Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Saturday March 22 2014, @02:37AM   Printer-friendly
from the questions-without-answers dept.

AnonTechie writes:

"Echoing a question asked on programmers.stackexchange.com - How can software be protected from piracy ?

It just seems a little hard to believe that with all of our technological advances and the billions of dollars spent on engineering the most unbelievable and mind-blowing software, we still have no other means of protecting against piracy than a "serial number/activation key." I'm sure a ton of money, maybe even billions, went into creating Windows 7 or Office and even Snow Leopard, yet I can get it for free in less than 20 minutes. Same for all of Adobe's products, which are probably the easiest. Can there exist a fool-proof and hack-proof method of protecting your software against piracy? If not realistically, could it be theoretically possible? Or no matter what mechanisms these companies deploy, can hackers always find a way around it ?"

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by The Mighty Buzzard on Saturday March 22 2014, @02:50AM

    Anything you do will be cracked. You can make it take longer but not a lot and it will cost you more than you would ever lose to piracy. The law of diminishing returns is still saying the best bang for your buck is a key and/or activation.
    --
    My rights don't end where your fear begins.
    • (Score: 5, Insightful) by Angry Jesus on Saturday March 22 2014, @03:05AM

      by Angry Jesus (182) on Saturday March 22 2014, @03:05AM (#19584)

      > Anything you do will be cracked.

      Indeed. The question is like saying, "it is hard to believe that with all of our technological advances and the billions of dollars spent on engineering we still have not invented a perpetual motion machine."

      • (Score: 5, Insightful) by The Mighty Buzzard on Saturday March 22 2014, @03:18AM

        It's even worse than that. It's saying we N developers are so damned good that the whole of humanity's engineering expertise pales in comparison. Anything that can be built by humans can be taken apart by humans.
        --
        My rights don't end where your fear begins.
        • (Score: 1, Troll) by Angry Jesus on Saturday March 22 2014, @11:59AM

          by Angry Jesus (182) on Saturday March 22 2014, @11:59AM (#19669)

          > Anything that can be built by humans can be taken apart by humans.

          That's why private key crypto is such a waste of time!

          • (Score: 2) by The Mighty Buzzard on Saturday March 22 2014, @12:15PM

            Okay, point for communications but for DRM every legit user has all the private keys at some point. It only takes one knowledgeable user to find them and strip or work around the DRM and then the cat's out of the bag.
            --
            My rights don't end where your fear begins.
            • (Score: 2) by Angry Jesus on Saturday March 22 2014, @06:19PM

              by Angry Jesus (182) on Saturday March 22 2014, @06:19PM (#19765)

              My issue is that your entire point revolved around the use of the word anything which is false. Your response seems to be to cite a case of the mis-application of private-key crypto -- where the keys are not private. That still doesn't negate the fact that not everything built by humans can be taken apart by humans.

              This isn't a case of pedantry either, your whole post relies on that one falsehood. A correct version of your statement would be, "Most things that can be built by humans can be taken apart by humans." That's not on the same level as a perpetual motion machine, nevermind "worse than that."

    • (Score: 5, Informative) by frojack on Saturday March 22 2014, @03:19AM

      by frojack (1554) Subscriber Badge on Saturday March 22 2014, @03:19AM (#19589) Journal

      Never charge so much for your software that anybody bothers to crack it. You can do like AutoCad did, and charge mercenary prices, and try to make everybody pay, or you can go a lot cheaper, and hope most people pay.

      Our company has tried dongles, commercial protection etc and finally the problems just got so troublesome the powers that be decided activation key only.

      Our customers know the software will call home to check for updates once a month. They can turn that off if they want. But because we do update it frequently with improvements, most don't. And when it does check it sends its serial number as part of the query.

      Se we know the level of piracy. We know who those serial numbers were assigned to.

      But it has never reached the level that we feel we have to do something about it. When a good customer with installs it on another machine, we aren't going to go after them. Not worth turning a good customer to someone else's customer.
      (We have a continuing revenue stream from our customers, and losing that would cost us more than one or two additional licenses.

      --
      No, you are mistaken. I've always had this sig.
      • (Score: 3, Informative) by mcgrew on Saturday March 22 2014, @01:47PM

        by mcgrew (701) <publish@mcgrewbooks.com> on Saturday March 22 2014, @01:47PM (#19692) Homepage Journal

        When a good customer with installs it on another machine, we aren't going to go after them. Not worth turning a good customer to someone else's customer.

        You're a smarter businessman than Microsoft employs. How to lose customers. [cnet.com] Thanks to Microsoft and the BSA, the Ernie Ball corporation is running Linux and using very little proprietary software and nothing from Microsoft.

        "I said, 'I don't care if we have to buy 10,000 abacuses,'" recalled Ball, who recently addressed the LinuxWorld trade show. "We won't do business with someone who treats us poorly."

        Ball's IT crew settled on a potpourri of open-source software--Red Hat's version of Linux, the OpenOffice office suite, Mozilla's Web browser--plus a few proprietary applications that couldn't be duplicated by open source. Ball, whose father, Ernie, founded the company, says the transition was a breeze, and since then he's been happy to extol the virtues of open-source software to anyone who asks. He spoke with CNET News.com about his experience.

        Look how hated the RIAA is. They're idiots, too.

        --
        Older than dirt? Kid, I was a BETA TESTER for dirt! We never did get all the bugs out.
      • (Score: 2, Interesting) by Aiwendil on Saturday March 22 2014, @06:05PM

        by Aiwendil (531) on Saturday March 22 2014, @06:05PM (#19764) Journal

        I have seen an interesting variation on this once. Pretty much the same setup but on a duplicate key it simply (on updates) popped up a simple:
        "You are using a duplicate key. Do you want to:
        a) Proceed [default]
        b) reassign the key to this machine as primary installation
        c) purchase a new key for $Y"
        and acted accordingly, was nice enough, impled the extra install was a simple change of machine of installation, and allowed a small discount if you went thru the hassle (this software was mainly distributed with a printed manual and such, the discount was less then the cost of ordering the manual separatly)

    • (Score: 2, Interesting) by Anonymous Coward on Saturday March 22 2014, @04:27AM

      by Anonymous Coward on Saturday March 22 2014, @04:27AM (#19608)

      Anything you do will be cracked.

      That's an interesting and provocative statement, but I think it's too broad to be absolutely true. I happen to sell some very specialized software that's a tool for a professional engineering niche and sells in small volume. For the first several years, it had a pretty simple-minded registration keying system that I put together in one evening. It soon got cracked, and somebody even created a key generator for it.

      I wasn't happy about that (no one enjoys being vandalized), but a friend who also sells small-volume software advised me not to worry about it. After all, how many paying customers did I really lose in the process? The professionals who might buy the software probably wouldn't use the cracks anyway. The main purpose of the registration key was to keep honest people honest.

      Even so, the crack and key generator really bugged me. The worst part is that the top slots of Google's search results were dominated by the cracks, with my own page about the product appearing in about the middle. (That's PageRank at its finest...) So I decided to fight back. I found a nice article that explained how to remove trails within the software that crackers might follow, so I did that. I then spent several weeks putting together a very complicated registration keying system that uses layer upon layer of cryptography. It's so complicated that I barely understood it myself at the time (I don't by now.) It's certainly not impossible to crack, but I figure if it took me that long to develop it, no cracker would spend that much time on it since the software is specialized and small-volume.

