Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
The Almighty Buck

More On Policing Shareware 509

RHW22 writes "Washington Post's Rob Pegoraro looks at shareware, focusing on the question of whether or not this industry can survive if people never actually cough up $$ for the product. He mentions Ambrosia Software, 'a developer of Macintosh games and utilities in Rochester, N.Y., could stop guessing after it revised its payment system last year. The new system aims to stop people from using pirated registration codes in two ways.' Read his column here." We mentioned this several weeks ago, with a link to Ambrosia's description of their system and what led to its adoption.
This discussion has been archived. No new comments can be posted.

More On Policing Shareware

Comments Filter:
  • by Tyler Eaves ( 344284 ) on Sunday March 17, 2002 @11:57PM (#3179298)
    IMHO, most stuff marketed as shareware is really demoware.

    If it can't save - It's a demo
    If it pops up excessive nag screens - It's a demo
    If major functionality is locked - It's a demo
    • It seems most "shareware" these days has forgot the true meaning of the word. True shareware just used to have a screen at the beginning that says (basically) "Hey, if you like this program, how about send some $$$ the developer's way for his troubles... and pass this on to a friend if you'd think they'd like it!" and let you go on your merry way... If you didn't want to send them money, then you didn't have to, unless the program expired after X days, or X uses and you wanted to continue using it.

      One of my friends is the co-developer of Cover Your Tracks [ffsoftware.com] and I joked with him once that he made it to the "big time" when there were cracks published for his program's licensing code algorithm.

    • This is an interesting debate.

      I think shareware authors should be paid for their work. Shareware is cheap, shareware is great..

      But...

      In fact, I tried on 3 instances to buy/register shareware.. and this is what happened.. I think this is part of the problem...

      1)Trumpet (a TCP IP stack from several years ago).
      Buy the program, registration never shows up in m ail.. wait.. email back and forth..wait some more.. in meantime, trial expires, re-install wait somemore. Client I am billing hours for is getting unhappy.. Calling to Australia to get it sorted out was not fun either.

      2)DFX (an sound effects addin for winamp)
      Liked it, and tried to buy a copy with their VISA card purchase screen... then.. nothing happens.. no registration comes.. nothing..wait days... nothing happens, no reply, no program... nothing.. I write email to them.. nothing happens..no reply..

      Finally I *CALLED* the company, to ask them what is going on. They said that my visa transaction was rejected (but they never bothered to inform me of this, even though they collected my email address (just to send me spam I guess?). When I asked the sales rep at DFX what is wrong, they told me that my destination address and billing address were different, (I am an expat overseas) so.. transaction just gets automatically rejected, bin'ed.. period. No mail, no reply, no followup, nothing.. rejects just goes to /dev/null..

      They didn't email me when the Visa was rejected (or ask where I live.. or anything), nor did they even bother to reply my original emails.
      The answer the DFX rep gave me on the phone to all this was... "well, it is just a $15 program, so we can't spend too much effort (ie any!) to deal with things that might come up".

      3)NJstar
      It is a great program. But they wanted me to send checks to Australia or something in AUS dollars.. gee.. how to I do that.. the bank will charge me $50 in processing fees (after waiting in 3 lines at 20 minutes a pop because no one would know how to draw up a foreign denominated check), for a $25 program..

      Those are my stories..

      ..and people wonder why they don't register their shareware...?!. ..

      ...because it is too complicated
      to pay for it, thats why.. fix that, and then
      I am ready to buy lots of great stuff.. but
      right now it is just too much hassle I discovered,
      so I just stay away from it..
      • I would venture a guess that your experiences have been atypical. I'm pretty sure that Ambrosia has done what they can to ensure that people will have an easy path to registration.

        I've only registered two shareware programs, both times it was a snap.

        Since I started using Linux there isn't much that I want to do that isn't solved by Free/Open Source software. But, when I was doing the Windows thing I found a few shareware proggys that I liked and I registered them when they became programs that I relied on. However, I never would have mailed in a check -- if I wouldn't have been able to pay online I wouldn't have registered.

        Now that there are several easy ways for merchants to collect money online (Yahoo!, PayPal -- even though PayPal seems a little sleezy these days...) there should be no reason why it should be difficult.
        • I would venture a guess that your experiences have been atypical. I'm pretty sure that Ambrosia has done what they can to ensure that people will have an easy path to registration.

          Actually, Ambrosia themselves admit they have a flawed design. They admit they have inconvenienced paying customers. The fact that I should ever have to interact with them after the initial purchase of their product, just to use the product is absurd. Their prices for their products are more than reasonable (except SnapzPro X, I can create an AppleScript that does everything it does with only a default install of Mac OS X), but if any time I go to run an application, and it won't run because of something the author has programmed, that sounds like a bug.

          The story on their website is fascinating in terms of a study of human nature, but they have twisted the reality that they tried to base a business around their hobby (which is exactly what they said), then throw in the "baby factor" (which sounds suspiciously like stories you hear from welfare queens: "I need money for my baby I made without thinking about the fact I had to have money to support it.").

          Their editorial would have been more effective if they had left out all of the starving artist ridiculousness, it only sells their talent short. I wish more shareware authors would just say, "I am a talented programmer that makes worthwhile applications, and I made them with the intent of being paid for it. Stop ripping me off." Instead you always hear, "You should pay me for my program so I can eat and put diapers on my baby."

          The truth of it is that shareware is a sketchy business model, and if you're going into it without realising that, you're going to get burned. I also don't see any difference between these new shareware registration schemes and Windows XP's Activation.

          Sorry if I sound like I'm downing shareware, I'm just downing shareware authors attitudes. It's just in my mind Shareware = Application one or a couple talented programmers have worked on, Open/Free (as in speech) = Application tens to hundreds of talented programmers have worked on, and you don't hear OpenSource or collaborative programmers spouting the "will program for food" mantra.

      • > In fact, I tried on 3 instances to buy/register shareware.. and this is what happened.. I think this is part of the problem...

        Shareware for Palm OS devices have a nice solution for this: they have agreements with various online sites to take payment for them, & apparently have ways to accept foreign currencies. (For an example of this see http://www.tealpoint.com/register.htm.)

        Is there an equivalent service for Windows & Mac customers?

        Geoff
  • The way I see it, shareware authors shouldn't expect to turn a profit. They should just see being profitable as a nice perk. The majority of people out there won't pay for what they can get for free. If that involves running a serial number generator or a simple crack, then that's what people will do. The only reasonable way to get people to register is to do like Doom and offer a sample that can be expanded upon once the cash is coughed up. Most importantly, it can't be an unlock code, it must be an entirely different program. Of course that doesn't prevent people from giving their buddies copies of the registered version, but that's an unwinnable war.
    • by WIAKywbfatw ( 307557 ) on Monday March 18, 2002 @12:14AM (#3179362) Journal
      The way I see it, shareware authors shouldn't expect to turn a profit. They should just see being profitable as a nice perk.

      Why shouldn't shareware authors expect to make a profit? Because you say so?

      Shareware is a distribution model - you like it so you register it, recommend it to your friends, etc - nothing more, nothing less.

      Too many people equate shareware with free, and those that resort to password cracks are the worst kind as they can't even use the "I just wanted to see if it was what I wanted" defence.

      Sure, most people will take advantage of the situation and never register software that they decide to use beyond the trial period, but some people are more honest and will happily pony up $20 for a package that does the job they want done.

      But saying that the authors, the people who invested their time and effort into code that other people benefit from, shouldn't expect to see a return on their work is downright unbelievable.
      • All I'm saying is that they shouldn't expect to be in the black if it's easy as running a Google search to find a way to circumvent their protection. I don't condone the practice of cracking software, I just think software designers should wise up instead of pitching a fit when their weakly protected software is pirated. Find a better way to convince people to pay you. Doom was the first shareware program I registered, because it was the first that gave me something that made it worth registering, besides a warm fuzzy feeling. And look at how well Id did, they became millionaires. They're savvy businessmen.
      • First you asked:
        Why shouldn't shareware authors expect to make a profit?

        And then you answer your own question:
        Sure, most people will take advantage of the situation and never register software that they decide to use beyond the trial period, but some people are more honest and will happily pony up [...]

