Pirated copies of PixInsight | Copias pirateadas de PixInsight

[Juan Conejero]

[Versión en Español abajo]

Hi all,

Today we have discovered this:

http://forum-images.pixinsight.com/legacy/piracy/20100116/Screen%20shot%202010-01-17%20at%2012.23.44%20AM.png

We have made a screenshot, since with high probability the above page will disappear soon. Warning: the files linked in the above page may contain viruses and other malware —we assume no responsibility for any damages caused as a result of interacting with the page shown above.

This is the first time we have evidence that PixInsight has been pirated. So far we have been observing some people requesting cracks or cracked copies, but this time we have solid reasons to believe that at least one of those copies exists, along with its corresponding patch. The patch in question, by the way, includes a Trojan virus (we have verified it).

This crack is the job of a poor aprentice: limitation #2 on the screenshot above shows that he has been unable to understand our protection system. This work has probably been made for 30 USD, or perhaps less. Pathetic.

However, it is evident that someone has traced our application and found the point where it calls the license validation routines. The next step will be carried out by a much more competent hacker, who will have the necessary knowledge and tools —and will be sufficiently paid— to understand our protections. This is inevitable.

It is also evident that this cracked copy corresponds to a 30-day trial version.

What can we do about this? As far as we know, only three things:

- Design and implement a new protection system, even more sophisticated, and hence more difficult to understand. This may require a renewal of all user licenses.

- Change the current trial licensing system. We are considering several possibilities. Quite probably our trial licenses will no longer be generated in an automatic way (we already are not providing trial licenses automatically when the requesting IP comes from some countries, due to the big volume of false/fake requests).

- Try to let them know that we are ready to fight.

This is a very serious threat: we do not have sufficient income to afford the distribution of many pirated copies of our software. Each pirated copy is a software license that we can't sell, and this harms us severely. This is no game for us. I personally have invested everything in this adventure.

So instead of investing all of our time and resources in developing new tools and improving the PixInsight platform, we'll have to waste a significant fraction of them in protecting more our software. Very nice. Who has requested this crack can be proud of himself (thanks for all your great job !!!!!).

Just a last thing. PLEASE don't try to defend us by responding to the page shown above. We appreciate all your help, but this time there's nothing you can do (even us can't) by trying to respond to these persons directly.

Thank you for your understanding and support.


====================================


Hola a todos

Hoy hemos descubierto esto:

http://forum-images.pixinsight.com/legacy/piracy/20100116/Screen%20shot%202010-01-17%20at%2012.23.44%20AM.png

Hemos hecho una copia de pantalla porque con toda probabilidad la página en cuestión desaparecerá pronto. Atención: los archivos enlazados en la página de arriba pueden contener virus u otro software malicioso —no asumimos responsabilidad alguna por los daños causados como resultado de interaccionar con la página mostrada arriba.

Esta es la primera vez que tenemos evidencia de que PixInsight ha sido pirateado. Hasta ahora veníamos observando a alguna gente pidiendo cracks o copias craqueadas, pero esta vez tenemos sólidas razones para creer que al menos una de esas copias existe, junto con su correspondiente patch. El patch en cuestión, por cierto, incluye un Troyano (lo hemos verificado).

Este crack es el trabajo de un aprendiz incompetente: la "limitation" número 2 en la copia de pantalla anterior muestra que ha sido incapaz de comprender nuestro sistema de protección. Este trabajo probablemente ha sido encargado por 30 dólares, o quizá menos. Patético. Pensábamos que seríamos pirateados con algo más de estilo.

Sin embargo, es evidente que alguien ha trazado nuestra aplicación y ha encontrado el punto en que se invocan las rutinas de validación de la licencia. El siguiente paso será llevado a cabo por un hacker mucho más competente, quien tendrá los conocimientos y las herramientas necesarios —aparte de estar pagado suficientemente— para comprender nuestras protecciones. Esto es inevitable.

Es también evidente que esta copia craqueada corresponde a una versión de pruebas de 30 días.