      Several years later, I'm not sure if it's been cracked or not. It does appear in some crack sites in search results, but all of them seem to want a credit card now, so I haven't been able to check if their advertised cracks are real or not. (When the software was originally cracked, the cracks were given away freely so that was easy to check.) Anyway, I figure that anybody who gives their credit card to crackers deserves what they get. So, even in the unlikely event that the cracks are real, it's OK. I got enough moral satisfaction out of at least putting up a good fight to make it all worth it. I also learned a lot about cryptography in the process, which ain't all bad.

      (BTW, if you folks think I deserve what I get for selling software, that's OK too. :-)

      • (Score: 3, Funny) by chromas on Saturday March 22 2014, @06:23AM

        by chromas (34) Subscriber Badge on Saturday March 22 2014, @06:23AM (#19623) Journal

        if you folks think I deserve what I get for selling software, that's OK too. :-)

        Actually, I just find it hilarious that you implemented a security scheme you barely understood and you don't know if it's effective. But we'll forgive you since it's just copy protection instead of bank transactions plus you learned crypto.

        • (Score: 1, Funny) by Anonymous Coward on Saturday March 22 2014, @01:09PM

          by Anonymous Coward on Saturday March 22 2014, @01:09PM (#19677)

          Good point. But remember, it was mainly about moral satisfaction. In that regard, it's been a huge success.

      • (Score: 3, Insightful) by Tork on Saturday March 22 2014, @08:30AM

        by Tork (3914) on Saturday March 22 2014, @08:30AM (#19644)
        My anecdote: I wrote some software that, for a time, was quite popular and hyped. It was eventually cracked, and we did nothing about it. If you were to look at our sales records for the entire time that software was available, you wouldn't even be able to make an educated guess as to when the crack was available. Fun fact: We never received one single tech support request over our protection scheme, mainly because it never required calling home. I doubt you did anything but cost your company money during your 'protection' journey. But, give me a little credit. at least you have a food idea as to why I believe this.. Face facts: Everybody's fears that piracy would destroy a product or even a company have gone unfounded.
        --
        Slashdolt Logic: "25 year old jokes about sharks and lasers are +5, Funny." 💩
        • (Score: 5, Interesting) by anubi on Saturday March 22 2014, @12:17PM

          by anubi (2828) on Saturday March 22 2014, @12:17PM (#19673) Journal

          I have been burned before over software with protection schemes. The first sniff I had of it was purchase of Circuit City "divx" disks. When they turned the servers off, the disks were useless.

          Imagine my chagrin when I am tasked by the company to implement our first CAD system ( this was MANY years ago!) , and I knew we were probably going to use this system for 50 years. ( Yes, it was an oil refinery ). When I invest the time and trouble to implement something, I expect it to last. I do not build refinery supports out of lumber. I do not use cheap pumps. I am not running a topsy-turvy try-to-keep-it-running operation. Once installed, stuff is expected to work - for all practical purposes: forever. I have plenty of problems as it is without having to worry about finicky crap. I looked at most technology offerings the way I looked at bad concrete... looks good for the acceptance handshaking, but would it last under the stresses of production?

          I ended up going with Futurenet ( Dash-2 ), under DOS at the time. I had a crack for it. The only reason I felt comfortable with this is because I knew at least if I could maintain compatible hardware, I could keep this thing going.

          Yes, as anticipated, the dongles eventually failed. The program became obsolete and no longer supported. For all I know, its now abandonware.

          Its now going on 30 years old. You know what? IT STILL WORKS!

          I still pull it up once in a while if I need to see how I had wired something years ago. I have that and the companion PCB layout program PADS pwork for DOS. Both still work albeit I have to refresh myself every time I bring it up because I am doing all my new stuff on EAGLE... which was selected for the exact same reason. I expect it to be working 30 years from now as well.

          I have watched a lot of stuff come and go - especially word processors and office type stuff. I consider most of the kind of stuff that software kept track of was extremely ephemeral in nature, as I no longer give much of a damm how many resistors I had in a bin four months ago, but the wiring diagrams to a refinery is to me a horse of a completely different color. You simply do not throw a manufacturing plant away because some MBA did not like the color of one of the distillation columns.

          I no longer work for the company, however I can still use the tools, just as I can still use old screwdrivers and pliers. Finicky software to me is like a wrench that cannot be counted on to do the job. As far as I am concerned, finicky software is mostly to give PHB's a sense of accomplishment by signing for it.

          --
          "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
          • (Score: 2) by Kell on Saturday March 22 2014, @01:34PM

            by Kell (292) on Saturday March 22 2014, @01:34PM (#19686)

            Thank you! This is the most interesting thing I have read all day.

            --
            Scientists ask questions. Engineers solve problems.
          • (Score: 2) by Runaway1956 on Saturday March 22 2014, @05:50PM

            by Runaway1956 (2926) Subscriber Badge on Saturday March 22 2014, @05:50PM (#19761) Homepage Journal

            "Finicky software to me is like a wrench that cannot be counted on to do the job."

            Or, as I was taught, "Always use the right sized wrench!" A Crescent or a Monkey wrench (or some cheap knockoff) may be convenient, but it will never fit as securely as an open and box end wrench that was made to turn that one specific sized nut. Million upon millions of rounded off nuts and bolts prove that you should use the correct wrench!

            --
            If you don't have an assault rifle, sell your cloak and buy one. - Jesus
            • (Score: 2, Interesting) by el_oscuro on Saturday March 22 2014, @09:40PM

              by el_oscuro (1711) on Saturday March 22 2014, @09:40PM (#19806)

              I would agree, as long as I can find the correct size wrench. Unfortunately, the correct size is always the one that is missing. If you were look up "correct size wrench" in the dictionary, it would have a picture of an empty slot in my tool chest. :)

              So sometimes you need to use a crescent. Just make sure to get the original, actual Crescent wrench. They are still made in the USA, and will hold a bolt a lot better than the cheap made in China crap. Same thing goes for Channellock pliers, also still made in the USA. While almost everyone has some knock-off of them in their toolchest, try picking up a Channellock 440. You will not believe the difference in quality.

              --
              SoylentNews is Bacon! [nueskes.com]
              • (Score: 2) by Reziac on Sunday March 23 2014, @04:04AM

                by Reziac (2489) on Sunday March 23 2014, @04:04AM (#19878) Homepage

                The difference is that you'll only buy ONE of the tool made in USA or Germany or Finland, since it will last pretty much forever, and A BUNCH of the cheap Chinese knockoff (or worse, the cheap Indian knockoff) since they keep breaking.

                • (Score: 2) by Runaway1956 on Sunday March 23 2014, @09:34AM

                  by Runaway1956 (2926) Subscriber Badge on Sunday March 23 2014, @09:34AM (#19911) Homepage Journal

                  Uhhhmmm, while I tend to agree with your statement, the conversation wasn't directed that way.

                  No matter how well made a crescent wrench might be, it is a general purpose tool, lacking in precision. It might be "good enough" to turn your nuts and bolts most of the time, but it can't be counted on. A precision built hex wrench or socket will fit the appropriate nuts and bolts exactly, time after time, with no slipping. It only takes one broken knuckle to convince a more intelligent person that precision tools are worth the extra cost. I do own and use slip joint pliers and channel locks, but I never use them on nuts and bolts. Even expensive high dollar crescent wrenches are known to slip when a lot of torque is applied to them. The monkey wrenches I mentioned will take more torque than a crescent, but they will slip too.

                  --
                  If you don't have an assault rifle, sell your cloak and buy one. - Jesus
                  • (Score: 2) by Reziac on Sunday March 23 2014, @06:18PM

                    by Reziac (2489) on Sunday March 23 2014, @06:18PM (#19959) Homepage

                    This too, tho sometimes a person can't be arsed to go find the correct wrench or socket, and vise-grips do the job well enough. Or the damned socket won't FIT in the spot, but vise-grips do.... a situation I have a lot of experience with thanks to the vagaries of fence clamps and irregular fence panels. :( And then there's the crescent wrench I use mostly as a hammer, because it fits conveniently into narrow spots. We won't even discuss how I use the tire iron. :)

                    I'd say the software market, DRM and all has much in common with both situations.

