PDA

View Full Version : Cracked software - something to really be concerned about?


strangedays
March 13th, 2011, 11:12 AM
Ok just to start this thread of and keep it safe this is in reference to the radio show with Slipperking calling out about the latest hacked UAD cracks.


Now I know the UAD stuff is regarded highly, but seems like they got it running of the hardware. Which sort of defeats the purpose of the UAD plugins.


I legaly own Protools, Duende plug ins, VI's etc. So this industry has had a nice tiny sum from my wallet, this all from someone who doesnt do it commercially. A hobbiest. I of course didnt always have the money to do this (when at college)

On top of that I have spent time (here mainly) learning how to use this stuff, and lets face it whilst using the tools isn't rokit science the process is a long learning curve - and anyone who has an attitude to steal 1000 plugins is probably missing the point of what they could do ith one decent pack of plugs.
.


If we thought it was cool to be building houses this would be like finally getting our hands on hammers and angle grinders for free, but who are we kidding?

If it wasn't for the current digital market there would be no cracks.

But then there would be no products to sell either.

Piracy upsets many but its quite funny really because anyone serious about the whole thing buys the kit anyway yet so many companies seem to go on and on about it all the time. BUT WHY! - yes I know its illegal but throwing a stupid protection mechanism at it is silly.

Yes I could go on and on, I am not saying cracked software is a good thing but they way these companies rant on about it I think is stupid, the hassle I went through to authorise my Duende native plugins was stupid.
Then I find out that within 3 days its cracked and I was still trying to fix a pathetic authorisation problem with there licensing. YES I PAID but could't use the plugins but there were those who could cos it was cracked so fast. LOL!

I think they need to wake up a bit and grow some steel around the testicular zones. When the cracks are easier to install then the official releases somethings wrong.

weedywet
March 13th, 2011, 11:39 AM
I can't blame them for trying to protect their market

I DO blame companies whose protection or download schemes are so convoluted that it appears no one who who works there ever TRIED to download their software tI see what custusers experience. (read as Waves)

But I don't think they're obligated to make piracy easy

It's all interconnected

If you're making recordings just as vanity refrigerator art it's easy to convince yourself that the tools to make the 'free' music should also be 'free'

Otoh- I think charging hardware prices for software implementations is usurious

A few hundred dollars is reasonable for a plug in.
1000 is not. NO matter what it is.

Mo Facta
March 13th, 2011, 12:04 PM
On top of that I have spent time (here mainly) learning how to use this stuff, and lets face it whilst using the tools isn't rokit science the process is a long learning curve - and anyone who has an attitude to steal 1000 plugins is probably missing the point of what they could do ith one decent pack of plugs.

You would be surprised how many studios out here in the nether regions are using cracked plugins. I've even had a certain engineer at a certain commercial and well-known studio ask me casually if I happen to have any cracked plugins that he could copy from me. You would think that would raise even a couple of eyebrows but because of the virtual anarchy prevalent in a lot of sectors of our society, it's really just commonplace. There's absolutely 0% fear of getting caught. Ironically, the sound quality of a lot of these "commercial" releases have not improved despite their piracy.

Me personally, all of the software in our studio is 100% legit. I have been in a pretty good position the last few years because my partner is a dealer and gets special deals on legit software so I really don't have a lot of gripes when it comes to costs and support, etc. I must say however that I really do believe that legit software is more stable and if you want to screw with your system, installing cracked software will do the trick.

Cheers :)

otek
March 13th, 2011, 12:06 PM
You also have to take into account that, while they're sometimes cumbersome to authorize, owning all your plugins makes you way hobbier than the hobbiest rokit scientists.

:D

otek

MacGregor
March 13th, 2011, 12:57 PM
I DO blame companies whose protection or download schemes are so convoluted that it appears no one who who works there ever TRIED to download their software tI see what custusers experience. (read as Waves)


I remember searching for and downloading a cracked version of Cubase SX3 because the copy-protection-nibnob of my legally purchased copy would not run on my computer :headpalm:

It's fine to have a basic(!) copy protection to avoid John DumbDoe giving a free copy to all his friends.

