software protection - dongles & other gizmos
Raymond D. Dunn
> .... I believe I have a right to carry a
> program home with me to use there (or I might buy a new machine
> as ecsvax!dmimi pointed out) - I can carry the dongle with me,
> but what if that one dongle is needed for two programs, and I'ld
> like to leave one at work for other people to use. Or at work
> we may have several programs from one vendor, but we'd like to use
> them on different cpus - this couldn't be done if they all needed
> the same dongle or serial number.
> --henry schaffer
This is EXACTLY why protection schemes are necessary!!!!
-------
You do NOT have the right to carry the program home!
You do NOT have the right to use it on several CPU's simultaneously!
You do NOT have the right to pass GO!
You do NOT have the right to collect $200!
You ONLY have the right to play by the published rules of the game, NOT the
rules that YOU unilateraly think should be applicable to you.
You ONLY have the right to do what you pay for as specified in the
license agreement, however restrictive or relaxed. You (should) read
this before buying the product.
The same rules apply to all products. One difference with software is that
it is so easy to copy (thus the licensing agrrement). Ever tried copying a
car?. No, books are NOT easy to copy to give something as good as the
original, and in general, cost more to copy than to buy. If they were
easy/cheap to copy then the publishing industry would have taken steps to
protect their product from THEFT (what you are doing when you copy a product
disk for other than backup purposes). I remember from the past several
newsletter-like products which were printed in a light-blue colour which did
not photo-copy well.
Do you expect to be able to use your car tyres on both your cars
simultaneously (wouldn't it be nice if we could copy them to have a backup
for when the originals wore out :-)?
Write-protected floppy disks are NOT particularly fragile things. Sure we
have all had disk problems, but what percentage of these were not associated
with writing/deleting/finger-trouble/bad-handling - extremely small!
(Its quite ridiculous, these supermarkets, I tried to return a dozen eggs
today because I let them drop and smashed them, and they wouldn't replace
them - who do they think they are! :-)
The better products supply a backup disk and will replace the original if
and when you have to switch to the backup - if this takes too long, or your
pet product does not supply a backup, lets discuss how to clean up this act
(e.g. software stores should be geared to replace products in exactly the
same way as other retail outlets, and for the same reasons).
Psychologically however, it is frustating to have to go to this bother when
you know a disk is (should be) so easy to copy.
Psychologically it is even difficult for a software literate person to buy any
piece of software - he knows he could do it himself if only he had the
time - the classic do-it-yourself syndrome.
There a similar phenominon which makes an otherwise totally honest person
think nothing of pilfering a gizmo from work - it frustrates that he/she has
to buy it when it is so available at work and "they have thousands and
anyway a lot get wasted and one won't be missed". It's understandable, but
that doesn't make it legal/moral.
Yes, many of the license agreements are not reasonable, in particular, the
lack of warranty should be a source of concern, but remember, if a warranty
is included, this is going to SIGNIFICANTLY raise the cost of the product,
as would better access to technical support from the vendor - how many
minutes of technical support time/warranty servicing, does it take to wipe
out the profit of a $100 product?
A final point, if these software products are desirably things, then the
software houses that produce them must survive. This means making a profit.
This means (as well as producing good products etc.) protecting themselves
from theft in such a manner that does not mean their products are rejected -
they cannot possible rely on the population to protect their interests. As
the initially quoted article demonstrates, that population at best, in all
good faith, is only protecting its own parochial interests.
Ray Dunn. Manager, PC Product Architecture, Philips Information Systems Ltd.
....philabs!micomvax!othervax!ray
(P.S. Has anyone out there got a version of <copywrit> which will copy the
latest issue of dBATE XXIV? :-)
Henry Schaffer
protection methods which rely on serial numbers of dongles or
cpus, I mention the problem with running two different programs
on two different machines if the two programs require the same
dongle. The referenced article flames me for advocating the
running of one program on several cpus simultaneously!
Let me say it again. The copyright law, and most software
licenses, allow you to use a purchased program on different
cpus at *different* times. ("You may physically transfer the
Program from one of your own computers to another of your
computers provided that the Program is used on only one
computer at a time." - Quoted from the Sorcim Corp. License
for Supercalc 3) I could not do this if the program was
keyed to a specific dongle which was used by many other
programs and was in use with another cpu that day (or year.)
The keying to a cpu serial number was (is) common in the
mainframe world - in which you don't change cpus frequently,
in which the cpu serial number doesn't change because your
computer was repaired by swapping mother boards, etc.
Methods appropriate for expensive and big mainframes may
very well be inappropriate for micros.
While I am strongly opposed to software piracy, I also
am opposed to vendors making their products in such a way
that I can't use them effectively.
(pardon the semi-flame)
--henry schaffer n c state univ
Frank J. Wancho
It seems you either misread Henry's message or chose to, and Henry
didn't get the answers to his questions in the process.
The answer to all the questions is that there is exactly one unique
"dongle" sold with each correspondingly encoded program copy. This
technique enforces the concept of that program copy in execution on
one machine at a time. Implicit is the right to run that one copy on
*any* machine you choose, including taking the program and the dongle
home if company policy allows it.