                    What was the question? :)

                    • (Score: 2) by Runaway1956 on Monday March 24 2014, @04:05AM

                      by Runaway1956 (2926) Subscriber Badge on Monday March 24 2014, @04:05AM (#20077) Homepage Journal

                      LMAO at the crescent wrench hammer - that is just to damned true!! Not to mention that the crescent wrench fits into a hip pocket, but a hammer normally stays in the drawer of my toolbox because it doesn't fit into a pocket.

                      --
                      If you don't have an assault rifle, sell your cloak and buy one. - Jesus
                      • (Score: 2) by Reziac on Monday March 24 2014, @05:03AM

                        by Reziac (2489) on Monday March 24 2014, @05:03AM (#20084) Homepage

                        Nonsense. This ball-peen with the busted-off handle (er, without the busted-off handle) that I found in the mud today fits in my pocket just fine!

        • (Score: 0) by Anonymous Coward on Saturday March 22 2014, @01:23PM

          by Anonymous Coward on Saturday March 22 2014, @01:23PM (#19681)

          I don't have any real data on this because this software sells in such small volume (both before and after) that statistics are nearly meaningless. The one data point that I do have is that the crack results no longer appear in the first page or two of search results unless you put in terms like "crack" or "registration key" alongside the product name. I think that's pretty good evidence that it was worth the several weeks I spent on it about four years ago. Or, maybe my marketing or Google search algorithm has simply gotten better.

          Face facts: Everybody's fears that piracy would destroy a product or even a company have gone unfounded.

          That may be true, but it was never about that in my case (see the advice quoted from my friend above). It was about fighting back against vandalism. The people who might use the cracks are thieves, but at least they're getting some benefit from it: when they steal it, I can take some satisfaction in the fact that I'm helping somebody in some way. OTOH, the people who create the cracks are just plain vandals: they damage someone else's property without getting anything out of it themselves.

          Oh, except that they get a fun puzzle to solve. And if that's what they're looking for, I've given them an even funner puzzle to solve. (You're welcome. ;-)

        • (Score: 3, Interesting) by mcgrew on Saturday March 22 2014, @01:54PM

          by mcgrew (701) <publish@mcgrewbooks.com> on Saturday March 22 2014, @01:54PM (#19693) Homepage Journal

          Expected, considering a study a book publisher did a couple of years ago. He wanted to know how badly piracy was hurting sales so he commissioned a study. Unlike a movie or song it takes a few weeks for a book to be scanned, OCRed and uploaded so they looked for a dip in sales when the book hit the internet.

          Rather than a dip in sales there was a spike in sales. Piracy results in more revenue.

          --
          Older than dirt? Kid, I was a BETA TESTER for dirt! We never did get all the bugs out.
          • (Score: 2) by Reziac on Sunday March 23 2014, @04:13AM

            by Reziac (2489) on Sunday March 23 2014, @04:13AM (#19879) Homepage

            That would be Baen, I presume.

            What they also found was that suddenly there was renewed demand for older stuff. Which meant not only was Baen profiting, their authors were profiting, from works that normally would be past their shelf life.

            Baen found this all so enlightening, that they started releasing big swaths of their stuff on redistributable CDs, as a bonus with printed works. Frex:
            http://baencd.thefifthimperium.com/ [thefifthimperium.com]

            • (Score: 2) by mcgrew on Sunday March 23 2014, @05:21PM

              by mcgrew (701) <publish@mcgrewbooks.com> on Sunday March 23 2014, @05:21PM (#19952) Homepage Journal

              Thanks, I didn't remember everything from the article. It probably was Baen.

              --
              Older than dirt? Kid, I was a BETA TESTER for dirt! We never did get all the bugs out.
      • (Score: 1) by khakipuce on Monday March 24 2014, @09:38AM

        by khakipuce (233) on Monday March 24 2014, @09:38AM (#20143)

        The thing is it is analogous to process that causes string to be tangled. There are very many ways in which a piece of string can be tangled and only one way in which it is untangled. So statistically it pretty much always ends up tangled.

        Your software is the same, there are very many ways of cracking a software activation code and you have to find and block each and every one. An attacked only has to find one of the many that you have missed.

  • (Score: 5, Insightful) by Tork on Saturday March 22 2014, @02:55AM

    by Tork (3914) on Saturday March 22 2014, @02:55AM (#19577)
    "Can there exist a fool-proof and hack-proof method of protecting your software against piracy?" Let's say you make a $10 profit on every copy of your software sold. In order for somebody to use that software, however, they have to 'activate' it on the internet every time they install it. Every year that goes by, that $10 gets closer to zero because you're paying people to maintain that activation system. Every time it goes wrong you pay for it with bad PR. Is that really the path you want to go down? If so then you need to ask yourself one more question: Are you really going to see more money in your pocket over it? Bear in mind that it has never actually been proven that anti-piracy methods have, at all, increased profit.
    --
    Slashdolt Logic: "25 year old jokes about sharks and lasers are +5, Funny." 💩
    • (Score: 5, Insightful) by chromas on Saturday March 22 2014, @03:20AM

      by chromas (34) Subscriber Badge on Saturday March 22 2014, @03:20AM (#19590) Journal

      Every time it goes wrong you pay for it with bad PR.

      And support costs. There are even legitimate paying customers who crack the software just to get around any problems the copy protection introduces.

      The software mentioned, and many others products, are as easy to get as download demo, insert key. Some do require a little patching. Nothing more complex. Yet the companies are still in business making software (even if it is buggy) and raking in moneys. Doesn't it say something that Adobe, Corel, MAXON, Microsoft (recently) and even Sony Creative Software (who acquired Sonic Foundry's products when they went Beta) just aren't that worried over buttpiracy?

    • (Score: 1, Offtopic) by Tork on Saturday March 22 2014, @04:02AM

      by Tork (3914) on Saturday March 22 2014, @04:02AM (#19598)
      Why is my previous comment 'overrated'?
      --
      Slashdolt Logic: "25 year old jokes about sharks and lasers are +5, Funny." 💩
      • (Score: 5, Funny) by chromas on Saturday March 22 2014, @04:12AM

        by chromas (34) Subscriber Badge on Saturday March 22 2014, @04:12AM (#19603) Journal

        There's only one possible explanation: A DRM salesman has modpoints ☺

      • (Score: 2, Interesting) by Tork on Saturday March 22 2014, @06:57AM

        by Tork (3914) on Saturday March 22 2014, @06:57AM (#19629)
        Not off-topic. If something is wrong with my post and the 'why' isn't clear, a challenge of the moderation is warranted.
        --
        Slashdolt Logic: "25 year old jokes about sharks and lasers are +5, Funny." 💩
      • (Score: 5, Insightful) by clone141166 on Saturday March 22 2014, @07:17AM

        by clone141166 (59) on Saturday March 22 2014, @07:17AM (#19632)

        If you scan through the comments you'll see that someone has gone through and modded most of the comments pointing out that anti-piracy measures are not the best approach to stopping piracy as -1 Overrated.

        I think the moderation system on SoylentNews is still in need of a rework. It was okay while the site was just starting out, but giving users 10 mod points all at once that expire very quickly seems to promote these sort of "mod attacks". 10 mod points is too much power to be placed in the hands of a single user all at once. At least moderation is limited to one-per-comment, which helps mitigate this.