        That's exactly why they shouldn't expect to make a "profit", because most people aren't going to pay for something if they get it up front without having to pay for it.

      • Why shouldn't shareware authors expect to make a profit? Because you say so?

        No, because the shareware model, having been around for a long, long, time only makes money if you have something really slick to offer. You only deserve remuneration commensurate with the quality of your offering.

        Years ago I released several useful programs as shareware. While they were useful to some, they weren't, in any way, "killer apps." I found out that even though I spent my time on creating quality - though marginally useful - applications, that time didn't translate into monetary remuneration.

        Should I be bitter about the fact that a few used my programs and didn't pay? Or more accurately, should I re-examine what I think is valuable?

        An example of a shareware program that made money is ProComm. It stands alone as a defacto standard of exceptional usefulness, a 'killer app' that deserved its success.

        Profitability in shareware is a measure of the author's ability to offer something of fantastic value. While the author spent hours in development and thinks he deserves monetary gain for doing so, the public will decide whether it merits squat.

        So, no, shareware authors should not expect to make a profit.
        • having been around for a long, long, time only makes money if you have something really slick to offer.

          ..and how is this different from any other business?

      • Why shouldn't shareware authors expect to make a profit? Because you say so?

        In a free market, nobody should "expect" to make a profit. If a shareware author's chosen activity doesn't make him enough money, he should find something else.

        A shareware author shouldn't look at how many copies are in use, they should ask themselves, of all the things I could do to create income, am I getting the best return by writing shareware? If Yes, continue writing shareware, if No, then do something else.

        Of course, when you actually check the number of copies, most shareware authors will find that people are using the software without paying.

        The same is true for music as well. I read a sound bite somewhere that 2 albums were copies for every 1 that was sold. This was BEFORE the "MP3 (r)evolution". Yet the music business survives. Because they have nice profit margins.

        Now, I don't fault people for trying to get MORE money for the same amount of work. But if they don't succeed, there isn't much else to do, because they're not entitled to it in the first place! The harsh reality of free markets.

      • Why shouldn't shareware authors expect to make a profit? Because you say so?

        No, because for the most part it's a silly distribution model. They can expect anything they want, but that doesn't mean they're going to get it.

        Sure, most people will take advantage of the situation and never register software that they decide to use beyond the trial period, but some people are more honest and will happily pony up $20 for a package that does the job they want done.

        Or in other words, they shouldn't expect to turn a real profit, because only a few people are actually going to plunk down $20 for their crappy utility.

        See, the problem with shareware is that people want $5-$20 for something that's usually inane and/or poorly written, and people are either going to use the trial version for as long as they want (if that's an option), find a crack (for the less-ethical), or find a different solution. Buying it would make people feel ripped-off, and most people don't like to feel like that.

        There are exceptions of course, as id software and others have shown in the past. Heck, I paid for the Crossover plugin, because it did what I wanted and the money is supporting a decent cause. (I don't know the numbers for how many others have bought it though... this would be interesting to know.)

        But otherwise, people shouldn't expect to write their first VB app that does some inane thing (crappy address book or take a screenshot or something) and expect people to pay $5 for it. They have no right to make money. That's not how the system works. (Although many businesses would like to think they're guaranteed such a right, from the CueCat people to the RIAA and MPAA.)

        If you've got a good business model, plan, product, and your target market actually exists, you can expect to make money (although there are no guarantees... your competitor may still be one better.) But if you've got a crappy product, silly business model, and a target audience who isn't going to pay, don't expect a profit to come your way.

    • by amccall ( 24406 ) on Monday March 18, 2002 @01:11AM (#3179573) Homepage
      This is a good point.

      Shareware authors, and everyone on the internet for that matter, need to ask "Why would I spend my money on this"? I'm sick of hearing websites complain that people don't register for what amounts to a few worthless extras. Would you register for that worthless trash? No? Don't complain.

      A good example: If I didn't view the slashdot subscription as a tipjar, there is no way I would EVER consider paying for it. As a long time /.'er, I probabably will.

      The shareware, software, or service I see being successful is that which has a service behind it.

      Codeweaver's Crossover plugin is arguably worth the money. (As an above poster said, this really isn't shareware as much as it is a demo though.) Those that provide extras for registering - such as sending a CD. For the internet age, DigitalBlasphemy is a another excellent example. Providing an excellent freeware sample gallery, and then a relatively low annual fee for access to the full gallary and then discounts to artwork CD's/etc...

      When providing something extra to those that pay, the honor system works. When treating your customers DECENTLY, the honor system works. But when you suspect your cutomers to be criminal from the start, and treat them like trash, you deserve what you get. Registration of shareware should be EASY - not something that requires a complete hardware identification of my machine, 3 CDKey's, all my personal information, and a blood sample. - And if they aren't having that many people register - they're probably asking too much or selling trash.

      What the internet needs a little bit of old-style business sense. Something I see almost none of.

  • by TheSHAD0W ( 258774 ) on Monday March 18, 2002 @12:10AM (#3179348) Homepage
    You want to make money on shareware? Charge less. Make it very convenient to pay. And don't annoy the end user.

    Headlight Software has made lots of money from Getright registrations, despite some people having pirated it. I've registered it myself. (I think it was $20, not $25, when I did, though.)

    If a software company wants too much money for a piece of shareware, users will get a patch or key generator rather than pay. If the software nags the hell out of the user when he installs it, he'll get mad. I know I do.
    • Pricing lower only works if pricing is an issue. For some users, any price is too much. For other users, you can charge quite a bit. From what I've seen, piracy is mainly an issue for popular software, where people who fall into the first camp publish kracks/keys, which are then used by the second group...

      That's where the real revenue hits come in - when downloading the key/krack is easier than registering, and users who would have paid, if they had been forced to, take the easy way out.

      BTW, there was a brief experiment done by a shareware author (Colin Messitt), who inserted code that would cripple his app for half the users, and have full functionality for the other half. Who would get which version activated was totally at random. One of the observations from this experiment was that the crippled version had a MUCH higher rate of registration/payment than the non-crippled version. The price for the utility was $25. A copy of the article is here (google version) [google.com].

      Mind you, if you release "true" shareware (no restrictions), you essentially provide the "krack", and can fall victim to users just being too lazy to register (or falling victim to the perception that since they can use the software for free, that's all its worth.)

      This isn't true of all users, of course. But the grim truth is that there aren't enough scrupulously honest users out there that value your software enough for you to build a thriving business without some protections in place (at the very least, some sort of nag.) Most of the shareware authors I know would agree with me on this point.
    • Getright has other things going for it, too:

      It's probably the best-designed shareware I've seen in my almost 9 years of computing. You can really feel like you got your money's worth.

      And registration really does kill off the adware component.

      I've seen altogether too much shareware that is either ill-behaved junk, some species of spy/adware that doesn't turn off gracefully when registered, or is overpriced for what it does, to the point where now I very rarely download shareware at all. Free alternatives aside, sometimes a much better commercial product costs less!

  • by Anonymous Coward
    This stuff is easy to defeat. If you wanted to pirate this stuff you would not try to do it with a shared registration code. That is just 5tup1d. It would be done in one of 2 ways:

    1) A key generator: Create your own personalized registration key. This was my favorite way to pirate and it usually doesnt take the professionals long to create a keygen either.

    2) A crack: completely disables the 'time checking' on the shareware by altering the binaries in some way

    The piracy prevention methods outlined in the article won't have any effect on key generators or cracks.

    P.S. This is such old stuff. I remember shareware companies keeping blacklists and time stamping keys in 1997. It did not slow me down at all :oP

    Why is this news?

  • by zerofoo ( 262795 ) on Monday March 18, 2002 @12:13AM (#3179360)
    When I purchase software, I own the product. The problem with expiring registration codes is that you only own the software as long as the company is in business.

    What happens when Ambrosia goes out of business and the software code expires? Your product that you PAID FOR stops working.

    Can you imagine the impact of GM going out of business and then finding your car doesn't start the next morning? You paid for that car, and you expect it to function correctly for the expected life of that car.

