ewhac@well.UUCP (Leo 'Bols Ewhac' Schwab) (07/19/87)
[ O Great Line Eater, please accept this humble sacrifice... ] Ok. I can squash this argument with logic or nonsense. Your choice. Right. Logic it is. It has been suggested that the best of all copy-protection worlds is The Gizmo (hereinafter referred to by its proper name, "dongle".). It was suggested that this method of protection is virtually unbreakable. I would counter-suggest that this is not so. A dongle is plugged into a hardware port. This port always has a fixed address. All I need to do, as a pirate, is to look for all CPU references to this address. I then write some stub code in my debugger to check what the correct response from the dongle would be. I then NOP over the dongle-checking code, and patch the branch to go to the correct location. A good debugger will allow me to do this easily. Some pirates are very dedicated. Witness in the past: Pirates purchased 6502 in-circuit emulators and single-stepped through Apple ][ programs, discovering how the CP scheme worked. I submit that all programs, no matter how obfuscated, would submit to analysis under an ICE. It was also suggested that the industry needs to foster new forms of software theft deterrents. I would suggest the following: A scheme that does not impair the useability or copyability of the program in any way. However, should the scheme detect that the copy was unlawfully obtained, an inflammatory message from the author would appear. Such messages might accuse the user in no uncertain terms of being a thief, that s/he should be ashamed of themselves, that their mother wears combat boots, etc. The vendor would decide what was appropriate. It was also satirically suggested in a long paragraph that software piracy can be, in an obtuse way, be likened to car theft, after replacing the stolen car with 2400 lbs of random steel. I submit that this is not an accurate parallel. A more accurate parallel can be drawn by likening software piracy with the Xeroxing of a highly specialized newsletter. The type of newsletter to which I'm referring is usually published on a bi-monthly basis, quite small (under 20 pages), contains highly specialized and field-specific information, and usually is sold at anywhere between $75-$300 a year. Piracy can be likened to Xeroxing a newsletter of this type and handing the copy to a friend. I would also contend that software piracy has largely been a matter of attitude on the part of the public. As an innocent party to the birth of the micro industry (I was only 12 then), everyone seemed to have the attitude that software was free. This seemed largely supported by the fact that most people who owned computers were highly computer-literate. They generated their own software to suit their specific needs. If a friend liked it, they would make a copy for them (on cassette tape). There were some commercial packages available then. In particular, I remember the GAMEPAC series from Processor Technology, written by Steve Dompier. Very good software. Widely pirated. Everyone with a SOL-20 had a copy of this program. In fact, I think it was distributed with the machine. Everyone also had a copy of a BASIC interpreter, either BASIC-5, EBASIC, or Altair BASIC. These were also widely copied. My point: It is my belief that, in the "old days," people viewed software as free. I suspect this view was held because everyone who owned a computer was competent enough to write his own software, and didn't need to buy anything. Therefore, anyone who was actually selling something other than hardware was probably regarded with disdain. There is probably some question as to whether this view, in that time period, was justified (Bill Gates certainly didn't think so). Then, thanks largely to Steve {Wozniak,Jobs}, computers became a mass-market item. People purchasing computers were no longer confined to the population of the computer-literate. Ordinary people were beginning to buy them. They had to learn about computers from someone. They turned to those who owned computers before them. They learned from them that computer software was "free." However, because these new users could not effectively write their own programs, this view was no longer accurate. In my view, trade is defined in terms of relative worth. If I have something that worth something to you, you may wish to buy it. If, however, you have the ability and resources to create the same thing on your own, then its value to you is reduced. The unsophisticated users are unable to effectively create their own software. Therefore, anyone who sells software is satisfying the conditions of trade for unsophisticated computer users. They are obliged to look upon my program as valuable to them, if they cannot create the same or similar program themselves. Nevertheless, computer software was viewed as free. I would surmise that, eventually, someone who was selling software got irritated with all the non-purchased copies of his program running around, and got the idea to make his program difficult to copy, probably by creating a file on the disk with control characters in the filename. Unsophisticated