        I have also noticed that sometimes a single moderator will go through and mod all of a user's posts (even on unrelated stories) -1 Overrated simply because the user has made a single comment somewhere that has angered the moderator. A privacy option to prevent non-friended users from being able to view the list of comments you have made would stop this, but alas, no such option exists.

        • (Score: 2, Insightful) by Tork on Saturday March 22 2014, @08:18AM

          by Tork (3914) on Saturday March 22 2014, @08:18AM (#19643)
          It would appear that the Slashdot Beta has brought not only refugees, but moms-basement-dwelling trolls as well. Welp, fine with me, this account is only a day old. The mod-points spent on me are worthless.
          --
          Slashdolt Logic: "25 year old jokes about sharks and lasers are +5, Funny." 💩
        • (Score: 1, Insightful) by Anonymous Coward on Saturday March 22 2014, @10:24AM

          by Anonymous Coward on Saturday March 22 2014, @10:24AM (#19658)

          giving users 10 mod points all at once that expire very quickly seems to promote these sort of "mod attacks"

          I don't think a quick expiry time is a big factor in this kind of attack (assuming that's what has happened here). If expiry time was longer, someone tempted to be a bad moderator would then be more able to wait for a story that they were particularly keen to influence, and still be able to use all 10 mod points on that one story.

          I know the expiry of points is tough psychologically, because it feels like you've wasted them. But actually the system can be (and I suspect already is) designed so that the overall amount of moderation happening is fairly constant, even on days when a higher proportion than normal of users failed to use their points.

          Instead, maybe we shouldn't get to choose which stories we could use mod points in? So, the system chooses potential stories for us? Again, there's a psychological issue there, but perhaps not insurmountable.

          Maybe we should limit to 5 points per story? But in the past I've used all 10 points on just 1 story and felt justified in doing so.

           
          Perhaps rather than countermeasures for this specific issue, and for the other issue you mentioned (one person being targeted), we just need to promote more heavily what counts as good moderation in general. To start with, instead of saying "you have 10 mod points", it could say "you have the possibility of 10 mod points. Click here to accept" which then takes you to the screen of moderation guidelines, "Do you understand these guidelines? Yes / No".

          And maybe meta-moderation is part of the answer?

           
          (Posting AC to avoid un-un-doing the example of bad moderation that triggered this discussion.)

          (N.B. I had already decided to cancel out Tork's down-mod even before I saw his complaint about it, so please have some faith that 1 bad apple will normally be buried under 20 good apples, so to speak.)

          • (Score: 1) by Refugee from beyond on Saturday March 22 2014, @12:55PM

            by Refugee from beyond (2699) on Saturday March 22 2014, @12:55PM (#19676)

            >Maybe we should limit to 5 points per story?

            Where can I vote for 3?

            --
            Instantly better soylentnews: replace background on article and comment titles with #973131.
        • (Score: 3, Interesting) by lhsi on Saturday March 22 2014, @01:11PM

          by lhsi (711) on Saturday March 22 2014, @01:11PM (#19678) Journal

          I've had an overrated mod on a post that was otherwise unrated, which made no sense.

          I think if someone uses most of their mod points on negative mods their moderations should be reviewed to avoid abuses like that. The guidelines say to try to stick to positive mods anyway.

          • (Score: 1) by el_oscuro on Saturday March 22 2014, @09:55PM

            by el_oscuro (1711) on Saturday March 22 2014, @09:55PM (#19811)

            The same thing happened to me on my first moderated comment on The Other Site, almost 10 years ago. My karma sucked for months afterwards. SN should have a preview button moderation too, as well as a meta moderation system.

            --
            SoylentNews is Bacon! [nueskes.com]
        • (Score: 2) by TheloniousToady on Saturday March 22 2014, @02:09PM

          by TheloniousToady (820) on Saturday March 22 2014, @02:09PM (#19697)

          ...giving users 10 mod points all at once that expire very quickly seems to promote these sort of "mod attacks".

          In my own case, the fact that they expire so quickly means that I virtually never use them. If I got 5 points that lasted for three days rather than 10 points that last 3 hours (or less?), I'd start using them. On the other site, I had gotten into the habit of deploying my mod points with great deliberation.

          That said, I apologize for the dereliction of duty. I'm glad that others of you are using them - we all enjoy getting modded up. :-)

        • (Score: 2, Insightful) by DNied on Saturday March 22 2014, @05:11PM

          by DNied (3409) on Saturday March 22 2014, @05:11PM (#19745)

          someone has gone through and modded most of the comments pointing out that anti-piracy measures are not the best approach to stopping piracy as -1 Overrated.

          I think the moderation system on SoylentNews is still in need of a rework. It was okay while the site was just starting out, but giving users 10 mod points all at once that expire very quickly seems to promote these sort of "mod attacks".

          Where "mod attack" is defined as "moderation you don't agree with" ?

          • (Score: 2) by clone141166 on Sunday March 23 2014, @03:27AM

            by clone141166 (59) on Sunday March 23 2014, @03:27AM (#19874)

            Fair point; the definition in my mind would be more along the lines of a "mod attack" being the use of moderation points by a *single* user to *disproportionately* influence the moderation of comments in relation to the moderations applied by other users (regardless of whether they are down-modding or up-modding).

            A single user modding up every comment questioning anti-piracy measures would be equally bad, though obviously much less likely to provoke a response.

            It is my belief that the transient nature of the mod points in the current moderation system causes them to be somewhat devalued. If you are given $100 of credit that expires in 4 hours, you will probably purchase some necessary/useful items, but whatever is left over you are *probably* (will vary on personality and circumstance) going to waste it on something frivolous rather than not buying anything at all. Whereas if you are given $50 of credit that has to last you a week or a month, you are much more likely to hold on to it and only spend it on things that you absolutely need.

            I just think that smaller quantities of longer lasting points would promote a more frugal application of mod points. If someone under these circumstances were to save up 10 mod points and apply them ALL to one story, similar to what has happened here, then you know that at least it was something they *really* cared about, rather than it just being something they did haphazardly to use up mod points before they expire because why-the-heck-not.

            It's not really a big deal though, most of the time moderations applied by other users will drown out the problem. For the most part the current moderation system seems to work okay, but there's always room for improvement in any system.

            • (Score: 2) by Reziac on Sunday March 23 2014, @04:19AM

              by Reziac (2489) on Sunday March 23 2014, @04:19AM (#19882) Homepage

              That's my feeling too, and I take moderating seriously. I'd rather not have to rush around... well, what really happens is that I wind up not using most of 'em. When I have 3 days to spend 'em, I too feel that I can be more judicious in how I spend them.

        • (Score: 2) by Foobar Bazbot on Saturday March 22 2014, @05:30PM

          by Foobar Bazbot (37) on Saturday March 22 2014, @05:30PM (#19753) Journal

          A privacy option to prevent non-friended users from being able to view the list of comments you have made would stop this, but alas, no such option exists.

          That option exists; it's called "[X] Post Anonymously". If that's not what you had in mind, perhaps you should take a moment to consider the implications of sophisticated spidering tools such as wget...

          • (Score: 2) by clone141166 on Sunday March 23 2014, @02:57AM

            by clone141166 (59) on Sunday March 23 2014, @02:57AM (#19867)

            Posting anonymously could be used to mitigate the problem, however it is a suboptimal solution. I love that SN has the ability to post anonymously, although I have never used this functionality yet. That said, suggesting that registered users should hide by posting anonymously just because their comments might incite debate or disagreement is hardly something that we should be promoting.

