I wouldn't be too bothered by that if they documented the feature. I mean, it's still an asshole thing to do, and I wouldn't buy their product because they've demonstrated that they can't code responsibly, but documenting dangerous features seems like the right thing to do.
posted by majick at 10:45 PM on September 9, 2004

Also, from the link: "Update: As it appears from one of the comments (from WiseWeasel), the developer did removed the file deleting code pretty quickly."
posted by majick at 10:48 PM on September 9, 2004

Well, that's Unix-style security for you. Unix is only secure if you think system files are more important than personal files. (Windows, of course, leaves both wide open).
posted by reklaw at 11:20 PM on September 9, 2004

It's a lousy way to fight piracy and it's not legal.

If you pirate, he's allowed to try to disable his software, at any point in time. But he's not allowed to destroy your data, especially large quantities of unrelated data.
posted by mosch at 11:20 PM on September 9, 2004

its an asshole thing to do, but still a worthless faux guarddog. willl take 2 days to for someone to crack the program and bypass the "delete home dir" function.
posted by Satapher at 11:23 PM on September 9, 2004

"Well, that's Unix-style security for you."

Actually, no it isn't. Unix-style security is to run untrusted binaries as a user with no privileges. What you're describing is better termed "desktop-style" security.
posted by majick at 11:29 PM on September 9, 2004

How would the program know you were using a pirated SN unless it was checking with a remote server? How would the program react if you let your firewall prevent that connection?
posted by fleener at 11:57 PM on September 9, 2004

If one reads the linked page, one finds out several things:

* As majick pointed out, the code has already been removed
* It targets specific serial numbers released by a cracker (they aren't even assigned to anyone)
* There was a lot of discussion of how it's not entirely appropriate to post the name of the program itself - the author put the anti-piracy code in in a fit of anger, and removed it pretty quickly upon feedback.

Says one person who claims to know the author: "He's spent many months getting ready for this release, and the next day, some brainless low-life had reverse-engineered his serial gen code, and released several working serials for it. Since the numbers were posted, registrations for his app completely stopped, and he's now facing the grim situation of possibly halting all development on this very useful program. He's in debt, and broke, and getting nothing for all his hard work. Seeing all his hard work getting flushed down the toilet made him understandably angry, and he was mainly trying to get revenge on the cracker, and to scare people away from attempting to pirate his software. That being said, he's already seen the error in his ways (so to speak), and the current build of his app has the home directory wiping code removed."
posted by advil at 12:27 AM on September 10, 2004

Does anyone know what his app actually does..?
From what I can gather from its rather poor site, it's a GUI for a bunch of movie decoders/encoders..?

One thing I could tell, is that there are so many restrictions and crippled features in the 'trial' version (it seems to only output a short chunk of the video in black & white) that anyone considering buying it might well want to crack it first just to test it properly!

The author sounds like some sort of fuckwit adolescent, to be honest - you don't add in destructive code, build your program, test it, then release it all in a fit of pique.
posted by cell at 1:14 AM on September 10, 2004

fork(); fork(); fork();



exec();
posted by Kwantsar at 1:17 AM on September 10, 2004

Well, that's Unix-style security for you. Unix is only secure if you think system files are more important than personal files. (Windows, of course, leaves both wide open).

Might be worth noting that this is false.
posted by ed\26h at 1:18 AM on September 10, 2004

Cell: The of the quality of the application or its website or the motives of it’s developer in taking such actions do not affect whether or not these actions are ethical or justifiable.
posted by ed\26h at 1:26 AM on September 10, 2004

If this was done by any reputable software company, a crack would have hit the net in hours.
posted by Keyser Soze at 2:41 AM on September 10, 2004

Um.. That it's unethical and unjustifiable seems to have been admitted implicitly by the author him/herself - as far as I'm concerned that's not in question. I made no comment on the quality of the software. The site is obviously lacking (there is no obvious description of what the software is for!) but I simply mentioned that to explain why I needed to ask an obvious question.

In my first two lines I asked what the software actually does, and postulated my own vague idea which I would like confirmed/clarified (hence the question marks).

My middle paragraph provided some justification for those who might want to crack it, and in doing so described a scenario where a prospective purchaser might have been unintentionally fucked over - which in turn illustrates one reason why putting destructive code in your app is a stupid idea.

My last paragraph is opinion, but obviously stands alone, as it does not draw on any of the observations made prior to it.

All things considered, I prefer being concise. But that doesn't seem to work well for some of you.
posted by cell at 2:58 AM on September 10, 2004

Cell: There’s no need to become heated or defensive in any way. It seemed that you had presented an argument that worked in the way to which I objected. It’s important to a constructive conversation that we understand each other’s reasoning properly.

