In short, the answer is to have no copy protection at all and trust your customers.
It depends on how the product is distributed. If it's downloadable then I think a one off registration key is probably a requirement - it doesn't have to be very complex, just a step so that people won't download the product and not get around to paying you.
I'm all for trusting people not to be intentionally dishonest, but I think you'd go broke trusting people not to be slack.
Also, if your product is a popular one in the home user market, flood google with fake keygen apps which produce keys that initially look like they work (eg for a week or so) but then either: . chastise the user for trying to break the copy protection . if your program produces any output to the printer, always only print out an order form for the product . overwrite the systems windows product activation key so that they have to re-activate it - I'm just waiting for a virus to do this causing a huge overload for Microsoft as people have to manually re-activate their keys for the nth time. . email you (that way, someone will report you to slashdot and you'll get even more publicity for you product, and then you can claim that it is only the fake keygen that activates this function. flamewars and hilarity will ensue)
(some of the above options are only offered in jest... see if you can guess which ones!)
I agree completely, and would also add that by releasing updates (with new features) often, you'll also avoid the pirates somewhat, and give paying users a sense of value for money (assuming they are entitled to free updates). It doesn't take long to break a registration key system (I used to do it when I was a kid on games I owned so I didn't have to futz around with code wheels which invariably got lost or wrecked), but it does require some effort, and to have to do it every 3 or 6 months is a bit of a pain, as well as for the users who have to go over to the 'dark side' of the web to find the latest keygen and risk exposing themselves to viruses etc.
A few games have come out in the past with CD based copy protection which just flat out didn't work under some setups. This pissed off quite a few customers
Also, if your software isn't really that useful to a home user, you probably don't have a lot to worry about. The company I work for has a few products which are used in schools. I ask google about serial number cracks for it every so often and have never turned up a hit yet.
What? kdawson is a real slashdot user? I thought he (she?) was just a made up bad guy, like the Boogie Man, or Michael Jackson (apologies to Bart Simpson)
I don't think anyone disagrees with that. The problem as I understand it is that it is difficult to tell the difference between it and the high THC variety, and it isn't a valuable enough crop (eg there are better things than it) to consider allowing it.
Just a random thing, and I know exactly what you meant, but that bit conjured up an image of a limited national resource of secretiveness that should be used sparingly lest it run out.
"What is the state of our secretiveness store?"
"Not good sir, only 23 units left in the warehouse, and we aren't expecting our next shipment until October!"
NiCad batteries have a slower self-discharge rate, and can deliver more current than NiMh, so they still have their use. Anecdotally, in my TV remote control and wall clock I get better life out of a lower Ah NiCad than a higher Ah NiMh, because the NiCad tends not to go flat all by itself. I use the NiMh in my phone though, which doesn't draw a lot of current but which I will have used all the available charge in the batteries in a day or two anyway.
I believe the remote control car hobbyists (where the car is run by battery) prefer NiCad because of the better ability to deliver current, but being slashdot, i'm sure someone will correct me:)
Do you have any suggestions for something that might?
Something that won't get everyone up in arms complaining that their rights are being violated, and yet will still stand a reasonable chance of stopping people walking off with the goods?
I don't agree (unless you misunderstood that I meant that you would be required to produce the receipt, not that they would go looking for it). In asking for the receipt, they are asking for you to produce a specific item, all hands are off you. A search involves reasonably intimate contact which you may find objectionable, and may find things (eg small amounts of drugs for personal use, a copy of "football, it's a funny old game", a pair of pink furry handcuffs, etc) which may or may not be illegal, but you'd rather it not be known that you had, and have a right to privacy about.
So in my mind they are not different only in degree.
Sure, they can ASK, but the customer is free to refuse to participate in their "security theater" production.
Maybe you'd like to share your idea's on how a shop might better secure themselves against theft? All I ever hear is people wailing about how their rights are being infringed...
Submitting to a search is completely different to digging through your pocket for a receipt to show a concerned shopkeeper.
IMHO, anyone who exercises their rights purely for the purpose of pissing someone off (which it appears in this case) deserves whatever they get.
