mod encryption and license validation home calls risk

Hello fellas,

As Mrpowless passed away and my condolences to his family - that sudden death is a real tragedy :-( it reminds me about risks of developers here who encrypt their work and make a license validation calls to their server. As I know Mrpowless is not this case but there are some devs who do that.

I have nothing against protect programmers work so it cant be misused but this have certainly many risks as what if isp of developer went down, what if developer pass away and he is only one man show and not an company, what if something happen to his server, what if something hapen to his license validationg system. The thing is than in most cases if module is not able verify its license with remote server  module get simply locked in many causes and module stop working. If mod is also encrypted we cant fix that ourselves.

I personally think this is serious problem as exactly that happen to me with one joomla extension which was encrypted and have home calls. Developer passed away in a car accident and he was only one - not an company. His wife sent emails to customers informed that her husband passed away but she wasnt able to handle his server si it went down permanently and all curstomers was fucked up as they had encrypted component so they couldnt fix it and validation server was down so component get blocked. Similar scenariou can easily happen here.

I think market rules should be limited that devs can apply some security on their mods but those prevention have to be more safe to buyers.

I think YobiLab regarding his terms and conditions make it fair way as validation of license uses different system so even if their server goes down mod will be still working ( at least I hope it works the way I think).

I think this is serious thing - as some modules here are kinda expensive and if people use them on more domains it can be quite big investment and you are in permanent risk that if something happen on dev side all your mods stop working and you cant do basicly anything about it.... you are 100% rely on developer and in cause its not an company but just one programmer working from his home you risk is really BIG

What you think guys ? My idea is that market here should setup some more tight rules what components are allowed to sell and make some conditions for sellers what anti-theft restrictions mods can have ....

I don't want to say a word regarding the license systems made by other programmers here. It's not my responsibility.

What I can say is just that "Yes our license system works in a way that if the owner of YobiLab dies, or if we all will die, the mods will still work".

This is written in our TOS and this is how it will work.  The remote call is made only to be sure you are not using that mod on more domain names, and this is automatic, but if the server goes down for any reason, the mod will work with the local key stored on your site, forever.

What I can say is only that I do not think it's a good idea to charge a customer for the same mod, 2 3 4 5 times, if the customer just wants to change the domain name. This is something that I do not understand and I do not approve, and maybe it is a little illegal. When you buy a commercial license you have the rights to use that on one domain, but there are no reasons to specify which domain, the most important thing is that you will use the mod on ONE domain, nothing else. This is what Boonex should put in its rules, this is what I think it's wrong and this is what I think goes against the customer rights. This is only my idea. I repeat, I do not want to say a word about the other programmers here, and I am not referring to any specific person. This is only what I advice.

Yobi

Anyway I know Mrpowless was a GREAT boonex member, and I am so sorry for him. What I think it's better now is to postpone this discussion another day. It's not the good moment to have bad discussions. It has created many issues in the past days, and many poeple have overreacted. So I really think it's not the right day to discuss about it, let's wait 1 or 2 days.

Bye

Yes I agree with you YobiLab and also your validation work in fair way so customer not goona be fucked up if something happen to you and your team and module will still continue work. Also I agree with you with your statement about ond domain handling.

All by all I would suggest your licensing conditions as an example for all developers who decided to protect their work. I personall as every customer like more to not have that protections at all, but understand that there is alot of people who try stole code or misuse module against conditions so If developers decide to protect their work I accept that but than there should be the conditions a you Yobi have as customer is protected if something happen on devs side, can test module with trial so can see module in action on their own site and also you offer free help with making your mods to work on modded sites - thats what I call fair conditions. Unfortunately you are only one who set (from devs protecting their mod) your conditions friendly towards customers so I think other developers should be a little pushed by bonnex (/by some market regulations)to more friendly conditions similar as you have and also with similar more friendly validation which dont block module if remote call cant be done....

Hope other devs gonna think more about customers point of view  as Yobi do...

I agree with you 100% Yobi. It's a big problem that many have yet to realize.

However... I do feel this is the perfect time to discuss this scenario. I understand the reason for encrypting and I support it as long as it is only the licensing code that is encrypted. My thought is Boonex should require a developer to store the most recent unencrypted version of the mod at Unity so that in the event something unfortunate dose happen to the developer and there is no one to continue his/her work.  Boonex could  take ownership of the mod and/or auction it off and give the money to the family of the deceased or use it to support  further development of Dolphin.

silverado: yes ... I think there are two, possible scenarios - go more friendly towared customers - as Yobilab did or your way - if developer still wants to have his server calls for verification - than provide regulary unencrypted version of its mods to, boonex and if something happen boonex can reveal unencrypted code so people can actually continue to use their legally bouight modules if something happen to developer or his server andhe is not able to manage issue

If Boonex will agree we will be totally happy and available to provide unencrypted versions of our modules to Boonex.

