1. The people who object to keys do so because of the associated risk.
2. 'You can't over simplify the issue and decide categorically that all vendors
that want to "protect" their software are bad. ' implies that somebody has
made
such a claim; that's the straw dummy in question.
3. The collateral damage is the inability to use the software that they are
paying for
and the outage to everything dependent on that software.
4. The issue is not the licensing terms; the issue is what happens to a
customer who
has paid the fee.
5. No, our difference is that I believe that the customer has no obligation to
play
Russian Roulette.
6. The issue isn't the rules, it's the danger inherent in the enforcement
method.
" If you can do it without losing your temper or being condescending"
PKB. Don't misrepresent my position if you want me to be polite.
"or if you want to be sarcastic "
PKB. If you don't want sarcastic responses, then don't make sarcastic posts.
"and/or virulent "
There's nothing wrong with refusing to buy a product that doesn't suit my
needs. You get to set whatever rules you want for the use of your software,
provided that you disclose them up front, but you don't get to tell the
customer what metrics to use in evaluating his requirements.
"because I still really do want to try to understand your points."
Then pay attention when I write that keys impose a risk on the customer, and
that the customer gets to decide how significant that risk is. Are you willing
to put an indemnification clause in your contracts?
--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3
________________________________________
From: IBM Mainframe Discussion List <IBM-MAIN@listserv.ua.edu> on behalf of
Brian Westerman <brian_wester...@syzygyinc.com>
Sent: Wednesday, February 28, 2018 1:51 AM
To: IBM-MAIN@listserv.ua.edu
Subject: Re: Product license key program
You lost me Shmuel,
I don't think I misrepresented the people who object to keys, at least not on
purpose. I don't understand the straw dummy reference and I honestly don't
understand the objection to a vendor using keys for their product(s).
What collateral damage is cause by a vendor's use of keys in their software?
The keys are there to "lock" the software to the system it was licensed for.
If the software is moved, or used in other creative means without permission
from the vendor (who we must remember, owns the software), then it
(theoretically) won't work on that "other" platform. I guess I'm missing the
damage part of that. Do you mean disaster recovery keys? I think every vendor
has that covered by now, but maybe they don't, and again, it's their software,
if they don't want to allow that use, and they let you know up front, then
whats the damage?
There are many parts (I guess types of keys makes more sense) of vendors keys
that I don't agree with, and I don't personally think that software in and of
itself should cost more for one processor than another, regardless of processor
size, but that's just my personal feeling. If a vendor wishes to price their
software that way, then it's completely their decision.
Possibly our difference of opinion is because I see the vendor's product as
belonging to the vendor, not unlike my "locking your car or house" analogy.
It's not like the vendor is locking other software, just their own. At least I
hope so. If the vendor wants to lock their software so that it isn't
"misused", (and specifying what "misused" means is 100% the software vendor's
decision). Then, as they "own" the software, it's up to them to say what those
rules are. They need to be up front on the rules, even if they are
unreasonable rules, otherwise the contract for the software would be invalid
anyway under the "meeting of the minds" concept of contract law.
If a site "purchased" the software instead of licensed (or rented) it, then I
believe you are 100% correct that the software vendor loses the right to lock
it up. I don't think many vendors sell their software that way though, it
would not be cost effective for either party.
So, I really do want you to educate me on this. If you can do it without
losing your temper or being condescending, then I would like to do it here,
publicly, so that others can understand as well.
On the other hand, if you can't discuss it calmly, or if you want to be
sarcastic and/or virulent about it, then feel free to send me the discussion
points offline, because I still really do want to try to understand your points.
Sincerely,
Brian
On Tue, 27 Feb 2018 21:44:45 +0000, Seymour J Metz <sme...@gmu.edu> wrote:
>You can, and did, misrepresent the position of those who object to license
>keys. The issue isn't protecting the software; the issue is the means used to
>do so and the collateral damage from those means.
>
>If you have someone willing to steal your product, then he will also be
>willing to patch it to bypass the license check? Illegal, sure, and I hope
>that you nail anybody who does so, but still inevitable.
>
>As for support of stolen copies, that's a separate issue from preventing the
>product from running. Use of keys et al in the support process doesn't have
>the same potential for collateral damage.
>
>Microsoft? They have a vested interest in lying about their reasons; they want
>to force bundling, and have been very successful at it.
>
>Of course, after inventing straw dummies and openly being facetious you ar
>likely to get sarcastic replies; if you didn't want sarcasm then you should
>have used honest and polite argument.
>
>--
>Shmuel (Seymour J.) Metz
>http://mason.gmu.edu/~smetz3
>
>________________________________________
>From: IBM Mainframe Discussion List <IBM-MAIN@listserv.ua.edu> on behalf of
>Brian Westerman <brian_wester...@syzygyinc.com>
>Sent: Monday, February 26, 2018 9:27 PM
>To: IBM-MAIN@listserv.ua.edu
>Subject: Re: Product license key program
>
>If someone violates a copyright, there are legal and I think criminal
>penalties. But I doubt the FBI will get involved if you decided not to pay CA
>for using Panvalet.
>
>You can't over simplify the issue and decide categorically that all vendors
>that want to "protect" their software are bad. Just like people, there are
>indeed some bad vendors, whether or not they have product "protection" doesn't
>enter into the equation.
>
>How would a vendor even know that someone didn't take a "personal" copy of
>their unprotected code from site A to site B? Does that happen, it sure does.