    Expiring codes, WPA, and all the other software piracy/protection schemes out there remove control of the software from the end user and shift it to the software vendor. It is only a small step to software as a subscription service after that.

    I'm really glad my Linux machine is totally free and if Microsoft, or Ambrosia goes out of business it will still keep working.

    -ted
    • I think you have misunderstood. Once you have given a legitimate, non-expired key the software will work forever. The only time you need to go back to Ambrosia is if you bought the key and didn't get around to applying it before it expired, or (I expect) if you reinstall. The reinstall is a problem, but not as bad as your scenario. (More like spare parts becoming unavailable when GM goes out of business.)
    • by MajroMax ( 112652 ) on Monday March 18, 2002 @01:01AM (#3179539)
      When I purchase software, I own the product. The problem with expiring registration codes is that you only own the software as long as the company is in business.

      If done right, this isn't strictly true. A registration system only needs to rely on central servers if data used for the authentication process changes, such as a System ID or a timestamp, the latter being used in Ambrosia's system.

      A simple authentication system would take the registree's name, address, and perhaps a keycode given at regtime to create a hash for the authentication server. If that hash is valid (meaning the registration actually happened), the authentication server will respond with a countercode that the program uses to unlock itself. If this countercode is not time-limited in any way, there's nothing logisticially preventing it from beging shown to the user, and thus permanently recorded; it will still be valid so long as the user remembers his name/address/etc.

      If changing data is used for the hash, however, then there's a trickier situation if the authentication servers go permanently down. Most schemes would have the server respond with a sepereate countercode, and thus an old one would not work to unlock the program.

      One solution to this problem is a master-key; a nonchanging constant that could be released if the company goes out of buisness. This creates security flaws, however, if the key is found out before the company goes out of buisness. Also, having a master key for the product out there would significantly reduce the possible value of the software "asset" in bankruptcy proceedings, so the courts might not allow the key to be made public.

      A possibly better alternative would be to have the company release a patch that turned off the date-checking code in the program. Although this doesn't create any security holes in the product while the company's still alive, it does require that the company know it's irrevocably going bankrupt, and the programmers must have enough knowledge about the banakrputcy and power to release the patch -- neither of which are particularly likely in large corporations... after all, management can spin off the now-crippled masses as a "customer base" for future revisions to be sold at auction.

      What's really needed is some sort of "dead-man's switch" so that if the company suddenly drops off of the face of the earth, the software will still work. To do this, the software should become non-functional if it receives a negative response from the auth server, instead of becoming non-functional if it fails to receive a positive response. The reg-server hostname should be hardcoded into the software somewhere (binary data file or program executable -- NOT a plaintext file), and the software (given use of an expired regcode) will try authenticating with the server on run and every hour or so until it receives a positive or negative response, in which case it will update its datafile and not try again (with that regcode).

      "But Wait!" you say, "Isn't that system inherently insecure, as malpeople can crack the software or selectively block access to the auth servers?"

      This is true, but, as the Ambrosia article says, the vast majority of people will do very little beyond trying a cracked regcode -- even installing a crack is beyond the vast majority of people who would typicially use the software; configuring special firewall rules is probably out of the question. (This is also why I said "put the server info in a binary file", as instructions to remove the data from a textfile is easy enough for most users.) Software registration is a game of 90%'s, so eliminating 90% of potential copyright infringers is about as good as you can get for reasonable effort. For people who _do_ tell Zonealarm to not allow the program to connect, a nag screen on startup to the effect of "This software has not verified its registration, click OK to continue" will get another fraction or two to register -- admittedly, it would be a pain if the company went out of buisness, but it doesn't have any bearing on the functionality of the software, especially for something noncritical like a game.

      Running the software on a computer without internet access at all is another possibility of getting aroud the auth scheme, but that's becoming increasingly less likely as time goes on -- more and more computers are getting connected in some way, shape, or form, and shareware is largely distributed over the Internet now anyway.

      Admittedly, this isn't a 100% perfect solution to the tradeoff between infringement-possibilities and functionality in the face of bankruptcy, but I'd guess that it's 80% of the way there, and it would require no changes to the keygen routines themselves.

      --
      The ideas expressed in this writeup are expressly placed into the public domain.

    • I'm really glad my Linux machine is totally free and if Microsoft, or Ambrosia goes out of business it will still keep working.

      Isn't it the other way around? If your Linux machine keeps working then MS will go out of business?

      :) (oh, all you MS-bashing bashers - try not to take this too seriously?)

      yeah, yeah - off-topic. I've learned my lesson and will never stray from the righteous path of the all important "topic" ever again. After this one.

    • What happens when Ambrosia goes out of business and the software code expires? Your product that you PAID FOR stops working.

      • Ambrosia programmers spend the time to remove the licensing stuff, they recompile and release a FreeWare version to the net.
      • They release a key generating program/algorithm.
      • No, these things are not guaranteed, they could just piss all over you. But considering they trusted you enough to pay, maybe you can trust them not to leave you high and dry if they go out of business.

      • No, these things are not guaranteed, they could just piss all over you. But considering they trusted you enough to pay, maybe you can trust them not to leave you high and dry if they go out of business.

        Uh, the whole point is that they didn't trust you to pay. This is a company that's out to make money (that is not a bad thing), and they admittedly will inconvenience the end-user if that means they can make more money (that is a bad thing). From a business standpoint, when you're going out of business, it's because you can't make money anymore, or because you can't make enough money, so it doesn't make business sense to pay people to work on the very thing that is causing the company to go out of business* (*see also BeOS). The only probable scenario is that they might release the source, which has been mentioned, but that's just a scenario. We've yet to see that played out by anyone but Bungie, and if I recall correctly, the Marathon source code release was under the radar of Microsoft.

    • What happens when Ambrosia goes out of business and the software code expires? Your product that you PAID FOR stops working.

      I think either you or I have misinterpreted how Ambrosia's system works.

      My reading of Welch's explanation [ambrosiasw.com] is that if Ambrosia goes out of business, your key file will still work. It's just that if you lose it (e.g. hose your system and don't have a backup), you won't be able to make a new file from your old numeric registration code (assuming Ambrosia is out of business).

      So really all you have to fear is: you have a catastophic data loss and Ambrosia goes out of business. Only then do you face the situation of losing the game you paid for. That is bad. But it doesn't sound any worse than old-fashioned commercial software, where if you lose your distribution media and all backups, you're equally screwed.

  • Claiming that shareware can't function without Internet distribution is ludicrous. Shareware dates back to at least the mid-1980s if not earlier, when relatively few people (employees at technology companies and students at large universities) had Internet access. Everyone else made do with dialup BBSes and swapping diskettes, and authors encouraged people who liked a program to pay and to give copies to their friends (in the hopes they would also pay). That's why it's called "shareware"!
  • Not Shareware (Score:4, Insightful)

    by wandernotlost ( 444769 ) <slashdotNO@SPAMtrailmagic.com> on Monday March 18, 2002 @12:20AM (#3179382)
    I find it disturbing that so many people continually show such complete ignorance of the history of this industry.

    Shareware is fully-functional software for which you are *encouraged* to pay the developer (if you find it useful). You are also encouraged to share it with your friends, hence the name shareware. It is not time limited. It is not missing any functionality necessary for normal operation. It may have annoying messages nagging you to please pay, but if it is hampered in any way in which you must pay to get the fully-functional version, it is a commercial demo.

    It's offensive that so many people these days seem to be freeloading off the good will and generosity of the shareware community in order to sell their commercial products!
    • Re:Not Shareware (Score:3, Insightful)

      by vukv ( 550649 )
      thats not the definition of shareware program... it might have been 15 years ago, but it definetly isnt anymore.

      Basically, shareware is an trialware that never expires. Every single shareware program that came out in past 5 years is exactly like that (if not more restrictive). Check their licenses and you will see...

      Futhermore, this was never ever point of shareware - it was always ment to be free to try & share but pay if you use it (not pay if you want to pay).

      You wishing it to be something else, does not make it so... I work for shareware company and we depend on sales to pay out salaries... the fact that we hold to the true meanings of shareware (full functionallity, no expirations) only hurt us today. We dont drive BMW's or have expensive office's, we dont have overhead yet most of shareware companies are struggling. I suspect this to advance futhermore and you will see more and more restrictive shareware programs in future, same way you see more and more freeware going into some kind of payware.

