<div class='os_post_top_link'><a href='http://www.mobileread.com/forums/showthread.php?t=3232' target='_blank'>http://www.mobileread.com/forums/sh...read.php?t=3232</a><br /><br /></div>An interesting piece of news is floating around the Pocket PC Blogosphere: apparently the latest version of Anton Tomov's Pocket Mechanic will <b>hard-reset</b> your device if you're using an illegally-generated code for the software (i.e., a pirated copy). 8O<br /><br /><i>"After reading this thread at Aximsite where users complain about hard resets invoked by Pocket Mechanic I thought to shed some light on Anton Tomov's crude ways of dealing with software pirates...Use a pirated or blacklisted serial with Pocket Mechanic, Pocket Mechanic will detect it, and send your PDA with all its lovely content to Nirvana land."</i><br /><br />I have to say, I agree with the linked poster -- there's no question that piracy (or, copyright infringement if you prefer) is ethically and legally wrong, but that does not mean a software developer should have license to erase the contents of your device. Indeed, there's a number of scenarios I could think of that would directly affect honest users -- what if the license validation code has a bug? Or what if a user pays for the software through a software download site that gives them an illegal code? As a user, I will stay away from a product that has any form of automatically doing that. <br /><br />That said, I'm not sure where it's "fair" to draw the line. Piracy is a nagging problem for software developers. I think many of us would agree that having the software self-destruct when detecting a pirated code is fair behavior. But let's think about the gray area. How about hiding a file on the device that prevents any future or past versions of the software from running? Or, how about having it pop up a modal dialog asking for a legitimate license and not letting the user go back to their tasks until they fill one in? How do you think software developers can best combat piracy yet not alienate users?<br /><br /><b>Update 2/4:</b> Anton has posted a clarification <a href="http://www.antontomov.com/cgi-bin/ikonboard.cgi?s=df354a3e1a2d8c9699a39d2634c2b742;act=ST;f=22;t=668">on his forums</a>. He states that the code does check for one specific widely-distributed pirated serial number (although he doesn't clarify what it does in that case), and that the entry of an "invalid" serial will not cause a hard reset.<br /><br /><b>Second update:</b> According to the same thread, v1.51 of Pocket Mechanic contains no such code. I'm glad to hear it, and hopefully we won't have to revisit this topic again.

Whoah! I can't believe a dev would resort to something like this...how can this be legal even? I don't condone piracy either in the least, but let's assume something goes wrong for a legit user of this software...any data would be lost completely!

I see this guy as having some legal issues very quickly with this form of piracy defence...Janak's right...there are better ways to handle this.

I, for one, won't even LOOK at the product or anything from this developer now that I know this...I think it's the wrong approach.

Good luck, Pocket Mechanic :roll:

lol wow, this sounds like a great idea. I have never thought about doing that before. But I'm skeptical about it as well. There might be honest situations where an innocent user might get hurt, huh? Maybe instead of a hard reset, the program itself should of deleted? lol I can't wait to see actual *desktop PC* software developers do the same thing. Very interesting concept. Or a copied movie DVD disable or destroy a DVD player. Maybe I can set my Wi-Fi router to use my laptop to send malicious viruses to any computer who tries to steal my DSL bandwidth wirelessly. Anyone got anymore ideas?

Yowza, that's not good. There is a reason PC developers don't do this.

I never agree with this type of vigilantism. Just because you think you have a good idea doesn't mean you should act on it. I just dropped $90 (ouch!) on PPC software, thus I pay. But what if someone got my number somehow and it becomes blacklisted?

This guy needs to go to bed earlier.

*Phil

Or what if I entered a wrong code and it somehow matched a blacklisted one?

Why can he just not do what MS did and prevent use of the software? What does a hard reset do?

And to someone who is savvy enough to source out pirate software, wouldn't they be savvy enough to have a backup lying somewhere anyways?

Moreover, what if you're a doctor who unwittingly tries out a piece of software a friend of theirs gives them. It then hard resets his device and he looses all patient information. Sounds like lawsuit time to me...

There are many legitimate ways to combat piracy, and this isn't one of them.

PPC titles are so cheap to begin with compared to desktop software (think MS Office, Corel, Photoshop, AutoCAD etc.) that stealing them is stupid. You can afford a $300 PDA, but not a $30 piece of software? Priorities please...

This is the same thing as shooting someone because they stole something from you car.

Not right, not legal. In the analogy above shooting someone is not considered necessary force for the crime.

Maybe something like blacklisting the PDA name from registering the products or something like that would be reasonable but a HARD reset??

Not acceptable.

I have a feeling he is going to be losing more business that he could have had from legit customers wondering if he might screw up the code and hard reset a legit user!!!

Is there any warning?

I wouldn't have so much of a problem with this technique if he brought up a fancy warning that said - "You are using an unlicensed serial number. The next time you launch this product with this serial number your device will be hard reset" (a long message, but you get the point)

I definitely have a problem with just doing a spontaneous hard reset.

Yowza, that's not good. There is a reason PC developers don't do this.

I never agree with this type of vigilantism. Just because you think you have a good idea doesn't mean you should act on it. I just dropped $90 (ouch!) on PPC software, thus I pay. But what if someone got my number somehow and it becomes blacklisted?

This guy needs to go to bed earlier.

*Phil

That's a good question... but what does your last statment mean? "This guy needs to go to bed earlier"...

I own copies of both Pocket Mechanic and PocketHackMaster but I do not use PocketHackMaster currently (it does not run stable on my device causing hard resets).

If Anton is indeed using this as a preventative measure I think it is a mistake. I think it is one thing to disable software that is not legitimately in someones system but to knowingly destroy other software could invite litigation.

Definitely something I would stay away from if I were a developer.

Is there any warning?

I wouldn't have so much of a problem with this technique if he brought up a fancy warning that said - "You are using an unlicensed serial number. The next time you launch this product with this serial number your device will be hard reset" (a long message, but you get the point)

I definitely have a problem with just doing a spontaneous hard reset.

When I used to program, I always dreamed about a solution like this (Heck, I had a cracker release a crack for a piece of software I wrote that let you pray at your computer - I can only wonder what the higher power thought of that*), but I think Jacob's idea is the correct level of moderation here. I can see plenty of times an honest user might get burned by accident, and I respect the programmer's right to keep his programs secure.

* I guess I know what he thought - the crack didn't work since he distributed a keyfile that was generated by using hardware's serial number so it only worked on his machine... :mrgreen:

Ok.... I'll bite.

I don't necessarily have a problem wih the developer. I pay for my software, I run regular backups (every day at least), and I do a full backup before installing anything. (Anyone reading this who doesn't do regular backups: WHEN did your data beocome important to you??)

Would it make me rather irate if this happened to me due to a bug or some action on my part?? Sure. Would I purchase a program knowing that it used this tactic? No.

BUT

I blame the device/os Manufacturer. Good 'ol MS is the party who put in a mechinism to have software do a hard reset without any confirmation or approval by the user. What's to stop a virus or a trojan from doing the same?

This is not legal. Its malicious damage. I can't set a gun trap in my house so if someone breaks in they get hurt. Its intentional. You cannot send intentional damage. I can see a lawsuit brewing from people who loose sensitive data. Yes they pirated but that will not bring about the consequenses that malicious damage would.

Stolen app : $15 restitution
Loss of sensitive and maybe irreplacable data $XXXXXXX

I can understand the frustration of the developer, but and eye for an eye doesn't fly. Besides this is an eye for a god knows what

Anton, you're opening yourself up to a host of problems *if this is true*.

I own PHM but have been waiting for the code to be perfected for the 4705. I won't be installing any new software that takes measures like this. Deleting the hacked software is fine--I would defend Anton if that was the case--but destroying data not related is just going too far. Too many potential problems. Too drastic a "solution".

whoa.... 8O i smell lawsuit brewing from the collateral damage that the software had done....

I have purchased and legal copies of Anton's Pocket Mechanic and HackMaster programs. I have uninstalled both and refuse to further support a developer that would resort to such EXTREME and ILLEGAL methods to thwart pirates. I DO NOT want to risk a possible reset of device and lose my data and I have notified everyone I know to do the same.

SHAME ON YOU!, Anton, You cannot stop all of the pirates no matter what you do. Besides, I would be willing to bet that the people who have illegal copies of the program would not purchase it anyway, therefore it is NOT lost revenue because you did NOT have it to begin with.

Even if you remove the offending code now, you have lost the trust of many of your legitimate customers. Goodbye Mr. Tomov!!!!!!

In response to the post about someone breaking into your car -- in some states it's actually legal to use lethal force in defense of property. So maybe this hard reset anti-piracy tactic would be welcomed in Texas. :)

Anyway--I think it stinks. It's a bad idea on many levels and I hope he reconsiders. And I know what it is like to have your stuff pirated... I have seen my own stuff floating around on Usenet. But I wouldn't nuke someone's computer for downloading my work even if I could.

This is a definite case of two wrongs not making a right! No justification. I've never found a need to use this developers apps and you can bet I never will now. If there is even the slightest possiblity (and in this case there is) that a legitimate user could have thier data wiped out by this app, then that is too large a chance. SHAME ON Anton Tomav!!

I don't think we should attack him though. I can understand his frustration. Who hasen't said or done someting out of anger and frustration. We all make mistakes! We just want to let him know that he needs to keep composure and look for other ways. Keep researching protection Anton but not this path ;)

Up until now, Pocket HackMaster has been a vital part of my PDA. While software pirates should be caught and punished, a software developer who initiates a hard reset actually just lost the trust of legitimate users. 8O While I back up regularly with Sprite BackUp, even a complete restore can generate sychronization issues with Microsoft Outlook.

Janak, I can't thank you enough for making us aware!

Anton, if this is true, please, reconsider the hard reset policy on dealing with pirates. After spending hundreds of dollars on Pocket PC software, I don't think I could spend one more dollar on this type of software without a public retraction (so we know its safe again to use the software). I know for sure I cannot recommend this type of software to my friends as it stands. I can't speak for others; however, if public trust is restored again with the Pocket PC community, I overlook this recent decision and will again recommend the software to my friends.

The problem I see with this is that the hard-reset could be activated accidentally. Assume for argument's sake that his product is 100% bug-free and reliable, and I have a legitimate copy, and the developer will bet a small fortune that the hard-reset subroutine will never be activated on a properly-licenced machine.

Next, I install the beta version of a chess program that a friend wrote. It has an uninitialized pointer, or a stack overflow, or whatever, and instead of jumping to the pawn promotion subroutine, it makes a wild jump to the section of RAM where the hard-reset code sits. Despite any guarantees made about Pocket Mechanic, my PPC still hard-resets.

That is why I would never install a program which had this capability.

I'm a dev. And while I think that this is extreme, I can certainly sympathize with the feeling.

The big part of the problem is this: MS (and Palm, and Symbian) didn't put anything in there to help devs protect their programs. So devs are left with software based protections, which can always be broken. Furthermore, PDA software, while cheap, is expensive compared to what you get on the PC, price/performance wise. Add that to the smaller file sizes, it being easier to find pirate websites, and no-one in the legal community caring the slightest about PDA software, and the ballistic solution starts to look very tempting...

For PDA software, it's not uncommon to see 5-10 times more pirated versions in use than registered ones. For devs working hard and trying to pay their bills, it's more than frustrating, it can run them out of business.

(The extreme case that I've heard of, had the pirate not only steal the software, but copy the website, and sell program copies to unsuspecting customers...)

Todd.

Forgot to mention. For those that think that he'll have a legal problem, you'll need to look at the EULA first. It almost certainly has something covering this and disclaiming all responsibility. (ie, it's more than likely legal.)

OTOH, every PC company I've heard of that's done something like this over the last 20 years has seen sharp sales drops... (Be careful what you wish for, you just might get it...)

Todd.

He can put whatever he want in the disclaimer it doesn't free him from the limits of the law. If I put a sign in front of my house that says you will be shot if you enter and you still enter and get shot. You better believe my a&amp;&amp; will be on the grill for it.

wow do we even know this is a FACT? Has the developer admitted to this or are we taking the word of a board thread? I'll hold judgement until the facts are out.

As a developer I actualy got a bit of an ego boost to see a code generator for one of my apps. Sure its going to reduce my income, but most people that pirate, will never purchase anyway.

I think a better option would be to have the program uninstall itself, and even have a reporting system labeled in the name of support. If an invalid code is entered then the program sends an email to the developer to "support" someone who is having trouble with a code. Although this would have to be worded right in the EULA so as not to be illegal sending of personal data.

I think the Developer of this idea has a problem with anger, maybe some anger management classes would help. Unfortunatly it seems he has just destroyed his customer relations and might find it hard to recover.

Remember that piracy is part of life, there is only one way to stop it and thats to burn all your code onto a CD, delete everything from your PC and then smash the CD. If your stuff is good enough for people to want to steal it, then take pride in the fact your THAT good.

That is why I would never install a program which had this capability.


So I guess you're not going to run Windows Mobile???

C'Mon people, as I mentioned earlier I don't have a lot of respect for any developer that takes advantage of the API that does a hard reset...

BUT

Isn't ANYONE else going to hold Microsoft to task for putting an IO Control into the system that does a hard reset without user intervention???? Isn't anyone going to hold the device manufaturer responsible for implementing the control in the HAL without some sort of user intervention???

What's going to happen when a trojan program comes out that simply wipes your PPC? What happens when someone hacks a share- or free-ware piece of code to trash your system? A virus?? I had to go over and actually check this, but it's PART OF THE STANDARD IO CONTROLS since Windows CE 2.0 and I simply can't believe ANYONE would think it's a good idea for it to be there or any real use to be there. Yeah.... make us press several buttons in sequence while holding down the reset button or somesuch.... but asimple function call that does it without forcing some user approval is just bad design and should be cause for immediate patch or replacement.

I would be interested to hear from Anton Tomov himself on his justification for this code. Absent his opinion, I'll add my $0.02 to the discussion.

This seems pretty clear-cut to me. When you buy a software application, PPC or otherwise, you aren't actually buying it per se. You are buying a licence to use it. The app remains the property of the developer, regardless of what machine it resides on. So if he wants to be hard on pirates by crippling, deleting, or otherwise impeding the unauthorized use of his app, more power to him.

However, if I am pirating his app, that app is the only thing on my PPC that he owns. It also contains many other apps, each the property of their respective developers, as well as my data, which is my property. Any unauthorized use, corruption, or deletion of those apps or that data by anyone other than their respective owners (a) is not justifiable, either legally or ethically, and (b) constitutes an act of malice at least equal to the piracy which it is intended to discourage or punish.

I understand the frustration and anger of developers whose work is stolen, and I respect and defend their right to prevent the unlawful use of it. But the self-righteous commission of one unlawful act to prevent or punish the commission of another is quite simply indefensible.

Thanks, I've deleted both Hackmaster &amp; Mechanic from my system. Both have been paid for but I won't use Anton's sortware again.

About two weeks ago I lost everything on my SD card while running Pocket Mechanic. The program was installed on my card as is just about everything I do with the PPC, progs, data etc.. Damage was minimal as I back up the card to the PC frequently but as I was 100 miles from a PC the lost hurt until I got back to town. My copy is legal, purchased from Handango. Now I'm not sure if this is related and it behaved this way because I had Pocket Mechanic installed on a card instead of main memory but I've been hestitant to use it again. After reading this I don't think I will use it and instead will remove Pocket Mechanic from my device. And make sure that future purchases of software are not from Anton Tomov until he's cleared. Yeah I know that's guilty until proven innocent but that was a lousy weekend I was handed when my music, novels etc were lost.

wow do we even know this is a FACT? Has the developer admitted to this or are we taking the word of a board thread? I'll hold judgement until the facts are out.
The developer has been laying low, mostly, and there has been no rebuttals posted to any forum, including ones he frequents and that he's responded to; in addition, a few people have apparently confirmed this behavior. If you click on the Jenneth link in my post, it chains to a few other forums, so you can get a broader picture of the discussion as a whole.

That said, note I worded my post appropriately, and if I hear otherwise, I'll be happy to post a correction. Rest assured I'll continue to monitor the situation and let you know of updates. There's lots of good discussion here, though, and I don't want to stop that. Everyone, let's please keep things professional. Thanks. :)

--janak

Could it be possible that the IO controls for triggering a hard reset is there for programs that may want to rewrite the rom, but may not be able to do so without a hard reset? If the program can't distinguish between a "fresh" (i.e. after hard reset) and a "nonfresh" ram state, the IO control could be the only method left.

I'm not a programmer so I'm only speculating. I could (most likely) be wrong....

Yowza, that's not good. There is a reason PC developers don't do this.

I never agree with this type of vigilantism. Just because you think you have a good idea doesn't mean you should act on it. I just dropped $90 (ouch!) on PPC software, thus I pay. But what if someone got my number somehow and it becomes blacklisted?

This guy needs to go to bed earlier.

*Phil

That's a good question... but what does your last statment mean? "This guy needs to go to bed earlier"...

Just that maybe he's cranky and doesn't get enough sleep. I know I don't. :)

He can put whatever he want in the disclaimer it doesn't free him from the limits of the law. If I put a sign in front of my house that says you will be shot if you enter and you still enter and get shot. You better believe my a&amp;&amp; will be on the grill for it.

A EULA isn't a disclaimer. It's a legal contract that you agree to effectively by running the program. AFAIK, there isn't anything in the law stopping him from doing this (excepting loss of life). There's a huge amount of difference between laws for physical property (which have been refined for centuries) and IP law (which is still in flux).

This is far from the first time that this has been done (mostly on PCs). Those people didn't get into legal trouble, and I doubt this guy will. (Unless he screwed up his EULA.) Of course, he's almost certain to find he'll lose more business by doing this than he could have ever gained.

I looked around some but could not find any real proof of this action on Anton's part. Accusations against a respected developer should be demonstrrated to be true, with some sort of corroberation. I'm not saying this is not happening, just that it sounds unlikely.

I have now written to Anton Tomov asking for his input...

... and I just purchased pocket mechanics 2 days ago.
Why cant someone post about this earlier ? :devilboy:

It is really a sad day when we have to remove a good software from our PCs/PPCs, because we disagree with the developer's logical thinking.

A EULA isn't a disclaimer. It's a legal contract that you agree to effectively by running the program. AFAIK, there isn't anything in the law stopping him from doing this (excepting loss of life). There's a huge amount of difference between laws for physical property (which have been refined for centuries) and IP law (which is still in flux).

