if making money is your goal, is do something to make your editor more worth buying. Here are some directions you could take:

1) Go the text editor route. Flush it out with support for huge files, hex editing, regular expressions, alternate encoding, macron, etc. Make it a full featured text editor to comete with Ultraedit, but add something more, like your HTML wizards.

2) Go the wizards route, but have them for EVERYTHING. You list like 3 wizards (form, tables, frames). K, nice start, but you need to add a whole lot more. Layers, style sheets, DHTML, JavaScript, etc. Make it so that the wizards can more or less write anything for you.

3) Go the visual route. Try and make something like Fireworks, only probably less featured (And also less espensive). Something for those that want the pointy-clicky but can't afford a Macromedia product.

However where you are now, I'm not supprised that you aren't getting sales. Your product is nice, and maybe something I'd use for free, but I don't see that I'd want to pay for it, espically not instaead of Ultraedit or Textpad.

Not trying to justify the copying, just trying to explain it and give you some ideas.

Also, the whole OSS/GPL push doesn't help. People are becomming trained that little programs that are downloadable ought to be no cost. Software in a box costs money, not software on the web.

Also, don't feel like no one ever buys things like this. The University of Arizona has a site license for Textpad. People do buy text editors, but you need to find an angle that someone doesn't ahve, or do it better than someone is doing it now.

Commission improvements; give results away

[noidentity]

If you want to get paid for your work on software, put up a donation box. Implement planned improvements once sufficient funds accumulate. Make the result available freely. Don't waste any resources fighting the ease of information sharing.

If nobody makes a donation, it means there isn't enough demand for your programming skills. Find something else to work on. If you still end up making the improvements without the funds, it means you already found compensation (the enjoyment of programming, perhaps).

You might also add a way to vote on features when making a donation, or perhaps even make those funds available only for that feature.

It's a waste to spend resources on countering the near zero cost of information duplication. Let it work for you.

About time Echelon was gone...

[Trickster+Coyote]

I was getting tired of the CIA monitoring all my communications.

When someone else installs the warez on your PC

[sstidman]

I would probably tend to be one to side with the "crackers deserve what they get" folks, being that I always pay for my software and don't like the fact that folks take stealing software so lightly. However, about a year ago I had installed some shareware that was somewhat crippled until a valid license key was entered. A friend of mine took the liberty of going to a warez site, finding a key for the software and entered that key. He did not ask me nor did he tell me he had activated the software. I found out when I came back from the bathroom. Had that software deleted my entire home directory, I would have been seriously ticked at my friend and the author of the software. I might have been ticked enough to talk to a lawyer.

I've Seen This Before

[MongooseKY]

I've run into a tactic like this before many year ago, except instead of a bad serial number being the trigger, it was a missing piece of hardware. I forget the name of the company/software package now (hopefully the head guy is standing in the unemployment line somewhere), but we had a specialized piece of manufacturing software that read CAD files and prepped data for input to our presses. It ran on IBM PS/2 Model 70's (yuck!) that had the system boards modified with a special BIOS chip by the software vendor. Lo and behold one of the system boards died and was replaced without the BIOS chip being transferred to the new board. The next time the software was run it nuked the entire C drive. We had a legitimate right to use the software, but because of a failed piece of hardware we suffered the wrath of some bastard programmer.