It's not okay to have a dedicated state of the art convoluted copy protection (where the development probably cost more than the software it tries to protect ) which is a PITA for the customer to use and which gets cracked sooner or later anyway.

Mac
.

MKZ
March 13th, 2011, 02:44 PM
Oh my, did I struggle with the Waves authorization process the first time I bought some Waves stuff...

Slightly out of topic, I have seen some negative remarks about the upgrade prices/process on here regarding Waves... I'm staying native with plugins, I have the Musicians II bundle (Which has the RennComp, which actually is the only one of them I really feel I need, but has some cool other toys too like RennVox and that Pitchfucker plugin)

It seems the waves update plan costs 200 USD and covers all your waves plugins. Now, the Musicians II pack costs 160 USD and I don't really see myself needing any more Waves products anyway, so I should just buy the new version of the bundle when I switch to PT9, right?

How about, does the iLok get all confused if I have like V5 on there and the same bundle in V8?

Slipperman
March 13th, 2011, 03:06 PM
Ok just to start this thread of and keep it safe this is in reference to the radio show with Slipperking calling out about the latest hacked UAD cracks.


Now I know the UAD stuff is regarded highly, but seems like they got it running of the hardware. Which sort of defeats the purpose of the UAD plugins.


I should really learn to STFU... or at least have the wisdom to make sure my bullshit is edited out.

I have a few friends in software R&D, and this was the RUMOR that one had told me about a matter of days before the MMRS was recorded.

I was kinda horrified when I heard my big mouth running about it, as my wife listened to the latest segment night before last.

PLEASE.

Let me CLARIFY: I DO NOT ACTUALLY KNOW if there is indeed a working krack of the UAD stuff out there.

I don't HAFTA know. I actually OWN 4 of the cards.

I'm HOPING there ISN'T.

It's been one of the last bastions of "Torrent-Proof" softie out there.

Really.

I gotta just learn to zip my fucking yapper.

Lose lips sink ships.

Fuck me.

SM.

strangedays
March 13th, 2011, 03:41 PM
Hey Slipperfoot...


dont kick yourself for making the point, I dont know if there are cracks out there for the UAD stuff but there are now lots of alternatives and none of them are actually 1176s they are just plugins with different ways of working.


Also I am not surprised that there are studios stealing plugins but one has to ask just how good they are at mixing.

I mean before I jumped over here I used to play with lots of plugins, I mean lots, I used to get everything I wont deny it I learnt nothing really other than there are lots of plugins.

I certainly learnt fast that this was a sure way to bury yourself in a tool shed.


And the more I learn the less I need, even the debate about a really good recording should mix itself came up.

So if some twat is downloading 50 millions plugins then I doubt he knows what to do with one. And if he does, the amount of time he spent downloading 50 million plugins was probably wasted.


But if someone purchases a choice of 2 or 3 bundles or the occasional favourite plugin, they will be more motivated to understand how it works inside out.


But we all try things, and plugs do allow us to have a go dont they? Hackintosh anyone...... (actually Windows 7 is just as good now).

dwoz
March 13th, 2011, 03:59 PM
I spent a fair portion of my early career working with software licensing for a major product in the software development world, and I have to say, your statement,


I think they need to wake up a bit and grow some steel around the testicular zones.

is about as naive and uninformed as any statement I've ever heard on the subject. This has been studied and worked on for 20 years.

When I was doing that work, I authored a white paper (in 1997) on software copy protection, which identified four basic groups:

A: hard core "scofflaws" who were going to use pirated versions of the software no matter what;

B: Users who would prefer to use pirated (free) software until it became to onerous to do so;

C: Users who would prefer to use properly licensed software until it became too cumbersome to do so;

D: Users who would always use properly licensed software as a matter of course.