This is far from the first time that this has been done (mostly on PCs). Those people didn't get into legal trouble, and I doubt this guy will. (Unless he screwed up his EULA.) Of course, he's almost certain to find he'll lose more business by doing this than he could have ever gained.

Regardless of whether one thinks this is right or wrong, the legality has not been tested, unless twalks second paragraph is correct.

But...

Regardless of the legality, one still could pursue it as a civil matter, at least in America. Here, sue is a verb, not a name :wink:

I was going to purchase GPRS Keep Alive a few days ago but I won't be now.
If Anton wasn't responsible for the reset then I think he would have chimed in by now.

Anton Tomov is not the only one doing this... Frank Garcia (AKA Ctitanic, developer of tweaks 2k2) is also doing the same thing, but also he is telling everyone what he is doing, because he´s desperated about piracy...

This is awesome, I'll put this code into my products I release for the Pocket PC. Try to register my software and fail? Say goodbye to your memory! That'll teach you to download my software! Wait, my software is freeware... oops.

Anyways, I have nothing new to add to this discussion that hasn't been said by at least three people. I'm pretty sure no one here will be buying Tomov's software in the future without some serious consideration first.

I've never used any sort of pirated software on my PPC, but have had unexplained hard resets in the past. This whole discussion now has me wondering if something I did 'tripped' a routine in a program that had similar 'self distruct' functionality as Tomov's allegedly has and got burned by accident.

Guess I'll never know for sure.

But I think Wiggster put it best when he said that he had nothing to add that wasn't already said by three people atleast. This thread has generated a lot of traffic!

Anton Tomov is not the only one doing this... Frank Garcia (AKA Ctitanic, developer of tweaks 2k2) is also doing the same thing, but also he is telling everyone what he is doing, because he´s desperated about piracy... Big mistake. Currently none of my programs have any kind of hidden bomb against pirates. I have to admit that I did something like that in the past but my betatesters and support team convinced me that there were other and better ways to fight. I have changed the registration procedure in most of my programs, in the case of Tweaks2k2 I had to reissue 1000s of registrations key and all that process cost me a lot of time and money. This is why I think that Anton is free to do what ever he think is better to defend his work.

I believe that the best way to go for developers is creating an alliance between us where each program of each of us will check others programs and if a pirate copy is detected by one of us all programs of the alliance should not work anymore untill the pirate copy is removed. This is an old idea that is not easy to implement but we could try it. I really believe that the only way to fight back against piracy is not fighting along but all together.

A EULA isn't a disclaimer. It's a legal contract that you agree to effectively by running the program. AFAIK, there isn't anything in the law stopping him from doing this (excepting loss of life). There's a huge amount of difference between laws for physical property (which have been refined for centuries) and IP law (which is still in flux).

This is far from the first time that this has been done (mostly on PCs). Those people didn't get into legal trouble, and I doubt this guy will. (Unless he screwed up his EULA.) Of course, he's almost certain to find he'll lose more business by doing this than he could have ever gained.

Regardless of whether one thinks this is right or wrong, the legality has not been tested, unless twalks second paragraph is correct.

But...

Regardless of the legality, one still could pursue it as a civil matter, at least in America. Here, sue is a verb, not a name :wink:

EULAs actually have been tested in court several times now. For the most part, judges have been using common-sense interpretations on how things should be, and throwing out individual parts that are totally unreasonable. (ie, just because the judge finds part of the EULA unenforceable, that doesn't make the whole thing unenforceable.)

You're right that in the US, anyone can sue anyone else for any reason. Since most PDA devs don't have many resources, that could be pretty effective in getting a settlement if you have the resources yourself to bring an initial suit. (Of course if they do have the resources, they'll probably counter-sue, ask for court costs paid, and ask for the initial suit to be thrown out.)

(Just to clarify, since several people are throwing the word "illegal" around, the only kind of court case that there would be here is a civil court case, not a criminal case. No one would be going to jail over this.)

Todd.

A few points here. I am a devloper. If my programs do not sell, I don't eat.

First, doing damage to a computer is way out of line. Just the possibility of it happening by mistake should be enough to stop anyone from trying it. I'd never, ever trust somone who did this. It shows they have no respect for my property. There is a reason why we don't cut a theifs hand off anymore.

Second, I think the threat of personal piracy is vastly overblown. Commercial piracy where a company makes a million counterfit copies of Windows and sells them to a country, THAT is a problem, yes. But some Joe on the street not paying for your product? Come on.

Every act of piracy is NOT money out of somones pocket. In the vast majority of cases if they were unable to copy the souftware they would NOT go buy it. You think the 16 year old with $3,823 worth of stolen software on his PPC is really costing anyone money?

What IS going to happen is that kid is going to remember what programs he likes and when he grows up and has money he will spend it on stuff he likes.

Anyone who sells anything can say the best thing to increase sales is to advertise. And whats piracy but advertising? And free too.

I can't prove it, but I think piracy is a net gain.. you sell more copies than you would have if people couldn't steal and enjoy your work.

Anyway, I am not advocating making piracy legal. It still is stealing, and clearly large groups cost people a huge amount of money.

And imagine anti-piracy to the extreme... going to jail if you glance at a newspaper headline that somone else is reading. There is good and bad to the freedoms we have.. don't be so quick to throw both out.

At least this guy has a reason for hard resetting your device, right or wrong. I installed Microsoft's Activesync 3.8 and it hard reset my hp2210.

Activesync is evil, and the sooner the user gets a first-hand demonstration of this the better off he or she will be in the long run. It's difficult to deal with a hard reset when one hasn't got a good backup routine in place, so Microsoft is actually doing us a favour when the errors happen early. SpriteSoftware makes a killing on Activesync's mistakes. ;)

BTW, Anton's reaction does not surprise me at all. He is far away not the first one that though to do that and it would not surprise me at all if other developers are doing the same right now.

Forgot to mention. For those that think that he'll have a legal problem, you'll need to look at the EULA first. It almost certainly has something covering this and disclaiming all responsibility. (ie, it's more than likely legal.)


Since the legality of most EULAs is doubful, if untested, I wouldn't assume that because it is written in the EULA it is therefore legal ...

Every act of piracy is NOT money out of somones pocket. In the vast majority of cases if they were unable to copy the souftware they would NOT go buy it. You think the 16 year old with $3,823 worth of stolen software on his PPC is really costing anyone money?

What IS going to happen is that kid is going to remember what programs he likes and when he grows up and has money he will spend it on stuff he likes.

I agree entirely. I think several software companies have taken advantage of this over the years... Can anyone say "Macromedia Flash" ...

BTW, Anton's reaction does not surprise me at all. He is far away not the first one that though to do that and it would not surprise me at all if other developers are doing the same right now.

I respect the concerns that developers have over piracy. I, like others here, am a developer, though not for a software shop. Our users often times are so awful to our equipment that we've joked (too many times) about installing taser cables in our equipment to remind 'em who's boss. ;)

You have to realize the position you put your customers in when you do this. Especially the paying ones. If I install your software on my device, you are directly placing my data at risk.

Not only that, but those of us who use apps for bigger corporations (my userbase is just over 500 people at the moment, 10k+ employees) sometimes use these devices for life-critical apps, which we do. Apps that may 'flake' out and cause the reset, and I absolutely promise these apps will never see the light of day. Plus, if your software caused a bigger issue? You do not want our lawyer staff after you.

So, as customers, why don't we start a list of "Dangerous Software" that is known to wipe out all of your data under certain circumstances? Not as a protest, just as a warning -- if you want to keep your data, you may want to consider avoiding these "free range" applications. How do we, as customers, know that there isn't a glitch in those 'legality' checks, or whatever? Just thinking out loud.

*Phil

I will go out of my way to NOT support, and to discourage any purchase from a developer who would implement vicious code. The key word here is vicious

I contacted Anton to get confirmation about this situation before I ran the story on my website. I have not had any response from him so I can only surmise. A user of Pocket Mechanic stated in some forum that he posted the question to Anton's support forum and his post and his user ID was deleted.

The real issue in a situation like this is not legal vs. illegal or piracy vs. protection. It's trust between the consumer and the seller. This kind of thing can only hurt the seller.

A lot of discussion has taken place concerning the fact that only pirates get affected by malicious code like this. That argument only holds true if the programmer is very good and using judgement like this brings that in question to the minds of many customers.

Perception is truth where the consumer is concerned.

Currently none of my programs have any kind of hidden bomb against pirates.

Thank you for keeping your program bomb free!

One of the biggest issues with Anton's software is that people did not know about the bomb. In a free market, consumer-developer goodwill makes a difference.

ctitanic, your choice to find alternate means to fighting piracy (at your expense in time and money) develops good will with me as a consumer. :way to go:

-----Edit----
I wish there was hard evidence to prove a clear case for or against the charge. Anton has been very good to me sending me code updates as I wend through one too many Axims during the SanDisk SD card incompatability problem. Due to a carefully worded statement (lack of clarity) and a recently released version 1.51, its enough to make a person wary. However, this turns out, the reaction from this thread makes it clear that placing bombs in programs alienates paying customers.

My network recently got hacked and alot of my software, which I store on my file server, along with the installation key, got stolen. So, in theory, my legally purchased Pocket Mechanic key could be distributed and be flagged as a pirated key and be used against me to hard reset my device which is an integral part of my business. I, for one, will do anything I can to sue Anton if this happens. This is vicious. I equate this to performing a lobotomy on someone because he cheats on his taxes. A bit extreme!

For such an intelligent programmer, this is a bonehead move, if it is true. :bangin:

I will go out of my way to NOT support, and to discourage any purchase from a developer who would implement vicious code. The key word here is vicious

Man you want to talk about over reaction. No one has proven that this is the case. Just because Anton is not answering emails means absolutley nothing. It is a known fact that Anton goes off for long periods of time and then reappears with newer versions of his software. When will folks quit listening to unsubstantiated stories and wait for proof.

This is a lawsuit in the making. Suppose that someone else installed the software on the device, as in zelous IT person who did not know any better and was doing someone a 'favour'. I for one will never buy anything from a Malicious developer like that, and hope sure as hell that he does get sued. That would be nice.

I will go out of my way to NOT support, and to discourage any purchase from a developer who would implement vicious code. The key word here is vicious

Man you want to talk about over reaction. No one has proven that this is the case. Just because Anton is not answering emails means absolutley nothing. It is a known fact that Anton goes off for long periods of time and then reappears with newer versions of his software. When will folks quit listening to unsubstantiated stories and wait for proof.

I never said Anton. I said anyone implementing this type of code. Yo nay see it as an overreaction but I have lost unreplaceable data in the past due to virus' (malicious code) and some where pictures that I cannot get back, Destruction of anothers data is not right.

:shocked!: WOW :shocked!: This guy's for the birds. Is he trying to make the front page of some newspaper by blowing away his customes :?:

I'm sorry to say that his software is off my iPAQ. It's a shame since the apps were really nice. But I am offended that someone would stoop to that. I've had Symantec anti virus say that my registration is not good anymore and it refused to update my installation. After using Symantec for something like ten years I traded them in for NOD32 and I'm very happy. Could you imagine if they just wiped my machine instead of refusing to update the installation? Or what about Microsoft with their flakey activation system. At least MS is taking a path of non violence by not updating non registered software.

If Anton can detect a bad registration then let him disable the app. By wiping peoples PDA's he is going to lose a lot more business (and current customers) than he ever will through piracy. These days I would be afraid to run his apps knowing that I might have a bad registration key (for some dumb reason) and his app is lurking in the background just waiting to send me south. (Yeah the receipts for his software are also on my iPAQ.)

I keep my business on my iPAQ. Yeah it's backed up at least every night (sometimes more often). But I still can't take a chance that some bug in his registration validation method just burped. Is your PDA wipe routine the final shipping code or is it an Alpha or Beta just out for some testing?


void AntonPiracyDetectionMethod(User someJerk){

try{
someJerk.CheckRegistration();
}catch(SomeFlakeyReasonException){
System.Burp();
}

if (myLogic.OK &amp;&amp; myLogic.MakeSense &amp;&amp; someJerk.registration.IsNoGood){
if (someJerk.IsCustomer){
someJerk.TooBad = true;
System.Sorry(cry);
someJerk.SendSouth(withData);
}else{
someJerk.IsPirate = true;
//System.Sorry(cry);
someJerk.SendSouth(withData);
}
}else
someJerk.WaitTilNextTime();

}

If your angry because of the piracy epidemic you don't fight it by blowing away your customers because he/she might look like a pirate.

Sorry Anton but I just hard reset your apps. :evil:

Jeff-

For what it's worth, I've cleaned off the ol' 2215 and tried a trial version of Anton's app (1.51). I googled for a serial number (nasty sites) and tried it -- it didn't bomb, but it didn't register, either.

I tried a 1.49 trial I had with the commonly found serial number from google, and it registered. I then installed 1.51 (from PocketGear) on top of it, and it was still 'unregistered', but no hard reset. If this is true, it's only with 1.50, as the Axim thread said.

ctitanic, you said on another board that only thieves would consider this approach troublesome:


If you look around you will find ONLY a complain from a theive. NO a complain from a legal user. Of course, you will find 1000 of complains from other that were not affected but think that they may be affected someday. And STOP, I´m not saying that they may be affected because they are stealing too, I´m talking about those who use legal software and think that they may be affected by mistake.


SHAME on you. I pay for every drop of PPC software I use and I have the Handango receipts to prove it, over $200 in the past 6 months. I'm sorry for you that you feel it is a good business model to alienate your paying customers (I have not tried your software though) by threatening their devices even remotely, with no warning whatsoever.

And I am absolutely not willing to risk my PPC software just because someone says 'Ahhh don't worry, it works'. Have you thought that the legal users don't complain because they don't know the potential in the first place? Or is that disclosed in the EULA's somewhere? (I truly don't know; if it is, then I'm blushing)

You say your software doesn't do this now... coming from someone who was willing to risk my data without my consent, why should we 'take your word for it' (or the other Antons of the world) now?

*Phil

I will go out of my way to NOT support, and to discourage any purchase from a developer who would implement vicious code. The key word here is vicious

Man you want to talk about over reaction. No one has proven that this is the case. Just because Anton is not answering emails means absolutley nothing. It is a known fact that Anton goes off for long periods of time and then reappears with newer versions of his software. When will folks quit listening to unsubstantiated stories and wait for proof.

I never said Anton. I said anyone implementing this type of code. Yo nay see it as an overreaction but I have lost unreplaceable data in the past due to virus' (malicious code) and some where pictures that I cannot get back, Destruction of anothers data is not right.

Your right you never mentioned Anton by name. However, this discussion is about a product made by Anton and in the quote I used you said any developer, so by extension this means Anton.

That was not my point though. My point is that no one can prove that this has been done. It is pure speculation and folks are all ready talking of abadoning his software like it has been a proven thing.

I'm sorry to hear that you lost pictures to a virus. Virus writers are indeed malicious. However, this is not malicious code. It is written to protect a program. Developers have long tried to deal with this. In my opinion if you steal one program then you usually steal more. This is just desserts for doing it.

This "security measure" will achieve nothing. Actually...sorry, It will achieve something; the alienation of legit users.

By doing stuff like this, you just end up giving the hackers another reason to try and hack your software.

I will go out of my way to NOT support, and to discourage any purchase from a developer who would implement vicious code. The key word here is vicious

Man you want to talk about over reaction. No one has proven that this is the case. Just because Anton is not answering emails means absolutley nothing. It is a known fact that Anton goes off for long periods of time and then reappears with newer versions of his software. When will folks quit listening to unsubstantiated stories and wait for proof.

I never said Anton. I said anyone implementing this type of code. Yo nay see it as an overreaction but I have lost unreplaceable data in the past due to virus' (malicious code) and some where pictures that I cannot get back, Destruction of anothers data is not right.

Your right you never mentioned Anton by name. However, this discussion is about a product made by Anton and in the quote I used you said any developer, so by extension this means Anton.

That was not my point though. My point is that no one can prove that this has been done. It is pure speculation and folks are all ready talking of abadoning his software like it has been a proven thing.

I'm sorry to hear that you lost pictures to a virus. Virus writers are indeed malicious. However, this is not malicious code. It is written to protect a program. Developers have long tried to deal with this. In my opinion if you steal one program then you usually steal more. This is just desserts for doing it.

I have a hard time seeing this as protection and not malicious. It does less to protect and more to destroy :\

Hey, at least he's not flashing your ROM or nothing.

I have a hard time seeing this as protection and not malicious. It does less to protect and more to destroy :\


I totally agree with this statement... I want to know what stops someone from going to the next level doing a hard reset and erasing your bios... Then what...??? Would you call that malicious...?

This is over the top... Its like thinking you can stop terrorism... as long as there are unhappy people in the world that are willing to offer their lives for a cause you can't stop them. Terrorism did not just arrive since 9-11, the US has lots of internal terrorist groups...

Sorry getting away from the topic at hand... there will always be people that will hack, crack software... more as a hobby I believe than any other reason... bringing attention to them only fuels their resolve. Anything you can build they can unbuild... with that I have little doubt.

I believe you need to worry about servicing your customers rather than handcuffing them.

Could we agree this wouldn't have been so bad if the developer had warned of the potential danger?

I was thinking about this on a walk, and looked at the stars. I don't think the stars care about this, so why should we? ;)

What if we asked developers (or MS) to put a warning label of sorts on an app, like on a box of cigarettes? Not that I'm trying to draw an analogy between the two, but you get the drift. It would allow us to balance the potential dangers against the value of the software.

I was insulted by these developers who assume I pirate by nature of using this code in their apps, and it hurts a lot of us. Like others, I get on a soapbox too easily. Nonetheless, we refuse to allow others to impose their "safety" rules on us, and that's what I'm getting at.

Maybe if we were fairly warned, no fine print B.S., this wouldn't have erupted.

*Phil

My network recently got hacked and alot of my software, which I store on my file server, along with the installation key, got stolen. So, in theory, my legally purchased Pocket Mechanic key could be distributed and be flagged as a pirated key and be used against me to hard reset my device which is an integral part of my business. I, for one, will do anything I can to sue Anton if this happens. This is vicious. I equate this to performing a lobotomy on someone because he cheats on his taxes. A bit extreme!

For such an intelligent programmer, this is a bonehead move, if it is true. :bangin:

So shouldn't you be contacting Anton to let him know that your Pocket Mechanic key has been compromised, so he can flag that key as pirated and issue you with a replacement key?

Has anyone noticed that Anton's boards are down... there is a post saying that he is transferring the site but...?

