# Product Authorization Nightmare

B

#### Bob Peterson

I just got a piece of software authorized from Schneider.

They refused to authorize it under the end user's name because I was unable to give them specific info on the end user, so I was forced to use the OEM's particulars just to get the secret code.

They require the following information or they will not give you the secret code:

contact name
company name
phone number
fax number

They do not seem to have any mechanism to deal with cases where an OEM or integrator is sending something through several other hands to an end user they do not know a whole lot about, or if the end user does not have an email address for instance.

What do you want to bet that MS starts asking for this type of information in the future and will only give you the secret code if you give them this type of info?

Bob Peterson

US Filter, Rockford Number 815-877-3046 X576

T

#### [email protected]

Have you tried to install MS Office XP yet? You need be online, provide a lot of information, and enter a gazzillion-digit product ID. Even after all that I still had to call and repeat the entire process over the phone.

[email protected]

R

#### Robert Scott

This is not unreasonable. How else can the software vendor verify who is and who is not a legitimate licensee? The secret number is probably linked to the end user's name so that if any bootleg copies are found, they can tell who
broke their agreement and revealed their secret number. Be glad you are not also saddled with using a dongle! Now that is a pain.

S

#### Steve Young

With Schneider software you can register the software in your name. Once you are done using the software for developement, the person
that it is registered to, simply calls them and informs them to whom they have sold the software to. (ie transfers the liscense) There is no
limit to the number of times that this can be done. You would only be responsible to pass it on to the person you sold the equipment to,
and then it becomes their problem, etc. Hope this helps you.

J

#### James Ingraham

It is unreasonable, especially for Siemens. Why would they want to make it difficult for me to program their PLCs? If anyone could copy
the software for free, then I would have an incentive to use their PLC over Allen-Bradley's. As it is, there is no way I would switch to Siemens because I would have to spend a zillion dollars just to licenses for my developers.

I sympathize with software makers' desires to stop piracy. Nonetheless, even if they are selling software they could trust their end-users. Think & Do Software does this, much to their credit. So does QNX. QNX is free for non-commercial use; buy a license only if you are
selling a product that has QNX in it. There is no way they can check this; they just trust their customers honesty.

There are ways to do business besides treating your customers like criminals.

-James
Sage Automation, Inc.

M

#### Mark Hutton

You may not think that it is unreasonable, but it is certainly impractical in our industries.

D

#### Donald Pittendrigh

Hi All

I sent an enquiry to the Siemens Hotline the other day, they wanted even more information than this before they would help. I found another way to solve the problem as I only give out my pone numbers when I need to.

Next time I wont use this product again because it has P____d me off.

D Pittendrigh

B

#### Bob Peterson

I kind of prefer the dongle. If I want to move the key its a simple matter of moving it. If my hard drive fails, no biggie. No 20 digit number to enter to authorize it.

Bob Peterson

M

#### Michael Griffin

It has occurred to me that once Microsoft has the authorisation system working with their own products, the obvious next step would be to sell this service to other software companies. I imagine the marginal costs would be rather low, so the economics of it could be made very attractive to them. Impractical or not, we could be seeing a lot more of it.

--
************************
Michael Griffin
************************

J

#### Joe Jansen

The problem is, you do have a dongle. It is the PLC. What good is a programming package (and I am making an assumption here, but if it wan't in
this case, it still applies to programming packages nonetheless) without the PLC? At some point, I have to plug my laptop into the PLC dongle in order to make the code run. Add to this the extortion of marketing info before you can use the software, and now you are 'activating' it twice.

--Joe Jansen

B

#### Bob Peterson

The FACT is, that every software protection scheme has been broken, sometimes before it has even been officially released. The software venders know this. The registration and product authorization schemes are really all about
marketing and keeping control of your customers. As a means of preventing theft, they really only prevent casual theft, and not all that well at that. Someone who really wants to steal it, and I grant you software theft is rampant in virtually all third world countries, will just upload the freeware program off the Internet that breaks the protection, and use it as they will.

If, as a software vender, you feel the need to have this level of control over your customers, at least make it as inoffensive as possible. Some
venders are much less offensive then others in this regard. Others act like you are some kind of criminal if you want to transfer the software or have a problem.

One way to discourage theft is to allow those who only want to learn about the product a way of doing so. Many software products have a demo mode, so people can learn about it without having to buy it. Typically these demo modes have restricted functionality (like limited time periods of operation or limited tag counts for SCADA/HMI packages). Once someone decides to "steal" the software for the purpose of learning a little about it, I suspect they are de-sensitised to stealing and it is much easier to steal it for actual use rather then buying it, so demo modes actually encourage additional
purchases of the package, and discourage theft. But this approach is at odds with the marketing types who want to sell training classes for this purpose, so not all packages offer a demo mode.

