Since we sold (and still sell) perpetual licenses, it becomes a problem when a dongle breaks and replacement parts are no longer available. Not all users want to upgrade. Also, you may hate cloud licensing, but it is precisely cloud licensing that makes subscriptions possible and, therefore, recurring revenue—which, from a business point of view, is especially important in a field where regulations do not change very fast, because users have little incentive to upgrade.
Also, despite investing a lot of effort into programming the dongle, we can still usually find cracked versions floating online, even on legitimate platforms like Shopee or Lazada. You might think cracking dongles is fun and copy protection is evil, but without protection, our livelihood is affected. It’s not as if we have the legal resources to pursue pirates.
[0]: https://mes100.com
In my experience this continues to this day due to people who require drawing on air-gapped computers, because the drawings/simulations they work on are highly sensitive (nuclear, military, and other sensitive infrastructure).
But I'm sure there are also old-fashioned people who like the portability/sovereignty of not having to rely on a third-party license server as you suggest.
I understand you might feel this way, but it seems to me customers are mostly business clients, who would are more inclined to spare the expense of purchasing said licenses, since they're not personally buying it themselves, and would want to have support and liability (i.e: Someone to hold liable for problems in said software.). In fact, having no copy protection would probably have saved you the problem you mentioned where a dongle breaks and replacement parts are no longer available; this is one of the talking points that anti-drm/copy protection people advocate for, software lost to time and unable to be archived when the entities who made such protections go out of business or no longer want to support older software.
> even on legitimate platforms like Shopee or Lazada.
On a slight tangent, but I personally don't find either platform legitimate (Better than say, wish[.]com or temu, but not as "legitimate" as other platforms, though I can't think of a single fully legitimate e-commerce platform). Shopee collects a ton of tracking information (Just turn on your adblocked, or inspect your network calls. It's even more than Amazon!), is full of intrusive ads, sketchy deals, and scammers. You yourself said you can easily find cracked versions of the dongle there, which doesn't speak well for the platform. And Lazada is owned by Alibaba Group, which speaks for itself. I'm not sure why consumers in South East Asian regions aren't more outspoken about this, since they seem to be the some of the more popular e-commerce platforms there.
This is a nice idea but the reality is that there's MANY corporate customers who are happy to get away with casual piracy. Sometimes it's a holdover from when the company was small enough that every business expense is realistically coming out of their own pocket, sometimes they're trying to obfuscate how much their department actually costs to the company at large.
You think individual consumers lie to themselves to justify software piracy? Corporate self-deception is a WHOLE new kettle of fish.
Why should users upgrade or keep paying you when they already bought what they need and don't need anything else?
1. Physical dongle tends to break, and when it does, they expect us to give them replacing parts
2. They do expect bug fixes-- especially calculation bug fixes-- as the bugs are discovered. It's hard to leave their production critical apps broken like that once you know that the bugs can cause monetary or even life loss.
But the actual dongle... look, something like that should have a 30+ year warranty. There should be a plan for how to replace it a couple times before making the initial sale.
Because things evolve and inevitably, hardware dies, and you can't get a replacement.
With an old "dumb" piece of machinery, when something breaks you can either repair the broken part itself (i.e. weld it back together, re-wind motor coils), make a new part from scratch, have a new part be made from scratch by a machining shop, or you adapt a new but not-fitting part. It can be a shitload of work, but theoretically, there is no limits.
With anything involving electronics - ranging from very simple circuitry to highly complex computer controls - the situation is much, much different. With stuff based on "common" technology, aka a good old x86 computer with RS232/DB25 interfaces, virtualization plus an I/O board can go a long way ensuring at least the hardware doesn't die, but if it's anything based on, say, Windows CE and an old Hitachi CPU? Good fucking luck - either you find a donor machine or you have to recreate it, and good luck doing that without spec sheets detailing what exactly needs to be done in which timings for a specific action in the machine. If you're in really bad luck, even the manufacturer doesn't have the records any more, or the manufacturer has long since gone out of business (e.g. during the dotcom era crash).
And for stuff that's purely software... well, eventually you will not find people experienced enough to troubleshoot and fix issues, or make sure the software runs after any sort of change.