Yes, this guy was in a hurry, but laws and statutes aside, i think it is quite reasonable for the store to ask to see the receipt and quite unreasonable for him to refuse. If the cop was being a prick (and we only have one side of the story here) then maybe I'd refuse to show the license too, but not in the case of the receipt.
If he had shown the receipt, I imagine the conversation would have gone something like this: Store: Sir, I need to see your receipt! Him: Here it is. Store: That's fine, thankyou Sir and have a good day.
Just because you can get away with something doesn't mean that you should. Otherwise you just end up feeding the lawyers.
Ok, here is an idea then.. open source. Yes, there are thousands of geeks out there who, if the protocol was simply published, would write that software for the pure pleasure of it.
Failing that, you'd put the software under the DMCA and claim that it was the hd-dvd encryption algorithm. You'd have three different OSS solutions in a week.
It would take as much money to re-engineer it as it does to maintain it. It is an annoying fact that getting money to fix something in either the military or government is easier than getting something new even if the new item would save money.
I'm sure you understand why... I think the conversation would go something like this:
IT: "This new system will cost $1bn, and will save $3bn/year in maintenance on the old system". Management: "The previous system was supposed to cost $1bn to develop, and ended up costing $10bn. If I sign off on this it will be my ass on the line when the budget blows out, so I'll stick with known quantities thanks."
It means to hit someone or something with force. If the motion is successful, Marie will be able to whack all members over the head with a baseball bat (see LART).
That's American law, though. It's similar here in Australia where we use a greatly oversized boot instead. Curiously, the term is still 'to strike', not 'to boot'.
Because it's _someone else's_ pain and anguish, obviously.
It's funny on many many levels (think: Tough guy reporting to hospital with a broken arm trying to make up a story to pretend his arm didn't snap on 'sissy' level), but obviously unfunny on others.
Obviously you can only see the unfunny levels... poor you.
(Curiously, your post is rated +5 Funny:) (Well... it was before I hit 'Preview'. Now it's only rated +4 Funny)
But because of the patent, if the enemy wins the war then the USA can take them to court and seek a good amount of the spoils of war in compensation. Now that lawyer would be one earning his commission!
This sort of thing reminds me of a Simpsons episode (actually most things in life remind me of a Simpsons episode:)
Lisa (to Bart): I'm going to start kicking air. If any part of you should occupy that air, it's your own fault. (or something like that)
And also the protesters/activists who deliberately put themselves in someone's way and still claim to be holding a non-violent protest and say "but i'm just sitting there!".
It's not the action, it's the intent that's the problem. This guy performed an otherwise benign action with the intent to defraud someone. To then claim "But all I did was delete some files from my computer" is just fscking pathetic. imho.
That prevents the re-use of your credentials, but doesn't stop a phishing site from grabbing them and using them there and then. And, given the idea of 'single sign-on', they could still do a lot of damage with a single authenticated session.
Don't get me wrong, two factor authentication is a good idea, it solves a lot of problems completely (eg if someone is stupid enough to give away their password), and minimizes many others. But man-in-the-middle attacks are not really very well addressed. The _only_ way I can think of for the second factor to completely solve all the problems is that if it is a device that you connect to the network, and it establishes a secure session between the end points, and that you enter your password into it. And i wouldn't be surprised if someone found a hole in that!
Well there are safeguards for this now, and I am sure if it gets to be a problem like that was at one time, it will also get fixed.
The safeguards only work if the user is paying attention. It only takes a fraction of a percent of people to click a 'log in here with your bank of america credentials to see if you have won a prize' link and the scammers can make a profit, and will keep on scamming.
Still... if you've got a way around this that is truly idiot proof, I'd like to hear it! The best thing I can come up with is that the banks themselves initiate the scam, and then send 'the boys' around to break the thumbs of anyone who falls for it, or otherwise punish the scammee (that's strange... my spell check says scammee isn't a valid word...).