I would really like to hear from the horses mouth...

Looks like (http://www.mobileread.com/forums/showthread.php?threadid=3232) (post 15) that you need to have one older copy of PM installed first with a pirated key, and then install 1.50 over it to initiate the hard reset.

This is a lawsuit in the making. Suppose that someone else installed the software on the device, as in zelous IT person who did not know any better and was doing someone a 'favour'. I for one will never buy anything from a Malicious developer like that, and hope sure as h-ll that he does get sued. That would be nice.

So who are you going to sue?
1. Anton?
2. The zelous IT person?
3. The foolish person who allowed the IT person to install unlicenced software?

:roll:

I'm a dev. And while I think that this is extreme, I can certainly sympathize with the feeling.

The big part of the problem is this: MS (and Palm, and Symbian) didn't put anything in there to help devs protect their programs. So devs are left with software based protections, which can always be broken. Furthermore, PDA software, while cheap, is expensive compared to what you get on the PC, price/performance wise. Add that to the smaller file sizes, it being easier to find pirate websites, and no-one in the legal community caring the slightest about PDA software, and the ballistic solution starts to look very tempting...

For PDA software, it's not uncommon to see 5-10 times more pirated versions in use than registered ones. For devs working hard and trying to pay their bills, it's more than frustrating, it can run them out of business.

(The extreme case that I've heard of, had the pirate not only steal the software, but copy the website, and sell program copies to unsuspecting customers...)

Todd.

That is n ot Microsoft, Palm's or Symbian's problem. The DEVELOPER should be the one to protect this not the OS provider. With that said, the whole idea of what this guy is doing is reprehensible. If this happened on my server, I would be MAJOR LEAGUE PISSED OFF. Same goes for my PDA.

Anton's posted on this issue over on his forums:
http://www.antontomov.com/cgi-bin/ikonboard.cgi?s=df354a3e1a2d8c9699a39d2634c2b742;act=ST;f=22;t=668

He says that there is NO hard-reset on use of a "pirated"/generated key. He says that someone/some people are running a bit of a smear campaign against him.

I really think a link to this needs adding early on in this thread so he can get his say.

edit : He /does/ say that there is a check for a single pirated key - however he doesn't say what the action is, just that it's not a hard-reset.

ctitanic, you said on another board that only thieves would consider this approach troublesome:


If you look around you will find ONLY a complain from a theive. NO a complain from a legal user. Of course, you will find 1000 of complains from other that were not affected but think that they may be affected someday. And STOP, I´m not saying that they may be affected because they are stealing too, I´m talking about those who use legal software and think that they may be affected by mistake.


SHAME on you. I pay for every drop of PPC software I use and I have the Handango receipts to prove it, over $200 in the past 6 months. I'm sorry for you that you feel it is a good business model to alienate your paying customers (I have not tried your software though) by threatening their devices even remotely, with no warning whatsoever.

And I am absolutely not willing to risk my PPC software just because someone says 'Ahhh don't worry, it works'. Have you thought that the legal users don't complain because they don't know the potential in the first place? Or is that disclosed in the EULA's somewhere? (I truly don't know; if it is, then I'm blushing)

You say your software doesn't do this now... coming from someone who was willing to risk my data without my consent, why should we 'take your word for it' (or the other Antons of the world) now?

*Phil

Phil, feel free to do what ever you think is better for you. I have analized the facts in this case and I just found a thieve complaining about a hard reset. I could not find any legal user complaining about the same situation.

I would like to see you in our position, I would like to see you building a house, your house, and once you finished, I would like to see people from all over the world stealing pieces up to the point that in few hours all your hard work of many years is gone in few hours. And that´s literally what I felt seen hundreds AND LISTEN AND READ CAREFULLY, I said hundred of hits per day coming from a CHINESE site that posted a warez keygen and a link to my site so their users could download my program. The last year I gave for free 162 copies of Tweaks2k2 for free. Those guys downloaded just in one day 345 copies, JUST IN ONE DAY.

I know that it´s very hard to understand Anton´s current possition when you have not been never in that possition.

Yes, I released in WAREZ and P2P sites a version of that key generator that asked users to copy the file into my program folder and run it from there and then it triggered a Hard Reset. Can anyone tell me that a honest, legal user, could run that file by mistake?

I don´t know the details of Anton´s procedure, but I know Anton and the quality of his job and it´s very hard for me to believe that he could place that kind of trap in his program thinking that somebody could by mistake trigged the hard reset.

The hard reset code is and has been in Tweaks2k2 for more than two years AS AN OPTION IN THE MENU. I have not seen or have a case where that code was triggered by accident or by a mistake in my code.

Since all this started I have been contacted many times by other developers that at one point thought about to do the same that Anton did, and the reason why they have contacted me now is because of my called to join forces looking for solution that at least stops 10% of the piracy that we are suffering now.

I have opened this topic in www.todopocketpc.com , the spanish community where I work normally as a news editor, there I went around two month ago and publically told that community what was going on. And since that time I have been asking for solutions and asking for ideas that could be implemented against piracy.

The easiest position is to come here or to any other forum debating this case and trash Anton. And believe me, that does not help. I would like to see those trashing Anton proposing solutions that could stop other fellow developers from doing what Anton has done.

This is a lawsuit in the making. Suppose that someone else installed the software on the device, as in zelous IT person who did not know any better and was doing someone a 'favour'. I for one will never buy anything from a Malicious developer like that, and hope sure as h-ll that he does get sued. That would be nice.

So who are you going to sue?
1. Anton?
2. The zelous IT person?
3. The foolish person who allowed the IT person to install unlicenced software?

:roll:

Exactly, is going to be very funny to see the judge reaction when a thieve comes to him saying "I want to sue Anton because I used a WAREZ key that I found via a WAREZ IRC CHAT and as a result all my information is gone in my Pocket PC".

Because up to this moment, NOBODY with a LEGAL KEY has suffered a Hard Reset.

I was insulted by these developers who assume I pirate by nature of using this code in their apps, and it hurts a lot of us. Like others, I get on a soapbox too easily. Nonetheless, we refuse to allow others to impose their "safety" rules on us, and that's what I'm getting at.

Maybe if we were fairly warned, no fine print B.S., this wouldn't have erupted.

*Phil

Why we should warn you, legal user about something that we know for sure is not going to happen.

In any case, you should go and ask #POCKETWAREZ to modify their welcome note with a print saying "THE MATERIAL DISTRIBUTED HERE IS ILLEGAL AND COULD CAUSE YOU A HARD RESET" ;)

I'd bet that your problem was due to installation on the SD card. His support info clearly says that the app needs to be installed to main memory to have access to cards and work properly.

I, for one, am a happy Mechanic user and will continue to support this developer. He writes good software, provides prompt and thorough support, and prices reasonably. :way to go:

Janak, I just read Anton's explanation, too. Like corrosive, I'd like to request that you put a link to his statement in your original post.


About two weeks ago I lost everything on my SD card while running Pocket Mechanic. The program was installed on my card as is just about everything I do with the PPC, progs, data etc.. Damage was minimal as I back up the card to the PC frequently but as I was 100 miles from a PC the lost hurt until I got back to town. My copy is legal, purchased from Handango. Now I'm not sure if this is related and it behaved this way because I had Pocket Mechanic installed on a card instead of main memory but I've been hestitant to use it again. After reading this I don't think I will use it and instead will remove Pocket Mechanic from my device. And make sure that future purchases of software are not from Anton Tomov until he's cleared. Yeah I know that's guilty until proven innocent but that was a lousy weekend I was handed when my music, novels etc were lost.

ctitanic, you said on another board that only thieves would consider this approach troublesome:


If you look around you will find ONLY a complain from a theive. NO a complain from a legal user. Of course, you will find 1000 of complains from other that were not affected but think that they may be affected someday. And STOP, I´m not saying that they may be affected because they are stealing too, I´m talking about those who use legal software and think that they may be affected by mistake.


SHAME on you. I pay for every drop of PPC software I use and I have the Handango receipts to prove it, over $200 in the past 6 months. I'm sorry for you that you feel it is a good business model to alienate your paying customers (I have not tried your software though) by threatening their devices even remotely, with no warning whatsoever.

And I am absolutely not willing to risk my PPC software just because someone says 'Ahhh don't worry, it works'. Have you thought that the legal users don't complain because they don't know the potential in the first place? Or is that disclosed in the EULA's somewhere? (I truly don't know; if it is, then I'm blushing)

You say your software doesn't do this now... coming from someone who was willing to risk my data without my consent, why should we 'take your word for it' (or the other Antons of the world) now?

*Phil

Phil, feel free to do what ever you think is better for you. I have analized the facts in this case and I just found a thieve complaining about a hard reset. I could not find any legal user complaining about the same situation.

I would like to see you in our position, I would like to see you building a house, your house, and once you finished, I would like to see people from all over the world stealing pieces up to the point that in few hours all your hard work of many years is gone in few hours. And that´s literally what I felt seen hundreds AND LISTEN AND READ CAREFULLY, I said hundred of hits per day coming from a CHINESE site that posted a warez keygen and a link to my site so their users could download my program. The last year I gave for free 162 copies of Tweaks2k2 for free. Those guys downloaded just in one day 345 copies, JUST IN ONE DAY.

I know that it´s very hard to understand Anton´s current possition when you have not been never in that possition.

Yes, I released in WAREZ and P2P sites a version of that key generator that asked users to copy the file into my program folder and run it from there and then it triggered a Hard Reset. Can anyone tell me that a honest, legal user, could run that file by mistake?

I don´t know the details of Anton´s procedure, but I know Anton and the quality of his job and it´s very hard for me to believe that he could place that kind of trap in his program thinking that somebody could by mistake trigged the hard reset.

The hard reset code is and has been in Tweaks2k2 for more than two years AS AN OPTION IN THE MENU. I have not seen or have a case where that code was triggered by accident or by a mistake in my code.

Since all this started I have been contacted many times by other developers that at one point thought about to do the same that Anton did, and the reason why they have contacted me now is because of my called to join forces looking for solution that at least stops 10% of the piracy that we are suffering now.

I have opened this topic in www.todopocketpc.com , the spanish community where I work normally as a news editor, there I went around two month ago and publically told that community what was going on. And since that time I have been asking for solutions and asking for ideas that could be implemented against piracy.

The easiest position is to come here or to any other forum debating this case and trash Anton. And believe me, that does not help. I would like to see those trashing Anton proposing solutions that could stop other fellow developers from doing what Anton has done.

You purposely released a hard resetting keygen???? I have no respect for that. That IS without question malicious. This code does not even lie in your software. You basically wrote a virus. Your messed up for doing that.

I DO understand the hard work as I am a developer of other software. I do not understand or should I say agree with your tactics. No matter how you try to ice what you have done its still crap. There is no hiding crap we can all smell it, and there is no good justifications just excuses.

As probably some of you have noticed there is an organized attack led by several persons who are trying to convince everybody that Pocket Mechanic contains malicious code. So here is my own opinion:

1. Pocket Mechanic reuses some of the libraries found in Pocket Hack Master. There are APIs inside that are never used they just sit there because I didn't have the time to remove (or comment) the source code.

2. An entry of an invalid serial number won't cause the device to hard-reset. Everybody can check this pretty easily.

3. The program indeed contains a piracy check for a single serial number. It is used by approximately 2000 pirates at the moment and can be found on #pocketwarez on EFNet. The people who are using this key have no excuse, the chances of entering the pirated key by mistake is 1/10000000000 which is approximately 0.000000001%. Pirates are directly stealing from me, my business and my family. They are also stealing from you, my loyal customers, because their acts reflect on the quality of the software I write (if a developer doesn't get paid for his programs he doesnt add new features and does not provide good support).

4. I was never the commercial type of guy. I program because this is what I do best and I beleive I add a lot to the PocketPC community with my software. A lot of people can confirm that I always answer positively to requests for uncommercial licenses so a person who uses a stolen version of the program has no excuse.

You all know how devoted I am to my software and how much energy I put in my projects. The fact that I recently released a free upgrade to the new version of Pocket Hack Master 2004 (which is a completely new program, not a minor or a major update) speaks a lot of the way I see my customers as my partners. Very few software companies would proceed the way I did, most of them would charge you again. Pocket Mechanic is a very popular piece of software. Of course, this is directly related to the quality and the value the program provides and to more or less my own person. I understand that this is not welcome by certaing people or companies. People can be manipulated without much effort these days.

I won't comment this issue again so don't expect anything on the subject from me in this thread or on this site - the people who organized this are hoping to bring down my well established name and I won't play their game.

I will really appreaciate the support of my loyal customers. Pocket Mechanic does not deserve this attack. Thank you!

Edited by Anton on Feb. 04 2005,11:38

--------------
Anton Tomov

You purposely released a hard resetting keygen???? I have no respect for that. That IS without question malicious. This code does not even lie in your software. You basically wrote a virus. Your messed up for doing that.

I DO understand the hard work as I am a developer of other software. I do not understand or should I say agree with your tactics. No matter how you try to ice what you have done its still crap. There is no hiding crap we can all smell it, and there is no good justifications just excuses.

Wayne, you are free to think and do what ever you think is better for you and your family.

I did what I thought at that moment that was the best for me and my family. And I have not regrets about that.

[quote="ctitanic
Why we should warn you, legal user about something that we know for sure is not going to happen. quote]

You can't know that software packages with a bombload are never going to be triggered accidentally. What if I type in my registration code incorrectly? What if YOU HAVE A BUG in your software, what if you erroneously flag MY legitimate code as a pirate code?

It is completely irresponsible for ANY developer to put code into an application that he distributes that will hard reset a device, or erase a users data. You (the developer with such code) should be held legally liable for every single piece of data your program deletes.

There is no question that putting a bomb into software like this is morally, ethically, and legally wrong. Someone who does this is no better than a virus writer. I don't care what your motives are, it's wrong.

He says that there is NO hard-reset on use of a "pirated"/generated key. He says that someone/some people are running a bit of a smear campaign against him.
Notice the wording! He says:
2. An entry of an invalid serial number won't cause the device to hard-reset. Everybody can check this pretty easily.
Literally yes, this is correct. If you enter a serial number and if it is incorrect or pirated, PM seems to simply refuse it.

BUT, if you have an older version of PM installed (1.49) with a pirated serial (which wasn't blacklisted at that time and henceforce accepted by 1.49, probably the one Anton talks about in point 3), and if you then install PM version 1.50 over it, PM will detect the old serial in your registry and hard-reset your device -- without a word of warning.

Ctitanic, I thinks there is nothing wrong about uploading fake or even harmfull version or your software to sites like pocketwarez. Most people here are not complaining about that, but complaining about what this can do to legal users. FE, is someone stole my key.

One more and I hope last note about me. Please don't try to convince me of what is wrong and what is aceptable. I have gone thru this around two month ago and I have moved over other ways to fight against piracy.

BUT, if you have an older version of PM installed (1.49) with a pirated serial (which wasn't blacklisted at that time and henceforce accepted by 1.49, probably the one Anton talks about in point 3), and if you then install PM version 1.50 over it, PM will detect the old serial in your registry and hard-reset your device -- without a word of warning.

So the moral would be not to steal the software. Seems simple to me.

No the moral is not to include harmful code to a program that does not belong there. And Anton should better tell the truth than to play around with words and lie about the fact that PM does hard-reset your device when it detects the illegal code from an older version.

A hard reset keygen.... maybe its ethical, maybe it isn't. One thing I know - its pretty creative.

No the moral is not to include harmful code to a program that does not belong there. And Anton should better tell the truth than to play around with words and lie about the fact that PM does hard-reset your device when it detects the illegal code from an older version.
Why use a pirated serial? if you're a bonafide user? He does say in point 2 that there is NO hard-reset. Point 3 says there's a PIRACY CHECK, will that mean it's a HARD-RESET? Let's talk about the facts here. Don't feed words into others mouth.

A hard reset keygen.... maybe its ethical, maybe it isn't. One thing I know - its pretty creative.

Well, if you want to see something more creative I can tell you that I designed once a "cracked version" of Tweaks2k2 that mimiced a hard reset :D :D :D :D :D :D, When it was ran it did a soft reset calling the welcome screen of windows so during the time you were aligning the screen the idea that you have in mind was the everything in your PPC was gone. Ah... and before the soft reset there was a message saying "YOU ARE USING A PIRATE COPY".

I liked that one. :devilboy: :mrgreen:

No the moral is not to include harmful code to a program that does not belong there. And Anton should better tell the truth than to play around with words and lie about the fact that PM does hard-reset your device when it detects the illegal code from an older version.

Get over yourself. If you don't like certain software for WHATEVER reason (Anton's, or otherwise), don't use it - simple as that.

Speaking specifically of Anton, he's one of the better developer's I have ever worked with and his software is excellent.

Let's talk about the facts here. Don't feed words into others mouth.
The FACTS were always that PM contains malicious code. Nowhere did anyone claim that PM would volunteerily hard-reset devices with legal serials (although that could be possible due to a bug, as long as he leaves that malicious code in his program). And fact is that he hard-resets the device of people who use a particular illegal serial number. Yes, it is illegal to use illegal serial numbers. But it is even more illegal to hard-reset someone's PDA, especially when you do this under the label of a company.

... at least this thread must have opened Tomov's eyes and perhaps saved his from a sh*tload of legal charges against him.... Pocket Mechanic 1.51 doesn't reset your PDA anymore when you have an illegal serial, it simply ignores it. Of course the changelog doesn't mention that and is still stuck to 1.50.

*Post edited by mod SJC*

Let's talk about the facts here. Don't feed words into others mouth.
The FACTS were always that PM contains malicious code. Nowhere did anyone claim that PM would volunteerily hard-reset devices with legal serials (although that could be possible due to a bug, as long as he leaves that malicious code in his program). And fact is that he hard-resets the device of people who use a particular illegal serial number. Yes, it is illegal to use illegal serial numbers. But it is even more illegal to hard-reset someone's PDA, especially when you do this under the label of a company.
How can you rule out malicious code in this argument? There are a lot of variables out there that can hard-reset a device (and I don't plan to list them all out here). All this is black propaganda and not a way to present it that Anton did put the MALICIOUS CODE beyond reasonable doubt. I still see this as a number of misinformed forum members overreacting that likes to make a lot of noise, and Anton's plain simple post of saying he doesn't have that hard-reset feature in his code.