This take is diametrically opposite to what end users need. In a world where "if it ain't broke, don't fix it" is perfectly fine for the end user, buying a one off license for a software seems much more sane then SaaS. SaaS is like a plague for end users.
I don't condone piracy, but I also don't condone SaaS.
But in an imperfect world whereby our dependencies ( software components that we use) and platforms that we need to build/rely on ( like Civil 3D) do charge us on annual basis, and that some of users expect perpetual bug fixes from us, with or without a support contract of sorts, SaaS seems to only way to go for our sustainability.
We've all got to push back against these bloated saas models that don't bring tangible benefits to end users and serve only to pad company valuations. Make new versions of your software with features meaningful enough to encourage people to upgrade and outline support periods for existing software sales after they buy a one-time license. There's gotta be a better way. For everyone (except big tech CEOs).
Reality is that many modern software developments have plenty in common with designing a toilet. You spend time identifying the problem statement, how you can differentiate yourself, prototype it, work out the bugs, ship the final product, and let sales teams move the product. The difference is the toilet can't be turned into a SaaS (yet) and, if it ever could, that would break functionality because you're supposed to poop in it, not have it poop on you.
One, the developers spend more time running this code than we do, and they have to get the program working before we can even use it. So any parts of the program that are hostile to the developers risks killing the entire project. Obfuscating the copy protection can hit a point where it makes bug fixing difficult.
Two, lack of training. If you, me, and Steve each have a bag of tricks we all use to crack games, whichever one of us figures it out gets bragging rights but the game remains cracked. Meanwhile Developer Dan has to be aware of all the tricks in all of our bags together if he wants to keep the three of us out. Only there's not three of us, there's 300. Or today, probably more like 30,000.
Three, lack of motivation, which is itself several different situations. There's a certain amount of passive aggression you can put into a feature you don't even really want to work on. You can lean into any of the other explanations to defend why your code didn't protect from cracking all that much, but it's a checkbox that's trying to prove a negative, and nobody is going to give you any credit for getting it to work right in the same way they give you credit for fixing that corner glitch that the QA people keep bitching about. Or getting that particle animation to work that makes the AOE spells look badass.
(I did go on to pay for the software)
I did that with dBASE III, which used ProLok "laser protection" from Vault Corporation - a signature burned onto the diskette with a laser. Back then, I found it amazing that Ashton-Tate actually spent money to contract with a copy protection company for something that could be so easily defeated by a teenager reading assembler.
They could have easily just written the same kind of code themselves. An example of the power of marketing over substance.
I was able to replicate that protection mechanism just by scratching a diskette with a pin. The "laser" was a meaninglessly advanced-sounding solution that added no value compared to any other means of damaging a diskette.
How did you figure out where to scratch it? Was the laser mark visible on the original disk, or did you have to read the code and orient based on the diskette's index hole?
But as I mentioned in a sibling comment, I’m not sure it was ever confirmed that it was really a laser that made that mark.
Defeating the protection didn't involve knowing anything about the laser mark - as the comment I replied to described, it just involved changing a conditional jump to an unconditional one.
Replicating the protection involved causing minor damage on the diskette - the details don't really matter, laser, pin scratch, whatever - then formatting the disk, and registering the pattern of bad sectors created by the damage. A normal copy of the disk didn't replicate those bad sectors exactly, which made it possible to detect that the original disk was not present.
Similar stuff was later used for CDs IIRC.
Made me feel like such a badass hacker at 15 years old.
I think he ended up pirating a 3.x install from a friend and running the upgrade on to of that; felt pretty morally clear given what the box had advertised.
Seems like it was an appropriate amount of engineering. Looks like this took between an afternoon and a week with the help of an emulator and decompiler. Imagine trying to do this back then without those tools.
To expand on the saying, they're not there to be insurmountable. Just to be hard enough to make it easier to do things the right way.
I’d guess it’s something similar with this dongle. You can’t “accidentally” run the software without the dongle.
I think that both halves of the author's thesis are true: I bet that you could use this device in a more complicated way, but I also bet that the authors of the program deemed this sufficient. I've reversed a lot of software (both professionally and not) from that era and I'd say at least 90% of it really is "that easy," so there's nothing you're missing!
In most cases it was not much more difficult than what OP described.
