Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

How can you protect your Perl Mods/Hacks?

by Anonymous Monk
on Apr 09, 2007 at 17:51 UTC ( [id://608997]=perlquestion: print w/replies, xml ) Need Help??

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hello, If I was to build perl mods (ex. add-ons, plug-ins, hacks) how can I assure no one else copies and claims they were the first to build it? If I was to distribute to someone wanting to purchase the mod, but then ends up distributing it himself, how can I protect myself from that. Thanks, Bobby

Replies are listed 'Best First'.
Re: How can you protect your Perl Mods/Hacks?
by varian (Chaplain) on Apr 09, 2007 at 18:14 UTC
    There's never been a solid technical solution to protect you against the act of copying software, not for Perl programs and not for any other language I have come across. Only copyright legal protection and licences can help you out if you really need it.

    To ensure that your authorship is beyond any doubts in fact the best approach is to publish your programs, hacks etc. as early and as widely as possible.

    Rather than having people pay a licence fee for your software, consider to ask people to contribute for actual software development- and software maintenance services that you agree to provide to them. And remember if it were not for that vast Perl developer community you yourselves would have no option to benefit from the collective knowledge and Perl software module base that exists today. So once you completed a really excellent module why wouldn't you consider it your turn to contribute?

Re: How can you protect your Perl Mods/Hacks?
by Joost (Canon) on Apr 09, 2007 at 18:58 UTC
    It's impossible to make an unbreakable protection against this sort of thing. At best, you'll protect yourself against amateurs. My experience over the years is that most software packages actually have reduced the amount of protection. For instance, I haven't seen a hardware dongle in, oh, about 10 years. most programs just require a key-string to validate/install, and maybe check those keys when downloading updates etc.

    Probably the "best" way to do this sort of thing nowadays is to require the software to do some kind of useful/vital task remotely - using your server - where you can check the license key and deny them access if they don't have a legitimate copy.

    Depending on your intended market a well written license is probably a lot more effective though. Copyright law doesn't give people who sell unlicensed software much leeway, so you shouldn't be too worried about keeping out commercial crackers. Most legitimate companies and organisations prefer not to take too many risks with unlicensed copies.

    As for people copying programs amongst themselves as a favor, I personally don't believe that the producers are very worried. I mean, almost every student I know who's into that kind of software has "illegal" copies of Photoshop/CS, Maya, AutoCAD and other pretty expensive software. The companies involved don't seem to suffer much from it. In fact, it probably works in their favour - when people go on to use that kind of software professionally, they're already used to their product, which means they'll probably buy Photoshop instead of Paint Shop Pro, for instance.

      We use one application that makes use of a dongle. The application provides complex risk calculations, and our contract with the vendor is on a per-use basis. The dongle keeps track of the credits, for each machine, while the software and database sit on a central server.

      We have a reasonably trusting relationship with the vendor, which works well. When we need credits for testing, or we loose some from a software glitch, we just call them up and ask for more credits. The dongle actually helps us in that it keeps track of how many credits we've used. In a business relationship where use of the software fits in the same niche as the reagents we buy for laboratory testing, it works well. However, I'd never consider purchasing other types of software that used a dongle, outside of a niche like this.

Re: How can you protect your Perl Mods/Hacks?
by billisdog (Sexton) on Apr 09, 2007 at 17:58 UTC
    You could possible compile some of your code, which would mean he'd need to reverse engineer it. But in all honesty this kind of thinking is not going to get you very far in the perl community. How many other people do you see selling perl libraries? And if there was any kind of demand for the thing you were creating, it would be on CPAN already. Even if it isn't, there's enough of a DIY ethic around here that somebody else will quickly duplicate your work.

      Along these lines would be publishing your sacred hacks as early as possible so you can always point to the earlier timestamp: See!?! I did that! Then the copying is ordinary plagiarism. IMO, if your code is reasonably good and readable, it helps you get interviews down the road — some employers really do review your stuff before they bring you in.

      But, concerning the grandparent post, I think a better model for making cash on plugins like this would be feature requests. I believe you can pay for votes at vim.org (for example).

      -Paul

        It happened to me. I hear it was one of the things that helped my current employer decide I was a good prospect. Shortly after they'd gone and read my stuff on CPAN they flew me in for an on-site interview. Twas 'woot.'

        ⠤⠤ ⠙⠊⠕⠞⠁⠇⠑⠧⠊

Re: How can you protect your Perl Mods/Hacks?
by mattr (Curate) on Apr 10, 2007 at 04:27 UTC
    1. Proof of authorship
    Write it up and post to CPAN with or without PGP signature, or PGP sign and post to Usenet. :)

    2. Control over distribution
    This strategy is difficult to pursue and may not be in your best interests, due to above reasons and Perl being source code and often including components licensed under GPL or Artistic License. The best way is to work with honorable people, get them to agree to a no redistribution clause i.e. sold only for use on this site. This might (IANAL) conflict with work for hire law and also, most corporate clients want to own the thing. You can mention that you do allow redistribution but only under a separate agreement.

    There are also installers that download from the net, you could require them to purchase first. And of course you can distribute a password protected zip file.. don't know who's doing this either.

    Or, and I don't know anyone doing this, an powerpoint presentation on the PAR module IIRC suggested a case in which part or all of the module archive existed on a remote server for this purpose.

    I don't know how much say commercial wordpress plugin developers make, but there it is, if you make a plugin to a web-viewable site then you can search for it with google.

    There is also the strategy of setting yourself up as a trusted purveyor of an endless stream of information and extensions to the software, which will build revenue stream as well as making it more worthwhile for other participants to join in plugin development too.

    Also you can be an ASP (application service provider). There is at least one perl based search engine company that makes money at this for what I consider isn't a great search engine even. This might be a good angle.