            And yes there are ways to scrape all comments from a user beyond looking at their user profile. But all of these methods require additional skill and effort, creating a higher technical barrier to performing this kind of abuse (no I don't need a wget example pasted in response; I realise it's not that difficult, but it requires effort beyond just clicking on hyperlinks).

            Ignoring the effort required to implement the feature, I don't see what the down-side of having the *choice* to prevent unfriended users from being able to view your list of recent comments would be?

            • (Score: 2) by Foobar Bazbot on Sunday March 23 2014, @07:42AM

              by Foobar Bazbot (37) on Sunday March 23 2014, @07:42AM (#19896) Journal

              That said, suggesting that registered users should hide by posting anonymously just because their comments might incite debate or disagreement is hardly something that we should be promoting.

              Well, I agree. But you're the one advocating that registered users should hide for fear of mod abuse; I'm just saying anyone who does feel the need to hide should hide behind an opaque object, while you're saying we should hand them a sheet of plexiglass and assure them that it's good concealment, and can't be seen through without "additional skill and effort".

              Ignoring the effort required to implement the feature, I don't see what the down-side of having the *choice* to prevent unfriended users from being able to view your list of recent comments would be?

              "Ignoring the effort required" is silly, because absent any real benefit, the effort required is enough reason not to implement it.

              But I'll play along: ignoring the cost of implementation, the downside is providing users a false sense of security, leading them to post pieces of information across many posts that, in total, represents a profile they'd rather not share, in the belief that any aggregation of these pieces will be limited by human memory.

        • (Score: 0) by Anonymous Coward on Sunday March 23 2014, @05:25PM

          by Anonymous Coward on Sunday March 23 2014, @05:25PM (#19953)

          Being able to look at a user's posting history can also help you determine whether someone has a history of trolling or astroturfing. Another option would be to use Big Data analysis techniques to identify trolls. That would be expensive, but perhaps could be sold as a value-added service.

    • (Score: 5, Insightful) by Sir Garlon on Saturday March 22 2014, @11:30AM

      by Sir Garlon (1264) on Saturday March 22 2014, @11:30AM (#19665)

      Try asking yourself, "how much profit do you make by preventing unlicensed copying?"

      Answer: negative money. You make money by getting people to pay for your software, not by stopping them from not-paying for it. This is a subtle distinction but it is a critical one to understand because the harder you fight against "piracy," the more money you will lose. This, BTW, explains why no one does a better job of it. That would cost more and not improve revenue.

      The real question you should be asking is "how do I get people to pay more money for my software?" There are two answers, equally obvious: convince them it's worth more money, or sell to more people. DRM does not help you with either.

      --
      [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
      • (Score: 0) by Anonymous Coward on Monday March 24 2014, @12:35AM

        by Anonymous Coward on Monday March 24 2014, @12:35AM (#20014)

        You make the key point - a lot of companies have yet to learn this lesson. (Typical attorneys hate to lose anything, including a possible license fee.) In my experience you lose customers/revenue or have to refund customers because of DRM problems.

        We could spend X hundred hours building a hack-proof DRM system which cash paying customers would hate and not add any value to the product. Or put the same time into adding new value to our products and services. Which will increase sales?

        Another twist to the DRM debate is that some large companies apparently don't really care about piracy in some markets because they know their pirated copies are preventing local competitors/startups from making sales and getting established.

  • (Score: 5, Insightful) by clone141166 on Saturday March 22 2014, @03:02AM

    by clone141166 (59) on Saturday March 22 2014, @03:02AM (#19582)

    Why are your users choosing to pirate your software?

    The question in this story is akin to a government saying "We spent all this money on the police and non-lethal weaponry, why can't we disperse riots quickly?" Instead of asking why the riots are occurring in the first place.

  • (Score: 2, Interesting) by Konomi on Saturday March 22 2014, @03:06AM

    by Konomi (189) on Saturday March 22 2014, @03:06AM (#19585)

    You can't, anything you do will lose you more customers due to frustration. I have dumped many software projects that make things harder. If you want to stay with a pay me for the compiled binaries model, I recommend appealing to peoples generosity and trying to bother them as little as possible.

    Or just switch to a better model for your software to make money...

  • (Score: 4, Insightful) by akinliat on Saturday March 22 2014, @03:07AM

    by akinliat (1898) <akinliatNO@SPAMgmail.com> on Saturday March 22 2014, @03:07AM (#19586)

    Yes. Charge a fair price.

    It's really just that simple. Take Snow Leopard, for instance. I could have pirated it, because I really wouldn't have wanted to spend money on something that I wasn't really going to use or need (I was just curious and wanted to play with it a bit).

    But Apple only charged $40 for a CD. Forty lousy bucks. I pay more for a tank of gas. For that little money, it just wasn't worth the effort to pirate a copy.

    • (Score: 1) by ramloss on Saturday March 22 2014, @04:29AM

      by ramloss (1150) on Saturday March 22 2014, @04:29AM (#19610)

      In addition to a fair price, sell it to me! Please shut up and take my money!. Look, I'm not in the USA or Europe; but I can walk into a Walmart or equivalent and buy an iTunes card with cold, hard cash an then proceed to buy apps for my ipod or mac. No (international) credit card, nothing, just cash and I can buy reasonably priced software. Imagine selling hundreds of millions of copies of your software, that way you can afford to sell it for a few US$. Think about India, China, Latin America or Africa, there are literally billions of people that could potentially buy your software if only you could sell it to them, bonus points if it doesn't cost more than one month's salary.
      On the other hand, if you software is so specialized that only a few people would want it, just use a hardware dongle and be done with it; hell, in that case just keep a registry of all your clients, make the software phone home and contact the client that dares to install it in more machines that you allow them to. Better yet, make your lawyers contact them, that'll teach those bastards!.

      • (Score: 1) by spxero on Saturday March 22 2014, @04:22PM

        by spxero (3061) on Saturday March 22 2014, @04:22PM (#19733)

        I agree wholeheartedly with this- make it easy, but if only a few people use your software make it phone home and require a USB dongle.

        The only other option if you want to completely lock down AND charge a premium for your software is to change to a SaaS model. Supply your app in a terminal server environment, Citrix, or some other VDI environment. But also be prepared to keep up with supporting the infrastructure, keeping a tight grip on customers, and rely heavy on support.

    • (Score: 0) by Anonymous Coward on Saturday March 22 2014, @06:13AM

      by Anonymous Coward on Saturday March 22 2014, @06:13AM (#19622)

      But Apple only charged $40 for a CD.

      I chucled at the prices on eBay for it since
      you can buy it today for $20 from Apple.

    • (Score: 1) by Cyberdyne on Sunday March 23 2014, @06:55AM

      by Cyberdyne (403) on Sunday March 23 2014, @06:55AM (#19893)

      "Charge a fair price. It's really just that simple."

      Not quite. It is also a matter of "available payment options" and issues with identity theft. i.e. I wouldn't buy anything with Paypal, no matter how cheap it was. I get stuff for free because it's quicker and more anonymous. Price rarely has anything to do with it.

  • (Score: 3, Interesting) by kristian on Saturday March 22 2014, @03:29AM

    by kristian (2395) <kristianNO@SPAMwaffl.in> on Saturday March 22 2014, @03:29AM (#19591) Homepage

    Piracy is difficult to prevent and hasn't even been shown to be a net bad. Piracy can be great for publicity and can boost sales. Microsoft knows this. They turned blind eye to Windows piracy in China because they knew that if they didn't they would lose the market.