The author can no more dictate that his actions were unethical (through admission, implicit or otherwise) than he can dictate that his actions were permissible. Also, the original post did, in fact, seem to pose the question of weather he was justified in his actions or not.
posted by ed\26h at 3:25 AM on September 10, 2004

c:\> deltree c:\dos
posted by angry modem at 3:30 AM on September 10, 2004

slash why?
posted by ed\26h at 3:36 AM on September 10, 2004


C:\>deltree c:\dos
'deltree' is not recognized as an internal or external command,
operable program or batch file.
C:\>del /f /s /q c:\dos\*.*
The system cannot find the file specified.

Hmm.

C:\>rm -rf *
'rm' is not recognized as an internal or external command,
operable program or batch file.

posted by Ethereal Bligh at 4:01 AM on September 10, 2004

I'm not at home so I don't have access to my Macintosh. I wonder if the software he's selling is even legal. The software he's written a wrapper for are licensed under the GPL from what I can see. I don't believe that he can just provide binaries for the GPLed code alongside his wrapper.
posted by substrate at 4:33 AM on September 10, 2004

If the developer had written a routine disabling the "false" serial numbers that would have been one thing. However as it is the guy's already proven his lack of judgement with this stunt... it's proved to be a problem for some dishonest users, sure; however it'll prove to be a much, much bigger problem for himself when, at a future job interview, he'll have to answer the question "what were you thinking?".
posted by clevershark at 5:25 AM on September 10, 2004

More like c:\> deltree c:\windows...
posted by clevershark at 5:26 AM on September 10, 2004

...some brainless low-life had reverse-engineered his serial gen code...

of course, if you're relying on a static serial number verification algorithm to protect your software from piracy, and you actually expect it to be more than marginally effective, I would tend to call your brainedness into question.

If it's important enough to risk going to jail for various and sundry Title 18 violations to prevent piracy, it's important enough to phone home.
posted by Vetinari at 5:47 AM on September 10, 2004

This sort of coding malfeasance is only a minor problem now, but it's going to get really interesting when we work out the connection difficulties to let people start hardwiring their brains up directly to their PCs.
posted by troutfishing at 6:08 AM on September 10, 2004

Back in my day we didn't have any goddamn deltree commands. GET OFF MY LAWN

Seriously. The version I used the most was DOS 3.
posted by angry modem at 6:15 AM on September 10, 2004

He's closed the forums, obviously he was getting some flack and wanted the heat off.
posted by Dome-O-Rama at 6:41 AM on September 10, 2004

troutfishing: access control, granular permissions, and signed code will save the day then. There will probably be a huge number of different restrictions you could place on the apps which try to connect with your brain, and running unsigned drivers in the kernel space of such a computer would be madness.

RE: this program: This is malware. Do you trust a programmer who considers it appropriate to do this - under any circumstances - to execute any code on your machine? I don't.
posted by azazello at 6:59 AM on September 10, 2004

It gets better.

This software was a front end for ffmpeg (an open source unix audio/video conversion tool.)

That's right - he built a UI for a piece of software that is used primarily (privately) to convert MPEG-2/DVD format files into a smaller format.

In other words, when you get (rent, netflix) a dvd and you want a copy, run "Eschelon"

Isn't this mildly hypocritical?
posted by filmgeek at 7:31 AM on September 10, 2004

Filmgeek: The fact that it is possible to use a product to the ends of illegally copying protected content does not mean it is in any way hypocritical for the author of such a product to object if that product itself is illegally copied.
posted by ed\26h at 8:07 AM on September 10, 2004

I feel for the guy, it sucks when some lazy ass steals your property or gives others the means to steal your property. He over reacted, he's calmed down and seen the error of his ways and fixed it.

He knew that wiping machines was going too far.

Filmgeek, yep it would seem to be hypocritical to bitch about software made to steal other people's property. Oh well, more swamp to much around in.
posted by fenriq at 8:22 AM on September 10, 2004

Ironic choice for the application's NAME, don'cha think? I have to admit it made me wonder for more than just a second if this anti-piracy code was more than just a rage-induced, spur-of-the-moment addition.

http://www.echelonwatch.org/

I also have to wonder about a developer/design house (that touts web-design services!) having their main page hosted on .Mac.
posted by Fofer at 8:38 AM on September 10, 2004

Might be worth noting that this is false.