      Reason that modern shareware went into trialware zone is that people like yourself do not want to pay for something if they dont have to, hence developers could not pay off their own bills anymore, much less anything else. What you are talking about is modern freeware programs, most of which have donation pages for people to donate few bucks for developement... and few ever do, even with huge freeware programs, I doubt anyone would get enough money to pay their own hosting bills.

      Sad part is that pioneers of modern shareware, such as Jasc (whose Paint Shop Pro was one of the major shareware contributors long, long time ago) now release time limited demoes because thats the only way to sell their own programs.
      • Sad part is that pioneers of modern shareware, such as Jasc (whose Paint Shop Pro was one of the major shareware contributors long, long time ago) now release time limited demoes because thats the only way to sell their own programs.

        The strange thing about my copy of PaintShop Pro 4 was that the time limit didn't work. It would fire up even after it said "you have -437 days left on your free trial period". I finally felt bad enough about this to go to their website with my $49 to buy a copy. Problem was, they hiked the price to $99 for the next version. Threshold exceeded.

        That prompted my to learn the GIMP. My initial reaction to its GUI was revulsion, but I wiped the puke off of my keyboard and kept learning it. Now I am actually getting used to it. It's more powerful, zero cost and guilt-free.

        I think that over time there will be less room for old-style shareware writers to operate squeezed between established commercial vendors and ever-improving free software.

  • by IvyMike ( 178408 ) on Monday March 18, 2002 @12:23AM (#3179391)

    Actually, I'll just quote Linus: " In my opinion, shareware tends to combine the worst of commercial software (no sources) with the worst of free software (no finishing touches). I simply do not believe in the shareware market at all. "

    Perhaps I've been spoiled by Linux, but I'm getting into Mac OS X now, and there are tons of little apps that on Linux would be free, but some chump wants $9 for on OS X. Yeah, part of it is me being cheap, but I keep going back to Linus's quote and end up not buying it.

    "Shareware + source" might be interesting, even with a non-RMS-compliant license, but I haven't seen it. (And of course, I'd prefer full GPL if possible.)

    • OSX (Score:3, Insightful)

      by TellarHK ( 159748 )
      What's really needed are more people learning how to port some of the freeware utilities from Linux and other *nixes over to OSX binaries, using Cocoa. I sure as hell can't do these things, but there're a ton of other developers out there that can.

      Mostly what needs to be ported, IMHO, are small things. Network and system monitoring tools that can go in the dock, or other little things like that. Sure, the big stuff would be nice too, but I'm certain there are a ton of little apps that might even only take a few days to port for someone who can get used to Cocoa.
    • I too am doing the OSX thing,and often I am a little distressed at the amount of shareware on OSX that is free on Linux.

      I do take issue with the latter portion of the remark - things like DragThing are quite polished and stable, and remarkably cheap (the Windows market would easily have it at a much higher price, I suspect).

      There are people out there creating free apps that challenge the shareware market. I really wish more shareware authors would give out source, if only to accept patches from interested developers, but I think the rampant piracy of the shareware world makes that unattractive. How long before someone released a version with protections completely removed? The authors don't want that.
    • As far as games go, I've been thinking about the possibilities of going open source, and releasing a "demo world" along with it -- then you can buy the "full version" with all of the graphics, sound, and other data of the entire game. Sort of like the traditional shareware games of old, when they would break the game into a few episodes, and you'd get the first one as the shareware version, and the rest if you registered -- but in other respects, the game was fully functional.


      Anyway, are there any companies that do this kind of thing? I wort of wonder if it's feasible or not -- whether people would actually buy a set of data files.

    • maybe you should try here:

      macosx.forked.net [forked.net]

    • "Shareware + source" might be interesting, even with a non-RMS-compliant license, but I haven't seen it. (And of course, I'd prefer full GPL if possible.)

      Depending on how you mean "shareware + source", I might be doing that with what I call "serviceware", which is the idea that once my programming services are paid for, the source is released. Users are under no obligation to register, making it essentially freeware for anyone but developers. At this point, not a single bundle available at our website [subsume.com] has had their development paid for in registrations. I still like the concept, though.

  • it's been said earlier, but if you compare the ratio of sales of a product like CuteFTP to pirated / trial versions, it's ridiculous.

    let's examine it in depth.
    What are 94% of FTP client users doing? WAREZING
    now that we know that, we can assume, that most people won't pay $35 or whatever.
    So the solution would be to make it ultra cheap, say in the neighborhood of $5 a license. That would greatly expand the user base, and if they implemented payment via paypal as well as credit cards, people would be more likely to impulse buy.

    $5 is nothing, i'll spend that impulsively. Even $10, after that, we move into the area where we stop caring about the company (think of how many sharware progs you use, (wellyou linux people dont')). If they were that cheap, i'd by each one that I use.
    • Probably the last thing a shareware developer wants is a really decent piece of software he's written selling wildy for $5 a copy. At only $5 a copy, if you had 60 new registrants a week, after a year you'd have 3000 users to support while only making a McDonalds salary. (Factor in the cost of the PC and IDE you used to write the software and it's less). One thing about warezed copies is, you dont have to support them. I personally would rather have 500 users paying $30 each. Honest users that rely on my software and need tech support, and realize $30 or $5 doesnt really matter because they "use" my software theyll pay either, than having thousands of people emailing me ignorant questions and requests and complaints when they paid less than burger and fries for my months of coding work. Something to think about anyway.
  • I fail to see how this amounts to theft. It is a violation of a modern law, but theft is almost so obvious one has to think about it to even define it. Theft is the act of depriving someone of some 'thing' that they have exclusive rights to, either by earning it, or having been given it by someone who themselves earned it.

    In this way, it's obvious that if you take a Ferrari from the dealer without paying, there is one less Ferrari the dealer can sell. This is not the case with 'intellectual property'. What's more, it is concievable, that were the authors so inclined, every single computer on the planet might have this shareware. The cost would be negligible. No matter how generous the exotic car dealer is though, there are a finite number of Ferraris. These are too completely seperate things.

    I'm not sure that there are any moral rights to what modern law calls intellectual property. Certainly, someone has the right to take credit for software that they have written, and those attempting to infringe that right are in the wrong. Do they have a right to make certain no one is playing the shareware game, unless they have paid an arbitrary sum? Should the exotic car dealer be allowed to forbid you from loaning your Ferrari to a friend (not that he would have to, it would have to be a damn good friend) ? If the exotic car dealer has no rights once the car has left his possession, how can a software author? Can the author be certain, that the pirated copy they are trying to prevent, isn't just a legit copy that was loaned to another person? Lots of questions.

    You could claim that I'm comparing apples and oranges, and that these are new laws for new problems. Except that I don't see a real problem. People with vested interests have decided they want to make a profit this way, and when normal human *non-pathological* nature gets in their way, they buy a bunch of laws. I think that deep down, most people can see how twisted this is... as I'm sure that shareware titles vs. open source titles statistics will show.
    • >Do they have a right to make certain no one is playing the shareware game, unless they have paid an arbitrary sum?

      They have the right to do whatever they feel the market will bear. Microsoft charges for Office, Oracle for their DB, and whomever else for their wares. (Warez?)

      >Can the author be certain, that the pirated copy they are trying to prevent, isn't just a legit copy that was loaned to another person?

      It's shareware. Just download a copy. There is no need to "loan" a copy. In many cases, it is 100% functional until it expires. Compare this to Word, which has to be paid for up front, even if it turns out you'll do better with a less capable (read: bloated) word processor.
      • Maybe it wasn't obvious. No, they have no rights that are not moral rights. Since it is far from clear that there is such a moral right... is also follows that they may or may not have such a right. What you are talking about "they have the right to do as they please" amounts to the other, might. They have plenty of that.

        If there is no need to loan a copy, they how can the authors be so upset over "piracy" ? Clearly, it's not theft at all. They're not upset that someone has taken a copy of the software that they can't sell... rather they've lost the chance at opportunistic extortion (though legal extortion). I'm supposed to be sympathetic?