Next time you wish to respond with a tirade, stop. Read the message
several times and then consider if your response is appropriate.
Yours wasn't, and you owe Henry an apology.
--Frank
Simcha-Yitzchak Lerner
> licenses, allow you to use a purchased program on different
> cpus at *different* times. ("You may physically transfer the
> Program from one of your own computers to another of your
> computers provided that the Program is used on only one
> computer at a time." - Quoted from the Sorcim Corp. License
> for Supercalc 3) I could not do this if the program was
> keyed to a specific dongle which was used by many other
> programs and was in use with another cpu that day (or year.)
Generaly, a program does not share a key with another program.
Rather, the key plugs into a key ring which acts as a communication
interface to the computer. If you want to run your software on
another system, just unplug the key (it is about the size of an
office key) and carry it to the other system. If you want to
transfer several programs at once, you can carry the entire
key ring.
This technology does not lock you to one machine. It does
lock you to one machine _at_a_time_. (Which is as it should
be.)
--
Opinions expressed are public domain, and do not belong to Lotus
Development Corp.
----------------------------------------------------------------
Simcha-Yitzchak Lerner
{genrad|ihnp4|ima}!wjh12!talcott!sesame!slerner
{cbosgd|harvard}!talcott!sesame!slerner
slerner%ses...@harvard.ARPA
Raymond D. Dunn
> You do NOT have the right to carry the program home!
> You do NOT have the right to use it on several CPU's simultaneously!
> You do NOT have the right to pass GO!
> You do NOT have the right to collect $200!
> You ONLY have the right to play by the published rules of the game....
> .
> .
> Ray Dunn
> > In a perfectly reasonable discussion of problems with copy
> > protection methods which rely on serial numbers of dongles or
> > cpus, I mention the problem with running two different programs
> > on two different machines if the two programs require the same
> > dongle. The referenced article flames me for advocating the
> > running of one program on several cpus simultaneously!
> > .
> > .
> > --henry schaffer n c state univ
Yes - I agree, (public) apologies Henry, I chose to quote the wrong point
from the wrong article from a long series of articles on the subject of
software protection which at best were sympathetic to the need for
protection only if it did not infringe on that letter writer's particular
ideas of what he should be able to do with it.
As to flaming you Henry, ah well, I thought I tried to be humorous about it,
but if you take differences of opinion seriously, then in future I shall use
the impersonal "one" instead of "you", i.e.
"One does NOT have the right etc etc"
I'm glad to see you do not seem to disagree with the basic points made.
You are right of course, each program requires its own dongle (just as every
real man does :-), now, hmmm, if we just put some ROM in the dongle - HEY,
we can throw away that stupid floppy disk all together, and sell all software
on a ROM CARTRIDGE readable to ram from an i/o port!
By the way I haven't seen any discussion (may have missed it) on the
repercussions of networks and thus shared copies of proprietary software -
do we really have to have multiple copies of a program on the network?
I still believe protection problems MUST be solved soon for the software
industry to survive.
Ray Dunn. Philips Information Systems.
....philabs!micomvax!othervax!ray
Stanley Friesen
> I could not do this if the program was
>keyed to a specific dongle which was used by many other
>programs and was in use with another cpu that day (or year.)
Actually, to my mind, there is an even worse problem with
this type of protection scheme. What if I have purchased four or five
programs from different vendors each with its own dongle(or key disk),
unless I can somehow attach or install *all* of the dongles(disks)
simultaneously on the same machine I must continually swap dongles(disks)
every time I switch programs. This is utterly unacceptible if the
programs are frequently used in rotation(such as an editor and a
compiler).
--
Sarima (Stanley Friesen)
{trwrb|allegra|cbosgd|hplabs|ihnp4|aero!uscvax!akgua}!sdcrdcf!psivax!friesen
or {ttdica|quad1|bellcore|scgvaxd}!psivax!friesen
jx...@lanl.arpa
> You do NOT have the right to carry the program home!
> You do NOT have the right to use it on several CPU's simultaneously!
> You do NOT have the right to pass GO!
> You do NOT have the right to collect $200!
> You ONLY have the right to play by the published rules of the game, NOT the
> rules that YOU unilateraly think should be applicable to you.
> You ONLY have the right to do what you pay for as specified in the
> license agreement, however restrictive or relaxed. You (should) read
> this before buying the product.
Large employers had an attitude toward their employees that was very
much like this during the early stages of the industrial revolution.
The resulting milieu became intolerable, and labor unions were born.
As an infant industry, we *could* endeavor to establish a rapport with
our marketplace by responding to its needs. Instead, we often satisfy
only that subset of needs which is sufficient to sell products while
depending heavily on marketing hype and the mystique surrounding our
products to exaggerate their perceived value. Our customers are
intelligent enough to notice.
The rules published with most software licenses are so blatantly
unilateral in favor of the vendor that they have become an object of
ridicule. Licenses accompanying copy-protected software tend to be
the worst offenders.
