Matt Pelletier
4/15/2005 11:28:00 AM
See comments below.
Nikolai Weibull wrote:
> Matt Pelletier, April 15:
>
>
>>What options does one have, as a company that produces software that is
>>distributed directly to clients/VARs, when that software is built with a
>>platform/architecture that uses a dynamic (non-compiled) language, and
>>further, when that platform and/or language is open-source? This
>>question qualifies for Rails and Ruby, but also it could hold for PHP,
>>Perl, etc.
>
>
> Documentation, Support, and updates.
>
>
>>I'm interested not just in the general legal considerations (like
>>licensing, intellectual property rights), but also practical
>>considerations. For example, I could get an airtight licensing contract
>>written for me, but if I have to hand the software to a client or
>>vendor, they could easily turn around and get a team to re-sell it under
>>another name (Pear PC anyone?). At least with designer bag knockoffs
>>there is the latent pride on the part of the consumer of having the
>>*real-thing* (albeit at 10x the cost). With software, if it walks like a
>>duck and talks like a duck... who cares if it's a rip-off? I could force
>>the use of keys or certificates, but these are easily cracked even when
>>the software is written in C++. This is less likely to happen in the
>>ever-litigious US, but it's a major concern for any company working
>>internationally, where well-trained techies, cheap labor, and loose
>>laws/enforcement abound.
>
>
> You couldn't get an airtight licensing contract. They don't exist.
>
> And if you could, how could the client then turn around and get a team
> to re-sell it under another name? That'd be breaking the license,
> right?
That's the point, that they're knowingly breaking the license. I might
not even be able to find out who did it, if this were an app with a big
install base. Breaking the license, on the part of the 'breaker', is not
a concern, esp. if there is not a great fear of legal prosecution. (this
relates to your comment below).
>
> Still, what you get with the "authentic" software is a sense of
> reliability, right?
It depends on the company using it. They might be just as willing to
hire a team of programmers to manage it themselves.
>
> Cheap labor is everywhere but the US is it? Loose laws/enforcement
> everywhere but the US? Man, I don't want to be a bastard, but you're
> sounding just a tad racist right about now.
>
Race has nothing to do with it. This deals with the maturity of a
country's Intellectual Property laws, the labor cost of reverse
engineering an application. I'm seeking practical comments from people
who understand that the laws in various countries affect an unethical
person's willingness to try to make money from someone else's work
illegitimately. If it is inexpensive to hire programmers to reverse
engineer an application, and the Intellectual Property laws are not
mature or well enforced, than it is more attractive for someone with the
resources to pursue such an unethical track. I used the US as an example
because the ferocious enforcement of Intellectual Property law would
seem to be a discouraging, not encouraging, factor. My simple point,
perhaps not clearly explained, is that fear of prosecution and the
production costs play a role in someone's decision when contemplating
ripping something off (can i get away with it?). It is all just
hypothetical. Nothing deeper.
>
>>If we wrote software in assembly it would still be a concern, but when
>>there is little-to-no reverse-engineering needed for languages that
>>don't need to be compiled in the first place, it affects decision-making
>>when selecting platforms/languages, which is rather unfortunate. With
>>Java/.NET you can download a decompiler and have source code exported in
>>a day. You can obfuscate, but that's a small comfort; anyone with time
>>and interest can figure that out. With dynamic languages, all the hard
>>work is done for you.
>
>
> One days work isn't really that much work, is it? So the difference
> between decompilable languages and uncompiled languages is non-existant
> really.
>
The time required to turn a binary into a usable source tree is only one
factor (see above). In this case if it's already source code the labor
cost for reverse engineering is cheaper.
>
>>If you are operating as an ASP (a la 37 signals with Basecamp), this
>>isn't much of an issue. However, if you have to give your software to
>>*anyone*, whether a client to run on their own network, or to a 3rd
>>party in general, what are your options?
>
>
> Why do you have to give it away?
>
I don't. I meant 'give' as in deliver or install, as part of the license
agreement (if it's not run from my server).
>
>>This isn't really a concern when dealing with smaller projects for
>>smaller clients, where the compensation is based on project time, even
>>if license it to them (as opposed to letting them own it). In those
>>cases, PHP (and from this point forward RoR!) is usually the best
>>choice, for all the reasons that we love (quick development, simple
>>changes / customization). But when you're licensing software that you
>>own, the value - which at face value is the feature set and
>>maintenance/support services - ultimately boils down to the source code,
>>and needs to be protected to the fullest possible extent. Yes there are
>>business models where the value is strictly your support (Red Hat, at
>>least at first), but that's not really what I'm asking about (though I
>>welcome the comments).
>
>
> You obviously haven't had much experience with open source. It seems
> that you should get more information before posting questions regarding
> open source to a programming-language mailing list. Opensource.org
> should have all the information you may need. I am not trying to end
> this discussion, but I don't think you'll get much out of this
> discussion if you haven't tried to understand how open source works.
>
Thanks for the thoughtful advice.
>
>>This is something I've been curious about for some time, but PHP et al
>>have never been attractive alternatives for larger projects. RoR is
>>compelling enough that these concerns have escalated.
>
>
> Again, when you're developing an online service, you really don't have
> to worry about anyone trying to steal your work. You control
> everything. Check out some of the essays by Paul Graham
> (paulgraham.com) on the subject,
That's the point I was making re. 'operating as an ASP' above.
> nikolai
>
Look, overall, this is a hypothetical and marginal situation (where bad
people do bad things), and I'm just trying to cull the experience of
helpful programmers. I realize this may not be a likely situation, but
it does happen, that I'm just trying to see what people know about these
things. Nothing more. I hope I haven't offended people by referring to
countries, laws, labor costs, and the decision making processes of
unethical people.
Thanks Nikolai,
Matt