¿Qué podemos hacer con esto? Por lo que sabemos, sólo tres cosas:

- Diseñar e implementar un nuevo sistema de protección, aún más sofisticado, y por lo tanto más difícil de comprender. Esto puede requerir la revalidación de todas las licencias existentes.

- Cambiar el actual sistema de licencias de prueba. Estamos considerando varias alternativas. Muy probablemente nuestras licencias de prueba ya no se generarán de forma automática (en este momento ya no estamos proporcionando licencias de pruebas automáticamente cuando la IP del usuario procede de algunos países —España es uno de ellos—, debido a la gran cantidad de licencias falsas que se estaban solicitando).

- Intentar hacerles saber que estamos dispuestos a luchar.

Se trata de una amenaza muy seria: no tenemos suficientes beneficios para permitirnos la distribución de muchas copias piratas de nuestro software. Cada copia pirata es una licencia de software que no podemos vender, y esto nos daña severamente. Esto no es un juego para nosotros. Yo personalmente he invertido todo en esta aventura.

Así que en lugar de invertir todo nuestro tiempo y recursos en desarrollar nuevas herramientas y en mejorar la plataforma PixInsight, tendremos que malgastar una fracción significativa de los mismos en proteger más nuestro software. Qué bonito. Quien haya solicitado este crack puede estar orgulloso de sí mismo (thanks for all your great job !!!!!).

Sólo una cosa más. POR FAVOR no intentéis defendernos respondiendo a la página mostrada arriba. Agradecemos toda vuestra ayuda, pero en esta ocasión no hay nada que podáis hacer (ni siquiera nosotros podemos) tratando de responder directamente a estas personas.

Gracias por vuestra comprensión y soporte.

[Yuriy Toropin]

...
This is a very serious threat: we do not have sufficient income to afford the distribution of many pirated copies of our software. Each pirated copy is a software license that we can't sell, and this harms us severely. This is no game for us. I personally have invested everything in this adventure.

So instead of investing all of our time and resources in developing new tools and improving the PixInsight platform, we'll have to waste a significant fraction of them in protecting more our software. Very nice. Who has requested this crack can be proud of himself (thanks for all your great job !!!!!).

Hola Juan,
This is very sad, but, to be honest, expected news.

May be you have to think again about business strategy here.

In my humble opinion, additional investments in improvement of protection will not bring any additional real value to the end user and with this will not significantly affect number of new licenses.

In contrast, more real functionality for "mass market" (like DSLR guys, etc) will attract new customers. Straightforward and easy preparation of "calibration masters" and calibration of shots themself (including DeBayer'ization, dark optimization, bad pixel mapping, etc) will make PI all-in-one package that will be very attractive to customers.

May be at that point you will also have to drop price to aim wider amateurs audience. All this is total IMHO.

In any case, "good product will sell itself", what we as proud PI customers can do is to help to spread that word around by publication of our works.

Sincerely and thanks a lot for all your hard dedicated work,
    Yuriy

[Niall Saunders]

Ji Juan,

Yes - as Yuriy said "Sad - but to be expected"

Although it does remind us that 'only the best' software will ever need to be cracked 

Is it worthwhile for 'us' to post on Forums elsewhere (such as Yahoo Groups) that although the 'crack' exists, it contains a verified Trojan? Or should we just leave things alone?

To me the choice is not that simple, because just discussing the fact that PI has been cracked will lead to some despicable characters setting out to find the cracked software anyway, Trojan or not.

Perhaps you are right - PI should be issued TO AN IDENTIFIABLE USER, with access codes being sent TO AN IDENTIFIABLE EMAIL ADDRESS. And this would include the Trial Version.

Also, as Yuriy suggests, perhaps a 'two-tier' marketing approach will have the advantage of encouraging more users to consider making the small investment in the 'entry-level' software, only upgrading when they feel confident enough to take advantage of the more complex modules. That allows you to restrict the issue of these modules to users whose integrity is 'perhaps' verifiable.

Another possibility is a 'compulsory licence renewal' system - but I don't see how that would affect a cracked version that no longer even 'looks' for the licence.

It is such a shame - a complete and utter waste of your time and resources - which as WE all know would be better served concentrating on the development of PI itself.