    --
    The opinions expressed in this post are those of the individual sender and not those of Kristian Picon.
    • (Score: 2) by Reziac on Sunday March 23 2014, @04:27AM

      by Reziac (2489) on Sunday March 23 2014, @04:27AM (#19884) Homepage

      Back in the olden days, WordPerfect Corp's support was extended even to pirated copies. The goodwill that generated sold a lot of upgrades. In my observation, WP's market decline wasn't initiated by the Windows/Word thing, but rather by a shift of policy to only supporting proven-paid customers... which kinda killed that previously-healthy "chomping at the bit to buy an upgrade" market generated by pirated copies.

  • (Score: 2, Insightful) by Anonymous Coward on Saturday March 22 2014, @03:37AM

    by Anonymous Coward on Saturday March 22 2014, @03:37AM (#19593)

    Security is not about perfect protection. It is about the cost involved.
    Your front door is easy to kick in. Why not have a door made of steel? Right. Because the thief gets taken by officers of the law if caught. Same thing in software. They are not '100% fool proof protecting' their software. Too expensive. They are making it costly enough that most people will pay.

  • (Score: 4, Interesting) by ancientt on Saturday March 22 2014, @03:47AM

    by ancientt (40) <ancientt@yahoo.com> on Saturday March 22 2014, @03:47AM (#19595) Homepage Journal

    You can't sell a series of bits that can be copied easily without having some people decide to skip the buying part. However, you can sell the service that your software provides if you run the software on your own computers to provide the service your customers want. Google, Facebook, Twitter etc prove this. You might be able to get any of those systems to run on your own computers but the service they provide isn't the same as the software they use to provide it. The key to making big money with software is not to sell the software, but run it to provide the service that you do sell.

    On the other hand, if you provide software that people can run on their own computers at a reasonable price and provide good service and regular updates to your customers, most will be willing to pay for it. I was working for a small software company (golden geek card to you if you can name it) which provided software which was useful on its own. It came with basic piracy prevention and an activation process to remove a "demo" watermark. I still remember the call where the customer explained that he had been paying for the software but hadn't gotten the paid version because it was so easy to bypass the protection. I was shocked because I hadn't realized how easy it was to remove the protection and at the same time, my faith in humanity was a little renewed to know that even people who could steal wouldn't necessarily steal simply because it was easy.

    --
    This post brought to you by Database Barbie
    • (Score: 0) by Anonymous Coward on Saturday March 22 2014, @02:55PM

      by Anonymous Coward on Saturday March 22 2014, @02:55PM (#19708)

      There are many revenue models for software, and the online-service-with-advertising model such as Google et. al. use certainly can be successful. But it doesn't apply to every case. In particular, it only works for very large user bases. Maybe they get a fraction of a cent or whatever for each page view. Essentially, advertising is an efficient form of micro-payment. But those folks are all trying to figure out how to best monetize mobile, which isn't well suited to advertising due to the high premium that users place on screen space.

      OTOH, if you sell specialized software in small volume, this sort of model doesn't work at all. My experience has been that most users won't pay unless you motivate them. There certainly are exceptions. One of my customers got what he needed from the trial version, then paid for the real thing out of gratitude. Very nice - and very exceptional.

      In my own case, I'm unlikely to pay unless I have to simply due to the time and trouble involved, even though I've been on the other side of that. For example, I used WinZip for many years but never paid for it because they never made me, though I would have if they had. Luckily, 7-Zip came along to relieve my guilt.

      Piracy may actually be part of a business plan, as has been mentioned with Microsoft. A related example is authors who provide their book for free in .pdf form on the web in order to help sell copies. In effect, buying it is a form of supportive donation. But I don't think it works for everybody. There's a reason that various forms of DRM still exist: although it doesn't work in every case, it still works in selected cases. For example, I use Matlab via a Flex license, and each time we run out of license seats (which is purely artificial scarcity) we are a little more motivated to buy more seats. Meanwhile, the Matlab folks nearly give away the student version (to sell expensive seats when students become professionals), and, of course, Octave, a high-quality Matlab clone, is available for free. But I can't imagine the Matlab revenue going up if they removed the Flex license.

  • (Score: 4, Insightful) by The Archon V2.0 on Saturday March 22 2014, @03:50AM

    by The Archon V2.0 (3887) on Saturday March 22 2014, @03:50AM (#19596)

    The second the compile completes, toss your PC in a volcano. Literally. Code on a laptop, take it to the rim of an active volcano, away from any wifi connections or other link to the outside world, compile, and toss it in. If you distribute it, someone will pirate it. If there's no DRM, people will distribute it. If there is DRM, people will crack it - if only for the bragging rights - and distribute it. I forget what game it was (I'm thinking The Witcher...?), but there was one game that came out in DRM and DRM-free flavors. The first popular torrent was a cracked DRM copy.

    Asking for a foolproof way to stop piracy is like asking for a foolproof way to stop robberies or shoplifting or littering or jaywalking or literally any other crime. If it were possible to bring defection to nil someone would have figured it out because every dictatorship in the world would do anything to anyone for any amount of money to make certain crimes (like plotting against the government) impossible. If it is possible someone will do it.

    One must strike the right balance, but the problem is the balance has dozens of pans, not just two. It's not cost of piracy vs. cost of DRM, it's cost of piracy vs. cost of DRM vs. convenience to customer vs. keeping investors happy vs. cost of support vs. cost of lost goodwill (people don't like being treated like crooks) vs. bad word-of-mouth (any security will catch a few innocents in its net, and you can bet they'll take to Twitter to rant about it) vs. etc. etc. etc.

    Ultimately, what's best depends on what you're selling. Games, if you're not AAA then about the most onerous you can get is Steam (and for some of us, even that's too much). The more in-demand the product, the worse you can get because people will put up with more before giving up. High-demand games can require their own user account/login/Origin-type affair. Rare things like software for running a vinyl cutter or screen reader software for the blind can get away with everything short of murder simply because their software so expensive that any level of DRM is fiscally justified and their competition is nonexistent. What are you going to do? Cut all your vinyl by hand? Regrow your eyes? If it's too rare to be on cracker's radar and critical to someone's livelihood, you can make the software one-install only and boo hoo if your HDD crashes.

    "Serial number/activation key" isn't the best, perhaps, but it strikes the best balance for the companies that use it.

    • (Score: 2) by chromas on Saturday March 22 2014, @04:26AM

      by chromas (34) Subscriber Badge on Saturday March 22 2014, @04:26AM (#19607) Journal

      Asking for a foolproof way to stop piracy is like asking for a foolproof way to stop robberies or shoplifting or littering or jaywalking or literally any other crime. If it were possible to bring defection to nil someone would have figured it out because every dictatorship in the world would do anything to anyone for any amount of money to make certain crimes (like plotting against the government) impossible. If it is possible someone will do it.

      You're right on, there. While software copy protection itself is fairly new, the ideas behind it are not. People trying to keep each other compliant is ancient. DRM is just that…but…on a computer!

  • (Score: 2, Informative) by Ken_g6 on Saturday March 22 2014, @03:56AM

    by Ken_g6 (3706) on Saturday March 22 2014, @03:56AM (#19597)

    Back in the day, this was the way to protect really expensive software. Have the dongle sign something with a PGP key, protect the hardware from hacking (I hear there are ways), and that should do it.

    • (Score: 1) by axsdenied on Saturday March 22 2014, @04:10AM

      by axsdenied (384) on Saturday March 22 2014, @04:10AM (#19601)

      Dongles are still in use (for some software). However, they increase the cost and this approach is not hack proof. Nothing is...