Slashdot Mirror
It depends on how the product is distributed. If it's downloadable then I think a one off registration key is probably a requirement - it doesn't have to be very complex, just a step so that people won't download the product and not get around to paying you.
I'm all for trusting people not to be intentionally dishonest, but I think you'd go broke trusting people not to be slack.
Also, if your product is a popular one in the home user market, flood google with fake keygen apps which produce keys that initially look like they work (eg for a week or so) but then either:
. chastise the user for trying to break the copy protection
. if your program produces any output to the printer, always only print out an order form for the product
. overwrite the systems windows product activation key so that they have to re-activate it - I'm just waiting for a virus to do this causing a huge overload for Microsoft as people have to manually re-activate their keys for the nth time.
. email you (that way, someone will report you to slashdot and you'll get even more publicity for you product, and then you can claim that it is only the fake keygen that activates this function. flamewars and hilarity will ensue)
(some of the above options are only offered in jest... see if you can guess which ones!)
I agree completely, and would also add that by releasing updates (with new features) often, you'll also avoid the pirates somewhat, and give paying users a sense of value for money (assuming they are entitled to free updates). It doesn't take long to break a registration key system (I used to do it when I was a kid on games I owned so I didn't have to futz around with code wheels which invariably got lost or wrecked), but it does require some effort, and to have to do it every 3 or 6 months is a bit of a pain, as well as for the users who have to go over to the 'dark side' of the web to find the latest keygen and risk exposing themselves to viruses etc.
A few games have come out in the past with CD based copy protection which just flat out didn't work under some setups. This pissed off quite a few customers
Also, if your software isn't really that useful to a home user, you probably don't have a lot to worry about. The company I work for has a few products which are used in schools. I ask google about serial number cracks for it every so often and have never turned up a hit yet.
What? kdawson is a real slashdot user? I thought he (she?) was just a made up bad guy, like the Boogie Man, or Michael Jackson (apologies to Bart Simpson)
What? They've started using that whitespace already? Those bastards!!!
If we let Google start using vacant area's of radio frequency then it's just going to get worse!
Just tell them it's racoon.
I don't think anyone disagrees with that. The problem as I understand it is that it is difficult to tell the difference between it and the high THC variety, and it isn't a valuable enough crop (eg there are better things than it) to consider allowing it.
Just a random thing, and I know exactly what you meant, but that bit conjured up an image of a limited national resource of secretiveness that should be used sparingly lest it run out.
"What is the state of our secretiveness store?"
"Not good sir, only 23 units left in the warehouse, and we aren't expecting our next shipment until October!"
I think Real Men would be more likely to build the web server and TCP stack into their web sites, for performance reasons.
At least that's what we did in my day.
*cough*
Now there's an idea...
This is roughly the way that they already operate in China, except that if it's not up to snuff, they flog it off to Sony at a discount.
(kidding, of course)
NiCad batteries have a slower self-discharge rate, and can deliver more current than NiMh, so they still have their use. Anecdotally, in my TV remote control and wall clock I get better life out of a lower Ah NiCad than a higher Ah NiMh, because the NiCad tends not to go flat all by itself. I use the NiMh in my phone though, which doesn't draw a lot of current but which I will have used all the available charge in the batteries in a day or two anyway.
:)
I believe the remote control car hobbyists (where the car is run by battery) prefer NiCad because of the better ability to deliver current, but being slashdot, i'm sure someone will correct me
I think it's more an Australian thing... we're all descended from convicts here so it only makes sense to fingerprint us all at birth.
Do you have any suggestions for something that might?
Something that won't get everyone up in arms complaining that their rights are being violated, and yet will still stand a reasonable chance of stopping people walking off with the goods?
I second that. Or xen.
Even go a step further and create a new copy of the 'virgin' setup every time you reboot. If anything goes wrong just reboot.
I don't agree (unless you misunderstood that I meant that you would be required to produce the receipt, not that they would go looking for it). In asking for the receipt, they are asking for you to produce a specific item, all hands are off you. A search involves reasonably intimate contact which you may find objectionable, and may find things (eg small amounts of drugs for personal use, a copy of "football, it's a funny old game", a pair of pink furry handcuffs, etc) which may or may not be illegal, but you'd rather it not be known that you had, and have a right to privacy about.
