Ayende @ Rahien

Mr_Obfuscation commented on A complete and utter waste of my time

Sun, 01 Feb 2009 03:03:32 GMT

@Luke According to all the "crackers" on this thread they'll bypass his nag screen in no time thereby allowing more time for Madden Football.

Luke Breuer commented on A complete and utter waste of my time

Fri, 30 Jan 2009 22:24:14 GMT

Just use a nag screen. It's cheap & easy. Are you really worried that you will lose that many sales if you just set up a nag screen?

Ray commented on A complete and utter waste of my time

Thu, 29 Jan 2009 23:06:28 GMT

Nice thats a nice idea but I doubt it will work for NHProf case. The best is to encourage users to buy your software because its good and useful and saves them time and money. I know its hard but looking on NHProf I'd say its one of those cases when it will work. I myself will gladly buy it when it will be released because I already see how many hours of my work this application could have saved me if I had it before...

Mr_Obfuscation commented on A complete and utter waste of my time

Wed, 28 Jan 2009 21:38:04 GMT

@firefly Hehe... Yeah or who to pay anyway... Hehe...

firefly commented on A complete and utter waste of my time

Wed, 28 Jan 2009 20:10:06 GMT

heh speaking of trust we now know who not to trust :) I find most of the suggestion in this thread valid. In a lot of case, pirate help to promote your software as well like Niklas pointed out.

Mr_Obfuscation commented on A complete and utter waste of my time

Wed, 28 Jan 2009 13:50:02 GMT

@tbb Like I said, my stuff is black hat and my customers spout drivel like all the cracker wannabes on this thread. They cant decide if they want to crack "for the fun of it" or play Madden Football when they get home from school. Properly protected software keeps 99.9% of the wannabes playing games instead of cracking them. Put a dongle on it and you are at 100%. Run stolen software and beware - who knows what counter-measures the author put in it, or for that matter what malware the cracker put in it (after all the cracker wannabes seem to think these guys are Gods or something - whatever their code SUCKS too). Microsoft et al. nukes your computer as much as anything else you run. Do you REALLY know what the software you purchase is doing on installs / uninstalls? Of course not. It's all about trust. How many times have you had to re-install Visual Studio because something got nuked. My point is, we all knowingly run software each day that is heavy handed - because we have no choice. We run software based on trust. Trust = Properly licensed = You paid $$$ to the author so he can feed his family, just like your employer pays you. Crackers, well who cares about them. They're scum and deserve to have vital entries in their Registry erased. Gosh was that too harsh?!

tbb commented on A complete and utter waste of my time

Wed, 28 Jan 2009 06:13:52 GMT

@Mr_Obfuscation And your server license mgmt is foolproof? Innocent, licensed users never get their legit software destroyed. Ever? I would never knowingly install or purchase software like that. Just like you said, "what else is he doing to my box?". And yes, you can come back with your favorite line "until you have written copyrighted/protected...." but that doesn't change the fact that you have no more right to barge into my computer (whether or not you are really doing it) than the RIAA has of kicking down my door into my house. I have no sympathy for pirates, but the collateral damage of innocent users with your heavy handed approach gives me pause.

Mr_Obfuscation commented on A complete and utter waste of my time

Wed, 28 Jan 2009 02:41:27 GMT

@Nico Yes I agree. Phone home is my favorite way of turning pirated copies of my software "off" if it's not properly licensed. Since my stuff is black hat I destroy my software on the way out to strongly discourage the user from installing it again, and to also leave them wondering - ummm - what else is he doing to my box?? Pirates beware. License your software.

Nico Granelli commented on A complete and utter waste of my time

Tue, 27 Jan 2009 14:49:34 GMT

Just an idea: I've been asking for recommended solutions in the area of obfuscation and license management. Too many people told me the same as here, they will break it. But they told me a possible solution also: Make the software call home. I mean, put something in a server, and access by a WS. I'm not sure if you can use this advice with NH Prof, because It sould be usable without internet conection, but I'm coding a software to use a lot of internet, so this solution is working for me

Roger commented on A complete and utter waste of my time

Tue, 27 Jan 2009 14:35:09 GMT

What was the problem with XHEO licensing?

Ray commented on A complete and utter waste of my time

Tue, 27 Jan 2009 12:02:34 GMT

I'd say don't waste your time trying to make it harder to break because no matter what you do it will be hacked anyways. Make simplest solution that will work and it actually will be as effective as toughest you could imagine. Obfuscate assemblies of course.

pb commented on A complete and utter waste of my time

Tue, 27 Jan 2009 06:02:51 GMT

I'd go with a few hours of work to put something reasonable and non-annoying to users for v1 such as a serial number to enter, etc. Then observe if that was good enough. When you add more features in v2, upgrade the protection if you feel you need to.