Now, as a software developer, you don't bother worrying about users A and users D...they will always do what they do and you shouldn't waste a lot of money on them in your licensing scheme. The question then becomes, how do you make it harder for user B without making it too hard for user C? If you do a certain licensing scheme, will it stop 500 users in group B from being "rogue", but in the process, force 600 users from group C to GO rogue?

This stuff has been worked on for a long time.

Now, having said that, I have to express my utter dismay and surprise that PACE, with their iLok scheme, manages to stay in business, because that is the worst product on the fucking planet, or at least it used to be.

I believe that like republicans tinkering with the economy, iLok did far more damage to the whole environment than it ever did good.

But really, as far as the "grow some steel" thing goes...it all comes down to whether you can keep the lights on and have programmers and testers and marketers and sales guys and finance guys and receptionists and delivery trucks coming in the parking lot each morning, rather than having an empty building where a software development company used to be before it went under.

dwoz
March 13th, 2011, 04:04 PM
There's a very simple and pragmatic reason for a studio wanting to collect every plugin out there.

...a project walks in the door. It came from some guy, somewhere, who used a bunch of plugins. The producer now needs you to pull some stem mixes for something-or-other, and the original guy who set up the project is long gone, got hit by a bus after sailing off into the sunset with his winning lottery ticket.

And you have to open the project and print it, with just a session file and audio files.

Chances are PRETTY DARNED GOOD that he used some crazy shit that you don't have, unless you are a plugin hoarder.

No, it's not right to use cracks.

Saculus
March 13th, 2011, 04:10 PM
Initially I tried some of the torrents and didn't like the feeling of being a thief as well as the ui disintegrating over time as well as the fact you essentially are trusting someone who isn't afraid to steal thousands of dollars with your computer as soon as you click install. I can understand the rationalization but If you can't make something sound good with stock plugs and some of the freeware stuff I go to before my money plugs you probably aren't going to make something good at all anyway. I've yet to make anything GREAT with either but that is why I come here for 'guidance'.

E. Shaun
March 13th, 2011, 04:21 PM
Let's face it, it's an expensive industry to get started in. If you don't know that going into it, you're either hopelessly idealistic or hopelessly naive. Stealing or cracking things like programs or plugs will always catch up to you, one way or another.

What I'd like to see is more "starter" versions of software for newbies and hobbyists, making it easier for Dwoz's Group C to stay on the legal end of things.

You're never going to stop piracy (sorry Somalia), but there are other ways that manufacturers can help curb it, much in the same way that the emergence of iTunes (like it or not) has curbed illegal downloading of .mp3s.

Any pay-per-plug plans out there? Should there be?

TheNetStudio
March 13th, 2011, 07:05 PM
http://audacity.sourceforge.net/

http://www.gersic.com/plugins/

http://ardour.org/

http://reaper.fm/index.php

qharley
March 13th, 2011, 07:16 PM
http://audacity.sourceforge.net/

http://www.gersic.com/plugins/

http://ardour.org/

http://reaper.fm/index.php

No excuse... I work with ardour exclusively. I even used the (not even alpha) version 3.0 to do the CAPE, even though I would probably not used it for a paying customer's recording just yet.

Pay for the tools you use, and they will still be around for years to come. Even pay for these fine "free" tools.

strangedays
March 13th, 2011, 09:33 PM
I spent a fair portion of my early career working with software licensing for a major product in the software development world, and I have to say, your statement,



is about as naive and uninformed as any statement I've ever heard on the subject. This has been studied and worked on for 20 years.

When I was doing that work, I authored a white paper (in 1997) on software copy protection, which identified four basic groups:

A: hard core "scofflaws" who were going to use pirated versions of the software no matter what;

B: Users who would prefer to use pirated (free) software until it became to onerous to do so;

C: Users who would prefer to use properly licensed software until it became too cumbersome to do so;

D: Users who would always use properly licensed software as a matter of course.