Let's talk about the facts here. Don't feed words into others mouth.
The FACTS were always that PM contains malicious code. Nowhere did anyone claim that PM would volunteerily hard-reset devices with legal serials (although that could be possible due to a bug, as long as he leaves that malicious code in his program). And fact is that he hard-resets the device of people who use a particular illegal serial number. Yes, it is illegal to use illegal serial numbers. But it is even more illegal to hard-reset someone's PDA, especially when you do this under the label of a company.

And you play a lawyer on TV??

This may help you:

1) Take DEEP breath; count to 10.

2) If #1 does not help, please seek medical attention.

3) Did I mention: Get over yourself.

I really think a link to this needs adding early on in this thread so he can get his say.

edit : He /does/ say that there is a check for a single pirated key - however he doesn't say what the action is, just that it's not a hard-reset.
I've updated the frontpage post. Do realize that my intention was not to start a smear campaign, and that's why I worded my initial post to clearly state "apparently" and I specifically avoided rendering judgement on his software.

That said, I still find the wording of Anton's post curious, but I'll leave it to the readers of this and other forums to figure out exactly what's going on. I still think the discussion of how to deal with piracy is of merit, though. Most of this discussion has been professional, and I'd like to keep it that way.

--janak

2) If #1 does not help, please seek medical attention.
3) Did I mention: Get over yourself.
Please, keep these kinds of personal comments out of the thread. You're welcome to disagree, but this is unwarranted.

thanks,

--janak

A hard reset keygen.... maybe its ethical, maybe it isn't. One thing I know - its pretty creative.

Not really. This sort of thing has been going on as long as there have been serial numbers (at least on micros). And it's always come out bad for the developer - if someone knows your software could do something nasty to their machine or their data, it doesn't matter whether it won't ever happen to them, they'll never fully trust that software - and by extension the developer - again.

Its hard enough developing and debugging software to start with, without adding code like this. What happens if it's trigged by a bug you introduce?

I really think a link to this needs adding early on in this thread so he can get his say.

edit : He /does/ say that there is a check for a single pirated key - however he doesn't say what the action is, just that it's not a hard-reset.
I've updated the frontpage post. Do realize that my intention was not to start a smear campaign, and that's why I worded my initial post to clearly state "apparently" and I specifically avoided rendering judgement on his software.

That said, I still find the wording of Anton's post curious, but I'll leave it to the readers of this and other forums to figure out exactly what's going on. I still think the discussion of how to deal with piracy is of merit, though. Most of this discussion has been professional, and I'd like to keep it that way.

--janak

Janak, I wasn't pointing fingers at you (or PPCT), it never even entered my mind that you were doing anything other than printing a story you'd heard about, and I think your initial article did make that clear.

I find his phrasing a little odd too, and if it turns out that Pocket Mechanic really is deliberately doing what people are accusing it of, then I think his post will probably just make things worse. I really hope PM /doesn't/ deliberately hard-reset though, pirated serial or not.

Let me state that i am an active fighter against pirated software but i see this as going way beyong proportional retribution.

In fact i know for a fact that under Dutch Law, whatever moral justification you have for yourself, hard-resetting a device is a crime that can result in jail-time and full liablity for all damages caused, regardless of any wordings/warnings in the EULA. The Dutch laws surrounding computer crime explicitly mention itentional demolition of electronically stored data, they are very strict in this regard: it is a crime that can result in maximum of six months jail-time. Under at least Dutch Law the USE of a crack or serial is NOT even illegal, only the distribution of cracks and serials is. So basically PocketMechanic is fighting people with illegal means that, in the eyes of Dutch Law, did nothing wrong.

Besides that, the idea of having software that could destruct all my data in any way freaks me out: it is breaking the wholy rule we have as developpers to protect the PC/PDA from any harm, how rude the user is.

Jaap

Do realize that my intention was not to start a smear campaign, and that's why I worded my initial post to clearly state "apparently" and I specifically avoided rendering judgement on his software.

Well, I think this thread has pretty much turned into a smear campaign, regardless of the intention. I probably would have left out the details of what software package was doing what and just posed a hypothetical question.

Someone asked Anton to clarify his statement and whether there is definitely no malicious code that could execute a hard-reset. He replied:

Yes, I do confirm that there is no such code (and I am speaking of the latest version 1.51).

1.51 was released two days ago when the discussion on the hard-resets in PM began. The changelog doesn't say anything at all, and I assume we all know the reason behind this release.

And yes, I'd appreciate it if you keep your comments professional, since I don't see for what I deserve being flamed at.

Janak, I wasn't pointing fingers at you (or PPCT), it never even entered my mind that you were doing anything other than printing a story you'd heard about, and I think your initial article did make that clear.
I know, I wasn't pointing fingers either. ;)

Well, I think this thread has pretty much turned into a smear campaign, regardless of the intention. I probably would have left out the details of what software package was doing what and just posed a hypothetical question.
I suspect that was inevitable -- if I had only phrased it hypothetically, the link would have appeared shortly in the thread -- the "news" has appeared on at least three or four other popular Pocket PC forums. It's a difficult thing to balance as a News Editor. If I had known there was so much controversy over what he had or hadn't actually done, I might have taken a different route, but at the time the forums and associated blogs were pretty much clear on the subject.

--janak

I tried to steer clear of this one, I really did. But here goes. First of all let me state that I am very pleased with the number of developers who have chimed in and condemmed this behavior. Anton's (I know people are coming to his defense, but as I understand his response it is unclear if there are circumstances in which he uses this method) reaction is one of anger. It has nothing to do with proportional retribution. The risk of such an angry reaction is that it will often invoke an even more angry response. Bear with me for a second.

Let's say I'm playing basketball and a guy intentionally hits me with an elbow. Doesn't do much damage, maybe a split lip. My reaction may be to wait for him to go up for a rebound and cut his legs from underneath him. He fall's, hits his head, and ends up with a concussion. Do I feel bad? Absolutely not! Once you decide to cross the line, you don't get to dictate the terms of engagement. Many people have their life wrapped into these machines/hard drives. Any developer who intentionally deletes this data has crossed the line. That developer exposes himself and/or his family to the possibility of a v-e-r-y angry and disproportionate response.

Any developer who decides to take such drastic action for what could be a totally innocent mistake should do so with very careful forethought and analysis of the potential repercussions.

The fact that this developer had to be talked out of such action by betatesters tells me all I need to know about him. I would not even consider knowingly purchasing any product that he is involved with.

Just my .02.

2) If #1 does not help, please seek medical attention.
3) Did I mention: Get over yourself.
Please, keep these kinds of personal comments out of the thread. You're welcome to disagree, but this is unwarranted.

thanks,

--janak

Thanks for allowing me to disagree - the posts I made WERE my disagreement.

You are going to defend the trash posted here now? Pitiful.

I'd bet that your problem was due to installation on the SD card. His support info clearly says that the app needs to be installed to main memory to have access to cards and work properly.

I, for one, am a happy Mechanic user and will continue to support this developer. He writes good software, provides prompt and thorough support, and prices reasonably. :way to go:

Janak, I just read Anton's explanation, too. Like corrosive, I'd like to request that you put a link to his statement in your original post.


About two weeks ago I lost everything on my SD card while running Pocket Mechanic. The program was installed on my card as is just about everything I do with the PPC, progs, data etc.. Damage was minimal as I back up the card to the PC frequently but as I was 100 miles from a PC the lost hurt until I got back to town. My copy is legal, purchased from Handango. Now I'm not sure if this is related and it behaved this way because I had Pocket Mechanic installed on a card instead of main memory but I've been hestitant to use it again. After reading this I don't think I will use it and instead will remove Pocket Mechanic from my device. And make sure that future purchases of software are not from Anton Tomov until he's cleared. Yeah I know that's guilty until proven innocent but that was a lousy weekend I was handed when my music, novels etc were lost.
I mentioned my suspicions that installing to card may have been the problem. I purchase the product from handango and downloaded and installed. No warning about not loading to card or anything like that. Was I supposed to go to a web site and find that out ? Other software that doesn't work off a card won't allow it to be installed there. In any event I sympathize with a developers dilemma of trying to keep the code base to reasonable size so error checking will have its limits but for the low level stuff extra care is required as the damage can be great. I'm a developer, currently involved in getting software compliant to Sarbanes-Oxley and the stress is that no damage can be done before it even gets to the security level. I still think there was too much carelessness here. There was no warning in the purchase , download, install flow as to method or potential danger of installation. I wasn't careful enough. Neither was the developer. I'm paying him not thc other way around.

You know, I never cease to be amazed by the alarmist mentality of some folks.

Has anyone with a legal copy had a hard reset that can be positively identified as being caused by Pocket Mechanic? Not, "I installed it to my SD card and it caused a hard reset" since it is not suppossed to be there anyway.

I've been reading alot of forums and the answer is no. We can "what if" this situation to death but the fact remains it has not happened.

First off if the actions are purposely coded into the program and aren't mentioned in the EULA, its automatically wrong.

Here is a good article about the enforceability and history of EULAs http://www.okratas.com/modules.php?op=modload&amp;name=News&amp;file=article&amp;sid=45&amp;mode=nested&amp;order=0&amp;thold=0. In it he says "Companies that use EULAs must make sure they are "reasonable." In the same way that you cant shoot someone in the head for jaywalking, hard resetting someones device for having pirated software seems extremely excessive to me.

The article also talks about when you agree to the EULA. You don't even get to see it untill the software is downloaded or package is opened. I know of no company that will accept a return after this, so if you disagree with the EULA, you're stuck paying for the program anyway. That brings the legality of the EULA into question because you have no chioce but to accept it.

You could also have a minor install it for you or just click through the EULA, then the contract isn't legal no matter what it says. :devilboy:

From reading the posts, it seems that if someone legally buys the new edition but installs it over a pirated version, they get reset. That is just stupid if the case.

I've also had a legal copy of a program but couldn't find/ been to lazy to look for the serial if i had to reinstall for some reason, so i just find one online because it's so easy to. Bad serial but legal right to the program, what then?

Thanks for allowing me to disagree - the posts I made WERE my disagreement.

You are going to defend the trash posted here now? Pitiful.

I think this is getting out of hand. There have been few new and even fewer good points made in the past five pages. It's started to reach the critical mass where it goes from a discussion to an argument, and hostility is spilling in to this.

I think most of us are against a developer putting in any code to hard-reset our device, with a few seeing why a developer would do such a thing. We're not lawyers, we just don't like our trust violated like that. Is such a thing warranted? You probably know everyone's opinion by now, and you have your own. Chances are your opinion has been voiced to at least a modicum by now, so there's no need to dredge in slurs against other people just because they disagree with you. Let's try and keep this civil to avoid a breakoff into the HoF&amp;S.

Quote from Antons site.

(Alexander @ Feb. 04 2005,17:21)
Anton, just to clearify this and to avoid any misunderstanding: can you guarantee that there is no malicious code in Pocket Mechanic that would under any circumstances hard-reset my device without a warning?

Yes, I do confirm that there is no such code (and I am speaking of the latest version 1.51).

From reading the posts, it seems that if someone legally buys the new edition but installs it over a pirated version, they get reset. That is just stupid if the case.
That would be true. What amazes me are the few people who actually try to overlook the fact that PM contains (contained - in 1.51 Tomov silently removed it) code to hard-reset PDAs. Pirate or not, he has absolutely no right to do so!

Quote from Antons site.

(Alexander @ Feb. 04 2005,17:21)
Anton, just to clearify this and to avoid any misunderstanding: can you guarantee that there is no malicious code in Pocket Mechanic that would under any circumstances hard-reset my device without a warning?

Yes, I do confirm that there is no such code (and I am speaking of the latest version 1.51).

So that suggests there existed such codes in older version? :roll:

Quote from Antons site.

(Alexander @ Feb. 04 2005,17:21)
Anton, just to clearify this and to avoid any misunderstanding: can you guarantee that there is no malicious code in Pocket Mechanic that would under any circumstances hard-reset my device without a warning?

Yes, I do confirm that there is no such code (and I am speaking of the latest version 1.51).
Nice quote, exactly what I quoted one or two pages earlier. Please try to read between the lines! Tomov chooses his wording very carefully. He was specifically referring to Version 1.51, which came out two days ago, after the discussion had started.

Your right I missed it. That doesn't stop my wondering what is your agenda Jeremiah or should we call you TadW?

What is your problem when I am quoting other people who are supporting my view that it is highly illegal for any programmer to wipe out someone's PDA, no matter whether pirate or not?

Anton did not answer the question directly. He has deliberately avoided the Version 1.50 question, which leads me to believe that the "Hard Reset" routine did in deed exist in that version.

This behavior shows that Anton released a malicious version and then caved into the pressure and quickly released v. 1.51.

If this is not true Anton, feel free to speak up!!!!!

Thanks for allowing me to disagree - the posts I made WERE my disagreement.

You are going to defend the trash posted here now? Pitiful.

I think this is getting out of hand. There have been few new and even fewer good points made in the past five pages. It's started to reach the critical mass where it goes from a discussion to an argument, and hostility is spilling in to this.

I think most of us are against a developer putting in any code to hard-reset our device, with a few seeing why a developer would do such a thing. We're not lawyers, we just don't like our trust violated like that. Is such a thing warranted? You probably know everyone's opinion by now, and you have your own. Chances are your opinion has been voiced to at least a modicum by now, so there's no need to dredge in slurs against other people just because they disagree with you. Let's try and keep this civil to avoid a breakoff into the HoF&amp;S.

I haven't seen anyone "yelling" yet? Perhaps those who take offense to others opinions (that's what all the posts here are...), should simply not post anywhere so as not to get offended?

I certainly take no offense to the term "trash", which is what is mainly being posted here. The only "slurs" I see are against Anton and are not deserved.

Also, "get over yourself" certainly isn't offensive to anyone? Posting with exclamation points and telling a software developer what he/she can, or can't do, with their software, certainly seems more offensive than my little 'ole opinion :wink:??

What is your problem when I am quoting other people who are supporting my view that it is highly illegal for any programmer to wipe out someone's PDA, no matter whether pirate or not?

I disagree with you simple as that.

I have not seen any proof that this has caused a problem nor seen any proof that the code actually exists.

Because Anton does not comment on something does not mean that the code is in fact there. in fact, it means absolutley nothing. Sure you can read into it if you want but I choose not too.

I have not seen any proof that this has caused a problem nor seen any proof that the code actually exists.
The proof was there at Mobileread.com in form of a disassembly taken from PM 1.50. It was removed by an admin.

Because Anton does not comment on something does not mean that the code is in fact there.
One reason why he should not comment if what had been stated about his product was just false?

If there is/was bad code in Anton's software, he's playing with fire to say the least. It'd be the equivelant of carrying around a loaded gun in your pocket with the safety off.

I would never, ever trust a developer who did that - and I'd do my best to have them blacklisted / boycotted and / or sue them to prevent other developers from attempting it. I'm obviously not alone in this opinion judging by the other replys.

As a developer I actualy got a bit of an ego boost to see a code generator for one of my apps. Sure its going to reduce my income, but most people that pirate, will never purchase anyway.


Here's an amusing little anecdote. Way back when, I was a developer of Palm software. I also was an active pirate....

Here's the story: I know for a *fact* that another well-known developer of PPC and Palm software had a gentleman's agreement with a warez distro group: they wouldn't release their pirated version the first week the software was released.

This may sound strange; developers giving pirates their blessing, but: **they actually sold more copys of the software because of the word-of-mouth the pirates generated!!**

I still think the discussion of how to deal with piracy is of merit, though. Most of this discussion has been professional, and I'd like to keep it that way.

--janak

I hope that others read your lines and put all the effor to find ways that could be of any use to us developers.

Let's think this through:

You think that if you wilfully steal food from a developer's table, that you should not suffer consequences of your actions?

It is okay for you to steal, but not for you to suffer for your transgression?

Interesting.

I bought Pocket Mechanic and Pocket Hack Master when it was sold in a bundle last year.
I'm fairly disappointed at how Anton has handled this issue so far. If there were no such codes or there were such codes but if he believes he did right thing, why doesn't he confirm the facts and speak up his opinions? Attitude like "I won't comment this issue again so don't expect anything on the subject from me in this thread or on this site" doesn't help. Does he really believe this is a campaign of a number of big forums to "organize to bring a small software house down"?
Personally, I'm almost convinced there was a malicious code in previous versions of PM, and I have no intention to continue to use PM or purchase any other future software from him.

If there is/was bad code in Anton's software, he's playing with fire to say the least. It'd be the equivelant of carrying around a loaded gun in your pocket with the safety off.

I would never, ever trust a developer who did that - and I'd do my best to have them blacklisted / boycotted and / or sue them to prevent other developers from attempting it. I'm obviously not alone in this opinion judging by the other replys.

As a developer I actualy got a bit of an ego boost to see a code generator for one of my apps. Sure its going to reduce my income, but most people that pirate, will never purchase anyway.


Here's an amusing little anecdote. Way back when, I was a developer of Palm software. I also was an active pirate....

Here's the story: I know for a *fact* that another well-known developer of PPC and Palm software had a gentleman's agreement with a warez distro group: they wouldn't release their pirated version the first week the software was released.

This may sound strange; developers giving pirates their blessing, but: **they actually sold more copys of the software because of the word-of-mouth the pirates generated!!**



I think you make some excellent points here. Lets state some facts.

Is it moral, legal or ethical to priate software? No it is not.

Is there anyway to stop it? Not a chance in the world.

So instead of fighting fire with fire, and starting basically a war. IMHO if I was a developer, which I am not, I would consider what the developer above proposed.

Should a developer HAVE TO try to work something out with piriates of their software? NO

ALthough at this point if they do a little testing and find they are selling more software by getting the word out there, then it may just be put down as a marketing test. Look at the piriates as long term beta testers or something of the sort. I think trying to make a deal like the one mentioned above is a good idea.

Please before a developer gets all bent out of shape with my comments please understand I am not saying that piracey is correct or anything like that. I am just saying you can try to fight everyone out there, or twist it around and use it to your advantage the best you can.

I have been contacted lately by a group of developers. I don´t have any way to create a private forum where we can discusse deeper the idea of an alliance. I really think that we should do that. If any of the developers that contacted me has that possibility please, let me know when that private forum is ready and I´ll contact the rest of those that contacted me.

KimVette,

Two wrongs don't make a right. We have laws. The same laws that say stealing is wrong also say property destruction is a crime.

&lt;edit: man this thread is moving fast!>

I, for one, am a happy Mechanic user and will continue to support this developer. He writes good software, provides prompt and thorough support, and prices reasonably. :way to go:

Same here. I bought Pocket Mechanic, I'm using it and I will continue to do so.