    • (Score: 1) by The Archon V2.0 on Saturday March 22 2014, @05:10PM

      by The Archon V2.0 (3887) on Saturday March 22 2014, @05:10PM (#19743)

      These days, though, that makes the sale harder (because digital distribution is impossible - the customer is going to have to wait for something to arrive via mail, which is a tick against you if there's a competitor who doesn't have that). Also, the software itself is still a target, so you need to harden the software so it's not a matter of changing the right JE opcode to a JNE. And while the software is an easier attack because you can't break your only copy, little hardware is truly tamper-proof, especially if you need that hardware to work on any PC with a USB port or hub.

      PGP is encryption, meant to stop attacker A from intercepting or faking a communication between B and C. Simple. But in this scenario (or scenarios like CSS on a DVD), who are A, B, and C?

      Are B and C the customer and the software package? Then A is B. This is like using encryption to protect your e-mails from the NSA, when you only e-mail someone who works in the NSA's SIGINT section.

      Are B and C the software and the dongle? Well, then A OWNS both of them and the infrastructure by which they communicate, and can do as he pleases with them. Even if Jehovah can't factor the product of large primes, he can crack open the heads of B and C and make them more amenable to his plans.

      This is the core problem with copy protection: The customer is the attacker. You have to give easy access to the person who you want to keep from accessing it, because when someone with cracking skills buys your software his evil bit isn't set for you to check.

  • (Score: 2, Insightful) by M. Baranczak on Saturday March 22 2014, @04:09AM

    by M. Baranczak (1673) on Saturday March 22 2014, @04:09AM (#19599)

    If you want people to use your ones and zeros, they must be able to read them. If they can read them, they can copy them. You can prevent this if you have complete control over the hardware, but in practice that's pretty difficult, since it's not actually your hardware.

  • (Score: 2, Insightful) by bill_mcgonigle on Saturday March 22 2014, @04:10AM

    by bill_mcgonigle (1105) on Saturday March 22 2014, @04:10AM (#19600)

    Yes, you can stop copying if you never give them the code. Whether that's running a web service or existing in a sealed device. It just won't work on a general purpose computer.

    But allow me to suggest you worry more about making money than stopping copying. Redhat gives away its code and is worth billions of dollars. Microsoft worth even more and its software is widely copied.

    If there's some reason why stopping software copying is more important than making money, then you should explain those reasons.

  • (Score: 5, Insightful) by TheLink on Saturday March 22 2014, @04:11AM

    by TheLink (332) on Saturday March 22 2014, @04:11AM (#19602) Journal

    Sure: Software as a Service or similar.

    People are still paying Blizzard for WoW. You can hack the client and play it on your own servers if you want, but it ain't gonna be the same thing ;).

    Works as long as you can put some/most of the stuff that the users need/want on hardware that you control. The more of the stuff is on hardware you control the harder for someone to create a substitute for it.

    If the user's machine is a mere "terminal" and you control the "mainframe", it's not so easy for the user to pirate your software.

    • (Score: 1) by SuperCharlie on Saturday March 22 2014, @04:24PM

      by SuperCharlie (2939) on Saturday March 22 2014, @04:24PM (#19734)

      This was also my first thought. It is also one of the things I would never buy since even the mighty Google has good/great SaaS they regularly kill. The downside for this is it has to be sold as a subscription as you have ongoing server costs or priced with an EOL in mind which would throw in major costs upfront. In the scheme of things this is the only way to do it imho, and it still stinks :)

  • (Score: 4, Insightful) by dcollins on Saturday March 22 2014, @04:12AM

    by dcollins (1168) on Saturday March 22 2014, @04:12AM (#19604) Homepage
    "Trying to make digital files uncopyable is like trying to make water not wet." -- Bruce Schneier, 2006 https://www.schneier.com/blog/archives/2006/09/mic rosoft_and_f.html [schneier.com]
  • (Score: 0) by Anonymous Coward on Saturday March 22 2014, @04:30AM

    by Anonymous Coward on Saturday March 22 2014, @04:30AM (#19611)

    open source it

    • (Score: 0) by Anonymous Coward on Saturday March 22 2014, @10:21AM

      by Anonymous Coward on Saturday March 22 2014, @10:21AM (#19656)

      Although "open source" should be "free software" and "piracy" should be "unauthorized copying".

      This is the only way.

    • (Score: 1) by HiThere on Saturday March 22 2014, @07:21PM

      by HiThere (866) on Saturday March 22 2014, @07:21PM (#19778) Journal

      That's my favorite answer. Actually, I prefer the AGPL3, but any of the GPLs so far is acceptable. So is BSD or MIT, though I'd prefer not to use them. (For some purposed they are really the superior choice, but I'm not trying to implement standards.)

      FWIW, offering code under a GPL license doesn't prevent you from also selling it...though it puts limits on what you can charge.

      --
      Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
  • (Score: 4, Interesting) by keplr on Saturday March 22 2014, @05:54AM

    by keplr (2104) on Saturday March 22 2014, @05:54AM (#19621) Journal

    Make great software, sell it at a decent price, and don't try to restrict your users. That's the best you can do, and it's surprisingly effective.

    --
    I don't respond to ACs.
    • (Score: 2, Interesting) by Anonymous Coward on Saturday March 22 2014, @12:22PM

      by Anonymous Coward on Saturday March 22 2014, @12:22PM (#19674)

      don't try to restrict your users

      Years back, it was decided by Cadsoft to add DRM to their product, EAGLE (an ECAD for producing printed circuit boards).
      If you don't use the product exactly the way they intended, your work product becomes locked.
      The presence of DRM is, of course, not mentioned anywhere in the license.
      Paid-up users got sucker-punched by this and tried to get their work unlocked by the company.
      The company said NO.
      I mention this every chance I get.
      I don't know the total number of people I convinced to bypass Cadsoft, but I do know the number is not zero.

      This shit only hurts your real customers, Don't ever do it. It backfires.

      -- gewg_

  • (Score: 2) by neagix on Saturday March 22 2014, @08:10AM

    by neagix (25) on Saturday March 22 2014, @08:10AM (#19637)

    You can't because the CPU has to execute instructions that are transmitted "in clear".

    To make you happy we would have to run DRM-protected software and/or an extension of TPM.

    No thanks.

  • (Score: 3, Insightful) by Debvgger on Saturday March 22 2014, @08:39AM

    by Debvgger (545) on Saturday March 22 2014, @08:39AM (#19646)

    Implement it as an ASIC. But you will be broke fast.

  • (Score: 2) by sjames on Saturday March 22 2014, @09:15AM

    by sjames (2882) on Saturday March 22 2014, @09:15AM (#19647) Journal
    The problem is intractable. It's my machine (or virtual machine). I can make your software see anything I want it to see through virtualization. I can patch it as I see fit. Meanwhile, there has to be some set of conditions that cause it to run or your legitimate customers couldn't run it.

    The closest you can get is to have a server that the software depends on. That might fly for games (though you will lose some of your customers), but not for an OS or many other apps. Even that isn't imposssible to overcome but it raises the bar.

  • (Score: 1, Insightful) by Anonymous Coward on Saturday March 22 2014, @09:19AM

    by Anonymous Coward on Saturday March 22 2014, @09:19AM (#19648)
    In the security area, one of the dogma is that there is no client side security. I do believe this to be true. Once your software is out of the house and runs at the customer's site, she can break your security.
  • (Score: 3, Interesting) by einar on Saturday March 22 2014, @09:36AM

    by einar (494) on Saturday March 22 2014, @09:36AM (#19649)
    What strikes me as funny is that in such discussions there are always comments hinting that piracy is something good. I would like to counter this by reminding what we lose due to piracy. There is software never written because its business case crumbled due to piracy.