        Hell, M$ threatens economic treason, if the DOJ becomes uppity. The nerve that these people have, is incredible. No wonder it's such a mess.
        • No, they have no rights that are not moral rights. Since it is far from clear that there is such a moral right... is also follows that they may or may not have such a right. [...]If there is no need to loan a copy, they how can the authors be so upset over "piracy" ? Clearly, it's not theft at all.

          I'm going to presume you're not just trolling, although it's hard to tell. Here's the scoop:

          They put the software out there and say "If you're going to use this, pay us; if you don't think it's worth paying for, don't use it." If you take their software, use it, and don't pay, from their perspective it's hard to interpret that as other than a big "fuck you".

          Do they lose anything? For an individual case, it's hard to say, but statistically, it's certain: at any given price, some of those people would have paid, and all of them would have paid at some price. $50 too much? How about $5? $0.50? $0.000005?

          Do you gain something? Assuming you're not a moron, sure, or you wouldn't have bothered to invest the time to take their work.

          So you get something for nothing, and they get nothing for something. Great deal, eh? Maybe it's unclear whether they have a "moral right", but it's pretty clear that you have no right, moral or legal, to boost their work and then step up on a soapbox and wag your finger at them.

          So if you aren't going to bust open your piggy bank and send them a little dough, howzabout you stick to the tens of thousands [freshmeat.net] of [sourceforge.net] packages [rpmfind.net] that were given away freely? Or better, maybe go out and write something?
          • I do crank out little apps here and there. Currently, I'm trying to get lwared ready for 2.4 kernels... it was abandoned in the early 2.0's as far as I've been able to tell. As for your stupid, pretentious arguments, I don't know how to answer them. No, I'm not a troll, you're just a fool with too many preconceptions.
    • Re:Blatant theft? (Score:4, Insightful)

      by American AC in Paris ( 230456 ) on Monday March 18, 2002 @01:30AM (#3179651) Homepage
      I fail to see how this amounts to theft. It is a violation of a modern law, but theft is almost so obvious one has to think about it to even define it. Theft is the act of depriving someone of some 'thing' that they have exclusive rights to, either by earning it, or having been given it by someone who themselves earned it.

      ...so you're suggesting that a software developer hasn't 'earned' the right to distribute her own creation as she sees fit?

      If a developer spends 1200 hours of her life making a game, is it your right to disregard her terms?

      The DEVELOPER is the OWNER of her own product. She does indeed have exclusive rights to her own creation; if she kept the only copy of the software encrypted on a CD and locked in a filing cabinet, you have absolutely no right to tell her that she must give it to you. If she gives it to you on the condition that you don't give it to anybody else, you have absolutely no right to give it to other people. She can choose to develop and distribute it however she sees fit, and she gets FINAL SAY in this matter. It doesn't matter if you don't want to cough up ten dollars; it doesn't matter if she wants to set up a registration scheme that forces you to call a 900 number every time you want to use the program. The terms are completely up to the DEVELOPER, not the consumer.

      If you don't like the terms a developer has set forth, then don't use that developer's product. It's that simple. Cracking a developer's product for the express purpose of using it on your own terms is incredibly disrespectful to the developer. She worked hard to produce that software, she deserves respect, and she has the right to set out her own terms. You the end user, on the other hand, did exactly jack shit to create said software. Where do you get off telling us that it's morally okay to tell the developer to go piss up a rope?

      If you disagree with a developer's terms, them do not use the software. Period.

      Software development takes time. Software development takes energy. Software development takes thought. Software development is always, at some point, a royal pain in the ass. Software development is a labor of love. That you have the gall to even suggest that the end-user has the right to dictate their own terms to the developer tells me that you have never, ever developed software of any real magnitude.

      There are precious few ways to keep people from pirating software, but damned if I'm going to let you claim that it's the right thing to do.

      • Circular reasoning. The only way that you could own a thought, is A) Keep it to yourself, or B) somehow prove or convince someone that you have a moral right to it. I've already conceded legal right... what are you arguing? Those exclusive rights, as guaranteed by the US Constitution, were for a limited period. They are only of a legal nature, and only so that the goverment might promote creativity. Since the spirit of the Consitution has been violated, I'm not sure that you can even claim constitutional rights.

        As for me attacking developers, I've never done such a thing. But if they think that they deserve some special moral consideration, when they are constantly advocating draconian measures and laws designed to take my moral rights away, then they can go to hell.

        I never claimed that "piracy" was the right thing to do, but apparently I questioned your religion, which can't bare the scrutiny. There obviously can't be any reason behind it, or you'd spend your time defending your cherished notions.
        • Oh, come on. You can do better than that.

          Developers deserve the same moral consideration as anyone else. If they make something and give it to the world with certain conditions, it follows that the world should honor their conditions. And I'm sure you really don't mean to say that developers can go to hell, seeing as you're not attacking them.

          Your contention that "software" is synonymous with "thought" is laughably naive; by that reasoning, it would follow that "building" is "brick", "symphony" is "tone", and "Water Lillies" is "paint".

          What draconian measures are shareware developers advancing that infringe upon your moral rights? Does nagware infringe upon your moral rights? Do polynomial time-sesntive registrations infringe upon your moral rights? How can something that you willingly acquire infringe upon your rights?

          Describe -exactly- what it is that shareware develpers do that infringes upon your moral rights.

      • is that our country was founded on liberalism, a belief in a transcendetal natural law. Liberal notions of rights mean that you cannot use your rights in a way that is detrimental to another's rights. Therefore she has no right to tell me how I can use it anymore than I have a right to tell her how she can use the hardware I sold her which she used to develop it on. The only exception to this is open source because open source contracts require both parties to respect each other's rights.
      • ...so you're suggesting that a software developer hasn't 'earned' the right to distribute her own creation as she sees fit?

        Rights aren't earned. I haven't had to earn my right to speak freely, to vote, or any other rights I have as a citizen of my country. You don't have to earn the right to distribute software either.

        If a developer spends 1200 hours of her life making a game, is it your right to disregard her terms?

        What gives her the right to forbid anyone from distributing a game or any other software? If she spent 1200 hours writing legislation trying to forbid people from speaking freely, do you think it is ethical and right to allow her?

        The DEVELOPER is the OWNER of her own product. She does indeed have exclusive rights to her own creation; if she kept the only copy of the software encrypted on a CD and locked in a filing cabinet, you have absolutely no right to tell her that she must give it to you. If she gives it to you on the condition that you don't give it to anybody else, you have absolutely no right to give it to other people. She can choose to develop and distribute it however she sees fit, and she gets FINAL SAY in this matter. It doesn't matter if you don't want to cough up ten dollars; it doesn't matter if she wants to set up a registration scheme that forces you to call a 900 number every time you want to use the program. The terms are completely up to the DEVELOPER, not the consumer.

        Copyright was established in the days of the printing press. It isn't a natural right by any means, simply meant to require journal publishers to get permission before they published.

        Now look what we get now. People like you who think users of software should get no actual rights with the software they use. And that developers of software retain control over the software after they give it away.

        Here's the rule. If you give something away, it isn't yours anymore. Its like that annoying uncle who gives you a christmas present on the condition that you use it in such a way.

        You the end user, on the other hand, did exactly jack shit to create said software.

        Really? If you chose to not forbid the end user of all rights, he or she may have decided to make changes to the software and redistribute these changes--creating a software sharing community (any irony in the word "shareware" here?). The reason the end user did "jack shit" is because you already forbid him to make any changes to software. You lock up the source code and take power over the users of the software they now use. For what? Your business model?

        If you disagree with a developer's terms, them do not use the software. Period. (big bold emphasis deleted)

        If you don't want people to distribute software, then don't distribute it at all. Period.

        There are precious few ways to keep people from pirating software, but damned if I'm going to let you claim that it's the right thing to do.

        Real pirates steal, they do not copy. The analogy is false and is part of the reason the entire software industry is so screwed up.

        The fact is, you're wrong. Your ethics is screwed up and your business model is flawed. The only real binding thing in the whole shareware model is that legal license or end user agreement telling people what they can or can not do with the software now on their computers, not yours.

