Fog Creek Software
Discussion Board




Selling software without serial numbers

Hi again! I asked a week ago about selling software with source code to developers.

Turns out we can't protect our product in any way (since it has to work with Flash MX) so we are really selling "the download" of the product. We can't let everybody download the product and just sell serial numbers.

How would you do this? Create a username and password for every customer and let them download as often as they like? Let them download once and screw them if they loose the files? How far would you trust them that they won't share the download link?

Ron
Thursday, February 26, 2004

What's to stop them downloading it and then distributing the file on their own, or am I missing something?

James 'Smiler' Farrer
Thursday, February 26, 2004

The suggestion you received last week about running it as a service on your server if possible sounded good to me. What was the issue with that?

The reason being, as the previous poster suggested, is that once a user has your bits he can do what he wants with them. So the only way to protect them is to not give them to him.

Chris Ormerod
Thursday, February 26, 2004

If you're distributing it via download, why not modify the product slightly for each download?  Put in different comments, change the white space formatting, etc.  It won't stop anyone from giving your software away, but when you download it from Kazaa you'll at least know which one of your customers shared it.

Kevin
Thursday, February 26, 2004

The problem ist that we make a component to use with Flash MX. You have to distribute it as source code. You have to distribute it as source code. You have to distribute it as source code.

Running as a service on our server won't work. Putting comments into the code won't work as they can be changed. Modifying the white spaces might be a trick to hide some informormation but it is not strong.

So we have to distribute it as source code. I just wanted to know if someone of you was in a similiar situation (you are developers) and how you would deal with it.

I guess we just have to trust our users.

Ron
Thursday, February 26, 2004

Charge a lot of money.    Works for me.

MT
Thursday, February 26, 2004

Ron,

Currently the only people who has been having some success distributing hard to decipher bytecodes (through bytecode and execution flow obfuscation) are Preemptive with their Dash0 and Dotfucator tools.

They only work with dotnet languages and java. Most other companies don't take this issue too seriously (which is a minus in some people's opinion). It might be compiled, but reverse engineering is still possible.

So unless you are willing to put in millions of dollars developing a tool to obfuscate your flash source code you are out of luck.

Li-fan Chen
Thursday, February 26, 2004

Ron, is there anyway for you to sell service along with software? If your widget is meant to exist as page by itself, you can always provide a template your customers can provide, and then fit the widget you write into that template and compile it and return that compiled fla file back to them.

Li-fan Chen
Thursday, February 26, 2004

My recommendation is to trust the customer and the quality of your product.  If your product is good, people will want to buy it.  You might do well to tie support services to some variety of credentials that come with the purchase, such as a serial number.  It's worked for RedHat and a lot of other open source companies, who make their money selling the services, rather than the product.

Clay Dowling
Thursday, February 26, 2004

> Let them download once and screw them if they loose the files?

It's LOSE not LOOSE. This common error forever annoys me. I mean, if you're gonna spelll it like you say it then don't bother putting the E on the end. Learnt it now and don't do it again.

(Boy I'm having a grumpy day today)

gwyn
Thursday, February 26, 2004

Charge a reasonable amount of money for it, then let them download it whenever they submit a user/pw combo?  Having had to pay for something can be an incentive not to share it.  Not much else you can do, except maybe tie support to a specific credential, as suggested above.

Sam Livingston-Gray
Thursday, February 26, 2004

*  Recent Topics

*  Fog Creek Home