Bob Peterson

G

#### George Robertson

You're missing some history here....

When dinosaurs roamed the earth, PLC manufacturers included the software with the PLC, using your reasoning. As they had a stranglehold on programming that particular device, they didn't have to be particularly inventive. All they had to do was not be so difficult to use that
people switched PLC brands over it. So, enter the third party PLC programming software developers. Along came the Graysofts, etc. making
much better products. Easier to use, feature packed, etc. Over time, the PLC manufacturers realized the canine qualities of what they were
packaging along with their devices. They also did the math on what the third party guys were making. So, they bought them up. Almost all of
the independent PLC programming software outfits have been ingested by the companies making the PLCs. Cool! Except they now had to justify
the expense of buying this company in order to sell what they were already selling (or giving away.) So, the software companies became
separate profit centers. They have to justify their existence by copy of software, not PLC. A company having 300 PLCs and one copy of the programming software is a disaster now. Hence the registration, support agreements, continuous "upgrades" having nothing to do with the hardware, etc. Lord help us, the support and documentations groups have become separate profit centers as well!

George G. Robertson, P.E.
Manager of Engineering
Saulsbury E & C
[email protected]
(915) 366-4252

P

#### Paul Tolsma

I agree with Bob. I have only ever had one problem with a dongle, and that was the customer trying to take it apart to see what was inside. I think they thought they could hotwire the PC like a '57 Chevy or something <g>.
Aside from that, no issues with dongles. I actually like Intellution's model of 2 hours of anything you want and runtime/development dongle for production. In the last few years, as an engineering manager who only sometimes gets to work on a real system anymore, I have not even had my own development key. With FIX or iFIX, this is a non-issue, unlike many of their competitors. But getting back to the original point, dongles have never been a gate to system development or use and there is nothing to
install or document with them.

Paul T

M

R

#### Rufus

Funny you should say that, Michael. On another forum I had basically the same observation. I went so far as to suggest they'll have a "WPA Wizard" in their Visual Studio (or whatever the .NET version is called) - their software development environment. This little pushbutton in the IDE could automatically insert WPA verification code into a developer's application by only pushing a button. There was a response that there is no such thing in the new IDE, but I just wonder "how long?".

Rufus

T

#### tecnog

At 15.35 10/02/02 -0500, James Ingraham wrote:
[..clip...]
>I sympathize with software makers' desires to stop piracy. Nonetheless,
>even if they are selling software they could trust their end-users. Think
>& Do Software does this, much to their credit. So does QNX. QNX is free
>for non-commercial use; buy a license only if you are selling a product
>that has QNX in it. There is no way they can check this; they just trust
>their customers honesty.
[..clip...]

hello all,

I invite you to read an old post by Bob Graf "RE: ENGR: Copy Protection (was PLCS: Problem with Step5)" dated March 31, 1998 (included at the end
of this post).

Beside customers honesty there are issues that involve loss of productivity once the authorization is lost. Some years ago I was commissioning a brand-new machinery in a French glass industry. The plant was controlled by a system which included a well-known SCADA package, protected with a dongle connected to the parallel port. As normally happens during commissionings, there were a lot of workmen traffic around and we were forced to move our workplace quite often. Not a real problem until a technician tripped on the printer cable, disconnecting the dongle from the printer port while the PC was powered. This event caused an irreversible damage to the dongle and we had to ask for a replacement. It took three days...After *purchasing* the SCADA we (programmer, electricians, mechanics, part of the production dept, etc.) were forced to complete inactivity for three days. We were somehow lucky, in some countries a dongle replacement may take
weeks....

----- Michael Griffin wrote:

> It has occurred to me that once Microsoft has the authorisation system >working with their own products, the obvious next step would be to sell this
>service to other software companies. I imagine the marginal costs would be
>rather low, so the economics of it could be made very attractive to them.
>Impractical or not, we could be seeing a lot more of it.

Yes, and we will see cracks proliferation. This will reduce the effectiveness of that authorization system. Take a look at BBI's
"StopCopy" protection scheme: probably a very few people would have bothered to crack it until Siemens decided to adopt it. As result, there
are now so many "StopCopy" defeating tools all around that such a protection is by then useless, more like just an annoying procedure.