How about if the pirated software just displays a warning and then stops working completely? I haven't read the whole thread so forgive me if that's been posted already.

First off, as a developer, I can understand why someone would do this. I mean, it is frustrating when you're trying to make a living and people are using your hard work without paying for it. Would I ever resort to such means, though? No.

My next point is that we really don't have any proof that Anton did this. All I've seen is information from an article where the information has been "pulled". I've looked at previous versions of his software in order to help mine be more compatible with his and I never saw anything malicious, that I'm aware of. So, I won't be doing anything to drag his name through the mud.

Now, if we really want proof, then would someone mind emailing me a copy of the software in question? I happen to know what it is I'd be looking for, and I know how to take apart a program pretty quickly (I don't do that for pirating purposes, though). I think we should hold to the innocent until proven guilty idea, don't you?

I think the developer just needs to come forward and explain this and put it to rest.

I think the developer just needs to come forward and explain this and put it to rest.
That would be the ideal solution. Though, I'm willing to cut him some slack as he did make sure that his latest build does not have this code in it (regardless of whether or not he implemented this in the first place).

Let's think this through:

You think that if you wilfully steal food from a developer's table, that you should not suffer consequences of your actions?

It is okay for you to steal, but not for you to suffer for your transgression?

Interesting.

As i mentioned before, you shouldn't have to face a firing squad if you've been j walking. This method doesn't punish the people who crack the programs and make them available for download. It punishes the person who downloaded it MUCH more severely than they deserve. It is destruction of property and is a worse crime than piracy. At least piracy doesn't destroy something forever.

I think we should hold to the innocent until proven guilty idea, don't you?

'Innocent until proven guilty' is a criminal concept of not putting someone in prison unless we can prove their guilt beyond a reasonable doubt. In a civil court, the burden of proof is much lower, requiring only enough evidence to tip the scales one way or another. But, hey, this isn't a court at all now is it? It's a market and consumers don't need any evidence in order to decide whether or not to buy someone's product. So, no, I don't think we should hold him innocent until proven guilty when there is some evidence that he did do this thing and he won't deny it. As a consumer, that's what I've decided for my money. Nothing from this developer, ever. But that's just me. I don't wish the guy harm and I don't care what others decide.

Now, if we really want proof, then would someone mind emailing me a copy of the software in question? I happen to know what it is I'd be looking for, and I know how to take apart a program pretty quickly (I don't do that for pirating purposes, though). I think we should hold to the innocent until proven guilty idea, don't you?

Now isn't that piracy in itself? Sending you a copy of software that you didn't pay for and then giving you permission that they don't have to give permission for you to decompile the program?

Let's think this through:

You think that if you wilfully steal food from a developer's table, that you should not suffer consequences of your actions?

It is okay for you to steal, but not for you to suffer for your transgression?

Interesting.

As i mentioned before, you shouldn't have to face a firing squad if you've been j walking. This method doesn't punish the people who crack the programs and make them available for download. It punishes the person who downloaded it MUCH more severely than they deserve. It is destruction of property and is a worse crime than piracy. At least piracy doesn't destroy something forever.

I don't agree with you at all. If you are using an pirated copy of a program and you suffer a hard reset well that is just your tuff luck. While I don't think this will stop piracy it might make 1 person think differently and that can be worth something.

So far we have the word of one person saying that this code was in the program. Where is the proof? Where are the masses of legal users suffering hard resets? So far there isn't any.

I've read all of these posts and feel the need to summarize my feelings.

1.) If a developer has the means to identify stolen or pirated software, it seems to me the best solution is to simply disable the software or cause it to delete itself. Why does a developer feel the need to become judge and jury and "punish" the supposed offender.

2.) Developers that use the 'stealing' analogy don't really get it. Software is and has always been different than hard goods in two ways. 1st, a pirate stealing software does not prevent the developer from selling the software to others and thereby profiting. If I steal jewlery from a jewelry store, it can't be sold to someone else. 2nd, 90-95% (or more) of the idiots who steal software in this manner will NEVER buy the software, so there is little true revenue lost by the developer. It doesn't make it right, but that is the real world we all must live in.

3.) It will never be right for anyone, including developers to purposely delete or damage others data because they feel wronged - I refer to my first point - just delete the damn software and the developer has not been harmed in any way.

4.) I hate Software Pirates and the fact that they make it so damn difficult to use and run legitimately purchased software on my PPC. I recently did a dunderheaded thing and wiped out my entire outlook mail file, while upgrading to a new PC. All of my software serial numbers were stored in outlook. I may now being forced by some developers to re-purchase legitimately paid for software, since I have no good record of the transaction. In circumstances such as this, it sure is tempting to use a "warez" code to get what I know I rightly paid for.

5.) When it comes to purchasing software, I will chose not to purchase software that has hidden triggers to damage my otherwise valuable data, regardless of the circumstances. It seems some developers don't understand the necessary goodwill this type of tactic destroys.

I don't know about the rest of you, but I am looking forward to the time, probably about three years from now, when one of the staff here in the office are going to approach me in a panic saying that they opened an email and they hope that they didn't do something wrong.

The email, btw, will say something like this:

!!!WARNING!!!

If you receive an email with an attachment called “Pocket Mechanic” DON’T OPEN IT!!!

IT WILL DELETE EVERYTHING ON YOUR HARD DRIVE!!!

THIS NEWS WAS JUST RELEASED FROM MICROSOFT TODAY!!!

(bla…bla…bla)

I wonder if this is how those things are started?

And here I sit..... still absolutely amazed that you people are so focused on the developers and personal attacks back and forth and much wringing of hands and gnashing of teeth..... yeah.... so maybe a developer or two or three.... or all of them as far as we know, used this technique to fight piracy. Use their software or don't.... I don't particularly give a flying farquar and I'll make my own decisions for myself as to whether or not I'll use it or any other that does this.

I'm still amazed that NO ONE seems to be upset with Microsoft for putting in the IO Control that allows this to happen with no user notification or intervention.

I'm still amazed that NO ONE is upset with the hardware manufacturers that put support for said IO Control into the HAL, without some user notification or intervention.

I'm still amazed that this is a DOCUMENTED option to a DOCUMENTED call that's out there for anyone to use at any time. Microsoft covers their bums with a little note that it's an IO Control that is "...optionally supported by the OEM HAL", yet all of them support it with no user interaction.

Who you guys gonna be upset with and sue when a virus or trojan or hacked software comes out that specifically does this to wipe YOUR data?? the guy who wrote it?? They're long gone and you likely won't find them. All MS or HP, or Tosh, or Dell or anyone else has to do is change the IO Control or HAL layer to put up a little dialog box saying that your PPC is about to be HARD reset and ALL data on the machine will be lost... and do you want to continue. No problems. If the program calling it has a practical reason to do so.... you approve it and go on.... or you say no, back everything up, run it again and approve it and be done. But then there's no way for the malicious code to take advantage of it to begin with.


Sheessh.

The big part of the problem is this: MS (and Palm, and Symbian) didn't put anything in there to help devs protect their programs. So devs are left with software based protections, which can always be broken.

That is n ot Microsoft, Palm's or Symbian's problem. The DEVELOPER should be the one to protect this not the OS provider. With that said, the whole idea of what this guy is doing is reprehensible. If this happened on my server, I would be MAJOR LEAGUE PISSED OFF. Same goes for my PDA.


It's not their problem, but MS, PS, and Symbian could most definitely bring out a solution for it if they felt like it.

All they have to do is build in both hardware and OS support for anti-piracy purposes. There are ways of doing this that can be shown to be mathematically uncrackable by pirates. However they don't want to be bothered, meaning that devs must use ever more elaborate software techniques, while full knowing that nothing they do is uncrackable.

The main reason those companies don't want to be bothered by this, is that piracy in this case actually helps them...

Todd.

PS, and yes, this whole thing may p--- you off (as shown by the CAPS), but many devs are getting absolutely desperate. When the bill collectors come knocking, and you don't have the money because most people would rather pirate you program, well... I think that you can get the picture.

PPS, There's the idea going around that piracy can be good, because it increases advertising. That can be true for large companies. It's demonstrably false for small ones.

Let's think this through:

You think that if you wilfully steal food from a developer's table, that you should not suffer consequences of your actions?

It is okay for you to steal, but not for you to suffer for your transgression?

Interesting.

I think the point is you can't take the law into your own hands. If someone ran into my car and damaged it, doesn't give me the right to go burn down his house. Or if someone stole a software disc for my computer, doesn't give me the right to send him a virus that erases his whole system. As a Web developer of php/MySql and soon (hopefully) to be PPC developer, I see how this can be very hurtful to a developer. However, this doesn't give them the right to take the law into their own hands. Now, I know stopping piracy is a tough thing and not much is being done, but that still does not justify it.

Take for instance gangs; Growing out of hand. Lets say a gang member killed a child of mine. Does it give me the right to go vigilante style and start killing all gangs members I could find? No. I may feel like I want to, but acting upon it would be illegal and I am sure there would be plenty of people that could empathize with me and agree with my actions. While I agree this is a little more extreme, the ideology is the same. As soon as a programmer starts doing something malicious and illegal to get back at other people and starts justifying it saying he is protecting his family and what not, there is a big problem.

Unfortunately, there are unethical people in this world. But, as a programer, developer, or business person, it is our job to create products and services in ethical ways.

EDIT: Let me state I am not passing a judgemnet of guilty or not guilty for this developer. It is very supicous? Yes. Is he not handling it well? Yes. Sometimes honesty and straight forwardness go a long way.

As for piracy issues, I say disable the software. Im thinking about implementing an online serial check during the isntallation process to even unlock the program to be installed. Anyone using a flagged code would not be able to install.

DMY, you make a very good point regarding the HAL and IO control. Unfortunately, I'm not a programmer and don't have a clue what you're talking about, and I would guess many other posters are in the same situation as me.

I have to agree that it would the right move for OEM's to add the validation window, if possible when resetting the device. I wonder how that would work in the event of a "hard lockup" where the only way to get a device going again is a hard reset? I had that problem a couple of times while trying to install one particular program to my HX4705. (and no it wasn't a pirated copy of PM. :wink: ), It was a legitmately purchased peice of software.

Now, if we really want proof, then would someone mind emailing me a copy of the software in question? I happen to know what it is I'd be looking for, and I know how to take apart a program pretty quickly (I don't do that for pirating purposes, though). I think we should hold to the innocent until proven guilty idea, don't you?

Now isn't that piracy in itself? Sending you a copy of software that you didn't pay for and then giving you permission that they don't have to give permission for you to decompile the program?
That is a good point that I hadn't considered, so I stand corrected and ashamed of my request. However, I wasn't asking for the registered version, nor do I have to disassemble the product. Microsoft provides some developer tools (depends, dumpbin, etc.) to determine what functions are imported by an executable. These are all legitimate means of determing software requirements for a project that either you or another developed. All we have to do is look at the executables and dlls using one of these tools and see if it imports SetCleanRebootFlag from coredll.dll. If it does, then this would indicate that he had code to hard reset your device, especially if it doesn't appear in the 1.51 version of his program.

DMY, you make a very good point regarding the HAL and IO control. Unfortunately, I'm not a programmer and don't have a clue what you're talking about, and I would guess many other posters are in the same situation as me.

I have to agree that it would the right move for OEM's to add the validation window, if possible when resetting the device. I wonder how that would work in the event of a "hard lockup" where the only way to get a device going again is a hard reset? I had that problem a couple of times while trying to install one particular program to my HX4705. (and no it wasn't a pirated copy of PM. :wink: ), It was a legitmately purchased peice of software.
It is possible for a third-party vendor to intercept APIs on the PocketPC using great care. In this case, though, it might not be possible to intercept the SetCleanReboot function (this is what needs to be intercepted, not KernelIoControl) because it exists in the kernel. The only valid way would be injecting code into every process as it's launched.

Anton did not answer the question directly. He has deliberately avoided the Version 1.50 question, which leads me to believe that the "Hard Reset" routine did in deed exist in that version.

This behavior shows that Anton released a malicious version and then caved into the pressure and quickly released v. 1.51.

If this is not true Anton, feel free to speak up!!!!!

I prefer to think that people don't always just "cave into pressure" but perhaps realize they made a mistake, correct it, and learn from it.

This behavior shows that Anton released a malicious version and then caved into the pressure and quickly released v. 1.51.

If this is not true Anton, feel free to speak up!!!!!

Give me a break. It doesn't say anything like that.

I'm still amazed that NO ONE seems to be upset with Microsoft for putting in the IO Control that allows this to happen with no user notification or intervention.

I'm still amazed that NO ONE is upset with the hardware manufacturers that put support for said IO Control into the HAL, without some user notification or intervention.

In this case, I think Microsoft is not to blame. There are legitimate uses for a hard reset. Remember Windows CE is used in lots of embedded devices, not just consumer hardware. Say you have a device running in a remote location that is acting up and needs to be reset -- this allows doing it without requiring somebody to visit the frosty wasteland.

The manufacturers of Pocket PCs probably should remove this. I can't think of any legit reason to use it. But I'm still not upset with them any more than I'm upset with the creator of email for all the spam I get. Malicious people will always find some way to be malicious.

DMY, you make a very good point regarding the HAL and IO control. Unfortunately, I'm not a programmer and don't have a clue what you're talking about, and I would guess many other posters are in the same situation as me.

Ok, let me try this......

An Operating system is in many was like having a handyman/maid/butler/assistant in your house.... all rolled into one. You need to get a specific thing done, you call them to do it for you. In Windows CE, there's several layers of this, but the analogy is the same.... you want to open a dialog box, you call the OS and tell it to open a dialog box with these parameters (size, text, what buttons are in it, etc...). You want to read or write a file, you call part of Windows CE to do it for you.

In the case of a human, they can use a little common sense.... someone calls them and tells them to bulldoze your home, they'll likely double check the request before blindly doing it.

In this particular case, there's a few layers involved, but it's essentially the same except there's no common sense.... not a lot of intelligence. In most cases there are two ways of doing a hard reset: you press some combination of hardware buttons and the hardware does the reset... the second is you call Windows CE (Windows Mobile, whatever the name-du-jour is) and tell it to do a hard reset. It assumes the software telling it to do that reset knows what it's doing, so it just goes and does it without seeking any confirmation at all (in today's world anyway). As for the layer comment I made, at the bottom most layer is the HAL (Hardware Abstraction Layer) and in many cases this is where the real dirty work happens. the way you do a hard-reset is going to vary from device to device, so where a program calls a worker-function telling it to hard reset... that piece of software eventually filters down to a call to the HAL telling IT to do the actual hard-reset. In Microsoft's documentation, supporting that particular HAL call is optional.... e.g. your assistent may be told to ignore certain requests like "bulldoze my house". In fact, the Microsoft documentation actually goes so far as to suggest that the OEM that makes the HAL include a confirmation dialog box in their code.

I have to agree that it would the right move for OEM's to add the validation window, if possible when resetting the device. I wonder how that would work in the event of a "hard lockup" where the only way to get a device going again is a hard reset? I had that problem a couple of times while trying to install one particular program to my HX4705. (and no it wasn't a pirated copy of PM. :wink: ), It was a legitmately purchased peice of software.

I assume you reset your device by pressing the magic buttons to do a hard reset?? You'd do the same in the case of a confirmation dialog on a software instigated hard-reset request. If the OS was too far gone to put up that dialog box, then press the magic buttons. Either way.... it's YOUR decision to lose your data or not.

In this case, I think Microsoft is not to blame. There are legitimate uses for a hard reset.

You may be right about Microsoft... in fact the HAL developers guide addresses this issue in two ways: First, support for the HAL call is optional, and second they actually suggest that there be some sort of confirmation displayed to the end-user if it is.



Remember Windows CE is used in lots of embedded devices, not just consumer hardware. Say you have a device running in a remote location that is acting up and needs to be reset -- this allows doing it without requiring somebody to visit the frosty wasteland.

Great point.... and likely a lot to do with the way MS implemented it and talks about it in the HAL developers' guide. I hadn't thought of that. But it does put the onus squarely back on the device manufacturer.


The manufacturers of Pocket PCs probably should remove this. I can't think of any legit reason to use it. But I'm still not upset with them any more than I'm upset with the creator of email for all the spam I get. Malicious people will always find some way to be malicious.
I don't care if it's removed..... just put in a damned confirmation before doing it. and of course you're correct... malicious people will allways find a way, but there's no reason we should make it easy for them, eh?

It is possible for a third-party vendor to intercept APIs on the PocketPC using great care. In this case, though, it might not be possible to intercept the SetCleanReboot function (this is what needs to be intercepted, not KernelIoControl) because it exists in the kernel. The only valid way would be injecting code into every process as it's launched.

Sorry..... being a systems programmer, I immediately went to the middle and lower layers. In the interests of completeness, SetCleanReboot calls KernelIoControl, which in turn calls OEMIoControl, which is implemented in the HAL. Technically speaking, any software could institute a hard or soft reset by calling any one of these functions.

Note that the HAL developers' guide mentions that HAL support for soft and hard resets are OPTIONAL, and that it also suggests there be a confirming dialog box for them. Quite frankly I'd have assumed they ALL would include a confirmation in a consumer device, and had never looked before. I'm frankly appalled that there isn't one.... providing a single function that malicious code can call to wipe out ALL user data with no recourse and no confirmation is simply inconcievable to me as a developer, architect, manager, and engineer.

In my opinion if you steal one program then you usually steal more.
True.

This is just desserts for doing it.This is just not the way to handle pirates. If the developer has the ability to detect that a particular piece of his software has been pirated then just go ahead and disable it. By wiping a PDA my sympathy does not go out to the pirate my sympathy goes out to the person who by mistake entered the wrong key and it just happened that it was a bad key. What do you say to this guy after you wipe his PDA and he shows you his receipt. I've entered registration keys wrong haven't you?

Maybe Microsoft or Symantec should also wipe the drives of people who fail their activation validation test. I've had Symantec fail me 3 times. I finally got tired of calling them up to fix up my installation (their fault). Bottom line was that they said they were sorry - big deal. Three times a charm and I went to some other anti virus software company.

In a civilized world you just don't go around blowing away people just because they happen to look like they just stole some software. This is just another form of 'road rage' with the mindset of a virus writer. The simplest way is to deactivate the software and then discuss it over the phone. I'm sure that the most people that call will be legal users (hopefully not too upset since the validation test is very accurate - isn't it). The people who don't call are probably the pirates and their software has been deactivated.

