The Recursive ISV

First off, if you arrived at this page looking for any of the above you are now officially disappointed and probably deservingly labeled the last noun of the above title.  To bad, how sad, to make you feel better however you can visit this link in order to get some value added information in your search for the above.

Originally I intended to make this blog something that the ISV and mISV could use to reference in relation to some of the issues faced with piracy of 2008 and potentially beyond.  I’ve simply not had the time I hoped for to compile several years of research on this into articles on a consistent basis – or any basis.  My own decision to launch a mISV and grow it applying some of the things I’ve learnt from a few folks on the BOS forums and in the past from my previous “life” in software development and marketing that took a different and I believe now to be frequently outmoded method of delivery, intent, design and more importantly *mindset*.  I would never have believed, even six month ago, how fundamentally life changing this shift in mindset actually is nor how limiting following the older tenets actually were.

But I digress.

This is to be the first article and I hope not the last, no guarantees there though as I am genuinely flat out coding and would much prefer to look at the more positive business issues in this blog rather than this rather distasteful subject.  However some folks might get some value out of the articles and if they do that’s great, if they don’t know harm done.

I do need to make it clear that there will be *nothing* mind shatteringly new here in regards to the topic of piracy.  Rather it’s a summation, not a complete treatise, on some of the issues for ISV”s to consider and this first article is just an introduction to terms purely as a “know thy enemy”.

OK.  Preliminaries out of the way.

Some definitions are in order of the kind of people and things/services we will discuss as I throw these articles together.  For the purposes of these articles I will be defining the following as:

1. Hacker:  Technically the name for a programmer, misapplied by the clueless media and the clueless masses who believe anything a journalist tells them as given.  I will not use the word “Hacker” to describe a person engaged in piracy in any form or somebody who uses their skills to cause willful damage.  Such people are:

2. Crackers:  Otherwise very intelligent people, sometimes programmers who are motivated by a variety of reasons to crack security of systems, software and data or a combination of these.  It’s a grave pity that their intellect could not be applied to software development, systems design etc, though in some cases it actually is.  Lots of grey areas in all these definitions BTW. 

Most genuine Crackers do not publish their methods widely for general consumption.  They tend to be elite and remain that way.  However there are those who do publish their results for general consumption or make it possible to follow their techniques by publishing their methods.  This is done for altruistic though I believe misguided reasons frequently, but there it is. 

Some of them despise open piracy and you will find forums (public and private) where they vent their feelings.  Some on the other hand actually support piracy, often with the “stick it to the man” mentality that is akin to the kind of otherwise intelligent people who fall for Leninism, Fascism, Maoism and other dysfunctional agendas.  Most of the serious cracking of software is initially done by these folks and it is in the context of software cracking that we are concerned with here.  It’s from these guys we get the hard to beat cracks and of course the ubiquitous Keygen.

3. Script Kiddies:  Technically folks who crack software aren’t referred to as Script Kiddies however those who do most of the scene cracking where kudos are given to the highest cracked software turnover (day, week, month etc) are probably best described as such as they use scripts/Tutorials or “Tut’s” as they prefer to call them (literacy is not a priority of these losers) to achieve their goal.  Personally I prefer the term Wanker for these guys, but if I use Wanker for them nobody is really going to know what I’m referring to. Scumbags, Scrubbers, Petty Thieves, Bogans are also terms that apply.  To say they are clueless and lame (incredible insults in their community) is probably an understatement.  Most of them couldn’t program a simple batch file let alone a simple text editor in assembly, never mind a fully functional GUI that anybody wanted.  These are the folks who will use a Tut to learn how to unpack an executable protector (insert name of your favorite protector) and think they are real “cool dudes” and “mean hackers”.   Total wankers of course but none the less dangerous to an ISV’s business.