    I think the best thing for you to do is write a short license agreement for your clients, consider going the CPAN route anyway, and then just put your copyright on it. Don't waste more time on it because it will just inconvenience potential users. I wouldn't buy crippleware that's for sure.

    Finally you can sell with hardware, if it is a turnkey system. I once sold a perl based system to greatly extend and administer an open source C++ search engine. I got follow-on jobs to extend it after that because it worked well. But you have to support it then, hardware and all. You need to consider what your goal is and how you want to sell it (or if you do). I think if you are really creating some professional system that is well known the client will pay for it, especially if a live version is working on a major company's site.

    If you are just interested in sharing your work but asserting your authorship, just put it in CPAN, signed or not. It will get looked at and it solves the main problems you mention. If it is great you can become a celebrity, write a book, get consulting jobs, and maybe get free flights and lodging at YAPC conventions around the world!

Re: How can you protect your Perl Mods/Hacks?
by Trizor (Pilgrim) on Apr 09, 2007 at 22:45 UTC

    You cannot hide from B::Deparse. Well, if you compiled your module to a C library using B::C or B::CC and wrote a C interface for that then wrote an XS to use the C. Even then the optree is still there, somewhere; and a determined reverse engineer (and believe me there will be one) could still hunt the optree down, put it into a form that B::Deparse would like and Deparse it. That and this setup would be an extreme headache to manage.

Re: How can you protect your Perl Mods/Hacks?
by neosamuri (Friar) on Apr 09, 2007 at 20:52 UTC

    If you want to be able to prove that it is your code, one way is to print it and mail it to your self through the poastal system. With the unopened package with the code and the date stamp on it, you can prove when you wrote the code.

    Though that is probably overkill in most situations.

      While this SOUNDS good, it probably won't hold up in court (IMHO) very well. The problem is that while sealed, you don't know when the seal was generated. It is just as easy to mail an envelope with the flap tucked inside the envelope, and add the contents later. That being said, a reasonable solution might be (no, I haven't done this) to take your listing to a notary public, and have them confirm your signature on EVERY page. In the US, the notary is required to keep records of their process (verification of your signature) for quite some time. These records (I just re-financed a house) include date, time, and type of document. The notary could care less what the document really is, but they put their 'seal' (actually a rubber stamp) on the page, and verify that you are the person who signed on a dotted line. The cost for something like this is in the $15-$30 range.

      As was said in the previous post, this is probably overkill, but if you want to prove authorship, this would work.

Re: How can you protect your Perl Mods/Hacks?
by CountZero (Bishop) on Apr 10, 2007 at 09:19 UTC
    Something few non-lawyers understand is that to actually protect your code, works of art, ... you have to publish them!

    The (temporary) protection you get from copyright law, patent law, trademarks, ... is given in trade for the author making their works, inventions, ... public and thus adding to the state of the art.

    There are even some legal systems (most notably under European Union Law) that deny any protection at all for works which could have applied for specific protection (such as patents or design protection) but failed to do so.

    So if you want to make sure, you get adequate protection go and see your friendly lawyer!

    Of course some other legal systems (such as the US) make it a criminal offence to break any copy-protection or code-scheme. So hide your perl-code behind a simple source filter and send the decoders/re-engineers to jail, but don't hope that other legal systems will accept this.

    CountZero

    "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

Re: How can you protect your Perl Mods/Hacks?
by naikonta (Curate) on Apr 10, 2007 at 04:10 UTC
    Just how can you be so confident that no one else has the same problem as you do and yet they might fire up better solutions? What's really new under the sun? And practically, once you release your code, there's nothing you can do to stop people from copying it, assumming it's worthwile after all.

    If you need some protection, copyright your Perl modules, put some license, release publicly, and let others peek on them, and they might offer their hands to improve them. In the meanwhile, offer your customer to purchase some services around your modules, and solutions.

Re: How can you protect your Perl Mods/Hacks?
by leocharre (Priest) on Apr 10, 2007 at 22:55 UTC

    Let's have an example. Let's imagine this is about writing- another form of intellectual expression. Are you familiar with books by John Steinbeck, or maybe Henry David Thoreau? Those books have nothing in them to keep you from copying the stories and putting your name on the work. Yet- we don't hear of many known writers that are later 'found' to have been stealing work.

    These books have no real protection. Especially in other countries. Yet, you don't hear England complaining that China wants to credit Wing Tsit Chan with writing Romeo and Juliet.

    Consider the inspiration you have, from the wonderful works that other humans have shared. Things like literature, science, and perl- benefit from putting energy into looking forward into what can happen. Furthermore- I suggest the community will look out for you on some level.

Re: How can you protect your Perl Mods/Hacks?
by Moron (Curate) on Apr 10, 2007 at 12:34 UTC
    In addition to publishing under licence, (you have to demonstrate ability to access by the copier, or they can claim independent inspiration) - you could take CDs to the bank and deposit them as safekeeping items (this is a different service from safety deposit boxes which wouldn't work for this purpose). Each copy goes in its own sealed envelope which you sign and date and which you ask to be countersigned by a bank employee of reasonable seniority, across the seal in both cases. That way in the event of any intellectual stealing, you could summon the bank to whatever court case, requiring them to produce the CD together with their records in its regard, thereby proving that any subsequent attempt to publish was later than your own date of conception by this means of evidence. The multiple copies are needed because not every court will accept another courts records in the event of needing to repeat the protection or in the event of awkward multi-jurisdictional cases and the bank needs to understand from you (in writing in advance) why you are making the safekeeping deposit so that they know they have the responsiblity of careful recordkeeping in regard to the item.

    -M

    Free your mind

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://608997]
Approved by Corion
Front-paged by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chilling in the Monastery: (5)
As of 2024-03-28 20:53 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found