Re: DDJ Article on "Secure" Dongle
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


sci.crypt archive

Re: DDJ Article on "Secure" Dongle

From: Anne & Lynn Wheeler <lynn@garlic.com>
Date: Sat Oct 01 2005 - 16:39:52 CEST



"TC" <aatcbbtccctc@yahoo.com> writes:


> Piracy is a legitimate concern for software authors.


>


> My experience, with my own product, is that 1% of effort will deter 99%


> of people who would otherwise pirate my app. But we all know that no


> amount of extra effort will deter the remaining 1%.


>


> So, dongles etc. al. are just a waste of time and money. The people who


> are deterred by those, would be equally deterred by an encrypted value


> in the registry, or somesuch simple scheme.



it may be the reverse of swimming pools and fences ... if you have a


fence ... it isn't your fault ... if you don't have a fence then it is


your fault. demonstratable counter measures ... are enuf to take


action ... either by employers to fire employees that violate. if you


are charging ... and some large corporation is in flagrant violation


action can be taken. one percent not paying/stealing can be tolerated


... i think a lot of companies figure that they are going to have 5-7


precent loss ... places like retail stores ... employees mostly ...


but also straight-forward customers shoplifting. sometimes the counter


measures are both simple deterrent for most, as well as basis for


various kinds of legal action.



there was a trade-secret theft situation ... where legal action was


brought claiming several billion damages ... the judge invoked the


swimming pool scenario; if it really is billions of dollars ... some


large fraction of the population will be expected to steal, as a


matter of course, and you can't really hold it against them ... unless


you show that you have taken countermeasures proportional to the value


of what is being protected. if isn't absolute ... and the


countermeasures wouldn't be expected to cost more than value of what


is being protected ... just demonstratable proportional.



that was possibly one of the places i picked up security proportional


to risk ... some slight topic drift


http://www.garlic.com/~lynn/2001h.html#61 Security Proportional To Risk



in any case, given swimming pool scenario and judges wanting to see


countermeasures proportional to value ... then the issue may be the


value of the software and how much are you charging for each license.



and then there is some additional topic drift ... straying back to


unbundling announcement on 6/23/69 and starting to charge for


application software ... although kernel software was still free.


however, when i was doing the resource manager ... it got selected to


be the guinea pig for first charged for kernel software ... and i got


to spend lots of time with business and legal people on software


pricing policies. some past collected posts on unbundling and software


pricing


http://www.garlic.com/~lynn/subtopic.html#unbundle



-- 
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/


Received on Sat Oct 15 04:38:10 2005