4. Organized Crime:  There are many net orientated organized crime gangs.  One of the best known and most widely publicized is the infamous RBN (Russian Business Network).  Allegedly the head or heads have a family tie to a Russian politician who it is alleged makes them tough nuts to crack – no pun intended.   According to what is known they disappeared off the radar last November 2007, popped up in China, did a bit of damage for late December and early January and then disappeared again.  A lot of security pundits have declared this a huge victory over the RBN.  I would argue the security pundits claiming this as a victory have a few kangaroos loose in the top paddock or somehow believe that by claiming it they will achieve a clandestine advantage of their own.  Be that as it may.  Organized crime is involved in the software hacking and cracking scene and not, as many tend to suggest, so they can sell it illegally.  Sure this happens but the real value seems to really be in getting bots and Trojans into Joe and Jill Six-pack’s machine.   The number of cracks and Keygens containing Trojans and Bots is phenomenal.  After downloading thousands of these (in a dedicated old clunker machine, no way I’d even visit these websites on a good machine) for examination I found only 100 that contained no payload.  I did not test them against the software they were supposed to work against so I have no idea if the payload is transferred or not.  Scanning them with various anti-virus programs was also an eye opener as most of the big boy AV packages simply didn’t pick them or if they did failed to render them harmless.  These Bots and Trojans delivered, in many instances, correspond or are similar to those delivered by alledged organized crime gangs.  Whether this is a direct result of their influence or not is not clear - which is pretty much the case for most of these kind of things.

5. Torrent Sites:  The technology of the torrent is a wonderful thing that has many great *legal* uses.  Sadly scum and petty thieves have adopted the technology all most as if it was there own.  Enter sites, for which I refuse to help increase their Alexa ranking or Google ranking any further for by using their real name here, such as the PatheticCriminalBay in Sweden and other places make popular destinations and relative safe havens for Joe and Jill Six-pack to download software like byte addicted kleptomaniacs.  These places are next to impossible to shut down because they have weak governing systems (hello Sweden!) in relation to enforcement of copyright law and convention (even when signed up to Berne as the likes of Sweden are).  Sending cease and desist and DMCA violation notices is laughed at and publicly used to taunt inept lawyers who really don’t get it.  Only political and economic muscle can fix this, or massive DOS attacks on the offenders.  I do not support the latter option as it’s not effective.  Political and economic muscle will fix it in countries such as Sweden but the risk is incredible.  The Euro, for example, has a lot to loose from any action taken by the USA, UK, Canada, Australia etc if such action is taken in unison and it is sad, to me, that so many innocent people could get financially hurt because of such action.  Are our politicians thinking about this option?  I am.  I have no idea how many software developers become directly and actively politically involved, but this one is and it is on my own agenda and it’s something I’ve discussed with politicians with more influence than I have and who were interested in the concept (and the losses the industry faces now and into the future).

6. Download Sites:  No.  I’m not suggesting for a moment the download sites are necessarily assisting directly in piracy.  There may be a few who do it inadvertently through Google adds and such on their sites but I’m yet to confirm a single one who is actually doing it on purpose.  That is not to say there are none or none with connections.  But I have no proof of that, if you do contact me, I’d be happy to investigate in the strictest confidence.

HOWEVER.   I did use the word inadvertently and I will expand on that.  When they claim they have scanned for viruses and Trojans they are invariably telling pork pies.  I have *never* found anything wrong malware wise from a file on say Download.Com/C-Net or Tucows who I know do scan.  But I have on an incredible number of others.  BOTS, Trojans etc.  Some of it linking supposedly to legitimate software but through various techniques bypassing the real developer of the software and their real package and delivering their own nasty one.  Contact one of these download sites and don’t hold your breath for a reply.  They don’t care.  They run them for the Google add income and/or Black Hat SEO potential such sites currently bring.  Look towards Google addressing this sometime in the next few years.  Still think the SEO advantages of a download site outway the concerns you should have in relation to our responsibility to consumers and of course our own businesses?

7. Crack: Usually a piece of software (program) that patches an executable by changing original values to something else.  For example bit flipping or returning a desired result from a Boolean (like the classic IsItRegistered routines so many programmers unwittingly use).  Telling a real crack from malware is virtually impossible for most people.  Complicated further when it can be both at once and/or uses “secrets” known only to insiders in the cracking “scene”.  This hidden payload method is a favorite on peer to peer networks like Limewire and similar.