>
>Microsoft did a study several years back on how much time they spent fixing
>problems and helping people who had pirated copies of their code, and it was
>something on the order of 38%. That didn't mean that 38% of the people
>running Windows were running pirated copies, just that during their study, 38%
>of the people who called gave pirated copy codes.
>
>They were losing more money on the support of the code for the pirated
>versions than was deemed "acceptable". The same problem can (and likely is)
>true for other vendors. Several of our Syzygy products come with parts that
>are not protected by keys or code. We frequently get calls from people who
>are not out customers to fix (usually the same problem over and over again)
>problems with the unprotected code who are not very happy when we inform them
>that we can't offer them support for the code without them being an actual
>client, but that doesn't stop them from trying.
>
>We had a person, just a few months ago, (who is a member of this list and
>knows who I am talking about), who called with a "problem" for our SyzInfo
>program (it's a small program we send to sites to display their site
>information, CPU, LPAR, SYSPLEX, MEMORY info, etc., a lot of interesting
>information) because they just got a z13 and our code supposedly didn't
>support it yet. It worked, but didn't give "completely valid" results. We
>actually added support for the box over 18 months before it came out, so we
>were fairly perplexed. When asked for his site-ID, he gave it, (it turned out
>to be one from his old site) and we emailed him the new code for his whole
>product matrix (4 complete products and support modules). Then we received a
>call from him to tell us that the new products would "no longer" operate on
>his CPU. When we asked for the CPU type and serial, he gave us his old serial
>from the old shop, so the client support people re-verified and sent out a new
>copy even though there was no real changes made. He told us that it still
>didn't work so we asked him to execute SyzInfo and send a screen print of the
>results. Instead of the screen print, he "supposedly" cut/pasted the results
>which showed that the product thought exactly what was running was what we
>shipped. He escalated the problem (which sent it to me), to be resolved, and
>I asked him to re-execute SyzInfo for the screen print and got the same
>cut/paste thing, but it was different from the original one he sent the day
>before. The new one had several of the values transposed and the CPU was now
>a EC12 not a z13 as he had originally reported having the problem with in the
>first place. I called him and got one of his co-workers who told me that they
>were not running our code, and he had no idea what I was talking about. It
>turned out that they were running a z13 and never had a EC12 (they upgraded
>from a z10 recently). I explained what had just happened and was told that he
>would talk to his boss and that they would handle the "problem".
>
>We never heard back from the person or that site again, but they still
>participate on this site. When I contacted their old site to ask if things
>were okay, I was told that they were going great and they had no problems
>whatsoever, but that the person I was asking about no longer worked there and
>had not for well over 2 years.
>
>Now, I realize that it's just one occurrence of a bad person, which does not
>make every one bad, but in our case, we expended probably 30 man-hours of time
>on a problem that didn't even exist. How many of those could a small company,
>or even a large one absorb?
>
>I would like to say this is a one-time occurrence, but I can't. Similar
>events happen several times a year, but normally it doesn't get to me to fix
>because they discover much sooner that something was amiss.
>
>Our products have built-in protection, actually they all have 3 separate
>protection mechanisms. We offer free trials that can go up to several months
>when necessary, and every product has a built-in allowance of extra time after
>the expiration date and we warn well in advance of the time left. Some of the
>products even tell you every time they execute how many days are left, which
>of course can be turned off (except for the last 30 days).
>
>Most vendors don't have a way to enforce voluntary compliance, but I believe
>that the vast majority of them have some sort of protection built into their
>products. And while most people believe that IBM does not keep track of
>product use, they would be wrong. Is it possible to get around the
>protections? You bet. We believe here, and I'm sure that most other vendors
>also believe, that he vast majority if not all of our clients are extremely
>trustworthy, and likewise we hope they think we are trustworthy as well.
>
>Wasn't it Ronald Reagan who said, "trust, but verify". :) Who would I be to
>argue with the great communicator? I worked for him for 6 years, he was no
>dummy.
>
>So, I also agree that this shouldn't be another long drawn out fight over "to
>key or not to key", and I also realize that there are some sites who might not
>run our products because they are protected. I don't think it's too many
>because we have over 700 clients.
>
>I realize this is going to sound facetious, but when I first read some of the
>rants from people complaining about how they are not trusted I can't help but
>wonder if they lock their homes and cars. Do they put the WPA2 passwords on
>their routers? Do they have a pin on their phone? And if so, is it just that
>they believe that everyone should trust them, but they need not trust everyone
>else?
>
>I don't expect any non sarcastic responses to this, and I probably wouldn't
>read them anyway, (yes I will, but I probably won't admit it), but sometimes I
>wonder about how people can divide their lives up so simply and exactly that
>everyone else who doesn't do something "their way" is "wrong". Is that a sure
>sign that I'm getting old that I have a hard time understanding why there
>seems to be no such thing as grey any more. If you're not 100% "good" then
>you're "bad", or more likely, if you're not 100% "like me" then you're "bad".
>
>What happened to diversity? And why get so virulent about it?
>
>Hopefully this won't start a full rant from anyone, but I'm sure it will,
>especially from the guy who I told you about above.
>
>Brian
>
>----------------------------------------------------------------------
>For IBM-MAIN subscribe / signoff / archive access instructions,
>send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
>----------------------------------------------------------------------
>For IBM-MAIN subscribe / signoff / archive access instructions,
>send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