users would be thwarted by this method, since many of them probably had no idea what a control character was. I suspect that this was the audience our hypothetical vendor was addressing. The educated audience, however, would probably scratch their head for a moment at the odd-looking disk catalog, then quickly write a progam to reveal the true filename. Unsophisticated users would contact the sophisticated ones, asking what was going on. The sophisticated audience, being very forthcoming (as most hackers are), explained what was going on, probably offering to make a copy of the disk for them. From here, no doubt, the protection technology escalated. One need only briefly look around them to discover the state of the art in Software Theft Deterrents. Zapped sector technology. Encoded manual technology. Dongle technology. Security code technology (There exists a form of protection whereby the computer asks you for a clearance code. You punch a button on a hand-held pseudo-random code generator to discover the code, and enter it in.). This technology was developed in response to the audience of unsophisticated users who erroneously believed that software was free. Now then. I also contend that attitudes (at least in the people I associate with) are changing. People are, in my estimation, beginning to realize that the software they are using is indeed valuable to them. They use the programs every day, and know the anguish of having to live without it (when the machine becomes unavailable for some reason). They are beginning to realize that they would be hard pressed to create a similar program on their own. They may still balk at some of the prices on some programs, but I believe that they are more inclined to pay for it today than they would have been, say, three years ago. It is also my contention that many software vendors are regcognizing this trend, and starting to remove software theft deterrents from their products. As a member of FAUG, I see software vendors get applauded when they announce that their software will be released without copy protection, and I see vendors get resoundly hissed when they say that it has some form, any form, of copy protection on it. I contend that people are beginning to view their software as valuable tools, which is why they are pleased when a new tool becomes available for their use that has not been made cumbersome to use by copy protection. I believe that people are beginning to foster respect for programmers who produce quality products. I hold that people are attaching value to software, and are now more apt to buy their own copy of a program rather than borrow or steal one. I would not suggest that this transition in attitudes is by any means complete. Indeed, we have quite a way to go. However, I would, as my final suggestion, ask that software vendors reeaxmine the attitudes held by the computing public at large, where these attitudes are leading, and act as they see fit. There. How'd I do? _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_ Leo L. Schwab -- The Guy in The Cape ihnp4!ptsfa -\ \_ -_ Bike shrunk by popular demand, dual ---> !{well,unicom}!ewhac O----^o But it's still the only way to fly. hplabs / (pronounced "AE-wack") "Work FOR? I don't work FOR anybody! I'm just having fun." -- The Doctor
bpendlet@esunix.UUCP (Bob Pendleton) (07/21/87)
in article <3576@well.UUCP>, ewhac@well.UUCP (Leo 'Bols Ewhac' Schwab) says: > I would also contend that software piracy has largely been a matter > of attitude on the part of the public. As an innocent party to the birth of > the micro industry (I was only 12 then), everyone seemed to have the > attitude that software was free. This seemed largely supported by the fact > that most people who owned computers were highly computer-literate. They > generated their own software to suit their specific needs. If a friend > liked it, they would make a copy for them (on cassette tape). > I think the reason that people felt that software was free was because software WAS free. The highly computer literate people Leo speaks of probably worked with computers, probably for many years. I doubt a twelve year old would have been aware of the GREAT UNBUNDLING. During the fifties, sixties, and into the middle to late seventies, mainframe computer manufactures gave you an operating system, file system, compilers, utilities, editors, everything they had in the way of software. All bundled in the price of the system. You usually got source code that you were free to read and hack to your hearts content. Many of the utilities were user written and distributed for free through user groups. Somewhere along the way IBM noticed that software cost more than the hardware and started charging for each piece of software. All other manufacturers followed suite. Who knows, the way prices are going maybe someday you'll buy the software, and they'll toss in the hardware for free. Bob Pendleton -- Bob Pendleton @ Evans & Sutherland UUCP Address: {decvax,ucbvax,ihnp4,allegra}!decwrl!esunix!bpendlet Alternate: {ihnp4,seismo}!utah-cs!utah-gr!uplherc!esunix!bpendlet I am solely responsible for what I say.