        Myself, I will simply disagree with the end user license agreement. I will not use the software. Chances are your thousands of hours of work has created an unstable low-quality piece of software that I would be helpless to make any changes to. Even if it worked without a flaw, I would still be helpless to make any changes to it. In the end, I will not use your shareware software not because I dislike the software but because I disagree with your terms. So help me if I am ever forced to use such software. I would not be a happy man.

        • >What gives her the right to forbid anyone from
          >distributing a game or any other software?

          Let's say, because the author owns the software.
          You might say, once you sell a product, it is not yours anymore, so people should be able to redistribute. I remember at one point of time, it was true for software too - people can redistribute - provided that they destroy their own copies.

          But how many people do that?

          Let's agree on the assumption that software is sellable, just like any merchandise. Then, there must be some way to maintain the "scarcity". Making sure what you sell isn't going to duplicate is one way to do it. But since everybody who redistribute is keeping a copy for herself, the author must protect that scarcity by making himself some sort of copy protection.

          >If she spent 1200 hours writing legislation
          >trying to forbid people from speaking freely,
          >do you think it is ethical and right to allow
          >her?

          Of course not. However, your example is scewed.
          You may not agree with what the author says about free speech, but you STILL CANNOT REDISTRIBUTE THE LEGISLATION in question. It is NOT the content, but the redistribution, that matters. Please don't try to muddle up your own arguments to make them seem correct.
          • Let's agree on the assumption that software is sellable, just like any merchandise. Then, there must be some way to maintain the "scarcity".

            First, software isn't scarce. Therefore your argument is unsound either because a) your assumption "software is sellable" is false or b) your argument is invalid "you need scarcity for something to be sellable". This is just simple logic.

            Fact is, we don't create scarcity to satisfy business models. We don't write laws so that software developers can make money. We only write laws for the public good. A good topic for debate is whether allowing software developers to make money is for the public good. I wouldn't jump to conclusions however if allowing software developers to make money means restricting the rights of end users. Then, the public must decide, which is more important.

            Let's say, because the author owns the software.

            Ownership, naturally, means possession. If I own a chair is because I possess it. I have it in my hands or in my property. However, if the software is in my hard drive (in my possession), how can the author still own it?

            Of course not. However, your example is scewed. [...] Please don't try to muddle up your own arguments to make them seem correct.

            You're right, that was a bad example.

        • Here's the rule. If you give something away, it isn't yours anymore. Its like that annoying uncle who gives you a christmas present on the condition that you use it in such a way.

          ...so the proper resonse is to give the present back to that annoying uncle and say, "Thanks, but no thanks." Accepting his gift and then disregarding his request is just plain disresepectful.

          You spend the entire body of your post pontificating on The Benefits of Open Source, then in your last paragraph you proceed to say that you'd do exactly what I'm suggesting one should do. You said yourself that you would not use a piece of software if you disagreed with that software's terms of use. That's -exactly- what I said people should do.

          Your post isn't so much a response to what I said as it is a diatribe on what you feel makes an acceptable license. That said, do you agree with my assertion that the end user must either respect the terms with which a developer has released her work or not use that work at all? If you disagree, how would you feel about a person yanking GPL'd source, claiming it as their own, and re-releasing it under the BSD license?

    • According to this logic, it would be pointless to pay for any kind of service. Going to the hairdressers won't take away any "hairdressing units", and neither will going to the movies mean that there is now "one less movie to be seen by other people".

      Software industry is much more like service industry in the sense that its products are indefinitely replicable. The supply-demand cycle works a bit differently here, since there is no scarcity involved - once a software has been written, providing it is a service.

      And to say that one should not pay for services is just dumb.
      • No, simply untrue. A hairdresser has a finite amount of service she can provide. Not to mention, you can't walk up and take it from her, short of committing kidnapping or something.

        Besides, there is no service involved, not in the sense you mean. Redhat continues to sell services despite giving software away.
        • A software developer has a finite amount of service she can provide. Not to mention, you can't walk up and take it from her, short of committing theft or something.

          See the analogy? Providing software is more analoguous to providing service than to providing Ferraris.

          Redhat sells services. Period. They just give away the part that needs service - this is really no different from Microsoft, who first sell you the software and THEN sell you also support services.
  • I had a shareware program that did the "registered to" name hard-coding that the article talks about. I hated it. See, I used this particular program to print out pretty pieces of source code side-by-side with output. At the top I had a header. In the header was my name. Or actually, the name from the email headers at the time of registration, which was something no one actually ever calls me. They could have just asked what name I wanted to use, but instead every time I used the software I saw that wrong name.
  • by EMIce ( 30092 ) on Monday March 18, 2002 @12:39AM (#3179455) Homepage
    Ok, strange that slashdot posts something like this just as I am in the process of writing some copy protection (due in the morning!). I just read the Ambrosia Software story while searching google for some tips and techniques for writing copy protection. I am trying to avoid the very problems they had. All I hear is that the key is "use polynomials!," wherever I go. If you can't tell yet, I'm a complete newbie to this, I've been programming a while but haven't had to protect my applications before. So how about some helpful advice on how to write a decently secure registration system. Some links with mathematical explanations would be nice.

    Right now I am just creating a 32-bit value from a random 32-bit number the application gives the user and a name. The name is hashed using something like (2^0 * char0 + 2^1 * char1 + ... + 2^N * charN), with a 31 char limit to keep the number 32 bits. I'm wondering if there are ways to check parts of such a hash without actually regenerating it, so that I don't give away the key generation algorithm in the software. I know it can't be bulletproof, I just need something that's not so simple it'll be breakable by a casual cracker.
    • by jmaslak ( 39422 ) on Monday March 18, 2002 @01:00AM (#3179536)
      Okay, you want to write your own key generator.

      My advice:

      1) Use RECOGNIZED encryption & hashing algorithms. Do NOT invent your own!

      2) Don't shorten the result from a hash. I recommend at least 128 bits of entropy in the key (if you use Base64 to represent your key, you need 22 characters)

      3) Use public key encryption to prevent giving away your secrets.

      An example protocol:

      User sends his name (case sensitive) and the current timestamp (both of which the client stores to use in future validation) to the "authentication server" which also takes his credit card number. After receiving payment and validating the timestamp, it generates the registration code as follows:

      1) Take the username, timestamp, and a secret symetric string (which will be embedded into the client, but, thus, vulnerable to attack). Concatenate them together with some sort of seperator (like a NUL character).

      2) Take this new concatenated string and do some bit scrambling if needed. Take the MD5 hash of this new string and use for the next step.

      3) Using RSA and a PRIVATE KEY (*NOT* embedded in your application!), encrypt this hash. Send the encrypted hash value in Base64 to the user. Remember he may need the timestamp as well to re-enter this value. The timestamp can be simply a day/month/year string.

      To VALIDATE a registration string,

      1) Decrypt the encrypted hash string using the PUBLIC KEY (embedded in your application). Because it is a public key, it doesn't matter if anyone knows it.

      2) Verify that that hash equals the value of a hash constructed on a client using the user's name, his registration timestamp, and the shared secret embedded in the application.

      Really, this isn't a secret science. But every game designer seems to think he is more creative then hundreds of experts on encryption. This is basically no different then a FFI (Friend or Foe Identification) system used on a military aircraft.
      • by Anonymous Coward
        Of course if you find where in the code this all happens, you just patch the binary to jump right around it and that's the end of that story.
        • by captaineo ( 87164 ) on Monday March 18, 2002 @04:21AM (#3180074)
          There is a variant of this system that would be virtually impossible to crack... Intel & AMD would have to embed a private key in the CPU core. When buying software, you would present the public key that corresponds to your CPU. The software vendor would check this against a list of valid keys published by Intel (to prevent people from making their own key pairs), encrypt the software using your public key, and then send it to you. Your CPU would decrypt the code as it executes using the private key embedded in it. The binary would not work on any other CPU.

          A hardware-based system like this is many orders of magnitude more secure than a software-based system, because the software remains encrypted all the way up to the CPU. The only way to break it would be to find one of the embedded private keys ($$$ equipment)... Or to convince a software vendor to encrypt with a made-up key that you know both public & private parts of...