Consider this: a user who installed a cracked copy of a program will work in complete tranquillity, while an honest user who installed an original copy protected with some authorization methods, sooner or later will deal
with loss of authorization and therefore loss of time and $(whishing not to loose the customer, too..). Funny, isn't it? We have enough problems doing our job, why should we be put in additional jeopardy by protection schemes? Why should we suffer of "Authorization Nightmares" or "Authorizations Led Pounding Heart" ? Sorry to say it, but among colleagues I noticed that protection defeating tools are pretty common. They're just tools, like oscilloscope or serial analyzers. regards Luca Gallina [email protected] <clip> ***************************************************************** From: "Graf, Bob" <[email protected]> To: "'The Automation mailing list, managed by Control Technology Corporation'" <[email protected]> Subject: RE: ENGR: Copy Protection (was PLCS: Problems with Step5 (Simatic)) Date: Tue, 31 Mar 1998 14:02:18 -0600 > Regarding to our experiences, the honest users don't have any problems > ... the only protesters are the bad guys ! My experience regarding copy protection is pretty much the opposite: The network people come by to do maintenance on a system, defrag the drive, wiping out the transferred key. The hard drive fails on the laptop that has the key installed. The master disk gets wiped out by the power supply of the x-ray machine at the airport. The dongle gets moved by the network people who decide to try and learn to use the program without telling anybody, causing the program to exit after 15 minutes or so. The dongle doesn't really allow a parallel port to work with your printer (or disables the direct cable connection.) The computer has 5 dongles attached to the same parallel port, so it doesn't fit on a desktop (and attaching a flat cable to route them is another half-baked idea when I have to move keys.) I can understand the desire to prevent theft of software, but given the choice, I will opt for the non-copy protected program unless there is a functionality issue involved. Sales lost to theft is a problem the vendors must deal with. Loss of productivity due copy protection schemes is one I must deal with. Never trust anyone who doesn't trust you. ***************************************************************** <clip> C #### Curt Wuollet Yes, it's an ever escalating spiral. And kinda silly because if you don't have possession of at least one of their PLC's, you have absolutely no reason to steal the software. So by being a customer you fit the profile of a pirate. I kinda like the OSS model by contrast, Here's some software. You don't worry about it, I won't worry about it, let us know if you have a real problem or you fix something. I can send you a CD copy legally and you can put it on as many machines as you want. Then let's us spend our time on coding and support and you spend your time using the product. It makes you really wonder if the end is worth the means. Did those 10 customers, customers mind you, that you prevented from copying stuff to use _your_ equipment, buy enough copies as a direct result to pay for all the BS of tracking what everyone does and handling authorizations round the clock and the down time that creates? And what real damages would have resulted if they had? Seems like the cure is worse than the disease. What is good will worth? That might just cover the difference. Microsoft seemed to do just fine for all the years they didn't do anything. I'm curious what these draconian measures will really buy them. I get a lot of inquiries from folks who have figured out where this is all going, not "buy now" calls, but a lot of interest in alternatives. MS must be thinking that their lock on customers is as strong as it's gonna get, so they better put the squeeze on now. I'm sure that if they had done this from the start, they wouldn't have a monopoly now. That makes it perfectly legal exploitation of a monopoly. The only problem is that the customer feels the same if it's legal or not. And the vast majority weren't doing anything unreasonable in the first place. Criminalizing their normal use pattern will, I think, be a regrettable mistake. Regards cww J #### Joe Jansen/ENGR/HQ/KEMET/US Absolutely! I have had office 2K forced onto my laptop by my employer, but have yet to start it up. StarOffice (or OpenOffice - "www.openoffice.org":http://www.openoffice.org ) are simply better, both anecdotally and thru testing. ZDLabs has given Staroffice favorable reviews, including noting that Staroffice works with larger Word files faster than Microsoft's own Word. (E-Week, Oct 8, 2001, Cover story, near the end). They also state that Sun has included support for XML based documents for "insulating companies from future changes to proprietary Microsoft file formats..."(same source). Support and compatibility with Microsoft's spreadsheets and PowerPoint presentations round out the basic office package, and there is a database package also available. In the same article, ZDLabs notes that all are "faithfully rendered" by StarOffice. I cannot imagine any reason for buying the MS offering for I believe$500 US, IIRC.

I have not yet encountered any documents, including compound documents containing embedded spreadsheets, images, and WordArt drawings, that

Just my \$.02, Off topic......

--Joe Jansen

M

#### Michael Griffin

"How long"? Well I suppose when a large enough percentage of the installed Windows base has Windows XP. I was thinking they will include an "authorisation manager" in Windows that would authorise all your software from all sources in one operation. If you're on a network, your system administrator could initiate this all remotely and get a report on what was authorised when it was all finished.
They could also have schemes like licenses that run for a limited time only (e.g., you have to renew each year to keep it running), metered usage (the authorisation is good for only a certain number of hours of actual use), automatic (and mandatory) upgrades, etc. Irregular and unpredicatable revenue from software sales could be turned into a nice steady stream of (your) cash.

As for the "WPA Wizard" - yes I think you are correct, and they will do exactly that. This could be part of some sort of "professional pack" add-in to the IDE. With this sort of scheme, you wouldn't have to be a large company to include a WPA system in your software. You just have to be willing to part with a percentage of your revenue.

--

************************
Michael Griffin