If Anton did in fact do this then he probably just slapped together some code tested it a little on all the scenarios that he knows of then packaged and shipped it as a minor version update. There was no formal design or testing because if he did give out the product for a normal beta testing cycle along with release notes I'm sure none of the testers would have let him ship the code (unless they think the same way).

Jeff

In my opinion if you steal one program then you usually steal more.
True.

This is just desserts for doing it.This is just not the way to handle pirates. If the developer has the ability to detect that a particular piece of his software has been pirated then just go ahead and disable it. By wiping a PDA my sympathy does not go out to the pirate my sympathy goes out to the person who by mistake entered the wrong key and it just happened that it was a bad key. What do you say to this guy after you wipe his PDA and he shows you his receipt. I've entered registration keys wrong haven't you?

Maybe Microsoft or Symantec should also wipe the drives of people who fail their activation validation test. I've had Symantec fail me 3 times. I finally got tired of calling them up to fix up my installation (their fault). Bottom line was that they said they were sorry - big deal. Three times a charm and I went to some other anti virus software company.

In a civilized world you just don't go around blowing away people just because they happen to look like they just stole some software. This is just another form of 'road rage' with the mindset of a virus writer. The simplest way is to deactivate the software and then discuss it over the phone. I'm sure that the most people that call will be legal users (hopefully not too upset since the validation test is very accurate - isn't it). The people who don't call are probably the pirates and their software has been deactivated.

If Anton did in fact do this then he probably just slapped together some code tested it a little on all the scenarios that he knows of then packaged and shipped it as a minor version update. There was no formal design or testing because if he did give out the product for a normal beta testing cycle along with release notes I'm sure none of the testers would have let him ship the code (unless they think the same way).

Jeff

Sure I have entered them wrong. That's the thing. Just by enetering a wrong key you don't get a hard reset. What are the actual chances that you will enter the pirate key by mistake? I would say about no chance(of course this is all based on the actual number of keys handed out).

Your comparison of blowing someone away for software theft is so wrong it isn't funny. Were talking about software not human life(your not the only one making this comparison).

Your Symantec comparision is bad to. We are talking about a known piracy code not failed authorization.

This is all moot anyway. It has been confirmed by Anton that the code does not exist.

Blazingwolf:

Go back and read Anton's response on his forum. He was specifically asked if the code existed in current or any other version.

His next response contains an altered quote, specifically ommiting all reference to anything but the current version. He does state that v. 1.51 does not contain the code, but omitted the reference to previous versions.
He even stated 1.51 in par.

Trust is now the issue here! Can we as consumers (legal users) trust that this type of behavior will not occur again? Just the possibility that my device could be reset makes me shy away from Anton's programs now, and my copies BTW (were) legally registered.

Also, I find it hard to believe that it was a smear campaign against Anton as he stated. The discussions are all over many well respected sites and it is just too big of a response to be a smear.

Also, a response of "I will not respond anymore or anywhere" does not help either! If I was the dev in question and I did not do what is purported to have been done, you bet your sweet A##, I would have been responding all over the place to prove my innocence, because otherwise you stand to lose much legit business. Silence in this case is not golden!!!

siliwiz,

you need to stop using you PPC then. At any moment in time you can have 2 pieces of software that do not agree with each other and cause a hard reset. Who will be blamed then?

"Oh no I had a hard reset it must have been that evil developer that did this to me!"

Thanks for pointing this out siliwiz.

I saw references to Anton's confirmation in a few places in this forum, however, nobody else mentioned that Anton modified the "quote" from Alexander in his response.

The original post from Alexander was:

Anton, just to clearify this and to avoid any misunderstanding: can you guarantee that there is not - and has never been - any malicious code in Pocket Mechanic that would under any circumstances hard-reset my device without a warning?

Note: I made the relevant part bold

The response from Anton was:

Quote (Alexander @ Feb. 04 2005,17:21)
Anton, just to clearify this and to avoid any misunderstanding: can you guarantee that there is no malicious code in Pocket Mechanic that would under any circumstances hard-reset my device without a warning?
Yes, I do confirm that there is no such code (and I am speaking of the latest version 1.51).

He actually reworded the "quote" to remove "and has never been" in his response.

I am a senior developer and had the feeling that there was alot of judging of Anton's software without proof that he intentionally added this. As soon as I saw Anton's response, my opinion changed. He is clearly rewording his responses( including others quotes ) to hide something. My opinion now is that he added this to combat the piracy, but then removed it in the latest version because of the response.

I can understand his intentions, however, I thnk it would go a lot farther for him to tell everyone that he had this in version 1.50, however, due to negative response he has permanently removed it. A sincere apology goes alot further than trying to hide the fact that he did something wrong. I think former President Clintons response would have gone over much better if he just came forward with the truth about Monica Lewinsky in the beginning. ( That will no doubt start a whole new thread of discussion. :wink: )

I have never used the software, however, I have lost confidence in Anton through reading his responses and would never purchase it in the future. If he had of come forward in the beginning and stated that he made a mistake my opinion would be different. Admitting you made a mistake shows a lot of integrity, trying to hide it shows a huge lack of it. After all, everyone makes mistakes. :roll:

I have a 1.49 version around, and if anyone likes to analyze it, let me know. It is a trial version, so I suppose mailing it out should be OK. Also it is not too hard to find the leaked serial code. (simple Google search will do it). So if some of you don't mind a risk of hard reset, why don't you try it and tell everyone the truth?

hopefully we won't have to revisit this topic again.

After this firestorm of replies a revisit won't be a factor. :)

siliwiz,

you need to stop using you PPC then. At any moment in time you can have 2 pieces of software that do not agree with each other and cause a hard reset. Who will be blamed then?

"Oh no I had a hard reset it must have been that evil developer that did this to me!"IMHO,

There is a huge difference between two programs (or one for that matter) hard resetting a device by accident or an application that does that on purpose. The first is made by a sloppy programmer that i probably will not trust anymore, the second is a guy who just wrote a Trojan Virus and i will never trust again.

jaap

is the license bound by the serial numbers? If I buy the software, but lose the number - and easily find another doing a web search and the end result is data loss - who is responsible?

This is a lawsuit in the making. Suppose that someone else installed the software on the device, as in zelous IT person who did not know any better and was doing someone a 'favour'. I for one will never buy anything from a Malicious developer like that, and hope sure as h-ll that he does get sued. That would be nice.

So who are you going to sue?
1. Anton?
2. The zelous IT person?
3. The foolish person who allowed the IT person to install unlicenced software?

:roll:

seems to be in the right order, just the way you have it.

is the license bound by the serial numbers? If I buy the software, but lose the number - and easily find another doing a web search and the end result is data loss - who is responsible?

You.

Let's think this through:

You think that if you wilfully steal food from a developer's table, that you should not suffer consequences of your actions?

It is okay for you to steal, but not for you to suffer for your transgression?

Interesting.

Ok lets get on with your line of thought here, if you come and steal my food off of my table, in return I will rip your heart out. Sounds fair to me.

The punishment does not fit the crime here, it might be firm but not fair, and as someone already said two wrongs do not make one right.

is the license bound by the serial numbers? If I buy the software, but lose the number - and easily find another doing a web search and the end result is data loss - who is responsible?

You.

No

I am holding a legal and valid license to use the software. The llicense does not spell out malicious behaviour if an incorrect serial number is entered. It does not even note that I have to enter the number given.

I see how this can be very hurtful to a developer.


Show me. Show me one solid figure that says: This developer lost $xxxx in sales due to piracy. We all *assume* developers lose money, but I know for a fact that some developers have benefitted from it.


Sure I have entered them wrong. That's the thing. Just by enetering a wrong key you don't get a hard reset. What are the actual chances that you will enter the pirate key by mistake? I would say about no chance(of course this is all based on the actual number of keys handed out).


The only way to prevent it from happening is to make the 'pirate' codes obviously different from the 'real' codes, to prevent people from accidentally entering them. Example:

123456 is a pirate code
122456 is a real code

- you can't do this. The laws of probability mean that sooner or later, someone would enter the pirate code. But if you make the pirate code something like abcdefg, pirates would spot it in a second and fix it.

And what's worse: the developer would need to put the code out there for people to use. Where I come from **that's called entrapment!**

I could sue the developer straight into jail and or bankruptcy for that, not to mention all the lost revenue and damages due to property destruction, etc. etc.

Yes, I am slightly overreacting, but we all need to think very carefully about where sofware piracy and the measures against it are going.

I have a 1.49 version around, and if anyone likes to analyze it, let me know. It is a trial version, so I suppose mailing it out should be OK. Also it is not too hard to find the leaked serial code. (simple Google search will do it). So if some of you don't mind a risk of hard reset, why don't you try it and tell everyone the truth?
Well that is what I have been doing (I mentioned the Google search a couple of pages before), and I can confirm: with a stolen serial number, while PM 1.49 would still register, entering it in PM 1.50 would hard-reset, without a warning, your device, and wipe out all data - no matter what Anton is trying to claim now.

Since some die-hard Anton lovers still cry for "PROOF", why don't you try this:
1. Google for [removed by JJP on 2/5/05]
2. Second hit or so is some dubious link that points to a thread displaying various numbers. Go down until you come to the post by "Franchiser" dated 10.05.2004 - 23:21. He is mentioning a particular number starting with 52. Try entering this one in PM 1.50 (not 1.51!) and hit register.
3. Make sure to have a complete data backup ready!

So much for Anton's petty claim that this all has been some "organized attack" against his person.

Btw, although I don't understand a single word Russian, it is obvious that they mention the word "hard reset" a couple of times, although this thread dates back in May 2004! So forget that B*S about a recent campaign against Tomov -- his actions aren't new.

Post edited by JJP 2/5/05 to remove potential serial link, contact me for "proof"

Interesting:
http://www.mobileread.com/forums/showpost.php?p=14498&amp;postcount=19

Frank Garci, Mr Tweaks2k2, why don't you continue defending Tomov for your own cause? It is very amusing and wonderful what hidden secrets Google can reveal.

Thanks for pointing this out siliwiz.

I saw references to Anton's confirmation in a few places in this forum, however, nobody else mentioned that Anton modified the "quote" from Alexander in his response.

The original post from Alexander was:

Anton, just to clearify this and to avoid any misunderstanding: can you guarantee that there is not - and has never been - any malicious code in Pocket Mechanic that would under any circumstances hard-reset my device without a warning?

Note: I made the relevant part bold

The response from Anton was:

Quote (Alexander @ Feb. 04 2005,17:21)
Anton, just to clearify this and to avoid any misunderstanding: can you guarantee that there is no malicious code in Pocket Mechanic that would under any circumstances hard-reset my device without a warning?
Yes, I do confirm that there is no such code (and I am speaking of the latest version 1.51).

He actually reworded the "quote" to remove "and has never been" in his response.

Nice bit of detective work jaddison. This did it for me. Anton did it and he's trying to cover his a$#. It seems to me as though the only question now is do you think his response is reasonable. I don't! As such, I will NEVER knowingly purchase his products again. If you think his response is reasonable, then buy all means continue to support him. I must admit that his products are good. I just can't support or condone this type of over-the-top malicious behavior.

I applaud you all for keeping this discussion civil! Let's make sure that we keep away from any kinds of personal attacks against anyone...

Thanks!

Well that is what I have been doing (I mentioned the Google search a couple of pages before), and I can confirm: with a stolen serial number, while PM 1.49 would still register, entering it in PM 1.50 would hard-reset, without a warning, your device, and wipe out all data - no matter what Anton is trying to claim now.

Since some die-hard Anton lovers still cry for "PROOF", why don't you try this:
1. Google for [removed by JJP on 2/5/05]
2. Second hit or so is some dubious link that points to a thread displaying various numbers. Go down until you come to the post by "Franchiser" dated 10.05.2004 - 23:21. He is mentioning a particular number starting with 52. Try entering this one in PM 1.50 (not 1.51!) and hit register.
3. Make sure to have a complete data backup ready!

So much for Anton's petty claim that this all has been some "organized attack" against his person.

Btw, although I don't understand a single word Russian, it is obvious that they mention the word "hard reset" a couple of times, although this thread dates back in May 2004! So forget that B*S about a recent campaign against Tomov -- his actions aren't new.

Thanks for the info. I proposed that because I felt many posters were still debating on the existence of the hard reset code (which obviously was there and can be easily verified by trying themselves) rather than the propriety of such activity itself.

Post edited by JJP 2/5/05 to remove potential serial link, contact me for "proof"

Thats enough for me. I won't be using his software anymore.

Thats enough for me. I won't be using his software anymore.

I trust Anton 100% and will continue to use his software.

Frank Garci, Mr Tweaks2k2, why don't you continue defending Tomov for your own cause? It is very amusing and wonderful what hidden secrets Google can reveal.

He already admitted he did this at one time - back in page 5 of this very thread:


Big mistake. Currently none of my programs have any kind of hidden bomb against pirates. I have to admit that I did something like that in the past but my betatesters and support team convinced me that there were other and better ways to fight.


(just in case anybody missed it and starts another crusade against ctitanic)

Thats enough for me. I won't be using his software anymore.

I trust Anton 100% and will continue to use his software.

Ditto. And, if anyone loses a serial number, rather than Googling for a pirate key, all you have to do is email him directly. He's one of the most responsive developers I've dealt with.

:soapbox:

This thread is a great example of the way the modern society emphasizes a cult of victimization. Rather than seeing that some deadbeat would get clobbered for using a stolen key, people whine that an unscrupulous developer is sneaking around trying to sabotage their devices? Give me a break. If you're not breaking the law, you're safe. End of story.

Rather than seeing that some deadbeat would get clobbered for using a stolen key, people whine that an unscrupulous developer is sneaking around trying to sabotage their devices?

Why is it that there is always someone who accuses others of whining simply because they express a different opinion? There's no whining here, only a group of adults debating a subject. 18 pages and very little name-calling. Makes me proud to be a part of the community. No whining, just discussion.

If you're not breaking the law, you're safe. End of story.
I never advocate attacking a developer unfairly, and in fact I went out of my way to word my post as such. However, I disagree with this. While piracy is a real problem and it needs solutions, there are those approaches that go too far, and I think it's a fair subject for discussion and criticism where appropriate.

One of my favorite weblogs is Ed Foster's Gripelog (http://www.gripe2ed.com/scoop/), and it's rife with stories of how people legitimately bought software and were unable to actually use it for one reason or another. For example, this article (http://www.gripe2ed.com/scoop/story/2005/1/13/2191/36692) particularly disturbed me. As a consumer, you can be treated unfairly even when following the letter of the law.

The fact we've discussed the subject may or may not have anything to do with the fact that Anton's latest version doesn't contain it. I applaud him nevertheless for ensuring that this policy isn't in place, and I stated as such on an update on the initial post, but I can understand why some consumers still feel a little uncomfortable.

--janak

I wasn't referring to either Janak's posts or attacking anyone for expressing a different opinion. I was attacking the specific implication that the developer is somehow irresponsible or unethical for putting in place a mechanism that would be activated only in the case of an existing pirated key.

I have to agree, I think piracy is bad, but the destruction of someone's data to prove a point is a destruction of private property and a criminal offense. Secondly, a software company tried a tactic similar to this many years ago, in the pre-Windows days, that company was Lotus Development Corporation and the program was 1-2-3. Once the software was installed, the installer would ask for the first disk one last time and then erase several pieces of information from the disk, making it impossible for even a legimate user to re-install the application, all done without the users knowledge until they needed to re-install 1-2-3. Lotus Development paid dearly for that little trick from what I recall.

I would recommend that anyone thinking of such a tactic to combat priacy of their software, think twice and consult a lawyer. Using one wrong, destruction of someone's private data, used to combat another wrong, piracy, does NOT make piracy go away, but could cause the developer a ton of legal headahces in the end.


Just my 2 cents.

From all the comments I have seen here and in other locations it's plain to me that what makes consumers uncomfortable is the lack of trust. Trust that a developer would take such tactics when many consumers don't like them (as evidenced by this whole brouhaha). Trust that the developer is competent enough to implement them in such a way that legitimate customers will NEVER be impacted by this move. Trust that corporations who often have little control over what employees do with their corporate licensed devices will not have a huge mess on their hands when they find themselves on the wrong end of this mechanism.

This is not a crusade, in fact I'm not referring to this particular case, it is instead evident that consumers by and large are not happy when things like this are put in place. I remember last year when a Symbian based "virus" was dialing a phone number in the EU (unknowingly) and ran up thousands of dollars in false charges by using the same principle of protection that we're talking about here and consumers found out it was a s/w developer checking for unlicensed copies of his program.

People for whatever reasons do not like these things and the developer always ends up worse for wear.

Disabling the software is plenty. You don't have to delete data. Further you let people know when they buy it that if they use a bad serial it will be disabled. I call it being upfront.

As a developer myself, I can see what Anton is trying to do, but as stated in all the other posts, there are other ways.

One post mentioned that he got an ego-boost when he found a crack on the net for his program. I look at it the same. People who use cracked software, will continue to do so, and will never [purchase your software anyway. The thing is, people who use cracked software do show off the software to others, and spread the word. Free advertising.
For loyal consumers, piracy can also be a good thing because the developper will have to do something with his software to justify an update so the crack/key does not work anymore, resulting in better, more advanced software, that gets cracked again and again.

The other thing in regards of PPC software is the current pricing of applications. Sure, things cost a lot of money, but for some applications, no matter how good they are, is it really necesary to charge $30?

PPC's have a lot of functionality, but it it going the same way as the gaming industry? People already pay a fortune for a device, and then an additional fortune for applications to run on it.

At least with console systems, you get the hardware for a cheap price and they use the sales of the games for getting the money out of it.

The main reason for the cracks to appear, in my opinion, is because of the prices of the software.

A few years ago, it was so cool to have AutoCAD on your PC. few people actually used it, but because it was one of the most expensive programs availiable, numerous cracked versions were availiable. Even the Dongle system used for those kind of programs is cracked in no-time, so no matter how good you try and protect your program, it will always be cracked, if it's worth the effort at least.

Making an aliance between developpers is a good idea as well, but on mobile devices, what will that do to performance of the program, how are you going to deal with upgrades of software etc etc.

Maybe to make a start with the aliance, look into a combination of options only availiable when both apps are installed.
in case of tweaks2k2 and hackmaster for example, add some additional features if hackmaster is detected. Combining multiple apps, for extra functionality, and maybe even a bundle sale for a little less money, might reduce the amount of cracks.