Best of luck - and please let us all know if we can help in any way.

[georg.viehoever]

It seems that PI is now interesting enough to be cracked. Something good in the bad news...  

From my point of view, it does not make sense to engage in an "arms race" with crackers. No software protection, no matter how clever it is, is save from being cracked -just have a look at the games market where companies such as EA have invested millions in protection mechanisms. And still you can get cracked versions of basically any game on the internet.

I believe, that for a software such as PI, a very basic licensing mechanism is sufficient. It protects users from "forgetting" to buy PI. The costs of PI are not high compared to the other costs of this hobby (try to get a decent set of mount/telescope/camera/... for 171 EUR). People who want to save those 171 EUR are very unlikely to buy PI even for lower prices. I sincerely believe that you will not loose much money to people using those cracks.

Just my 2 cents on this topic

Georg

[Niall Saunders]

Actually Georg,

You could have a very good point here.

Juan is already developing PI at such a huge pace that 'cracked' versions of the core program are, by their very nature, out of date almost immediately.

And, as Juan already advises all 'legal owners' of new updates by email, then 'crack users' will soon be abandoned.

However, some of those crack-users will become addicted and will eventually join 'the elite' anyway, their only advantage having been a 'longer' free trial period (which, of course, they would most likely have been given just by asking Juan nicely !!)

No, on reflection, I think the best course of action is to do nothing, and for Juan to monitor sales over the next few months.

That just leaves the question about whether the astroimaging community should be made aware of the TrojanHorse infection of the cracked-version. At least if it can be shown that we did try to warn them, and if they still chose to use 'unsafe' software, then any subsequent problems they had would have been of their own making.

Cheers,

[Harry page]

Hi

Yes a sad ocurrance

I am afaraid this is the way of the world and hope you can manage to keep them at bay , but is probabley impossible to stop .

I do not think the price is a real problem here as I think PI is very good value , and photoshop is used by far more people due to the experianced users but mainley
that people used pirated copys , Do you really think people part with 4 or 500 bucks / pounds / euros !!!!!!!!!!!!!!!!!

Looks like we will have to help to keep a eye on the world for you

Harry

[Juan Conejero]

Thank you, guys.

As George says, I think this isn't a matter of money. I sincerely think that 171 EUR is a fair price for all the work —past, present and future work— involved in PixInsight. If somebody who spends thousands of EUR/USD in equipment thinks PI is too expensive, then he/she better should stick to his/her already pirated copies of other well-known softwares, and stay into that niche.

It is true that no protection system can really stop these nice guys —so nice that they are working hard to provide hundreds of new PI users . But the question is, can we leave PixInsight at their mercy without a protection system? I definitely think that the answer is no. However, what kind of protection do we need? So far they seem to be having a hard time trying to understand my current system, even if it is relatively simple. They'll eventually manage to crack it, probably with the help of some smarter friend. For now, all I want is just to stop low-IQ guys like these. No really competent hacker will waste his time cracking something as insignificant as PixInsight. It is just not profitable.

Thank you for all your points of view and contributions on this sad and difficult topic. I'll try to continue working in what I must work, without too much disturbance from these nice guys.

Cheers!

[Niall Saunders]

Hi Juan,

Whilst still trying to find a 'simple solution' to this problem I realised that the ONLY incentive for obtaining a 'pirate copy' is in avoiding the financial outlay needed to acquire the package in the first place.

In the case of PI, however, the outlay is actually NOT that significant - for all the reasons already mentioned.

But, it occurred to me that if the trial period was extended, to THREE months for example, the average user would feel a lot more confident in 'stepping up' to PI. They would have a lot more time to get to know the package, a lot more time to 'become one of the PI community' (here on the Forum, for example). And they would be a lot more willing to invest at the end of their trial period.

Many of us had several years to get to know PI of course - whilst the product transformed from LE to Core to Commercial. And I certainly had no hesitation when my last 'free trial period' expired.

I doubt whether it would make any commercial difference to 'you' whether you received a licence fee in 30 days, or in 90 days.
And I know of no other astro-software that might be willing to let the customer have a 'decent' exposure period, under no pressure whatsoever.