lishka@uwslh.UUCP (Christopher Lishka) (07/24/87)
Well, there is always more than one way to skin a cat... In reference to the hardware Gizmo/dongle/whatever-it-is-called, a previous poster said (very rightly) that one could defeat this form of copy-protection by patching some machine code with NOP's. Alas, there is also another way. A couple of my friend's once reverse engineered a dongle and managed to come up with their own dongles; all they then needed to do was copy the software with a decent copier, plug in their own dongle-copy, and VOILA! One more copied/pirated/stolen/etc. program existed. Therefore dongles can also be broken through hardware. I don't think there is a form of copy-protection that can't be broken, unless the computer itself provides special hardware that allows NOONE in if some funky mode is set (and I mean Noone, not even the designer). Now, some forms may be more deterent than others, but lets face it...if you know how to get into a machine, you can figure out how to take control, and run things pretty much the way you want. It may take a hell of a lot of effort, but it can certainly be done. So where does that leave everyone? Well, the pirates, who choose to spend the time breaking into the software, will eventually get through the copy-protection and have a piece of software that can be used. However, Mr. Average-Computer-User, who goes out and buys the stuff, will be taking a risk if he cannot back up the disk, 'cause he could easily get something scrambled via a large magnetic field (don't go sticking floppies on speakers) or the program very stupidly writing to the protected disk. Then, IF his original gets fried, he'll probably think twice before buying another piece of software from a company. What does this all end up in? Well, it is potentially bad for the company, annoying for the guy whose $100 protected disk gets trashed, and provides the pirate with something to do in his spare time. Point: the only real way to "copy-protect" something is to supply extra materials with it that are very useful. This is hard to do with games, but it has been done; the "look-up-a-word..." copy protection is sort of like this. A GOOD manual for, say, a compiler is a better example. Now, this doesn't get around the old Xerox machine, but then again some manuals are so thick that it takes a fair bit of cash to Xerox in the first place. One last note: I am very appreciative of people like Mr. Fish and Mr. Stallman (and how about Mr. Knuth too) who either write software or collect it in order to give it out free, just to spread around some good programs. I am not saying that those who write programs for profit aren't as worthy of praise (hell, I write programs for a living!), but at least there are some people out there who have gone out of their way to distribute good products without making a lot of money (or even any money) off it. I would just like to thank all of you who are producing useful, fun, and well-written programs without hoping to make a killing off them. One day I hope to be able to do the same (but right now I need to get my butt through college!). [P.S. I am writing this on GnuEmacs, a wonderful editor by Mr. Stallman which (I believe) is freely distributable] Enough rambling... -- Chris Lishka /lishka@uwslh.uucp Wisconsin State Lab of Hygiene <-lishka%uwslh.uucp@rsch.wisc.edu \{seismo, harvard,topaz,...}!uwvax!uwslh!lishka
jbn@glacier.STANFORD.EDU (John B. Nagle) (07/25/87)
Knuth does not give his software away. He publishes it in book form. He's done quite well doing so. John Nagle
fnf@mcdsun.UUCP (Fred Fish) (07/26/87)
In article <247@uwslh.UUCP> lishka@uwslh.UUCP (Christopher Lishka) writes: >One last note: I am very appreciative of people like Mr. Fish and Mr. >Stallman (and how about Mr. Knuth too) who either write software or Ye gads! Now I'm going to have to go out and buy new hats three sizes larger! :-) I'm not quite sure that my contributions have been sufficient yet to warrant my mention in the same context as Richard Stallman or Donald Knuth, but I won't discourage people from doing so. :-) :-) -Fred -- = Drug tests; just say *NO*! = Fred Fish Motorola Computer Division, 3013 S 52nd St, Tempe, Az 85282 USA = seismo!noao!mcdsun!fnf (602) 438-3614
mwm@eris.BERKELEY.EDU (Mike (My watch has windows) Meyer) (07/27/87)
In article <17139@glacier.STANFORD.EDU> jbn@glacier.UUCP (John B. Nagle) writes:
< Knuth does not give his software away. He publishes it in book form.
<He's done quite well doing so.
Uh, he *does* give the software away, as well as selling it in book
form. And selling the manuals that way.
Knuth's not the first person to do that. Adam Osborne funded the
development and marketing of the Osborne 1 from sales of manuals for
software he gave away.