8. Keygens:  A program written to generate a working serial number for a piece of software.  More deadly than a crack a Keygen can really eat into profits when released and depending on the technology you employ (see here for information on PKV) very hard to counter-attack.

9. Serialz:  Corruption of the word “Serial” as in “Serial Number”.  A working serial number for a program.  Very popular Google search term.  Sometimes gained via a Keygen, commonly gained by purchasing a valid license by using a stolen credit card number and “released” via crack sites and torrent sites.  Probably the lamest and most identifiably illegal method used to most people, employed by many who fall into the script kiddy and scene cracking area.  Lamest of the lame in essence.  This hurts more than the software company from who the serial is illegally purchased from.  It doesn’t hurt the credit card companies – they charge the software company via a charge-back that includes a fee.  It hurts the consumer who owned the credit card as well and adds to the cost of online security.  Often users of this technique (in keeping with lame excuses used by criminals since time began) will blame the software company for making their software so darned hard to crack.  Keep this lame justification in mind when you are trying to use or employ commercial “uncrackable” software protection (if there even was such a thing) or just in making it really hard.

10. Casual Piracy: Believe it or not this remains, since the early days of software, one of the biggest piracy issues where-by the consumer hands their license key to Mary, who gives it to Joe or hands it to John or has ten friends who…    This is a tough one to beat.  I’ll talk more about this in another article, not that I have any solutions to it mind as I don’t believe there is a one size fits all solution to any of these. 

In conclusion for this article. 

What does all this mean to the consumer?  Basically use cracks or Keygens and you are pretty much guaranteeing yourself grief or handing your computers processing power over to an organized crime gang for use in other activities when you don’t even know they are doing it, even if you have anti-virus and a firewall!  It’s been estimated that the RBN could, if they chose, shut down a massive chunk of network or even a country in terms of computing infrastructure if they chose.  Reports that they’ve been selling access to their bots make one wonder just how clued most of our politicians are when it comes to security, domestic and international, crime and of course terrorism.

In the next article on this particular topic I’ll be looking at protection of executables more superficially and in a sense what it is we do wrong and how there is basically no bloody way, with current methods available, for us to fix it.   Sounds cheery huh? 

You’ve passed your apprenticeship, you can code confidently and at the very least competently and now you’re striking out on your own because you have that creative spur to *do something*.

So why on Earth, or Mars or Venus would you rip the code from a component vendor’s demo, make a few cosmetic changes and expect to sell it? 

Yet that’s exactly what I saw suggested today on the BOS forum.  It’s the kind of disinformation newcomers do not need.  I blogged here recently about “If You Don’t Love It Don’t Release It”.  How the heck can you love something you have zero creative investment in and zero intellectual investment in?  You can’t.  You’re literally embracing Amateur-Ville.   The realm of the clueless and bereft of talent.  There are so many things that need writing/designing and being made available to so many markets. 

How did Andy Bryce come up with Perfect Table Plan?  Was it because a component vendor made something similar available as a demo?  Nope.  He identified a market that he could bring his talents to and developed something people wanted.  He sells software he clearly loves and from what I can see his customers love it too. 

Andy is not the only one.  There are so many great applications and some of them don’t take a lot of brain and teeth gnashing to come up with.  Patrick McKenzie and his Bingo Card Creator.  Hardly a new idea, yet Patrick’s approach is very fresh, compared to his competition, especially his marketing and after sales.   His customers seem to love it and it sells.  What more could one ask?

A very good friend of mine writes beautiful components for Delphi.  Some years back I wrote some of the demos for his ESBPCS VCL library.  They are designed purely to demonstrate using the components with, in the case of the demos I did for him, a database via the VCL.   They are rudimentary - but they belong to the developer who created them - or the developer they were assigned to (I assigned the code to ESB).   I, nor I doubt ESB, would bother chasing a looser trying to sell the simplistic demo as a product, but honestly, how could one feel anything but utter contempt for such a lame brain?