Now, as a software developer, you don't bother worrying about users A and users D...they will always do what they do and you shouldn't waste a lot of money on them in your licensing scheme. The question then becomes, how do you make it harder for user B without making it too hard for user C? If you do a certain licensing scheme, will it stop 500 users in group B from being "rogue", but in the process, force 600 users from group C to GO rogue?

This stuff has been worked on for a long time.

Now, having said that, I have to express my utter dismay and surprise that PACE, with their iLok scheme, manages to stay in business, because that is the worst product on the fucking planet, or at least it used to be.

I believe that like republicans tinkering with the economy, iLok did far more damage to the whole environment than it ever did good.

But really, as far as the "grow some steel" thing goes...it all comes down to whether you can keep the lights on and have programmers and testers and marketers and sales guys and finance guys and receptionists and delivery trucks coming in the parking lot each morning, rather than having an empty building where a software development company used to be before it went under.

20 years, and Duende Native was cracked in 3 days. Pro Tools HD 9 in ?? well only a few weeks I think maybe less.


How much money are you prepared to throw at licensing is the question. And when do you allow it to become a pain in the arse for the ones paying.


Yes its wrong to own cracked software. But its also right to buy it. Basically there is just no policing in this area its a constant wheel that will go round and round .

Currently the copy protection only reaches out to educate people that it is wrong and I suppose thats a valid purpose, but look at Reaper (ok I am not a fanboy). It can be hand for those who would need to load it up quick.

Perhaps looking at more versatile licensing might also stop studios downloading everything, ie a sort of temporary license. (I think SSL are doing something similar with the demo of native duende.

Saculus
March 14th, 2011, 03:32 AM
http://audacity.sourceforge.net/

http://www.gersic.com/plugins/

http://ardour.org/

http://reaper.fm/index.php

I'd just add,
http://varietyofsound.wordpress.com/downloads/

90% of my work today was Reaper stock plugs and the Bootsy stuff linked above. The other 10% was Slate FG-X, VCC, and Stillwell comps.

strangedays
March 14th, 2011, 03:31 PM
I'd just add,
http://varietyofsound.wordpress.com/downloads/

90% of my work today was Reaper stock plugs and the Bootsy stuff linked above. The other 10% was Slate FG-X, VCC, and Stillwell comps.



I'll have a listen later but just wanted to say that you obviously cannot steal the real meat which is the experience and skill.

Thank god for that I suppose.

ivmike
March 14th, 2011, 05:21 PM
A studio that I recently worked in has offered me it's entire version of Waves plug-ins. Imagine my dismay when I found that they were offering me a cracked version of these plug-ins; the same version that they use. Then, a version of Logic was also offered to me. This studio has gold records on the wall; many gold records. This studio has outboard gear that destroys any of these plug-ins, yet they still have and use cracked stuff in their control room. :headpalm:

For the record, I turned down their offer to have "my own" copies of the plug-ins and Logic. I am very happy to be working on my fully paid-for version of Cubase 5 and I can say with absolute certainty that my Mac has only legal software installed. Honestly, I'd rather run my productions through a Behringer compressor that I paid for, rather than a ripped copy of plug-in.

strangedays
March 14th, 2011, 05:32 PM
A studio that I recently worked in has offered me it's entire version of Waves plug-ins. Imagine my dismay when I found that they were offering me a cracked version of these plug-ins; the same version that they use. Then, a version of Logic was also offered to me. This studio has gold records on the wall; many gold records.

Thats a bit surprising. I would have thought this was not a common thing?

ivmike
March 14th, 2011, 05:36 PM
Thats a bit surprising. I would have thought this was not a common thing?

I was surprised; very surprised and disappointed as well.