<mike
--
When logic and proportion have fallen soggy dead, Mike Meyer
And the white knight is talking backwards, mwm@berkeley.edu
And the red queen's on her head, ucbvax!mwm
Remember what the dormouse said. mwm@ucbjade.BITNET
scotty@l5comp.UUCP (Scott Turner) (07/27/87)
In article <247@uwslh.UUCP> lishka@uwslh.UUCP (Christopher Lishka) writes: >copy-protection by patching some machine code with NOP's. Alas, there >is also another way. A couple of my friend's once reverse engineered >a dongle and managed to come up with their own dongles; all they then Dongles are patented. You can't legally reverse engineer something that is patented. The fact that dongles were protected under patents was/is one of the major benifits given for that scheme over some other form of user traps. As I understand it there are no "fair use" loop-holes in patents so the dongle people would have a pretty cut-n'-dry case against your friends. The above poster is a perfect example of what I said in my previous posting. I'm sure Mr. Lishka would stand up and make some sort of defense for his "pirate" friends who go around violating copyright and patent laws. I'm sure he's not going to pick up the phone and call ADAPSO or the FBI or the local police and report them. Does this make Mr. Lishka a "pirate"? Should we all celebrate if his computer get's zapped by Mr. Reed's program? These are hard questions, but I think it's about time we had less fluff and more concrete in this discussion. Some people are even calling for it. As with Mr. Reed and Mr. Samad. Those two want action, maybe they can bag some pirates by going after Mr. Lishka? Some people are probably sputtering and hissing and really working up a first class hate E-Mail etc to send me over this posting and the last. But I'll say it again, we have people howling for the hide of pirates and making them out as animals TO BE skinned. No one seems to realize that the people they want are not animals, they're people who have friends and families. It's all great to stand up on the soap box and yell "What's the phone # for ADAPSO! I'm going to turn these people in!", but who is going to be the first to turn in Mr. Lishka so that his statments that he's friends with pirates can be investigated and acted on? Hmmm? I'd LOVE to hear from Mr. Reed or Mr. Samad about this? How about it guys, you going to turn Mr. Lishka in? I really think it's time for this whole discussion to just end. The only real solution is EDUCATION. We need "Pirated software? Just say *NO*!" campaigns on TV and in computer magazines. Bumper stickers. Radio ads, Mrs. Reagan going to schools and telling kids "Just say *NO* to pirates!" This problem is just like the drug problem. The real problem is the demand for pirated software. Bag the pirates and more will just spring up, the new crop being more clever than the last. But there's one twist, and a real big one, alot of the "pirates" are going to be the bright stars in the software field of tomorrow. By throwing these people in jail we may be sawing our nose off to spite our face. Pirates are surely mis-guided people, but as everyone grasps for a solution just keep in mind that the real bad guys maybe your own parents, or the neighbor, or one of your co-workers. Just keep that in mind the next time you decide to go "bag a pirate". I mean what do you do when your mom tells you she uses a pirated Lotus 1-2-3? Take a page from Mr. Samad and call ADAPSO? "If your mommy is a pirate you've gotta turn her in!" Or erase every file on her hard disk ala Mr. Reed? Ignore it like Mr. Lishka? Do what I'd do, tell them that what they're doing is WRONG and explain to them why it's wrong. And I don't mean tell 'em it's against the damn law. Explain to them that if everyone did what they're doing then Lotus wouldn't make any money and people would be less likely to make quality software for them to use. The hard core pirates will lead a lonely life if no one calls for their wares. And the software companies would have less justification for giving us ALL the SHAFT by building user traps into their software products. Scott Turner -- UUCP-stick: stride!l5comp!scotty | If you want to injure my goldfish just make UUCP-auto: scotty@l5comp.UUCP | sure I don't run up a vet bill. GEnie: JST | "The bombs drop in 5 minutes" R. Reagan "Pirated software? Just say *NO*!" S. Turner
hamilton@uxc.cso.uiuc.edu (07/27/87)
> Knuth does not give his software away. He publishes it in book form. > He's done quite well doing so. > John Nagle well, if you wanna get picky, fred fish doesn't give his disks away either. knuth's software publishing is a LOT closer to "free software" than any copy-protected product. wayne hamilton U of Il and US Army Corps of Engineers CERL UUCP: {ihnp4,seismo,pur-ee,convex}!uiucuxc!hamilton ARPA: hamilton@uxc.cso.uiuc.edu USMail: Box 476, Urbana, IL 61801 CSNET: hamilton%uxc@uiuc.csnet Phone: (217)333-8703 CIS: [73047,544] PLink: w hamilton
apl@pnet02.CTS.COM (Andy Levy) (07/29/87)
> ...dongles can be broken through hardware...
Two weeks after the dongle-protected Amiga Superbase-Personal was
introduced in the U.S., there was an IFF-pic schematic of its dongle
on just about every Amiga BBS in existence. Two resistors and a diode...
--apl
UUCP: {ihnp4!crash, hplabs!hp-sdd!crash}!gryphon!pnet02!apl
INET: apl@pnet02.CTS.COM