The protection just needs suficirntly complex.
The code decrypted itself, which confused debuggers, and then loaded a special sector from disk. It was a small sector buried in the payload of a larger sector, so the track was too big to copy with standard tools. The data in the sector was just the start address of the program. My fix was to change executable header to point to the correct start address.
Apparently there is important stuff still running in emulated PDP-11s, almost double the age.
https://www.reddit.com/r/windows/comments/1n1no1k/august_202...
Nowadays we don't bother with copyright protection other than a license key, because we know enterprises generally will pay their bills if you put up any indication at all that a bill is required to be paid.
This was basically the 80s version of that.
It worked well enough and allowed the company to run until the founder retired and folded the business.
I had to do this for a company so they could continue to use their old specialised Win98 software on modern computers using Dosbox and an emulator.
Software companies love to milk enterprises for all their worth, because they're the entities who will pay the most amount of money if it means that the software they use can still work - and a big part of how they do this is via vendor lock-in. We can see in this article that this company was still using Windows 98 - they're clearly locked-in!
All of which is to say that this intellectual property might actually still be owned by a company who'll be able to sue.
If you haven't already checked whether the patent and other intellectual property is still owned by any company, OP, I would strongly suggest doing so first.
There is also their webpage for ordering PC RPG II. The company address is a residential house.
https://web.archive.org/web/20010802153755/http://home.netco...
I remember my Dragon 32 (6809, Color Computer clone) had a dongle you plugged into the joystick port to protect a really crap game - Jumping Knights? I never tried to defeat it.
it’s wild to think about the hardware risk people used to accept putting your entire household's financial history on a system that bricks itself the second a 40-year-old plastic dongle fails. really great read.
Not being snarky - genuine question! I am not from the US :-)
>Very importantly, there doesn’t seem to be any “input” into this routine. It doesn’t pop anything from the stack, nor does it care about any register values passed into it. Which can only mean that the result of this routine is completely constant!
You have no idea how deep this rabbit hole goes.
Patents are barely better than copyright, as far as society net-positive.
I know there is cost associated with the hardware, but surely the costumer can cough 15 more dollars.
The only reason I can think of is wanting as wide adoption before max revenue as possible. But then, this has never been too popular, not even for games!
I think sometime in the late 1990s FlexLM switched from dongles to "hardware identifiers" that were easily spoofed; honestly I don't think this was a terrible idea since to this article's conclusion, if you could reverse one you could reverse the other.
But this concept was insanely prevalent for ~20 years or so.
One of the biggest problems was not having enough ports. Some parallel port dongles tried to ignore communication with other dongles and actually had a port on the back; you'd make a "dongle snake" out of them. Once they moved to USB it was both easier and harder - you couldn't make the snake anymore, but you could ask people to use a hub when they ran out of ports.
I will check if I can find an image of it.
EDIT: here is an old listing of it: https://www.ebay.com/itm/187748130737
Sadly the lid isn't open so you can't see what modules are installed.
More common for games was to use the media itself for copy protection, using a variety of tricks to make copy more difficult. Other techniques involve printing some keys you have to enter using colors that don't render well in photocopies, or have you look at words a certain page of a thick user manual, the idea being that it is more expensive to go through the effort of copying this material than to buy the software legally.
One of my favorite is from Microprose games, for which the manual was a pretty good reference book on the subject of the game, that alone is worth buying. And the copy protection is about asking you about information contained in the book, for example, it may be some detail about a particular plane in a flight simulator, which means that a way to bypass copy protection is simply to be knowledgeable about planes!
Dongles were common, but mostly for expensive enterprise software. Also, dongles don't make cracking harder compared to all the other techniques, so for popular consumer software like games, it is likely to be a lot of inconvenience and a waste of money for limited results.
-- Only You Can Save Mankind, Terry Pratchett, 1992
I find it interesting that they didn't make it into the USB era where you could easily have something that does some actual processing on the device that makes it a serious challenge to reverse engineer.
When parallel ports were discontinued, they migrated to USB and network license servers.
The nature of our business was such that there was a lot of logic analyzers and signal tracing equipment in the lab and the dongle was reverse engineered and cloned after a couple of “where’d my dongle go” incidents.