I'm not saying that cracks are legal to use, but basicaly they are there, and they will always be there. If some developper puts in some malicious code to mess up a device if a wrong code is entered, fine by me, but Anton, do you really think that if crackers can hack your program, they are not also able to disable that part of the program as well?

(Most likely they will just write a small wrapper of some sorts around your program to block the call to the hardreset, and let everything else go through)

Just my two cents.

I mentioned my suspicions that installing to card may have been the problem. I purchase the product from handango and downloaded and installed. No warning about not loading to card or anything like that. Was I supposed to go to a web site and find that out ? Other software that doesn't work off a card won't allow it to be installed there. In any event I sympathize with a developers dilemma of trying to keep the code base to reasonable size so error checking will have its limits but for the low level stuff extra care is required as the damage can be great. I'm a developer, currently involved in getting software compliant to Sarbanes-Oxley and the stress is that no damage can be done before it even gets to the security level. I still think there was too much carelessness here. There was no warning in the purchase , download, install flow as to method or potential danger of installation. I wasn't careful enough. Neither was the developer. I'm paying him not thc other way around.

Not to beat a dead horse, but in my installers for PM from v1.48 and up, there's a warning, in capital letters, not to install the app to a card -- that it has to be installed to main memory (see screen capture, below). I'm no programmer, but I know that if you install via the standard AStink method, you always get asked whether to install to an alternate location. Not sure whether he could've disabled that option, but I don't really see a reason to when the warning's placed front and center...

http://members.cox.net/mdonatello/PM_Warning.JPG

Well, I speak Russian fluently so I trawled through that thread that was linked to previously...it's nothing less than a battle between Anton and several crackers with keygens and too much time on their hands. It is quite apparent that more than one serial number causes a hard reset. It also seems that hard resets are not too uncommon even with known good serial numbers (ie a pirate serial tested to work). It also appears to be linked to registry entries from previous versions...

It made me laugh, that full-scale interactive software piracy (man I wish some software support was as good as these guys were giving) was being cheerfully conducted, but the mods still admonished users for profanity, citing the forum rules...

Any more Russian detective work, let me know...I don't think we're being given the full story here. I don't use Pocket Mechanic and have no need for it or axe to grind about it particularly, but I enjoy a good mystery.

J'bm

Rather than seeing that some deadbeat would get clobbered for using a stolen key, people whine that an unscrupulous developer is sneaking around trying to sabotage their devices?

Why is it that there is always someone who accuses others of whining simply because they express a different opinion? There's no whining here, only a group of adults debating a subject. 18 pages and very little name-calling. Makes me proud to be a part of the community. No whining, just discussion.
DITTO - Very nicely put :D

Jeff-

The ultimate irony...elsewhere on the forum they are whining about getting themselves organized with their hundreds of serial numbers, and some helpful soul uses a cracked copy of ListPro to create a list which he then uploads to an ftp site...

The scale of this is quite amazing, even for me, and I lived in Moscow for 12 years. Even massively obscure applications, like a medical one dealing with care procedures for patients with HIV, have been cracked or have serial numbers provided.

J'bm

What are the actual chances that you will enter the pirate key by mistake? I would say about no chance(of course this is all based on the actual number of keys handed out)... Well I would hate to be the winner of this Lotto.

Your comparison of blowing someone away for software theft is so wrong it isn't funny....The analogy was not in any way meant to mean blowing people away it was blowing away people's data which could be akin to blowing away a person's business.

Your Symantec comparision is bad to. We are talking about a known piracy code not failed authorization.I didn't see any mention of 'piracy code' in the thread. I was under the impression that we are talking about key cracks which are not the original keys that were sent with the software. Call it what every you want - software activation or autorization it would all still be handled in a validation routine that the developer writes where he checks among other things a registration code.

This is all moot anyway. It has been confirmed by Anton that the code does not exist.Read on further in the thread.....

IMHO - It's very bad that software piracy is so prevalent. Especially when PPC software is so cheap (compared to desktop software). It's down right stealing. It's the same thing as walking into a store and taking something without paying. But for a developer to think that he can blow away someone's PPC is not right he could have disabled it just as easily and as I said before it smells of a hot tempered person mixed with a lot of road rage.

...try this:
1. Google for [removed by JJP on 2/5/05]
2. …
:google: You da man.

Jeff-

Post edited by JJP 2/5/05 to remove potential serial link, contact me for "proof"

...try this:
1. Google for [removed by JJP on 2/5/05]
2. …
:google: You da man.

Jeff-

You are actually congratulating someone for finding a pirate code? That's just way wrong! I am also amazed that the moderators here have left it up like this.

If you pirate you deserve what you get(yes this means a hard reset).

Post edited by JJP 2/5/05 to remove potential serial link, contact me for "proof"

You are actually congratulating someone for finding a pirate code? That's just way wrong!
You completely misunderstand. He's referring to the fact that Jeremiah was able to reproduce -- and prove -- that a hard reset function existed in v1.50.

I am also amazed that the moderators here have left it up like this.
There is no link there -- just text that one can search via Google. And, considering that the code listed on a linked site from that search doesn't work in any meaningful fashion in the latest versions of Pocket Mechanic, piracy isn't being aided or abetted...

--janak

You are actually congratulating someone for finding a pirate code? That's just way wrong!
You completely misunderstand. He's referring to the fact that Jeremiah was able to reproduce -- and prove -- that a hard reset function existed in v1.50.

I am also amazed that the moderators here have left it up like this.
There is no link there -- just text that one can search via Google. And, considering that the code listed on a linked site from that search doesn't work in any meaningful fashion in the latest versions of Pocket Mechanic, piracy isn't being aided or abetted...

--janak

Maybe not in version 1.51 but it does work in version 1.49 now doesn't it. This gives anyboday access to version 1.49. So yes it it is being abetted. True there is no link but how much easier can you make it for someone then to give them the exact text to type in.

...try this:
1. Google for [removed by JJP on 2/5/05]
2. …
:google: You da man.

Jeff-

You are actually congratulating someone for finding a pirate code? That's just way wrong! I am also amazed that the moderators here have left it up like this.

If you pirate you deserve what you get(yes this means a hard reset).

Agreed on all points.

As for the hard resets, I would think a good thief would have a pirate-backup handy :wink:? So what's the fuss?

Post edited by JJP 2/5/05 to remove potential serial link, contact me for "proof"

As for the hard resets, I would think a good thief would have a pirate-backup handy :wink:? So what's the fuss?

That is absolutly true. :lol:

Maybe not in version 1.51 but it does work in version 1.49 now doesn't it. This gives anyboday access to version 1.49. So yes it it is being abetted. True there is no link but how much easier can you make it for someone then to give them the exact text to type in.
Okay, fine. I went through the last three pages and edited every instance out (including, may I add, your quote which contained the same text). I hope everyone's happy now... :?

And just for completeness' sake, if anyone now claims there isn't sufficient "proof", PM me and I'll give you the relevant information. I just can't win...

--janak

I just can't win...

You're a winner in my book http://www.wiggster.com/images/bigthumb.gif Good job moderating.

I didn't get such a message. BTW - I'm on a prior release (1.48) as I bought it in November, I believe. It worked OK for a while as it has for many others who installed it to card. I don't care to install it again as I really didn't need it. I buy a lot of software to save myself the time of writing it myself, keeping to my strong suite (more money obviously) but I've developed my own home brew to do the jobs that I used his software for. Glad that it's working for you. The point here is first do no harm. If there is a danger of any substance installing to card, prevent such installation.



I mentioned my suspicions that installing to card may have been the problem. I purchase the product from handango and downloaded and installed. No warning about not loading to card or anything like that. Was I supposed to go to a web site and find that out ? Other software that doesn't work off a card won't allow it to be installed there. In any event I sympathize with a developers dilemma of trying to keep the code base to reasonable size so error checking will have its limits but for the low level stuff extra care is required as the damage can be great. I'm a developer, currently involved in getting software compliant to Sarbanes-Oxley and the stress is that no damage can be done before it even gets to the security level. I still think there was too much carelessness here. There was no warning in the purchase , download, install flow as to method or potential danger of installation. I wasn't careful enough. Neither was the developer. I'm paying him not thc other way around.

Not to beat a dead horse, but in my installers for PM from v1.48 and up, there's a warning, in capital letters, not to install the app to a card -- that it has to be installed to main memory (see screen capture, below). I'm no programmer, but I know that if you install via the standard AStink method, you always get asked whether to install to an alternate location. Not sure whether he could've disabled that option, but I don't really see a reason to when the warning's placed front and center...

http://members.cox.net/mdonatello/PM_Warning.JPG

I just can't win...

You're a winner in my book http://www.wiggster.com/images/bigthumb.gif Good job moderating.
Yeah your definately first place. BTW that's a cool Emoticon. Maybe JP should add it to the PPCThoughts collection (next to Google of course :wink: )

Jeff- I'm trying to stay on topic but it is a cool Emoticon 8)

To sum up -

- That there was some process that caused a hard reset, based on pirated codes, and not just one as stated by Anton, is really by now irrefutable. The only other possibility is that the software has a major bug and this is a coverup, but that's a little out there.

- I would suggest that most people posting are doing so based on principle rather than reality - which always leads to emotive and extended debate. If it actually happened to you - well, busted, really.

- Is it morally acceptable to insert this kind of anti-piracy measure? No, not ever, no way. Is it legal? Untested, even with a EULA covering you. EULAs themselves are quasi-legal.

- Anton should realise that, as with many things, annoying his paying customer base with this kind of thing will not pay dividends, and will not change the perceived loss of earnings attributed to piracy. If it hasn't been already, I am sure that any anti-piracy measure will be circumvented imminently by people for whom it is simply a hobby.

- It has been proven it many instances, not just software sales, that a trust-based model is the most effective method. Any kind of registration system, identification routine etc should be acknowledged at best as a way to prevent casual abuse (here, piracy) and nothing more. By adding any kind of preemptive measure, you are implicitly stating you do not trust your customers and that will lead to losses as people make their decisions based on principle (see above). Not to mention the time and money lost in effective policing (vis Ctitanic's comments on mailing out 1000s of new registration codes).

- This is really a revenge thing...

J'bm

I think this thread is starting to get a bit off-topic, so I'll put in a friendly reminder now. After reading the last 3 pages, we've basically gone from "Is it right to punish pirates" to "We're promoting piracy by saying...". Janak removed the relevant search terms, we're not advocating piracy here, lets get back to the issue we started with.

That being said, I really don't see any solution that could ever be had for the whole piracy problem.

* If Anton decided to require periodic verification of people's serials for blacklisting, some would be upset that they needed to be 'checked' every so many days (and then their are those who would want the program to do it quietly in the background, others who would want it done out in the open).

* If Anton decided to implement an activation scheme, we'd have debates over his activation server eventually going down. Anton (and many other developers) probably don't even have a dedicated server that they could run a custom activation script or server on)

* If Anton required people to download a new copy every x days, we'd hear how this is way to much of a hassle for users who bought the software.

* etc. etc.

I guess when it comes down to it, we're forced to make a decision:

* put up with pirates (not advocating or endorsing, but not attacking).

* Foster an internet where people are, in essence, guilty until proven innocent ( When you think about it, that is what activation basically assumes: we're assuming you're using a pirated copy until you prove to us that you bought it legitmately by activating)

* Foster an internet where people are innocent until proven guilty, but in essence, this is the same as a time before activation.

* Actively advocate piracy (not likely...)

Which would you want to see?

BTW that's a cool Emoticon. Maybe JP should add it to the PPCThoughts collection (next to Google of course :wink: )
We already have :way to go:... ;)

I guess when it comes down to it, we're forced to make a decision
The problem is that not only do developers have a different perspective on this than users, the size of the developer has a big difference. If you're writing code yourself for a small group of people and see it pirated, it's demoralizing -- the marginal cost of losing one copy in 500 is very different than one copy in 5,000,000 (or even 10,000 in 5,000,000).

I can speak for myself: I personally dislike overcontrolling anti-piracy measures, ranging from software activation to hard resets. For Pocket PCs, reg codes tied to a device ID (not hardware ID -- but rather device name) seem reasonable, based on my experience -- it allows portability, but at the same time prevents widespread piracy (a pirate won't be able to use 5 different codes for 5 different handhelds, although I guess one pirate could generate codes for "0wn3zJ00" and share it with all the pirate buddies who don't mind calling their Pocket PCs that).

--janak

...Which would you want to see?
I don't think that any type of activation or registration is bad and it will keep a cap on casual copying of software. Any of the schemes that you mention that might become a hassle is really relative and depends on how much a person is willing to put up with. It's a trade off when we have to protect both the developer and the consumer.

So far I don't remember running into a bad scheme although Symantec comes close but that's really because of a customer support issue where you end up telling your tale of woe to an endless list of people until you give up.

I do have some chess games though that ask for the CD every once in a while. The biggist hassle I have with that is that I can't put the CD away and when I do I can't find it again so easily. After searching for it my room is a mess. I might find it annoying at times but I would definately buy the programs again. Some people don't want to put up with that but I don't find it that annoying.

But I do know that I don't need any type of scheme that sends my PDA south. :evil:

Jeff-

... For Pocket PCs, reg codes tied to a device ID (not hardware ID -- but rather device name) seem reasonable, based on my experience -- it allows portability, but at the same time prevents widespread piracy...
Tying a reg code to a hardware ID is a definate pain. But you don't see that too much anymore. I did have a piece of software that registered to a hardware ID and when I upgraded the PDA I couldn't bring over the software. I did speak to the developer and he was willing to give me another key but the upgrade version did away with that scheme and went to a registration that works with the device name.

Working together alway brings results. Most developers want to get along with their customers and I'm sure the customers want to also. I haven't heard of any stats about how much software is stolen in the PPC world and it would be interesting (eye opening) to hear. I still find it hard to understand why someone would steal something that cost $10 or $20. Unless the PDA was also stolen :?

Jeff-

Because they can.

Yowza, that's not good. There is a reason PC developers don't do this.

Yeah, it was customary only at the eighties / the very early nineties to do this. After that, no developer resorted to actions like this, and even, most hardware-based dongles (which were also a pain in the neck) have disappeared.

What are the actual chances that you will enter the pirate key by mistake? I would say about no chance(of course this is all based on the actual number of keys handed out)... Well I would hate to be the winner of this Lotto.But like every lottery with enough tickets distributed: it seems we do have a winner :(

In response to a similar topic on our board (www.pocketpc-club.nl), a member responded he just saw that happening to him. To quote him exactly:ik heb pocket mechanic geinstalleerd met een verkeerde key (typo) en was dus hard resetBasically he explains he made a typo and got a hard reset. Although unlikely, it is murphy's law to make sure it happends. If this is true, Mr. Tomov has a very serious problem (i have not been able to verify this members report in person, i have to take this persons word for it i'm afraid).

AFAIK, Under Dutch and European Law Anton Tomov is fully liable for all consequences and could be sentenced to a maximum 6 years in jail for the crime of creating software that sabotages a computer and destroys electronically stored data (Article 162sexies Sr. lid 2 of the Dutch "Wetboek van Strafrecht"). Since the EULA does not mention this potential penalty explicitly and it is a crime to do so, he can not hide behind the EULA. Reading this discussion and seeing some evidence presented in MobileRead (as in reverse compiled code) this case is a open-and-shut case......

Jaap

PS: To access the PocketPC-club.nl a registration is required. Please PM me if you want access and i will give access through a dedicated account in order not to mess up our member database......

If an invalid code is entered then the program sends an email to the developer to "support" someone who is having trouble with a code. Although this would have to be worded right in the EULA so as not to be illegal sending of personal data.

The others may correct me, but I don't think it's possible/legal either. For example, Blizzard did the same with Starcraft's Battle.net codes early 1998, just after the release of the game. (Of course, they didn't tell anyone they would send out sensitive info.) The resulting scandal was enormous. I don't think they would have been able to avoid the scandal by putting this into EULA.

What are the actual chances that you will enter the pirate key by mistake? I would say about no chance(of course this is all based on the actual number of keys handed out)... Well I would hate to be the winner of this Lotto.But like every lottery with enough tickets distributed: it seems we do have a winner :(


Has any legal user, that did not go out find a pirate code then install it, had any problems? Is there any report of any suffering a hard reset that did not intentionally place pirated software on their device? I have heard of nothing so far.

Seems blown way out of proportion to me.

If an invalid code is entered then the program sends an email to the developer to "support" someone who is having trouble with a code. Although this would have to be worded right in the EULA so as not to be illegal sending of personal data.

The others may correct me, but I don't think it's possible/legal either. For example, Blizzard did the same with Starcraft's Battle.net codes early 1998, just after the release of the game. (Of course, they didn't tell anyone they would send out sensitive info.) The resulting scandal was enormous. I don't think they would have been able to avoid the scandal by putting this into EULA.
Exactly.

Plus, in many European countries EULA's are worth nothing when it comes to legal claims afterwards. It was decided that a user's mouse click is not the equivalence to a user's personal signature.

What are the actual chances that you will enter the pirate key by mistake? I would say about no chance(of course this is all based on the actual number of keys handed out)... Well I would hate to be the winner of this Lotto.But like every lottery with enough tickets distributed: it seems we do have a winner :(
Has any legal user, that did not go out find a pirate code then install it, had any problems? Is there any report of any suffering a hard reset that did not intentionally place pirated software on their device?You just did (read the rest of the post please!). The user Linux_freak made a report on our board that he made a typo with his legitemate key and got a hard-reset.

Jaap

In response to a similar topic on our board (www.pocketpc-club.nl), a member responded he just saw that happening to him. To quote him exactly:ik heb pocket mechanic geinstalleerd met een verkeerde key (typo) en was dus hard resetBasically he explains he made a typo and got a hard reset. Although unlikely, it is murphy's law to make sure it happends. If this is true, Mr. Tomov has a very serious problem (i have not been able to verify this members report in person, i have to take this persons word for it i'm afraid).

AFAIK, Under Dutch and European Law Anton Tomov is fully liable for all consequences and could be sentenced to a maximum 6 years in jail for the crime of creating software that sabotages a computer and destroys electronically stored data (Article 162sexies Sr. lid 2 of the Dutch "Wetboek van Strafrecht"). Since the EULA does not mention this potential penalty explicitly and it is a crime to do so, he can not hide behind the EULA. Reading this discussion and seeing some evidence presented in MobileRead (as in reverse compiled code) this case is a open-and-shut case......

Jaap

PS: To access the PocketPC-club.nl a registration is required. Please PM me if you want access and i will give access through a dedicated account in order not to mess up our member database......

