Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!mcsun!unido!mikros!mwtech!martin From: martin@mwtech.UUCP (Martin Weitzel) Newsgroups: comp.unix.i386 Subject: Re: software piracy (was "Interactive and me") Message-ID: <839@mwtech.UUCP> Date: 17 Jul 90 16:01:52 GMT References: <3126@rsiatl.UUCP> <1990Jul11.164044.7241@sco.COM> <1990Jul13.231942.14009@ico.isc.com> <1990Jul16.161613.11171@pcrat.uucp> Reply-To: martin@mwtech.UUCP (Martin Weitzel) Organization: MIKROS Systemware, Darmstadt/W-Germany Lines: 119 In article <1990Jul16.161613.11171@pcrat.uucp> rick@pcrat.UUCP (Rick Richardson) writes: [estimations concerning number of illegal copies deleted] >Alternatively, and I think something that could work, could be >a common authorization center used and funded by all software >vendors. Open 24 hours, with an 800 number that is rarely busy. SMALL FLAME ON Again and again: Do all you US folks think civilized countries and people which might like to use your products can not be found overseas? Can you imagine the cost for such an "authorization call" from europe. From all experiences I've made there would of course be *no* toll free number for anyone outside the USA! SMALL FLAME OFF Nevertheless, your idea looks interresting ... let's see. >When the User installs the software, he gets an authorization >request number based on the serial number, but permuted randomly. >A quick (< 5 minute) call to the center gets you the authorization >reply. You give them the request number, name, address, and phone. >They give you the reply number (possibly by a return call to >the phone number given). The center *never* refuses an >authorization request. >Cost to the vendor, maybe $1 per authorization. You may still >get illegal authorizations, but at least now there's an audit >trail. The vendor gets a periodic report for his authorizations. >Seing that serial number 143265 has been authorized an abnormal >number of times to a number of different people, he may want to >initiate an investigation. Really? It's not uncommon for a small company like mine to run several systems. Furthermore it's not uncommon to have several (say five to ten) installations for a single system, especially if it turns out that you have some defective piece of hardware (as one of my harddisks about six months ago) or until you have found a satisfactory disk partitioning. On the other hand: with a second, third etc. system I am experienced enough to get the installation right at the first try. But most important: How do you "tie in" the hardware on which the system is installed? Eg. can I copy and move around an allready installed version of the programs? I hate software which notes its inode number or directory slot on installation time and refurses to work if I decide to move (eg. onto some other disk) or restore it (from the backup copies). Which parts of my hardware can I no longer simply exchange without doing a new installation? But if there is no reference to the hardware noted somewhere in the installed software, I can simpy copy it after installation. >The vendor is in complete control of how to use authorization >replies. For example, he might allow the reply to work only >with a specific request number, or for any request number >generated in a one-day period. This second alternative is >useful in case the user is having trouble getting the package >installed. How does the software read the date? I simply can set the hardware clock of some other system to this value, before I do an illegal second install? After installation the time *must* be changable. [estimations about costs deleted] I would surely appreciate everything that saves some Dollars (or DM in my case), but nothing that gives me an additional uncertainity when the system installation doesn't work: - Is my hardware defective? - Did the authorization center give me a wrong number? - Was it because I advanced the hardware clock too far? - Is there some "state"-info on the masterdisk which just got "out of sync", because I had to abort an installation? Surely no company which uses such a scheme would uncover the details about it, so every wierd hack might have been used and bring me into difficulties. But some lost working hours are much more expensive to me as the savings you calculated above. So I would strongly consider to choose some other product, if one without such an authorization scheme were available. >[ Long-Posting-Obligatory-Humor follows for those that read this far ] [humor deleted, some psychology inserted - you may hit "n" now if you are not interrested] Normally, I'm in the role of a customer, but if I put me into the role of a vendor, I see things as follows: Software piracy is some kind of betrayal. If I want my customers to be honest to me I should be honest to them *and* give them the feeling that piracy is a bad thing, especially concerning the product I give to them. One factor is the ratio of the price for my product with respect to the value of the product for my customers. If the cost is low compared to the value (eg. Turbo-C) there may still be piracy but there would certainly be much more if the customer thinks that my product is priced too high or not what I promised. A second psychological factor is how easy I make it to steel my product. If I try to make it complicated, the customer hast to work more or less hard to find out how it could be used illegaly. Anyway, if he manages to get arround the barriers I've built to protect my product, he has "done some work", and from a psychological point of view he has "paid something" for the illegal use. So the illegal copy is not so much "stolen" as it would have been if it could simply be copied when I have used no authorization scheme. Lastly, if my customer receives a buggy product (which software has no bugs?) for which he had to pay much and again would have to pay much only to get a version with the bugs fixed, he may feel more tempted to try software piracy as if there were a friendly policy for upgrades: Bugs are often fixed together with upgrades and in most cases one can not get the bug fixed without upgrading (... which often introduces new bugs and keeps the wheel turning 1/2:-)). Given the case someone has honestly bought several licences for product which turns out to have bugs, I could imagine that this someone would buy only *one* update but replace the buggy software of *all* licensed systems from this one upgrade, because he or she feels to have the right to do so, if there's no other way to get the bugs fixed. -- Martin Weitzel, email: martin@mwtech.UUCP, voice: 49-(0)6151-6 56 83