Fog Creek Software
Discussion Board




I just received a technical evaluation kit...

for a dongle.

I'm selling enterprise software and, unless I arrange it so that the software will run with a USB dongle, my company will surely lose money (and lose face) from the piracy.

Yet I'm loath to use it. My software is a precious diamond;gleaming with perfection.  Refactored, modular and nimble, and written in Common Lisp no less.  Wouldn't a dongle (I think to myself) mar its fearful symmetry?

So I sit here at my desk, the dongle kit in front of me and I wonder if there is a more elegant solution to the copy protection problem.

So watcha think?  It is desktop software (an industrial expert system) and no internet connection is required.

Hal Itosis
Thursday, July 08, 2004

People that will actually use your software for something they need will pay for it regardless.  People that pirate your software will pirate it regardless.

Autodesk learned the dongle lesson years ago - you should too.

Greg Hurlman
Thursday, July 08, 2004

Yes, for really-really expensive software ($20,000 per seat and above) they still use dongles. 

USB, being hot-pluggable, sounds much better than the 'Oh, I had to plug the dongle in BEFORE I powered up my PC, and I CAN'T unplug it without destroying it, so now I have to shut-down and restart, AGAIN' factor of parallel port dongles.

You can dongle-check when your program first comes up, then dongle-check when you are ready to print (or save), and leave the f-ing dongle alone the rest of the time. 

That should leave your jewel-like perfection intact, mostly.

AllanL5
Thursday, July 08, 2004

I've got several programs that cost $200-$800 which require dongles. I like them - they are completely unobtrusive. The only problem is I had to buy a specialized piece of gear called a USB expander because they were using up all my USB ports. That expander set me back $9.95 at WalMart.

Don Houston
Thursday, July 08, 2004

"My software is a precious diamond;gleaming with perfection. "

Only exceeded by your ego.

.net, the equivalent of MS Bob.
Thursday, July 08, 2004

Of course, it's pretty much a given that any dongle can be cracked in relatively short order.

The problem, as AutoCAD and others found out, if you use a dongle, it bugs people.  So even legitimate users would want to remove the dongle.

Same thing about DeCSS.

Really, especially if you are dealing with First World countries like the US and Western Europe, companies aren't going to be too interested in piracy.  And the rest of the world can't afford it anyway.  Especially if it's a large server for a business-critical function, no business that's not about to go under is going to really trust software that doesn't come with a support agreement of some sort.

What you do, apparently, see is folks who will produce an exact clone of your application using cut-rate third world programmers.  Which a dongle doesn't prevent.

Flamebait Sr.
Thursday, July 08, 2004

Thank you for all your replies.  (I have found them more helpful than you can imagine - except for that "ego" comment (dude, what's up with that? (And, incidentally, Joel should really have parenthesis matching on this form editor))).

I've got the dongle up and running; I have a thread that polls the dongle so that I can tell if it has been removed during the execution of  the application.  So far I think it's okay and a good solution - I never realized that there were so many features (such as onboard memory) that are available. 

I'm thinking of using it less for copy protection and more for authentication.  Like I charge for custom work and let only the clients with the proper range of dongle numbers access the server to download updates. 

I have to spend more time and sit down and think it through, but I think I can structure the product so that the dongle can add real value.

Hal Itosis
Friday, July 09, 2004

Oh sorry, I meant to write something to Flamebait Sr.

I don't mind competition from cut rate programmers from third world countries.  I think it would be fun watching them try and keep up. 

Hal Itosis
Friday, July 09, 2004

I wonder how some IT shops would react to the need for a dongle, given their apparent paranoia.

I know you can jjuts plug it in and they'd never know, but some companies have strict policies about such things.

Even more interesting would be some server-based software, if that required a dongle. Do these heavy-weight servers even have accessible USB ports ?

No reflection on the OP.

Steve Jones (UK)
Friday, July 09, 2004

"jjuts" should be "just", doh !

Steve Jones (UK)
Friday, July 09, 2004

Any external protection scheme comes down to a conditional, smack the code so the conditional is always true and it will be as if it never was.

Adding more conditional points just means it would take longer to hack and there's an awful lot of people out there that have the time.

Even if its extraordinarily sophisticated and the existing code is encrypted and only runs if decrypted using the dongle it will be hacked within weeks (if there's a demand for it, and if there isn't a demand why do you care?), just by exercising the code through the dongle.

Concentrate on adding value to your supply and you can save the $25 overhead on each sale and make more money at the same time.

Simon Lucy
Friday, July 09, 2004

Have you thought of a licensing scheme such as FlexLM?  I don't know how hard it is to integrate, but we use several copies of a 3d modeling software here, and they use the FlexLM license server.  It works well and we can upgrade and not worry about the locality of machines with no problems.  And it keeps us legitimate.

Licensed
Friday, July 09, 2004

*  Recent Topics

*  Fog Creek Home