> Do you expect to be able to use your car tyres on both your cars
> simultaneously
Of course not, silly. But I do expect the freedom to buy a spare pair
of wheels to mount my snow tires on, and to put those wheels on any
car I choose. Tire companies, you see, suffer the misfortunes of having
no mystique associated with their product, and of selling in such a
broad-based marketplace that their customers wouldn't put up with such
nonsensical restrictions.
> Write-protected floppy disks are NOT particularly fragile things. Sure we
> have all had disk problems, but what percentage of these were not associated
> with writing/deleting/finger-trouble/bad-handling - extremely small!
Floppy disks ARE particularly fragile things when placed in the hands of the
people who use them. If a temporary overwrites the Lotus binary or formats
the hard disk with the installed copy of dBaseIII, h{is,er} employer suffers
a considerable loss. Tell h{er,im} that floppies aren't fragile. Our failure
to address this problem with a reasonable solution places us at a disadvantage
when we ask our customers to be reasonable in their use of our products.
> A final point, if these software products are desirably things, then the
> software houses that produce them must survive. This means making a profit.
^^^^^^^ <-------------------> ^^^^^^
Software buyers aptly believe that our industry is inordinately profitable,
if not predatory. Rather than concern ourselves with the harm this image
does us, we love nothing more than to brag about it. Small wonder that
we aren't taken seriously when it's our most bloated representatives who
moan the loudest about illicit copies and use the most restrictive licenses
and protection schemes.
--
Jay Plett
{cmcl2,ihnp4}!lanl!unm-la!jay
{gatech,ucbvax}!unmvax!unm-la!jay
jx...@lanl.ARPA
Bob Hofkin
>
>You ONLY have the right to do what you pay for as specified in the
> license agreement, however restrictive or relaxed.
>
>it is so easy to copy (thus the licensing agrrement).
Wrong! If I *BUY* the *PRODUCT* I can use it any way I want, subject
to law. This is not the same as *LICENSING* the *USE* of a product.
I do not license the use of a shirt; I may lend it, copy it, or resell
it as I choose. I do not license a book. I can lend or resell it but
I may not copy it [legal restriction]. ENFORCING copy restriction is
irrelevant. Record companies have the same problem.
Why is mass-marketed software different? The store sells me a package
but I only bought the box, disk, and manual. The software is lent on
sufferance by a vendor, who won't even maintain it. They should cover
defects *AND* normal wear and tear [like an apartment rental].
Do you know any other product marketed this way [in the USA]?
Simcha-Yitzchak Lerner
> > I could not do this if the program was
> >keyed to a specific dongle which was used by many other
> >programs and was in use with another cpu that day (or year.)
>
> Actually, to my mind, there is an even worse problem with
> this type of protection scheme. What if I have purchased four or five
> programs from different vendors each with its own dongle(or key disk),
> unless I can somehow attach or install *all* of the dongles(disks)
> simultaneously on the same machine I must continually swap dongles(disks)
> every time I switch programs. This is utterly unacceptible if the
> programs are frequently used in rotation(such as an editor and a
> compiler).
> --
>
> Sarima (Stanley Friesen)
>
the designers of the ADAPSO system have to live with what they create,
a LOT of thought went into making the system as transparent and unobtrusive
as possible. For most users, they will buy a package, install the key
in their keyring, shove it behind their computer and let it gather dust.
Hard disks/LANs/RAM disks, will all be fully usable without restriction,
and you can make functional backups to your hearts content.
BTW: Because of the higher security offered w/ keys, some manufacturers
will be setting up their disks to *encourage* distribution of copies.
(In other words, if you try and run w/o the key, the disk will either
go into a demo mode or allow you to run but not save or print your work...)
Also, expect software returns to start being accepted, 30 day trial periods,
legitamite rental of software. Also, software can now be sold at different
prices for limited use. (Full price of unlimited use, discounts for 50 use
keys or 6 month keys &c. Use your imagination to figure out what you can
do with the capabilities of a key...)
==============
A previous posting brought up the patching issue again. As previously
stated, if complex program routines are executed in the key and not
in the host CPU, patching will cause the software to malfunction.
You say that you can reverse engineer the routines? Even when their
are several random dummy paramaters going in and out? Even when the
routine varies by a state machine? [FLAME OFF]
Mitch Che
>A previous posting brought up the patching issue again. As previously
>stated, if complex program routines are executed in the key and not
>in the host CPU, patching will cause the software to malfunction.
>You say that you can reverse engineer the routines? Even when their
>are several random dummy paramaters going in and out? Even when the
>routine varies by a state machine? [FLAME OFF]
Hmm, still doesn't take care of the "black box" boys who hang a
passive, intelligent device onto the RS-232 and monitor the data stream. I
expect to see a hardware product in about 90 days of the first
software package protected by a dongle. Yes, you can make the dongle-
software interaction extremely sophisticated, but stable? At $5.00 a
dongle? Gee, if you attach a dongle consisting of a CRAY-2 to the
RS-232 port, I'd bet it would be almost unbreakable... Unless I had
a CRAY too. The possibilities are astounding. Dongle Wars - The
Movie...
--
Mitch Che
Pacific Bell
---------------------------------------
disclaimer, disclaimer, disclaimer, too
(415) 823-2438
uucp: {ihnp4,dual}!ptsfa!ptsfb!che