So in my mind they are not different only in degree.
Maybe you'd like to share your idea's on how a shop might better secure themselves against theft? All I ever hear is people wailing about how their rights are being infringed...
Submitting to a search is completely different to digging through your pocket for a receipt to show a concerned shopkeeper.
IMHO, anyone who exercises their rights purely for the purpose of pissing someone off (which it appears in this case) deserves whatever they get.
Yes, this guy was in a hurry, but laws and statutes aside, i think it is quite reasonable for the store to ask to see the receipt and quite unreasonable for him to refuse. If the cop was being a prick (and we only have one side of the story here) then maybe I'd refuse to show the license too, but not in the case of the receipt.
If he had shown the receipt, I imagine the conversation would have gone something like this:
Store: Sir, I need to see your receipt!
Him: Here it is.
Store: That's fine, thankyou Sir and have a good day.
Just because you can get away with something doesn't mean that you should. Otherwise you just end up feeding the lawyers.
Failing that, you'd put the software under the DMCA and claim that it was the hd-dvd encryption algorithm. You'd have three different OSS solutions in a week.
I'm sure you understand why... I think the conversation would go something like this:
IT: "This new system will cost $1bn, and will save $3bn/year in maintenance on the old system".
Management: "The previous system was supposed to cost $1bn to develop, and ended up costing $10bn. If I sign off on this it will be my ass on the line when the budget blows out, so I'll stick with known quantities thanks."
It means to hit someone or something with force. If the motion is successful, Marie will be able to whack all members over the head with a baseball bat (see LART).
That's American law, though. It's similar here in Australia where we use a greatly oversized boot instead. Curiously, the term is still 'to strike', not 'to boot'.
Because it's _someone else's_ pain and anguish, obviously.
:)
It's funny on many many levels (think: Tough guy reporting to hospital with a broken arm trying to make up a story to pretend his arm didn't snap on 'sissy' level), but obviously unfunny on others.
Obviously you can only see the unfunny levels... poor you.
(Curiously, your post is rated +5 Funny
(Well... it was before I hit 'Preview'. Now it's only rated +4 Funny)
But because of the patent, if the enemy wins the war then the USA can take them to court and seek a good amount of the spoils of war in compensation. Now that lawyer would be one earning his commission!
This sort of thing reminds me of a Simpsons episode (actually most things in life remind me of a Simpsons episode :)
Lisa (to Bart): I'm going to start kicking air. If any part of you should occupy that air, it's your own fault.
(or something like that)
And also the protesters/activists who deliberately put themselves in someone's way and still claim to be holding a non-violent protest and say "but i'm just sitting there!".
It's not the action, it's the intent that's the problem. This guy performed an otherwise benign action with the intent to defraud someone. To then claim "But all I did was delete some files from my computer" is just fscking pathetic. imho.
That prevents the re-use of your credentials, but doesn't stop a phishing site from grabbing them and using them there and then. And, given the idea of 'single sign-on', they could still do a lot of damage with a single authenticated session.
Don't get me wrong, two factor authentication is a good idea, it solves a lot of problems completely (eg if someone is stupid enough to give away their password), and minimizes many others. But man-in-the-middle attacks are not really very well addressed. The _only_ way I can think of for the second factor to completely solve all the problems is that if it is a device that you connect to the network, and it establishes a secure session between the end points, and that you enter your password into it. And i wouldn't be surprised if someone found a hole in that!
The safeguards only work if the user is paying attention. It only takes a fraction of a percent of people to click a 'log in here with your bank of america credentials to see if you have won a prize' link and the scammers can make a profit, and will keep on scamming.
Still... if you've got a way around this that is truly idiot proof, I'd like to hear it! The best thing I can come up with is that the banks themselves initiate the scam, and then send 'the boys' around to break the thumbs of anyone who falls for it, or otherwise punish the scammee (that's strange... my spell check says scammee isn't a valid word...).