          BTW, this is also the basic framework for audio/video copy-prevention systems. (CSS works like this, except there are only a handful of private keys, and the CSS encryption algorithm is flawed)
      • Ok, I follow you through most of that except one part. Where can I learn a little more about implementing public/private key encryption? The thought occured to me to use this, but I'm not certain how it works or where to find the algorithms to implement it. It would seem that it is impossible with current technology to create a keygen for such a system.

        I realize as another poster noted that some assembly work to skip the check routine could be done, but that is another problem. Maybe by varying releases with different checks in different places I can minimize that effect.

        On a side note - yeesh, why do I feel like I'm treating my users like criminals here? I've done a bit of pirating myself in the past, particularly as a student. I don't really blame them, since their not exactly rolling in the dough. I just want to thwart all but the most determined users, typically the students who have the time to search all over IRC for the right crack. In some strange way I can relate to them, and consider it an acceptable loss. People earning money usually don't care enough or have the time to do that, the cost is too high to find the right crack so they'll buy it.
      • I can crack this protection (and have done so many times) in my sleep. How? Just NOP the comparison function and ret 1 (or whatever).
      • That may prevent unauthorised use of a program, however it will keep me from registering. I don't buy any software that can't be restored and function after a hard drive failure. I travel and anything that makes me spend hours on hold for consumer support after a crash is lost field production time. Stuff I use must be able to be loaded from it's instalation program and run without any internet connection or phone call after a system crash. That is one of my non-negotiable requirements. That is like a remote dongle that the software must phone home. I don't do dongles real or virtual.

        I get software that is above most shareware in quality and features off the 9.95 rack in the office supply store. Why pay more for less?
        Lables Unlimited II by softkey ($12) is far better than any shareware I checked. Any halfway decent shareware wanted over double the price to support half as many barcodes. None of the overpriced shareware would support photos and clipart. Why is a bargan rack title generaly a much better product at a much lower price? I'm serious, not trolling even if it may look like a troll. It's just my experiance with shareware features verses price (value) compared to off the rack software.
      • A few points:

        • The shared secret is unnecessary and adds a small amount of complexity without adding any security. Just hash the username and timestamp and encrypt it with RSA.
        • Don't implement RSA yourself. Grab the source to OpenSSL and borrow an implementation from there. Take their code for implementing padding of the hash as well, because bad padding can make RSA easy to break. Note to overzealous protectors of GPL: OpenSSL is distributed under a BSD-style license.
        • A cracker can find where your shareware program does the registration checking and hack it out. Ultimately, there's nothing you can do about this, but you can make his job a little harder. Use Google to find out how to implement debugger detection code. I don't believe really advanced debuggers can be detected, but you can make it harder. Sprinkle the operational code of your software with registration checks (although it's a good idea to avoid checking during heavy processing, and don't make the UI unresponsive, ever -- you don't want to make your software slow). Use some bad software engineering and duplicate the registration checking code in many places, and, if possible, structure it somewhat differently in each. Have the registration-checking code set a bunch of global values, and have other mini-checks scattered around that just test those. Even better, do the same with weird and overly clever side effects. Have different versions of the major checks set different values and place the mini-checks in your code in such a way that you know which major check should have been called last, so that you can test for the right values. Encrypt portions of your registration-checking code and scatter the decryption routines and keys around (use some good crypto, like DES, and some crappy, ad-hoc stuff you invent yourself; the weirder the better, since this whole thing is an exercise in security through obscurity). Decrypt and execute it on the fly. Write your own tiny bytecode interpreter and implement some of your registration checks in your own interpreted language. It's a real pain to trace the operation of an interpreter with a debugger to try to figure out what the code it's executing is doing.

        Doing everything mentioned in the third bullet is obviously a significant amount of work, probably more than you put into the software to begin with. You decide how much effort is enough. If your software is both very good and very expensive, you'll need a lot of protection. If your software is really cheap, you don't need much protection at all. If your software sucks, find another hobby, because chances are you aren't a good enough programmer to implement a good and bug-free registration system. Also keep in mind that this sort of registration checking may prevent some amount of infringement, but it's also likely to piss off some customers who would have paid a reasonable fee if you'd just asked nicely and made it easy to do so.

        IMO, however much effort you spend on making it hard to crack, you should spend ten times that much on making payment easy.

  • by Veteran ( 203989 ) on Monday March 18, 2002 @01:13AM (#3179585)
    Have you ever seen a spider web in the corner of a room - where no insects ever go - that has the desiccated remains of a spider on it? He did all the work of building that web and he just waited - but nothing ever happened. That is what my experiences as a shareware author were like.

    I think I had world wide revenues of $15 on my two shareware packages.

    I did get a nice letter from a German magazine telling me that one of my programs was the 2nd most downloaded program in Germany.

    If you are thinking about trying to support yourself with shareware my advice is to learn the most important phrase any shareware programmer can know:

    "Would you like fries with your burger, Sir?"
    • Hey, I got a postcard for a piece of freeware that took me maybe 10 minutes to make. Sounds like my ROI was better... :)

    • How much promotion did you do? Marketing? Customer surveys? Updates? Incentives?

      Your opinion is amusing, but there are several (now famous and very profitable) companies that practically built their business on shareware.
    • A number of years ago, I wrote a small piece of software (mainly to learn how) and because my high school needed something like it. It eventually became shareware (strangely, customers suggested I should charge for it!). To date, it has brought in about $20,000 (about the cost of my college) and I did it just for fun. It is interesting to note that I got paid without nagging or crippling the software at all -- I didn't even distribute codes. Sometimes I do wonder what I could have made with a little nagging.....

      I have a real job now, but checks still come in from time to time.
  • by Y-Crate ( 540566 ) on Monday March 18, 2002 @01:48AM (#3179703)
    In case you are wondering who the often-referenced Captain Hector is, he is a character that would appear in Escape Velocity: Overrride.

    You would be cruising along the galaxy when a ship buzzed by and a Captain Hector would send you a message reminding you to register if you liked the game.

    If you waited too long to register, or just never bothered, Captain Hector wouldn't just buzz by anymore. He would stop, and train his guns on you and blast away at your ship.

    He proved to be quite effective, to say the least.
  • Shareware can exists but the secret recipe is Quality of Service. I've got some shareware I have been using and buying from time to time. If I feel that the product is neat, but misses something I want, contact the author and then get an answer in a timely fashion with either explanation or some comments, then my next move is to buy the software. The last time I did that it was on Sunday at 8pm and the guy replied to me half an hour after I hit SEND.
    On the other hand, I found most of the time that the people behind the shareware I was using just unreliable. The kind of programmers who worked on some quick home project and didn't feel like finishing it, but still expect a ROI. It is this kind of people who are putting a bad image on the word "shareware". So, the end of the story is I guess, no pain, no gain.

    PPA, the girl next door.
  • THe guy is a moron (Score:3, Insightful)

    by BoneFlower ( 107640 ) <george...worroll@@@gmail...com> on Monday March 18, 2002 @02:06AM (#3179785) Journal
    "But in the shareware industry, which can't function without Internet distribution, this freedom of theft can be much worse."

    Hmm... Sharware worked fine on BBS's and through mail order in the late 80's and early 90's. In fact, at least 75% of the software my family used when we started in the computer world was mail order shareware through regular old snail mail. WE didn't even have a modem until we had the PC for about 3 and a half years.

    In fact, it was truly shareware... These days, whats called shareware is little more than functional demos. If it dies after a period of time, lacks critical abilities, etc... it isn't shareware.

    Shareware registration normally wasn't required to use the program. REgistration generally got you nice things like automatically mailed upgrades, clip art collections(in the case of programs that used such things) printed manuals, document templates, level editors, stuff like that... Cool stuff that made the program more useful, but the program still did all that it was advertised to do even without registration.

    These days, it may do all its advertised to do... For 30 days.
  • The software industry is basicly driven by two factors. Enlightened self interest or greed. It doesn't matter if it's closed source or open source, both sides have enough people within their camps that are there for one reason or the other.

    It's rare that you see someone complaining about anything whose price ranges from free to cheap, but yet the two highest rated posts in this thread as I write this do exactly that. They complain about software whose full functionality isn't available for free and about the greed involved with liscenses that expire over time.