TheNetStudio
March 15th, 2011, 02:53 AM
I'd rather run my productions through a Behringer compressor that I paid for, rather than a ripped copy of plug-in.

Well said!

:Thumbsup:

cwatkins
March 17th, 2011, 12:58 AM
So, my ideas on the subject were:

#1. Wow, screw the crack; this means somebody found a decent emulator out there for that chipset. (I thought it was a video chipset; I forget. But because of that; at least for that array of software it means that a legal offering **WITHOUT LATENCY** might be possible by the vendor WITHOUT a re-write. Because that means little reinvestment for them; it might
get done. I can tell you alot of cisco had no idea their were
emulators running around that ran their firmware so well,
it became a instant test hit for anyone using the devices.

#2. If such a linux thing existed (cause I can conceive how it would be done, I have done cisco emulators for work and have a couple UAD cards) it would be so hard to implement and use even if eventually some image was generated that it would be nothing more than a neet factor for geeks.

#3. Such things existing (avid for instance) seem to have pushed vendors over the edge of what may have only been a marketing line. (also, it is very bad for the vendor when their
software gets ripped off incorrectly and doesn't function right
and that's been well documented with say, cubase 2.0)

#4. Look; The entire reason for cpu relieved dsp cards is so that native based stuff doesn't screw you in the a$$. If you can't conceive or don't realize the benefit of having a predictable response system then you don't exist in our universe or aren't very bright; or as I suspect 99.999% of the native users are; willing to deal with the pain because they can't afford
the dsp systems and then just diss it because of the superiority they don't have and can't afford because their are part-timers or
in small markets, etc.
4a. So, the ability to have the UAD plugs on native is kind of look warm; having them on tdm is better in a way; as having them without latency removes a PITA factor that's worth removing. But I'm sure writing them under motorola 5xxxx requires re-writes thus changing their sounds ladadada.

As to the greater question of ethics; for a long time I got paid
on sales of product/software sales. I however still admire anyone/s who take a year to write software to emulate a key to workaround a product that provides protection. Because without them the protection people have no job either.
(Virus/malware protection people match makers in spent vs cost for example and similar situations are the same.)
When they are basically emulating a small part of the Internet to mock licenses then I think the PITA factor is going to outweigh anything but the most expensive such things.

So, since Poco is toast I guess they might as well go after it now. :) That's a pure joke now!

Brendo
March 17th, 2011, 10:05 AM
Back in high school I was happily using cracked copies of Cool Edit Pro and Cubase/Nuendo with every plug under the sun. In about 2005, I bought my first iBook and Mbox, and ever since then I've been using 100% legit DAW and plugins etc.

I've bought a few plugins - Melodyne plugin + Massey Tapehead, CT4, L2007, Deesser. Mellowmuse's bundle (the one with the convolution reverb). I won a pack with all of DUY's native plugins at the time (Everpack + Magic EQ + Magic Spectrum) and have since bought DUY Silence as well (DUY Z-Room is now free).

Those + Factory Bundle + AIR plugins + DigiRack plugins is PLENTY for me to get 99.9% of stuff done. The only thing I really lack is a good pitch shifting plugin where I can just dial in a pitch change as an insert instead of having to melodyne it or process it as audiosuite.

Mixerman
March 17th, 2011, 04:31 PM
I should really learn to STFU... or at least have the wisdom to make sure my bullshit is edited out.

I have a few friends in software R&D, and this was the RUMOR that one had told me about a matter of days before the MMRS was recorded.

I was kinda horrified when I heard my big mouth running about it, as my wife listened to the latest segment night before last.

PLEASE.

Let me CLARIFY: I DO NOT ACTUALLY KNOW if there is indeed a working krack of the UAD stuff out there.

I don't HAFTA know. I actually OWN 4 of the cards.

I'm HOPING there ISN'T.

It's been one of the last bastions of "Torrent-Proof" softie out there.

Really.

I gotta just learn to zip my fucking yapper.