If you have to rip a demo program, mod the interface a tad and release it as a “ISV” product then I’d suggest you do not love your product (how could you with zero intellectual or creative effort invested?) or your ISV company and have complete contempt for your customers, current or potential. 

As I’ve said here before, an unloved product ultimately expires via a death of asphyxiation caused by lack of interest and lack of sales.  It even harms the efforts of other ISV’s by jading consumer’s perceptions of small software companies.

This is not to say a product must be complex or even totally original or unique.  In fact simplicity can have elegance and simple, competent and elegant sells – ask any Mac user.  But ripping a demo, modding a few UI elements and expecting to earn a dollar is in my mind immoral at worst and clueless and lame at best.

Over the years as a moderator of software forums I’ve seen a lot of lame stuff submitted for announcement.  Over and over again I’ve seen the example program from a certain Delphi how-to book consisting of a rudimentary calculator being sold for $29.95 down to $9.95.  They were kidding right?  They didn’t even have divide by zero protection coded in, had no keyboard support, just mouse, and looked like crap.  At least one of these “developers” went on to moan publicly that nobody was buying his software and he assumed piracy must be the reason.  Windows comes with a calculator 10,000 times more powerful than these ones and they reckon it was pirated?  Abject losers!

Please.  If you think you can do something worthwhile by making interface changes to a demo program offered by a component vendor – do the world a favor and get a job more suited to your talents.  Like becoming a dole bludging surfie.*

(*Dole bludging Surfie – Australian slang for an unemployed, lazy beach bum).

After being out of software development in any real commercial sense for almost six years now, a foray into audio (my other love) and a lengthy stretch of personal, debilitating illness I’m at last ready to strike out with a new business as a mISV.  The software I’ve chosen (which I will disclose here in this blog in the coming weeks) is something I have domain knowledge in.  It leverages my audio skills as a musician and trained audio engineer as well as over thirty years programming.  It seems to me to fit well.  It’s not designed to attract offers from VC’s or become the next Google or Facebook.  In fact the idea of becoming such a thing does not appeal to me at all.  Rather something that feeds and provides the kids with an education and offers a comfortable life-style is the ultimate goal of the entire exercise.  It’s not strictly B2C and it’s not strictly B2B but rather a blend of the two.  There are existing similar app’s but they are amateur and miss targeted.  There is nothing at the pro level for this below the thousands of dollars mark.  It’s aimed at folks who are novices and does not pretend to be anything a pro audio person would use, though it will incorporate pro features and the audio engine is very powerful.   It is not a “media player” like iTunes or WMP or WinAmp.  It will cost $’s to purchase and it will include a type of “consumable”. 

One of the big issues I faced doing this the last time around (it seems so long ago now) was that I was solo.  That meant I had limited amounts of time and motivation to do all the things one has to do on their own.  This time my wife is partnering with me. By profession she is a teacher, which fits well with the primary product, and she’s frankly had enough of teaching, the kids are eleven and thirteen now so she has the time to be involved.  She’s never been keen on computers but recently has completed several units in computing and this is also ongoing.  I think this is an advantage, that she can now use a computer but is still a novice.  It helps with R&D and it helps with design and testing.  It’s harder for my assumptions to slip through the alpha cycle.  Naturally this is a short term advantage as she will progress to a higher level of user in the future, as most people ultimately do.

We face a few startup problems, who doesn’t?   My illness and the fact that she has been doing home duties for many years now means cash is a commodity that is scarce.  We both need new machines, a compiler update, widgets for the compiler, domain names and hosting (we have the latter already) and all those things that come with such a venture (we are fortunate in having a relatively secure though abysmally small steady income that literally allows us to scrape by at the present time so eating and paying the mortgage kind of stuff are covered).  There’s no way I’d borrow for this as I have an allergy to debt of this nature so I need to raise capital.  Enter my car.  Even though we live in the outer suburbs I’ve sold it to finance this.  My wife has her car of course, but I’m not permitted to drive that. :-)   So it’s trains for me!