Hmm, missed that part before. If this is true and I do mean if, it is going to be very hard to prove that it was Pocket Mechanic and only Pocket Mechanic that caused this.

The next question for me, as I don't read Dutch, was Pocket Mechanic installed to the right location? Or, like others, was it installed to a flash card where it is not suppossed to be? Being a beta tester for lots of stuff proves very quickly that this stuff can happen when you don't install like your suppossed to.

If this is true and I do mean if, it is going to be very hard to prove that it was Pocket Mechanic and only Pocket Mechanic that caused this.Well,

Basically you are questioning about the causal effect here, which is a quite valid question. However, i'm going to compare his key with the illegal key (having to fid it, but with the info provider here it should not prove to be much of a problem), and see if Typos are plausible......

Jaap

it is going to be very hard to prove that it was Pocket Mechanic and only Pocket Mechanic that caused this.

Well, over there at the linked forum some people have installed 1.50 on their freshly hard reset, therefore, "clean" PPC and entered the pirated 1.49 reg. code. Pocket Mechanic hard reset the machine at once.

To sum up -

- That there was some process that caused a hard reset, based on pirated codes, and not just one as stated by Anton, is really by now irrefutable.

&lt;snip>

- It has been proven it many instances, not just software sales, that a trust-based model is the most effective method. Any kind of registration system, identification routine etc should be acknowledged at best as a way to prevent casual abuse (here, piracy) and nothing more. By adding any kind of preemptive measure, you are implicitly stating you do not trust your customers and that will lead to losses as people make their decisions based on principle (see above). Not to mention the time and money lost in effective policing (vis Ctitanic's comments on mailing out 1000s of new registration codes).

- This is really a revenge thing...

J'bm

Well said.

:soapbox:

I'm a software developer, and registered user of Pocket Mechanic ...um...v1.49 &lt;just caught this thread...YIKES!!!>.

Funny thing is, Microsoft was one of the companies back in the olden days when I was a lad who refused to copy protect their software on the basis that it would inflict grief on their legitimate, paying customers. This was back in the DOS days...v3.x maybe? A lot of the companies who tried floppy disk copy protection back then (products such as Lotus 1-2-3, and dBASE)...where are they now? Not to say this is the cause of their decline in polularity, but at least it probably didn't help.

I remember reading an article that summed up what was learned from the copy protection days...a Ziff publication I think. We learned that copy protection does not prevent privacy, but to the contrary actually encouraged it; the theory being a legal user lost their legitimate copy because their new puppy got hold of the disk, for example. Out of principle protest the user cracks the protection and is so proud of his accomplishment, he gives copies of the software to all his friends. -- Really rough example there, but during the time that companies were all removing their floppy-based protection methods, this was the kind of article you'd find.

I think it was Microsoft, too, who made a statement something along the lines of, "piracy is an inevitable aspect of doing business in the software industry" and even made a statement something like "we hope that when the illegal user can afford to pay, they will". There was actually heart in thier decisions back then.

This, as I recall, marked the beginning of massive growth for Microsoft. I don't have the hard facts or actual quotes handy anymore, who would have thought copy protection would resurface? But I do remember being a big Microsoft fan back in those days and the reason for that was no doubt because they were one of the few of the larger companies who valued trust over profit.

My how times have changed MS. I loathe XP because of the copy protection. I ripped it off my Dad's system when his computer "got mupped" [endless reboots as soon as mup.sys was loaded] and installed an ILLEGAL COPY of W2K to get his system back up. I think Dad added one new USB device too many...maybe a web cam, I forget now. But the copy protection mechanism had a bug in it and his system along with his data was toast. We couldn't even boot to CD and refresh. [google "mup.sys" for 4K hits most of which are probably about the muppage].

A case in point: Intuit tried to copy protect their Turbo Tax product a couple years ago (I worked for the company at the time). Tom Allanson was the Sr. Vice President in charge of the activation project and had to step down as a result of lower revenue during what is typically their best quarter. The revenue decline was clearly due to the fact that customers were buying H&amp;R Block's Tax Cut product instead, which was not copy protected. Had anyone at Intuit asked any of us who had been in software development for 10 or so years, we would have recommended staying clear of copy protection, and could have offered some solid albeit dated data to support that decision. Intuit does not have the monopoly that Microsoft has and they just can't get away with it. Furthermore, I assert that Microsoft will continue to lose ground to alternative Open Source solutions as a result of their selective amnesia about copy protection, and similar consumer unfriendly decisions that are being made these days.

Understand, I have written code exclusively for Microsoft operating since starting my software development career over 13..14..umm MANY years ago. This isn't coming from someone who wants to see them lose market share.

To tie all this back to the thread: the industry learned lessons years ago that we have apparently forgotten. The principles behind what was learned, unlike the technology they tried to protect, haven't changed over the years. And copy protection being the bad idea it is, how much worse is it to have malicious code in your program that even remotely stands a chance of infuriating your very source of income?

Mike Welch
Dallas
...posted in the wee hours of the morning...pardon the grammatical errors

I'm going to have to check the results of this thread. You'll have to venture on the other side of the proverbial tracks, but it's a good question. Might be tricky if the device has a thumb keyboard [etc] and he was off home row, for example. But if the serial numbers are even CLOSE...I think this foobar will haunt Anton for a long time. He should have at least changed the sequencing! -- and that's assuming he was right in the first place -- which as a registered user with the older version -- I strongly protest!!! :crazyeyes:


If this is true and I do mean if, it is going to be very hard to prove that it was Pocket Mechanic and only Pocket Mechanic that caused this.Well,

Basically you are questioning about the causal effect here, which is a quite valid question. However, i'm going to compare his key with the illegal key (having to fid it, but with the info provider here it should not prove to be much of a problem), and see if Typos are plausible......

Jaap

Interesting:
http://www.mobileread.com/forums/showpost.php?p=14498&amp;postcount=19

Frank Garci, Mr Tweaks2k2, why don't you continue defending Tomov for your own cause? It is very amusing and wonderful what hidden secrets Google can reveal.

Jeremiah, I have said openly here that about two month ago I released a KeyGen with a hard reset code inside in warez sites. I came openly I said about that in a Spanish Forum, there was a huge discussion about what was the best thing to do. My argument on that moment was that I did that trying to avoid a change in the registration procedure where all users had to register their legal copies again. The discussion about what to do against piracy (including hard resets) have been around developers since more than two years ago, AFAIK.

I don´t have anything to hide. I´m defending the not just Anton, I´m defending developers whose software have been cracked and they don´t have anywhere to go to claim for help. There are not laws to protect developers because Internet is a land with no laws due to the lack of frontiers, what is illegal in USA could be legal y other countries so warez sites are based in countries with no laws againt pirates.

That spanish site is attacking me saying that I´m trying to create an alliance within developers to include a hard reset code in all our programs. THAT´S NOT TRUE. That´s why that site does not have any of my respect.

I´m trying to organize an alliance between developers where we can share information about ways to fight piracy, we can share information about what software have been cracked and using what method.

I also pushing to use a method where developers detect warez not just only in their programs but in the other develope´s programs and once a warez is detected all programs of the members of the alliance wont work until the warez is removed.

This seems to me a fair none destructive method.

what else do you want to know Jeremiah?

...try this:
1. Google for [removed by JJP on 2/5/05]
2. …
:google: You da man.

Jeff-

You are actually congratulating someone for finding a pirate code? That's just way wrong! I am also amazed that the moderators here have left it up like this.

If you pirate you deserve what you get(yes this means a hard reset).

Post edited by JJP 2/5/05 to remove potential serial link, contact me for "proof"

well, that´s the kind of reaction that I´m sure that Anton had when he inserted that antipiracy procedure ;)

Interesting:

http://news.com.com/2100-1023-945923.html

Interesting
More disturbing than interesting. The sad part is there are lots of legitimate apps for P2P sharing, but its name is being sullied because of cheapskates. And if they have remote control of our PCs, I can't help but think of the long-term effects.

--janak

Interesting
More disturbing than interesting. The sad part is there are lots of legitimate apps for P2P sharing, but its name is being sullied because of cheapskates. And if they have remote control of our PCs, I can't help but think of the long-term effects.

--janak

Well, that´s the moment where piracy just not only affect developers but users. Because of the warez I had to change the registration procedure and 1000s of legal users had to register their copies again with all the agravation that this may implied. But for some reason, some legal users think that this problem only affect developers ;)

Some people in the warez world seem to think that because a product is electronic it has been produced without effort or cost to a developer and they have no obligation to that developer. I've got to assume they're also perfectly happy to walk into a store and if they can walk out with something stuffed in a pocket are perfectly happy to do so. The world owes them whatever they want and the rest of us need to let them take it for free. Imagine yourself a store owner who comes out of the stockroom to find somebody emptying the cash drawer; we are talking about the same situation in electronic form.

Physical shoplifting has brought us the wonderful world of tagged merchandise. The theft of electronic intellectual property is going to end up bringing about some pretty ugly security measures that will impact all users and unintentional oversights will cause a great deal of grief. But theft is theft and the days of being able to click past a licensing agreement without reading it completely may be behind us. Put a warning in the agreement that unauthorized installation will result in system erasure and you're protected under most circumstances. it is truly sad that developers and/or distributors have to consider this in order to protect their compensation for work done.

what else do you want to know Jeremiah?
Like why do you take yourself so importantly?

Your product is a collection of registry hacks which could be collected from the web. Where is the innovation in this? Why should I even bother buying it if I knew that you were even ready to wipe out my PDA if it wasn't for the legal consequences?

Thank you very much, I have two developers on my blacklist (yeah, even we can have our blacklists!), and you make one of them.

what else do you want to know Jeremiah?
Like why do you take yourself so importantly?


jajajaja... 8) Sorry, you are the one making me so important. :D :D :D But of course, you cant even see that. :D :D :D :D

Guys, I am going to ask again that the discussion remain civil...

Steve

I also pushing to use a method where developers detect warez not just only in their programs but in the other develope´s programs and once a warez is detected all programs of the members of the alliance wont work until the warez is removed.
Hmm. I purchased Tweaks2k2, and am happy with it. But I feel strongly that it's nobody's business what applcations I choose to run on my machine. Yes, they're all legal. But it's still nobody's business to "peek".

Well, that´s the moment where piracy just not only affect developers but users. Because of the warez I had to change the registration procedure and 1000s of legal users had to register their copies again with all the agravation that this may implied. But for some reason, some legal users think that this problem only affect developers ;)
Yes... But I don't feel that I should be in danger of being punished because someone else did something illegal. And I don't think I should be monitored because someone else did something illegal.

That´s the whole point Kati, nothing that any developer can do seem to be right for everybody, well, but leaving other to steal from him ;)

That´s the whole point Kati, nothing that any developer can do seem to be right for everybody, well, but leaving other to steal from him ;)
The question is, will developers lose more money via pirates or losing customers? I'm really unhappy about the spying things that XP does. But I use it because anything else wouldn't be feasible for me (for now, anyway). But 3rd-party software? If I knew a particular piece of software was going to spy on me without my knowledge and informed consent, I would not purchase it. I would find an alternative, even if it was a little less convenient.

Where is the profit line? I'm not sure. But I, for one, would be a lost (paying) customer.

I'm fine with registration keys - preferably tied to *owner* name, not device ID, but I could see why device ID could be preferable. It's just that I'm not likely to re-use a device name, so moving to a new device would be a pain.

That´s the whole point Kati, nothing that any developer can do seem to be right for everybody, well, but leaving other to steal from him ;)
The question is, will developers lose more money via pirates or losing customers? I'm really unhappy about the spying things that XP does. But I use it because anything else wouldn't be feasible for me (for now, anyway). But 3rd-party software? If I knew a particular piece of software was going to spy on me without my knowledge and informed consent, I would not purchase it. I would find an alternative, even if it was a little less convenient.

Where is the profit line? I'm not sure. But I, for one, would be a lost (paying) customer.

I'm fine with registration keys - preferably tied to *owner* name, not device ID, but I could see why device ID could be preferable. It's just that I'm not likely to re-use a device name, so moving to a new device would be a pain.

it´s "spying" for you if my program check it self trying to find if it´s a legal copy? if it´s spying, them you have a lot of "spies" currently running in your PPC. is it "spying" if I check other developer program looking for an illegal copy? We wont send out side of your PPC any information ;) In another hand if we do that we are going to put a note in the readme files so everybody knows what is going on. But all this is just "talking" an alliance between developers doing that has many many things to be considered.

Anyway, what do you think we should do them Kati?

Ctitanic, you spoke of losing money from a chinese web site. The question is, how many of these chinese users would have paid for your software in any case. If your copy protection was foolproof, you may only get a few more percentage sales.

On the other hand, you will lose any sales to some-one who occasionally pirates software, as he will not want any software which will suddenly disable his (working) pirated software.

I believe price is the primary cause of piracy. If some-one can not afford the software, or dont think the price is value for money, but still want a feature, they will be tempted to pirate it. I think for pocketpc's the price-point is about $15 (for a western user at least), above which any software starts moving down the value for money curve. Its very difficult to justify paying $30 for any pocketpc software, considering the utility of the whole device. The value for money is just not there.

The best anti-piracy measure would be to lower the price of the software, and this would be a useful measure that your alliance of software developers could implement.

Surur

Ctitanic, you spoke of losing money from a chinese web site. The question is, how many of these chinese users would have paid for your software in any case. If your copy protection was foolproof, you may only get a few more percentage sales.

On the other hand, you will lose any sales to some-one who occasionally pirates software, as he will not want any software which will suddenly disable his (working) pirated software.

I believe price is the primary cause of piracy. If some-one can not afford the software, or dont think the price is value for money, but still want a feature, they will be tempted to pirate it. I think for pocketpc's the price-point is about $15 (for a western user at least), above which any software starts moving down the value for money curve. Its very difficult to justify paying $30 for any pocketpc software, considering the utility of the whole device. The value for money is just not there.

The best anti-piracy measure would be to lower the price of the software, and this would be a useful measure that your alliance of software developers could implement.

Surur


I've now seen people state this here in several different forms now. (Most commonly in the "anti-piracy stuff hurts sales more than it helps" form.)

There are no hard-and-fast rules about this stuff. The above is certainly true in some cases.

However, it's not true for most cases. A large number of developers have sold their software at different price points, and with and without anti-piracy code.

The general findings?

The best price point for a program is the price point that potential customers expect it to be. (As opposed to where customers want it to be.) In many cases, raising prices increased the sales rate, sometimes dramatically, indicating a highly non-linear supply/demand curve. So you see, the problem isn't as simple as the prices are too high, so people then go pirate.

About the anti-piracy code, whether it works or not depends greatly on the target market, not the product. Markets with small sales numbers can, and have, seen sales rates jump by 10X or more by adding anti-piracy code. Typical mass market products with competition can, and have, see sales drops. Monopoly level mass market products often see sales increases. (MS didn't add reg-checks to XP to stop end users from pirating, they added it to stop another customer block from pirating. Small shop OEMs ship ~30% of PCs, and in the past were often the biggest Windows pirates.)

These devs are not adding anti-piracy code because they want to. It takes a lot of time and effort to add it, and it's not a "core" part of the product. Because most developers make small market products, they add anti-piracy code because it works.

twalk, you sound very knowledgeable. The question is then simply, what is the important factor: The number of copies circulating, or the number of copies sold. Its only if the second goes up that all the measures are worthwhile.

Of course setting a price can be very complex (one only needs to look at diamonds) but in the end it all comes down to perceived value for money. Maybe the reviewers are the best ones to set prices, not the developers.

Of course everyone loves a bargain, and when perceived value is much more than price people buy in droves. Look at how many copies textmaker sells at Octoberfest ($11.11) vs the normal price (?$79). Ive got a copy of textmaker I never used lying around on my hard drive due to this deal.

To increase the perceived value of a product they can either make it a lot better, make it do a lot more, make it prettier (e.g Spb time) or invest in marketing :) Adding copy measures actually decreases perceived value however.

Surur

it´s "spying" for you if my program check it self trying to find if it´s a legal copy? if it´s spying, them you have a lot of "spies" currently running in your PPC. is it "spying" if I check other developer program looking for an illegal copy? We wont send out side of your PPC any information ;) In another hand if we do that we are going to put a note in the readme files so everybody knows what is going on. But all this is just "talking" an alliance between developers doing that has many many things to be considered.
It's not spying to require a registration code. It is spying if it's checking in online with a "home" machine and sending information about my machine.

It would depend on what the "alliance" did. If they deactivated all of the programs in the "alliance", I'm not sure how I feel about that, and would have to think about it. I really don't like the "guilty until proven innocent" thing. I hate Microsoft activation of software. It's not their business if I add more RAM and change a video card. Registration keys tied to owner name or something more moveable don't bother me (unless they're incredibly long and I have to tap them in on my PPC) because I find them less invasive.

If the alliance programs are reporting in, I don't like it, and would boycott the alliance. If there is even a chance that a program in this alliance will hard-reset my machine if I just make a mistake entering a serial code, I'd boycott the alliance.

As for what *I'd* do? I don't know. I don't distribute software. I just buy it. I've already suggested what I prefer from a user perspective. But I certainly wouldn't do anything that involved spying or hard resets.

A system like that does not need to report anything. But so far all these are speculations. So far the reallity is one, developers need to organize theirself to gain some advantage against piracy.

A system like that does not need to report anything. But so far all these are speculations. So far the reallity is one, developers need to organize theirself to gain some advantage against piracy.
... likewise consumers need to organize themselves to show developers the limits of acceptable anti-piracy measures. Obviously, this discussion had a positive effect by forcing Tomov to rethink his harsh and illegal actions.

A system like that does not need to report anything. But so far all these are speculations. So far the reallity is one, developers need to organize theirself to gain some advantage against piracy.
... likewise consumers need to organize themselves to show developers the limits of acceptable anti-piracy measures. Obviously, this discussion had a positive effect by forcing Tomov to rethink his harsh and illegal actions.

Well, at last I see somethig good coming from you. :D 0X :idea: YOU ARE ABSOLUTELY CORRECT. It´s hard to find that edge between what is good for users and for developers at the same time ;)

Well, at last I see somethig good coming from you. :D 0X :idea:
Do I feel a personal attack again? Jeez.. so much negative energy... go back to your registry collection "program" and think of how to blow your pirate friends into pieces... as if anyone cares.

Enough...

I think this thread has just about run it's course. Thanks to all who participated in a civil respectful manner!

Thread locked!