Lose lips sink ships.

Fuck me.

SM.

There is one, and there was indeed one within days. This is factual information, and just because we know about kraks existing, doesn't mean we have anything to do with kraks.

People seem to constantly be on edge when it comes to talking about kracks. They exist. They're illegal. they should be illegal. But they do exist, and people use them.

There. I said it.

News Flash: People steal music too. On a daily basis. My stating this fact does not mean I steal music. Right?

Right.

Enjoy,

Mixerman

Keks
March 17th, 2011, 07:58 PM
There is one, and there was indeed one within days. This is factual information, and just because we know about kraks existing, doesn't mean we have anything to do with kraks.

People seem to constantly be on edge when it comes to talking about kracks. They exist. They're illegal. they should be illegal. But they do exist, and people use them.



And someone who really wants a krack will know it's out there, the day it was made, unless he's a complete dim-bulb.
So, no one relies on this board or any other audio board to get information on a krack.

All the best,
the keks

Slipperman
March 17th, 2011, 10:39 PM
And someone who really wants a krack will know it's out there, the day it was made, unless he's a complete dim-bulb.
So, no one relies on this board or any other audio board to get information on a krack.

All the best,
the keks

Ahh fark.

No biggie.

I just don't wanna have anybody think I'm condoning or promoting this stuff.

SM.

nobby
March 17th, 2011, 11:50 PM
I however still admire anyone/s who take a year to write software to emulate a key to workaround a product that provides protection. Because without them the protection people have no job either.


So someone flattens your house with a bulldozer and you thank them for showing you the vulnerabilities of your house.

Then you pay a construction company to build a more solid house.

The construction company may be affiliated (for all we know) with the bulldozer company, which will now be building a bulldozer to specs that will demolish your sturdier house.

And so on. Do you see a loser in this game of "monkey in the middle"?

Protection racket, anyone? (http://en.wikipedia.org/wiki/Protection_racket)

Knastratt
March 18th, 2011, 01:55 AM
Download and use Stillwell plugs. Pay as fast as you can. No hard feelings.

Saculus
March 18th, 2011, 02:33 AM
Download and use Stillwell plugs. Pay as fast as you can. No hard feelings.

Very tasty plugs and affordable, especially if you are a reaper user.

There is a js:version of many of their plugs in the reaper platform at the start.

Johnny
March 18th, 2011, 05:51 AM
So someone flattens your house with a bulldozer and you thank them for showing you the vulnerabilities of your house.

Then you pay a construction company to build a more solid house.

The construction company may be affiliated (for all we know) with the bulldozer company, which will now be building a bulldozer to specs that will demolish your sturdier house.

And so on. Do you see a loser in this game of "monkey in the middle"?

Protection racket, anyone? (http://en.wikipedia.org/wiki/Protection_racket)
Yep. The "broken window fallacy."

qharley
March 18th, 2011, 07:27 AM
... without criminals the police would not have a job either ...

Sometimes you have to marvel at humanity, in how much work we make for ourselves

Here I am, having to improve a simple spreadsheet form to prevent some of my colleges goofing off and cheating on the inspection of equipment. I have to work harder, just to "enable" them to actually do their jobs right.

:finger::Mad::fingerlefty:

DannyTheDimbulb
March 18th, 2011, 09:02 AM
And someone who really wants a krack will know it's out there, the day it was made, unless he's a complete dim-bulb.

"dim-bulb", huh?

Just yesterday this rap artist called me a "cracker"...

Every bit of software I use is payed for. I just wish I could charge the people at WAVES for the hours it took to get those licenses on the i-Lok.

"Tal Herzberg, I wan't my money!"

majestikc
March 23rd, 2011, 05:58 PM
Just use the free stuff, the Bootsy Density MkII can be made to sound exactly like the Waves Puigchild

http://rekkerd.org/bootsy-releases-density-mkii/

And the Plugin Conspiracy Buss Comp sounds the same as the Duende Buss Comp

http://www.youtube.com/watch?v=AtIuwcduvM0

Plus with all the freebies you get from Flux and Sonalksis etc, and the Stillwell stuff there's really no need to used cracked plug-ins.