At the time of writing I have sold the car, bought a new dual core Pentium (new monitor to follow) with four Gigs of RAM and a terabyte total of HD space.  I’ve handed my old dev’ machine to my wife as initially a single core with a Gig of RAM will be just fine for her.   I’ve updated to Delphi 2007 and started buying widgets where I can to save on dev’ time.  I think this is important.  Just because you can code it doesn’t mean you should waste extra time doing it.  So I’ve begun buying widget sets (components) that I require in order to get look and feel right without having to code in minutiae.  Very happy with the first mock-ups for this reason.

But cash wise this is pretty much exhausted now so we need to raise more.  I ran an experiment on eBay over a year ago with quick and easy to develop software and discovered to my amazement it sold extremely well (enough to live off, albeit not live well).  For various reasons at the time I did not pursue it further.  We will be (we have!) developing a series of applications (twenty to start with, all with the same code base but for different purposes) with which to leverage this and gain the extra income.  The core product took eight hours to code.  Each application then takes another eight or less to snap in (reports, UI differences etc).  To my mind these are attractive looking programs, care was taken with the UI and code leveraging experience and study that I have done.  I’ll provide further details here in the coming weeks with some links.  I’ve not decided as to whether or not I will publish actual sales data or not yet. The mISV isn’t technically the eBay stuff.  That’s purely for income generation in the shorter term.  However beyond that it is my intention to be relatively transparent and frank about the process.  It’s also my hope that this blog will assist me in staying focussed.

More Soon….

Remember the Windows 95 release and the advertising slogan from Microsoft?  Well times have changed and it seems Microsoft are applying a different philosophy.  “Where” and “Go” have been replaced by “Who” and “annoy” with the announcement that they intended UAC to annoy people in Vista.  Yep - it’s not a goof folks, according to David Cross, a product manager at Microsoft, it’s intentional.  A carefully considered action to force all those using Admin as the default install on Windows (and running that as their main account) to quit in order to avoid all those nasty security breaches Windows users so dearly love.  In addition those pesky ISV ’s (and mISV’s - we’re included in this) are being forced to stop installing data into directories designed for programs, stop requiring admin priv’s for installs and other basic tasks.  

They’re telling us now?  Talk about the bleeding obvious! 

Hmmm.  Couldn’t Microsoft have looked at some examples twelve years ago and got a clue from there about the potential of allowing these kind of things in the first place?  There were plenty of them - then and now.  But then nobody would ever need more than 128k of RAM - huh?  

Full story Click Here.

Maybe the next version of Windows will have something like Sudo - eh?  I can imagine the exploits the malware brigade will rush to implement already.

In my last entry I bemoaned the look of most mISV software (and some bigger ISV’s too) and how amatuer it looked in general.  I thought it’d be nice if I showed an example of a product (that I have no relationship with at all) that simply looks well done and balanced.  See this link at Evolved Software.   As you can see it’s icons are nicely chosen and fit well with each other.  It doesn’t bend or break design rules and pretty much adheres to standards.  The result is a nice professional and easy to intuit interface.  Well done to the developers!

..Or Getting Rid Of That Infernal Noise

A lot of folks are going to get incredibly annoyed at this entry (you know who you are). 

OK.  I’m a moderator of three Usenet big 8 newsgroups (comp hierarchy) and they relate specifically to so called “shareware”.  I’ve been the moderator there since there inception a decade ago when Usenet was still a big communications channel and nobody had really thought much about online forums.  Blogs was a noun used when referring to an unknown person (Joe Blogs) and of course it was before the so called .com bust.  Pretty much everything that happened in the arena of small companies selling software that you could download and try was defined as “shareware” back then.  ISV and mISV etc had not been defined. There were a few lame attempts at terms like “Trialware” here and there that never had a hope of going anywhere as a term.   Consumers defined a company, as did magazine reviewers and pundits, as a “shareware company” and around about this time the folks running these companies tried, in vain, to get people to understand that “shareware” was a marketing method and not a type of software – or company.  I say in vain because the majority, including the IT industry by and large don’t get it and in cases I’ve met personally refuse to get it.