Given that element of 'fairness', why would any prospective PI user risk 'infection' of their PC by some underground, uncontrolled, out-of-date version of the code?

I really think that you could defeat the pirates by NOT reacting - and some decent publicity by your PI community users, in all the OTHER fourms where they might participate, would actually benefit PI by way of 'free advertising', combined with a possible '90-day trial period' announcement.

(And I still also think that the off-forum discussion that you and I had a month ago might also now be a significant step forward as well)

Don't let 'them' get to you - you have these guys  on your side, remember?

Cheers,

[Philippe B.]

Like other guys, it is sad but it should come one day... Now PI is celeb ! 

For demo licence, maybe, like other software, you coud propose a 90 day full licence but with some restrictions, for example :
- cannot save image
- or save image contains a PI logo incrusted
- or limiting resolution to 256x256 on saved images...
- or logo appears on screen on all images
- ...
In this case, you don't have to generate a licence key by internet or run it with activation on internet. Only a trial version with restriction. In this case, you don't send on the internet a "demo licence procedure".

my 2 cents...



PS : some of my friends who have seen my PI processed images and my demos about PI told me 30 days in not enough and internet connexion necessary to use demo PI is a problem too.
I don't talk about this same guys (friends) who have several thousands euros on telescope, mount, camera... and says PI is expensive at 171 euros    Some other use Toshop (is it less expensive ?     
Juan, it is also hard for us to promote PI with this kind of guys     

[Niall Saunders]

Actually, here's a thought based on Philippe's ideas,

What about a 'permanent' STF that sits between ANY image array and the screen display, but an STF that simply 'ghosts' a PixInsight 'watermark' over the centre 1/3 of the image.

That way you cannot even 'screengrab' the final image - but it would be faint enough to allow normal processing to continue 'unhindered' (not being affected by zoom and scroll - ALWAYS in the centre 1/3 of a 3x3 grid), and not affecting processing mathematics, because it is a Screen TRANSFER Function.

And then, if the user chooses to SAVE the image, the STF is 'applied' to the image being saved - rendering the 'watermark' PERMANENT

As Philippe says, you then don't have an expiry period (or this 'STF' is only invoked AFTER the timeout). Which means you never have to issue 'free circulation' software.

But, I then realise - of course - all that is necessary is for the hackers to find out WHERE in the code the WatermarkSTF is applied - and disable it. Which just takes us back to square one again 

That said, it means that you 'could' issue a UNIQUE version of software to EVERY user, trial or licensed - which at least allows you to know where the piracy started. And then we could all go round and shine big torches down his/her OTA all the time 

Cheers,

[mmirot]

Juan,

Do what ever you can to protect your intellectal property without get to crazy is warrented. 
I think longer trail peroids should be on request only. If they email you then fine give them more time.

Max

[sigurd]

Juan,

I'm desolated to hear this news. I cannot possibly imagine my workflow at this point without PixInsight. In fact it is perilously close to freeing me from that ridiculously overpriced Adobe license! 

I think some of the advice presented above is pretty valid. I can barely understand the desire to crack such a niche product. Especially given the outlays people make in other areas of this hobby.

I'm sure this community will support you in whatever course you take (as long as it doesn't involve a USB dongle! ).

Keep up the good work, fight the good fight, and keep hope.

Thanks for all you do.
-esy

[Juan Conejero]

I'm sure this community will support you in whatever course you take

Thank you. I am absolutely sure of that, too, and that's why I feel lucky.

as long as it doesn't involve a USB dongle!

Rest assured about that (that there'll be no dongle, of course!)

Cheers!

[dhalliday]

I would be more than happy to pay a reasonable fee for a "one time" (or whatever) resetting of the license...or whatever you tech heads do..
Providing it is tech simple.
170 Euro's is a bargain...
?Maybe build in some partial fee after 6 months...when we are hooked..!

Dave

[Juan Conejero]

Hi Dave,

Of course, if there's the need to reset all licenses it will be a two-click procedure and it will be free. No PixInsight user will have to pay a buck until version 2.0.

And I'm glad to know you're hooked