    Simple example: MythTV, a linux-based media center suffered from the lack of an electronic program guide; at least for central Europe. Collecting the program data and distributing it would have cost money. Some TV stations charged you for this information. So, you have to invest money which you might later get back over license or subscription fees. Years ago, on a popular German MythTV board, I started a small survey to learn who would be willing to pay a monthly subscription for an electronic program guide. The survey showed interest but also revealed that the majority would be willing to pay one euro "because they can then share the data". Estimating the user base, my business case felt apart. Back then, I did not establish an EPG for MythTV for central Europe.

    Now you can argue, ok, obviously not enough people wanted to have it. However, back then, I believe there would have been enough people interested in the software. MythTV users suffered really from not having one. Yet, already from the start you could feel that piracy would break your business plan. Better not to start.
    • (Score: 0, Interesting) by Anonymous Coward on Saturday March 22 2014, @11:23AM

      by Anonymous Coward on Saturday March 22 2014, @11:23AM (#19664)

      Germs are good because they force organisms to react in ways that make the organism stronger. Sometimes they make the organism develop better germ fighting tools, sometimes they kill the weaker organisms and narrow the gene pool down to the fittest. If you raise children with no exposure to germs, they become very ill when they're later inevitably exposed to germs. If all the "bad" germs were completely eliminated one day then for a while people would seem to flourish, but eventually things that weren't considered dangerous before the bad germ elimination would become dangerous to those who hadn't developed defenses. Germs are bad because they make people sick and kill people, but there is a reasonable balance of some bad germ exposure being healthy.

      Sometimes a germ will come along and kill off an entire species. That's almost never good. Sometimes someone will make it virtually impossible to incentivize good software. That's almost never good.

      Software piracy is much like fighting bad germs. There are times when it is prudent, or even critical to combat it, but its existence and prevalence ensures that some work is put into researching and testing ways to stop it. That makes it possible for people who couldn't effectively minimize piracy on their own to learn or reuse strategies which are effective.

      Don't go around licking people's shoes. Taking too many chances with germs is bad, just like having a software piracy free for all is bad. Do get enough exposure to the real world of germs and software piracy so that you are able to understand and react appropriately when you encounter them.

      Sometimes the best way to fight piracy is to not bother fighting it because your standard defense of trusting reasonable people to compensate you is enough. Sometimes the best way to fight piracy is to force anyone who needs to use your software to come to your secured site and divest them of electronics and monitor everything they do. (Yes, there is such a case, and I'd love to have a tour but I don't expect they're giving any unless you're a money man... and maybe not then, plausible deniability and all.)

  • (Score: 2) by RamiK on Saturday March 22 2014, @10:46AM

    by RamiK (1813) on Saturday March 22 2014, @10:46AM (#19659)

    It doesn't matter how much effort you put into it if there is no market for it. The truth is there is very little market for photo-editing software and even quality word-processing and spreadsheets. These are professional tools that people just like using as long as they don't have to pay for them.
    The people that are buying them do so because everyone else seem to be using them and they don't know how to pirate them. Once all the semi-competent high-school students start installing Linux and LibreOffice since they can't get Word for free, how long would it take before everyone else follow suit? This isn't even a rhetorical question anymore since we've seen this happen with Google Docs.

    TL;DR: Just because you're spending 30yr creating the ultimate word processor, doesn't mean 99% of word processor users need it or are willing to pay for it.

    --
    compiling...
  • (Score: 2) by isostatic on Saturday March 22 2014, @01:39PM

    by isostatic (365) on Saturday March 22 2014, @01:39PM (#19688) Journal

    Water canons, armed guards, and of course avoid the areas off Somalia, or even just fly your software (and hope it's not on MH370)

    However you'll be better off sending your software via ip rather than shipping it, pretty hard to pirate it then!

  • (Score: 2) by sjames on Saturday March 22 2014, @05:45PM

    by sjames (2882) on Saturday March 22 2014, @05:45PM (#19760) Journal

    Keep in mind that copy protection will also make your software fragile and so will lower user perception of quality.

    Most software is designed to be robust (the objective in't always accomplished, but it is an objective), but copy prevention is necessarily the opposite.

  • (Score: 0) by Anonymous Coward on Saturday March 22 2014, @06:28PM

    by Anonymous Coward on Saturday March 22 2014, @06:28PM (#19768)

    If there was only one impoverished child in this world who sought refuge and respite from depression and engaged in piracy as their only means of escape. Pirating tv-shows, games, software to keep their mind occupied with better things than thoughts of suicide.

    Then that would be enough for me to stand by piracy as a force of good.
    I am however fairly certain there are millions of these children, who either know none or have no other options.

    There is nothing lost for humanity at large, in piracy, only gained. There is merely the theoretical loss for the small, self-serving individual.

    Doesn't anyone else feel we do more harm than good when we value money over other human beings?

  • (Score: 1) by gander on Saturday March 22 2014, @06:55PM

    by gander (526) on Saturday March 22 2014, @06:55PM (#19774) Homepage

    Lots of good commentary here, but it really depends on the market. If it is something that a lot of people want Tinder [gotinder.com], then a small price to make it not worth the hassle of pirating and you will be hugely successful. Something with a very limited number of potential customers like EESof electronic EDA [eesof.com] will have a very different dynamic. A full package can cost $75K. Worth it? If you do high frequency microwave circuit design, it is essential.

    Some people claim that that price should be free, but the number of people to develop, test and continuously revise that software is large. Of course, if you make it too difficult to keep legit, even after you charge that much money, you just feed the temptation to pirate.

    No real easy answers

  • (Score: 1, Insightful) by Anonymous Coward on Saturday March 22 2014, @08:06PM

    by Anonymous Coward on Saturday March 22 2014, @08:06PM (#19783)

    tl;dr answer: It can't.

    Longer answer: Protecting it from piracy is equivalent to giving someone a locked box, along with the keys to the lock, then asking them "please - don't use the keys to steal what is in the box".

    And that is just the trouble. No matter what you do to the software, it ultimately must be "released" from its shackles to be used by a legitimate user. But that same "releasement" for a legitimate user can also be exploited by a nefarious user to pirate the software.

  • (Score: 2, Funny) by Tork on Saturday March 22 2014, @09:36PM

    by Tork (3914) on Saturday March 22 2014, @09:36PM (#19805)
    At first I wanted to say that it's impossible to write code that cannot be cracked. But then remembered all the times I dabbled in programming and consistently wrote code that only worked on my machine. I didn't realize I had already invented that technology!
    --
    Slashdolt Logic: "25 year old jokes about sharks and lasers are +5, Funny." 💩
  • (Score: 0) by Anonymous Coward on Sunday March 23 2014, @02:02AM

    by Anonymous Coward on Sunday March 23 2014, @02:02AM (#19861)

    "In cryptography, a one-time pad (OTP) is an encryption technique that cannot be cracked if used correctly." http://en.wikipedia.org/wiki/One-time_pad [wikipedia.org]

    Apply this concept from execution right up to authentication and your friendly neighborhood pirate is gonna have an easier time rewriting an application clone than trying to steal your bread and butter straight outta the fridge.

    • (Score: 1) by einar on Sunday March 23 2014, @01:17PM

      by einar (494) on Sunday March 23 2014, @01:17PM (#19929)
      Yeah, semi knowledge is a dangerous thing.

      A one time pad is a shared secret between parties. Now, try to securely share secrets between you and your many customers who bought your software. If it helps you to have a realistic background to come up with a good application of your "technology", think about selling mobile ups via the android store. And keep in my mind that the procedure for exchanging a one time pad should be smooth enough to not cut into your 2 USD price per app you sell.