But now I have another problem, that I think can't be solved by simply encrypting a mod.

We are totally sure there is somebody contacting the customers, everytime we make a bid on a job offer. We are totally sure this "somebody" is telling bad things to the customers about YobiLab.

We have understood it  because from 2-3 days we have not been contacted by any customer.

We got 7 custom jobs in 6 days, and now..........nothing.

I think that somebody is trying to go against YobiLab.

I have also personally contacted the customers. I have asked to them what's wrong with my bids, but I did not get any response.

This is the fourth time, and this is very strange.

Please if you receive a message by this "somebody", please let me know.

Our company is ready to denounce this "somebody" for defamation.

Thanks friends.

That's actually a reasonable idea.

Ok. Please tell me if you like this idea.

Since there are not so many programmers who are encrypting the mods, I do not think Boonex will create a specific function in the market to store unencrypted mods.

So this is what I am going to do.

I will create a package and I will put that on a free file hosting service.

The package will contain all our mods (unencrypted versions).

The package will be password protected.

I will contact Andrew, I will point him to this topic, and I will give to him the password of that package, only to him!

So If I will die, or the company will implode, or all the Yobi programmers will leave their jobs, or I do not know...

Andrew will have the password to unzip that package, and then all the mods will be available for free.

If you like this idea I will update the Yobi TOS.

Then if Boonex wants to add a specific function to simplify this process in the market, well, much better =D

Works for me.

This would a good short term solution but I see a potential problem with your idea and that is I don't believe everyone will do it or even keep the most up to date version for that matter. I think if boonex could design the market system so that it would force the  developer to upload the unencrypted version first. Then allow for the upload of the encrypted version. That way the file will always be kept up to date.

Yes this is what I like most. Even because it will be much simpler.

I can do the zip solution now. Maybe noone else will do the same. But I can only tell what I will do, not what others will do. I hope boonex will implement something like that soon. Maybe Andrew should read this post, but we will need much more comments by other boonex members.

great idea guys ... zip method now and some odf moderators should ask Andrew if he agree implement this to boonex market itself later on ....

Waiting for Andrew then =D

boonex moderators: can u ask andrew about this ?

Freak I think Andrew will require more people interested in such thing..

But anyway, let's give it a try.

Yobi

guys I need bigger support of you here. If nobody replies nothing gonna change. Imagine what happen if something happen to one of one man programmers companies here . Say developer sells 100 his modules we use for some of important part of site - suddenly something happen to him, his license validation server goes down and what now... all customer gonna be f****d up as module get blocked as it cant validate license and stop working now our sites gonna be totally f***ed up as mod will be encrypted and nobody have access to unencrypted version to fix it up.

I think yoiu guys here probably dont thing that forward as me and maybe for someone this can seem a bit funny. But this really happened to me already and I had to shut down whole iste as encrypted component with license verification I used for membership on one of my joomla sites with 800 members - I know 800 members isnt that much but I loose them all because site become inoperable and I could not anything about it , I cant even hire an programmer to fix it as component was encrypted and there was nobody to ask for unencrypted version as nobody had it except developer. As his site went down and I had not contact to his family tžo sort this out all customers of that programmer was screwed - our investments was lost, our sites was unusable.

We have go at least way that offer Yobilab which makes us more safe otherwise its very risky to buy encrypted components with validation checks - as you really never know what can happen to programmer and you will be lifetime dependedt that programmer will be good health but I dont want to be nervous rest of my life that some important part of my site will stop work suddenly because of programmer.

We as customers really need more assurance that our investments to modules and components in all areas (not only in dolphin) will be more safe and we can actually do something if something happen to programmer.

I know you can say alot of companies encrypt their work and have home calls but If some bigger company do that we can be fine as if something happen to one person doesnt mean whole company close down, but this problem is mainly with very small companies or one-man programmers where basicly everything depend on one  or two people. I think those companies and programmers should really make some precautions how prevent their customers will be in trouble if something happen to them ... for example something like YObi offer or something similar. All ideas from sellers or buysers in this thread are welcome ...