So what’s the big deal anyway?  Does it actually matter what you call yourself?  Is “shareware” a negative connotation?   To this I really have to say, yes and yes.  But not for the reasons quoted by most folks.

To the first the obvious answer is you are a software company.  Simple.   Your customers won’t know what an ISV or mISV is – maybe this will change in time, but it’s not important.  They will know what a “shareware” company is (even though their definition is in error) however and I really do believe you *must* avoid this for 97% of people.

The second is about application look and feel. 

Go to any download site and most software sites run by people selling downloadable trials of their software and it pretty much *looks like so called shareware*.  Seriously.  That’s the first impression of the screenshots.  That’s the first impression after downloading the program. You can justify the validity of definitions till the cows come home, but this is what people think after downloading. 

First impressions count and so do ongoing impressions. Is this bad?  I argue yes.  Look and feel is more important than us geeks often realize.  Products like Visual Studio from Microsoft and Borland’s Delphi and so on allow us to create a look and feel for our applications that fits with the Windows paradigm for user interfaces.  On the Mac tools like Interface Builder from Apple perform the same function. 

On the Mac people using this tool seem to get what they are supposed to do with it.  But too many, way too many, Windows software developers (small and large) totally and completely and utterly stuff it up!  

The Office 2003 look, for example, is not hard to achieve.  It’s a consistent UI and lots of people use it in their app’s for Windows.  But they still make the blasted things look like a drunken wombat careened through the interface with roller-skates wielding a machete!

No balance, no thought, no idea!

I’ve blogged about the importance of good icons and so on in another post here recently.  But I’ve actually seen examples of folks who bought stock icons that matched and were perfectly useable and still managed to screw them up!   Mixing sets can work – but it takes care and it takes trial and error. 

I’ve also seen them somehow manage to shift the colors of the icons into ghastly 16 bit aka Windows 16 bit/Windows 95 style.  Get a grip!  If you can’t stand the heat hire a designer!

I have a new image format mantra for icons and glyphs.  If it’s not PNG with alpha channels it’s out!

How many people spend even 25% of their time developing a slick UI for the software compared to the time spent writing code?  It should probably take most weeks of tweaking judging by the array of ghastly interfaces available to terrify the unwary downloader. 

In a reasonably sized application if it took you a day (or worse you did it on the fly and rushed off to get to the code) you probably haven’t got it right – nowhere near right.  Henry Ford famously offered his Model T in black and black only.  But he *did* paint it at least.  The Model T looked finished, quirky or obsolete by today’s standards sure, but it looked balanced and finished.  Most software companies don’t do this.  The UI is totally overlooked.  In a couple of words “they suck.”

Is your application a Porsche or an old rusty bicycle?

Study interface design. This should be an ongoing study that never ends.  Look at the top end of town.  See what they are doing in the big app’s or the high volume sales app’s.  See what works (some of it does not). 

Only use skins if skins add value to the program (just skinning for the hell of it often looks exactly like that).  Remember if you choose to skin allow folks to disable skins because not everybody likes your color preferences.  By their standards you might qualify as color blind! 

Note that some users hate skins period.

Don’t ignore looking at interfaces on other platforms like the Mac.  The Mac really has it together in this regard and those of us who generally code for Windows can pick up some subtle lessons.

One important lesson from the Mac is task related design.  What are your users tasks and how does your program fulfill them.  Crowding up your interface in every screen with every task is not a solution it’s a disaster and it’s more often than not butt ugly.  Consider breaking tasks into multiple windows or hidden panes.

Great thing about this is that it can reduce new user support issues as well while not impeding advanced users.

People do like “cool”.  The wow factor in this industry can not be overlooked.  Ignore it at the cost of sales.  How your product looks may well be the deciding factor between your product and somebody else’s. 

Cheap knock-off programs (like those you compete against) won’t stack up to a quality professional interface.  

Most people like to own things that look the best and make them feel happy.  Crush the losers who copy you with a class act interface.

Make a statement with your interface about who you and your company really are!