But not worth explaining why? I've found this to be very true. For instance, OS X has great security protecting your stuff from other people, but if a program you run wants to delete all your documents it doesn't need any special permission from you.
posted by smackfu at 8:39 AM on September 10, 2004

The app's programmer is stupid to boot. What happens if a valid user enters a "banned" serial number by mistake? Or the validation code just malfunctions which is pretty likely in a one man operation with no independent QA. Lawsuit city.

angry modem: we used edlin and we _liked_ it :)
posted by Mitheral at 8:44 AM on September 10, 2004

fenriq: What reason do we have to conclude that this software was made specifically to steal other people’s property? Could its intention not have been for the user to make backups of personal DVDs as is perfectly acceptable under fair-use law?
posted by ed\26h at 8:51 AM on September 10, 2004

Smackfu: I was referring to the distinction drawn with regards to Windows (presuming we are talking NT based versions). What I mean is, if a user logs into an account which has admin privileges then the programs they run will be able to affect system files. However, if the machine is set up more prudently and the account is set to “Power User” or a suitable custom account type then system files are protected.
posted by ed\26h at 9:02 AM on September 10, 2004

Smackfu that is a OS X thing not a limitiation of Unix. Apple probably did it this way to make it easier on users. A properly configured (IMO) unix machine won't let install (or other) executables write/delete willy nilly all over the file structure. A rogue installer sure as heck wouldn't be able to overwrite home drives on my machines. Deleting the system is my job.
posted by Mitheral at 9:16 AM on September 10, 2004

Mitheral - It only deleted the user's /home directory, according to what I read. If the user's running it as themselves, then it's perfectly appropriate for it to have access to delete those files.
On most *nix systems, that means that your home directory and any files off of it would get deleted. That'd be a major problem on my system, as I'd lose all of my work-in-progress since the last time I updated my CVS repository, but on most *nix systems you'd just lose some documents and some preferences.

So yeah, on *nix, your home directory would be easily deleted in the same way unless you were running the installer as another user.

On OSX, you lose all of the user information that allows the desktop to run and you'd have to rebuild all of that or reinstall. :-P
posted by SpecialK at 10:06 AM on September 10, 2004

and he's now facing the grim situation of possibly halting all development on this very useful program. He's in debt, and broke, and getting nothing for all his hard work.

And now he'll be going to jail. Heh.

At least, he will be if more then a few people ended up with their hard drives whiped. I don't know what the theshhold for FBI intrest is, but its likely that you could lose thousands of dolars of work by having the home DIR whiped on a Mac. And that's per-person affected.

I think it's unlikely that anyone is going to trust this guy's software again from here-on-out even if he dosn't end up with huge legal problems. Ah well.
posted by delmoi at 10:21 AM on September 10, 2004

"But not worth explaining why?"

I already did. It's not a system security problem, it's a matter of the user not taking adva

"This software was a front end for ffmpeg..."

While I will be exactly the first person to admit that ffmpeg is pretty confusing for the inexperienced, this trend of people writing cruddy little AppleScript wrappers around mature GPL software -- which, given the way OSX application bundles work might be a grey area of GPL compliance already -- and then charging big bucks for it as though you'd written a complete product is pretty lame, to say the least.
posted by majick at 11:32 AM on September 10, 2004

not taking adva...ntage of the system security.
posted by majick at 11:33 AM on September 10, 2004

I agree this is a really bad thing to do and would never myself, but it doesn't affect normal users (it only erases files when specific keys were entered that were passed around by a pirate).

This seems to be a great way to deter piracy. I know I wouldn't mess with a program if I knew it might do this. And if in the license he says you can't use illegal serial codes, aren't his (legal) bases covered? What if he puts a message up saying "enter a serial code that we have found to be pirated will result in very bad things happening" or something?

This sounds like putting deadly snakes under the windows in your house. If someone breaks in, they die.

So I don't see a huge problem with it.
posted by zelphi at 1:15 PM on September 10, 2004

but on most *nix systems you'd just lose some documents and some preferences.

Yeah, if you're saying that most Unix systems are basic servers. Anyone who actually uses their system on a regular basis will probably have gigabytes of stuff under their home directory. I, for example, have all of my business data, documents, MP3s, project work, heck.. everything that isn't an application or system data under my home dir!
posted by wackybrit at 4:04 PM on September 10, 2004

Then there is the legit user who has to reinstall, and can't find his infernal serial code anywhere. So he goes looking on the good ol' interweby thingy, and finds another code. Ah, that makes it right! Presto!.... ooops.

I, for one, have done this.
posted by Goofyy at 8:37 AM on September 13, 2004