Francois Germain commented on A complete and utter waste of my time

Tue, 27 Jan 2009 03:56:00 GMT

Hi Oren, Do you have a handle on who is your main target audience? How much risk does adding this licensing scheme to your product represents in terms of meeting your general release plan? How much future risks are you willing to swallow because you're now stuck supporting a component that was not planned for and you're trying to rush last minute? How much risk does not having a "Strong" licensing scheme in your product represents over a 12 months period in $ terms? What kind of risk are you facing in terms of being cracked the day you release this product out anyway? I know you probably already made the math, just putting it out there in case. :)

Michael Morton commented on A complete and utter waste of my time

Tue, 27 Jan 2009 03:26:49 GMT

@Mr_Obfuscation I was merely using Photoshop, and the others, as examples of well known "non-game" software for which cracks are readily available. Also, as I mentioned, there are *plenty* of no-name software packages that have been cracked and get cracked on a daily basis. As for NHProf, I'd probably put it in the same arena as some of the individual tool offerings from Red Gate, for which numerous cracks are available. And for what it's worth, google already picked up one person searching for a crack for NHProf on 1/5/2009.

Mr_Obfuscation commented on A complete and utter waste of my time

Tue, 27 Jan 2009 02:08:20 GMT

@Michael Morton Get back with me when you have both written commercial software and written copy protection for it. You need experience in both because if you havent protected it, you havent tracked it to see if it's cracked yet. Also, please keep NH Prof in perspective and dont be so absurd as to put it in the same category as Photoshop.

Tristan commented on A complete and utter waste of my time

Tue, 27 Jan 2009 00:42:27 GMT

This is game related, so it may not be applicable, but I like the way stardock copy protects their games. Rather than trying to punish people who pirate their software they reward their paying customers by providing them with free upgrades and additional features though their serial number system. [http://forums.galciv2.com/106741](http://forums.galciv2.com/106741)

Michael Morton commented on A complete and utter waste of my time

Tue, 27 Jan 2009 00:18:17 GMT

@Mr_Obfuscation "Cracking is a myth unless your software is a game." ... I think the makers Photoshop, 3D Studio Max, Maya, and a *bunch* of other non-game applications, even small no-name ones, would disagree. You should take a look around the darker places on the net and see what software is available with cracks and/or keygens before making a statement like the above. Crackers don't always want to use what they crack ... sometimes they crack it just because it's there.

Mr_Obfuscation commented on A complete and utter waste of my time

Mon, 26 Jan 2009 23:38:17 GMT

Cracking is a myth unless your software is a game. From my response on 1-2-09 in my post to Frans Bouma: --- @Frans Bouma Mr_P>Also, use at least 2 reputable protection products and the crackers will move on to something else in no time because it's too much trouble to crack your product. FB>It's still available because I gave up on adjusting the copy protection every week. Thanks for validating my exact point to liviu. --- You might also want to check out a licensing product from Desaware. Like CrypKey it's been around forever which is what you want in a protection product. What makes the Desaware system nice is that you can integrate the back-end into your server. A lot of other products want you to integrate into their servers. --- If you really want to shut-up all these little cracker pest, simply use two licensing products. For any competent programmer who uses the API's not the envelope utilities, there are a zillion nasty things that can be done - a simple one - encrypt the config connect string and save it to the dongle's memory. The fun and schemes are endless and as entertaining as any programming you have ever done. You'll wake up at 3 AM for weeks on end laughing about the next nasty thing you are going to do. For the rest of your audience who may be alarmed at my post, I'm not saying Ayende has to inconvenience his customers by activating two products etc., I'm just suggesting he use two products to protect his intellectual property. For a decade I've managed to load massive copy protection into my programs without pissing off my customers. It's really quite easy. Then dare the crack wannabes. They'll move onto another target before their supper gets cold I assure you. Signed - been there, done that.

alwin commented on A complete and utter waste of my time

Mon, 26 Jan 2009 22:55:31 GMT

I bought a licence of Eziriz .NET Reactor, and it serves me good enough. It has multiple levels of protection, including obfuscation, embedding licencing, converting to native application etc. (I don't use all functions by far). And it's reasonably priced, 180 dollar. Cheaper than NHProf hint hint ;) [http://www.eziriz.com/dotnet_reactor.htm](http://www.eziriz.com/dotnet_reactor.htm)

Maksym Trushyn commented on A complete and utter waste of my time

Mon, 26 Jan 2009 20:53:07 GMT

I agree with others in the fact that there is no protection from your application be hacked. Therefore there is no sens to add strong protection to the program. But some basic protection should be added just as proof that program was hacked and currently is used without a license. If developer actually use it on everyday basis IMHO it is easier to buy the product with all additional services available for registered customer than to try "saving" a hundred dollars spending an hours of valuable time in the future keeping application up to date. Also may be it has sens to implement some unique functionality as web-service available only for registered customers :). Hopefully I said something new. :)