    But the real case of greed is simple. The industry and the open source movement is filled with it. From software pirates to the people who support but fail to contribute to the open source movement, the goal seems to be to watch out for person number one.

    If you're a geek there are two simple rules of life you should know by now. Writing software takes time and food and shelter costs money. Unless you have someone else to support you, the best way to provide food and shelter for your family is to sell your software.

    But people don't pay. And if you charge for your efforts, people complain and attempt to enforce their will upon your creation.

    Let's be honest. When Microsoft commits and act of pure greed we scream bloody murder. Why then do we not scream bloody murder at every software pirate out there? Why are we outraged at the actions of a large company but not at the actions of a band of warez distributors? Is it because we have become so selfish that we only care about people stealing from us and we're willing to turn a blind eye to people stealing from other programmers?

    "Software wants to be free"

    Bull. It's software. It doesn't care one way or the other. Greedy people want it to be free for them. The software is too dumb to care.

    In my opinion, the biggest problem facing the open source movement is that someone has to figure out how, in a world where people are unwilling to pay for a good product, we're going to feed our families. Because if there's anything I've seen in the past year it's the fact that the Open Source movement has definatly attracted a large number of people interested in Free Software.

    Free as in beer that is.
    • In my opinion, the biggest problem facing the open source movement is that someone has to figure out how, in a world where people are unwilling to pay for a good product, we're going to feed our families.

      It's quite easy actually.

      As the industy has faild utterly to convince people that ones and zeroes could possibly be worth money, stop selling said ones and zeroez. Sell the time for aranging them instead.

      When I download and install KDE I'm also becomming a member of the KDE user community. The user community depends on KDE developers to deliver a usable product. The same community should pay those devolpers, as in hire programmers.
      So when I becom a member I pay a members fee that goes to the KDE developers. That fee gives me quality code, frequent updates and bug fixes and community support when I have problems.

      KDE might be a bad example, but you get my drift. The ones and zeroes are worth squat without the developers and community.

      All programmers, stop selling your code, sell your time.

      -
  • Shareware is perhaps the largest abuse of the legal system. Not only does the software developer retain most rights to the software, they forbid their customer the right to use the software for any purpose. Whether by locking out certain functionality ("crippleware") or by having a legal clause saying that the user must delete the software after a certain amount of time.

    Shareware authors must have a distorted belief that software users deserve no rights at all without direct compensation. Then they might allow their customers the right to use the software and thats all. They still forbid rights to modify and distribute the software. This seems to me to be rather a large breach of ethics.

    Good thing we have free software and can avoid all this crap.
    • That's the idea - you can use whatever you like - in your case free software.

      It does not mean what the shareware authors do is wrong. After all, it is their creation. If he chooses not to post it on a website at all, so there.

      Did he download his shareware down to your hard drive? No. Who did it? Probably yourself. So, what do you have to complain about "your right being taken away using the software for any purpose"?

      By your reasoning, is it my right to take GPL software and make closed derivations off them too?
      • I think you have it upside down. Its his license forbidding you from redistributing the software. That when he distributes the software, he still controlls it. That is wrong.

        The same happens with all proprietary software. Look at the number of Windows installations, look at how many people's computers they controll by their license agreement. That is also wrong.
  • I frequently downloads share-/demoware and I have a practice of always cracking the software before I even run it.
    This is not because I'm a cheap lousy bastard, I'am but it is not becaus of that.

    I want to give the program a fair trial and get the most out of it before I decide if its good or not. If I cant find a crack I won't even bother, I just find another program.

    Then I face another problem, if I like the program I'm to lazy to get around paying for it.
    Windows Commander is such a program. I've been using it for years and it is well worth the $20,
    but I'm a lazy bastard...

    Here are my tips:

    Popups, banners and other anoying things, are just that: anoying. This will lower the score on the program.
    Crippeling of the porgram won't even let me test it.
    Skip all those. Just give me some friendly reminders in a few descreet places.

    Paying should be a one click thing.

    Windows has this Add/Remove program feature, how about extending this to Add/Remove/Pay.
    I just fire upp that app, check the programs I like to pay for and click apply. The rest is automatic.

    The only copyprotection needed is that the program refuses to install without this kind of payment handling app.

    As copyprotections will be cracked anyway, it's enough with one app handling the protection.

    Come to think about it, that would be a killer app to write, a copyprotection/paymeny handler.

    Time to fire upp those C skills.

    -
  • I agree that factoring a timestamp into the key is a good idea from an anti-piracy stand point, however what I don't understand is why they let people upgrade the odes they KNOW are pirated.

    If a code has been previously updated they should not allow the automatic process to update it again surely this is obvious? So in the majority of cases people will have to remember the latest code they recieve and all will be well. In the case where they genuinly forgot OR some pirate has already used that code then they need to make a phone call. Generally people that actually bought the software will think this is a hassle, but then again it should only be a few of them and it's their fault for losing the code. I'm betting the mojority of pirates won't be making phonecalls to get codes.
  • 1. Make a demo/free version that is actually useful instead of annoying.
    2. Don't make the demo time limited.
    3. Let the full product have extended functionality.
    4. Give registered users a key to always download the latest version.
    5. Make the registration process a breeze.

    (1) You need the goodwill of your customers - unless they really depend on your product.
    (2) They'd feel annoyed that something was taken away, and look for countermeasures.
    (3) People don't pay for what they already got.
    (4) A clean and simple way. Doesn't prevent piracy, see 1.
    (5) How often did you turn away from complex or insecure registration forms?
  • Has any shareware author tried to encode the payee's VISA card details inside the registration code? That is to say, the payment details are just dressed up in a particular algorithm, with the date and whatever other security details? If users know this is the case, it makes the leaking of legit registration codes rather less likely. Yes, crackers can still generate their own codes but it's another idea to raise the bar to pirates without incoveniencing paying customers.
  • by viktor ( 11866 ) on Monday March 18, 2002 @05:09AM (#3180132) Homepage
    As I see it, I can understand that people won't pay up. Looking at Windows, PalmOS and MacOSX shareware markets the same trend is obvious: The majority of today's shareware seems to be minute utilities, that performs one very simple task and costs $15.

    I can definately understand that people get a very strange idea of the Shareware market. Originally, Shareware was fully functional and often complex software packages that the author asked $10 or so for. Today it's often nagware or crippleware (i.e. not at all fully functional software), and the price is often set way to high.

    Of course people get the idea that Shareware is (somewhat exaggerated) "expensive crap".

    I think that if the Shareware market cleaned itself up, by making sure that crap software, or very simple software, is released as PD (or Open Source) as it "should", and also making sure that the prices asked are, in fact, cheap, things could be very different.

    I personally am glad to pay $10 for a better datebook for my Palm, but I won't pay $15 for a program that edits one entry in the Windows registry. And the very fact that so many people release shareware waaay to expensively puts me off the entire market.

    /Viktor...

  • by awol ( 98751 ) on Monday March 18, 2002 @05:11AM (#3180137) Journal
    There are many people who will use "cracked" software (take cracked to mean made available by means other than as the author intended). And yes many of those people will try and use the channels of "legitimate" users to get upgrades, new keys, whatever.

    What is important is that most of these people will not pay for the software if it is made inaccessible to them. This is the reason why the software industry has been pretty soft on places like China. If they force compliance they will just lose users because the people in question find the price (whatever it's level) a barrier to entry.

    Look at a given game. You like it, you install it and you find the "crack" to make it forever playable. Play it lots and then find that the software stops working, you are miffed, (since no new crack can be found) but because its just a game, you move on to the next crackable game, or better yet an 80% as good freeware version. This _is_ the way a lot of software consumers work. A specific piece of software is worth nothing to them whilst "accessable" alternatives exist.

    So there are two alternatives. Make all variants inaccessible (and oh how the media industry is burning cash to do that) or change the pricing model so that until you have a viable paying user base the software does not exist.

    Oh and in case you didn't notice, Free Software falls into the latter category (really. It does).

"In matters of principle, stand like a rock; in matters of taste, swim with the current." -- Thomas Jefferson

Working...