Demis commented on A complete and utter waste of my time

Mon, 26 Jan 2009 20:46:45 GMT

I agree with Tobin, I've also paid for R# and Balsamiq without any consideration as they are both fantastic products at an attractive price point. The friendly reminder is all that I needed to remeber to buy the licence version if I wanted to continue to use the product. Unfortunately NH Prof currently falls in the same category as Code-Smith for me, i.e. to expensive to justify the purchase cost for the tiny portion that I would use it for. I would seriously consider making a lite $79 version with most of the features and a 'professional version' for people wanting to use it with Oracle, etc. (like another poster suggested). I think an Alert reminder every 5-10 mins reminding you to purchase the full version is the only protection you need as the power users will more than likely purchase the product.

Tobin Harris commented on A complete and utter waste of my time

Mon, 26 Jan 2009 20:31:55 GMT

This may sound naive, but I think your audience are probably happy to pay for NHProf :) I'd be inclined to pick some really easy licensing solution that is low cost and low overhead. Just make sure your product expires after 30 days, and I need to contact you and pay $##.## for a license key that makes it work again. JetBrains seem to do very well with their approach - I've not met any developer who's got a dodgy copy of ReSharper. As for pricing, here's a thought: Offer a cheap or free version that works with Open Source databases, and a more pricey one that works with commercial ones. About the actual price... As a freelancer/contractor I don't think twice about spending less than $100 on a tool. If the tool is good it's a no-brainer. Your tool may be worth more, but that's a sweet spot for *me* at least. All these are *awesome* products that I wouldn't hesitate to pay for (in fact, I own most of them!). $79.00 - Balsamiq Mockups $48.75 - TextMate $39.95 - Scrivener $99.00 - Screenflow I think that most managers can sign off this kind of purchase without 2nd thought too. If your product sells like hot cakes, you can invest in tighter licensing then, and maybe offer more enterprisey features at a higher price.

Daniel Auger commented on A complete and utter waste of my time

Mon, 26 Jan 2009 19:47:22 GMT

I really tend to agree with the others who say that no matter what you do, the program will be cracked. Video game companies have been trying to solve this problem for decades and to this day most games are cracked within a couple days of release. In the end, a strict copy protection / activation scheme only serves to make the use of the product difficult for the honest person. It's easy for me to say this, but I'd say you should: - Keep the pricing as is for organizations - Lower pricing for individuals - Go the nagware route or shut off functionality if not registered - Make registration easy and not machine based. A registration key that can be used on many machines works well as a way to remind the honest folks to buy the product, but it doesn't cause friction if they want to install it on another computer.

LukeB commented on A complete and utter waste of my time

Mon, 26 Jan 2009 17:38:22 GMT

"My best advice to you is to make it easy/desirable for people to buy it and treat the ones who do buy it with respect" Bingo.

Hard Times Guy commented on A complete and utter waste of my time

Mon, 26 Jan 2009 16:06:18 GMT

~$180 is fine for a large software vendor, but for an independent contractor, we have to "think" about making the purchase, make the price low enough so we don't have to "think" about it.

Stanislaw Tristan commented on A complete and utter waste of my time

Mon, 26 Jan 2009 15:48:45 GMT

It's a fine obfuscation solution of Ukrainian developer: [www.foss.kharkov.ua/.../Default.aspx](http://www.foss.kharkov.ua/g1/projects/eazfuscator/dotnet/Default.aspx) And it's free.

David commented on A complete and utter waste of my time

Mon, 26 Jan 2009 15:47:11 GMT

Nah keep up the good work, we're about to pay no problem :)

Andrea commented on A complete and utter waste of my time

Mon, 26 Jan 2009 15:40:50 GMT

+1 on the free for personal use and pay for company use. I think is the way to go for Software development tools also its a pita when you want to try to see if something is the tool you are actually looking for or it will do what you think it should my 2 cents

Ayende Rahien commented on A complete and utter waste of my time

Mon, 26 Jan 2009 14:12:50 GMT

Mr_Obfuscation, You can safely assume that I have no intention of making NH Prof open source.

Mr_Obfuscation commented on A complete and utter waste of my time

Mon, 26 Jan 2009 14:10:12 GMT

For obfuscation, cjecl out PreEmptives Dotfuscator - that'll set you back $3000 or so. I use Dotfuscator + CrypKey + HASP dongles on my code. I have $5000 or so invested in anti-piracy tools alone, but the time I spend writing code is worth WAY more than that. Besides, I like to sleep at night knowing I've been paid for my work. BTW - since I purchased a NH Prof license I'd hate to see it go open-source without some sort of refund...