(And of course Nebula)

Glad I never wasted any money on the hype and went with the FREE free stuff

(plus it's just koowler using the free stuff)

majestikc
March 23rd, 2011, 06:03 PM
the lubetube video is comparing the Conspiracy to the Waves, but I only tried it against the Duende demo and it sounds exactly the same with pretty much the same settings, the guy who coded the Conspiracy plugs is the same guy who did the SPL Plug-ins and Brainworx if I'm not mistaken, maybe even Elysia as well.......can't remember.



(I'm not sure how legal the Conspiracy Plugins are actually though, he doesn't sell or offer support on them, I take them as abandonware)

Cosmic Pig
March 23rd, 2011, 06:45 PM
Up until the late 80's you could make a living as a musician too. Maybe one day someone will develop some analog plugs and things will change.

cwatkins
March 24th, 2011, 02:25 AM
So someone flattens your house with a bulldozer and you thank them for showing you the vulnerabilities of your house.

Then you pay a construction company to build a more solid house.

The construction company may be affiliated (for all we know) with the bulldozer company, which will now be building a bulldozer to specs that will demolish your sturdier house.

And so on. Do you see a loser in this game of "monkey in the middle"?

Protection racket, anyone? (http://en.wikipedia.org/wiki/Protection_racket)
I get your point, my point was was kind of two fold, it is kind of when the intelligent hacker gets jailed for finding a bug that if a person with bad intentions had found first had found tells the vendor/owner and gets it fixed, saves thousands of re-occurances.

Hence, when it's clever and ground breaking then it's worth giving respect to, if it's the script kiddy and daily old news cracking stuff then no, it's the worst kind of stealing, stealing without invention.

I wish I knew more about the supposed crack we were discussing, but if it was of any merit it would have been hard to miss so I guess I still question it's validity. To stay vague there is a 1176 and neve emulator, but it is far from anything I'd consider clever given it's just a pass on from engineering/gui demo.

So, yeah, if we didn't have the overhead in the first place, we'd be far better off, just like if nobody could lie, but the second that sort of world existed, somebody would lie again offsetting balance. I guess it's the same reason communism failed, you could never keep the balance.

Again, I'm not arguing for it I was a network security consultant for a long time, without piracy and people needing bandwidth bases, I'd have far less work.

dwoz
March 24th, 2011, 05:19 AM
This is the second post of yours that I can't even figure out what you're talking about.

qharley
March 24th, 2011, 05:51 AM
Rewarding software security crackers, is like giving bank robbers extra money if they pull off a heist successfully, and then point out the weakness of the premises that they exploited.

THEY STILL ROBBED THE BANK
:headpalm:

cwatkins
March 24th, 2011, 07:34 PM
This is the second post of yours that I can't even figure out what you're talking about.

Yeah, it's a fairly common complaint.
It would probably help if I bothered to slow down and type things out correctly. But after a couple of decades of BBS, chat boards, etc, it seems I've developed a type of dyslexia where I transpose and skip words, because my fingers substitute patterns such as, list for lost, and dir or dos, for does or dirt and then I also skip things like is and the, because I think faster than I bother typing.
I actually found the diagnosis once, but didn't care, I call it ancient computer guy syndrome. It's got to be a sign I should
quit bothering stating my opinion or bothering, but we'd continue to have people posting eq combinations if somebody elder out there didn't post why it's useless.

Anyway, I thought I was somewhat clear on the first post, second maybe not so much.

I think there are a certain group of people who can understand what I'm talking about; In fact, a h20 fan made a video bragging about their accomplishment, so obviously such a group exists.

I guess maybe only them mafia is the group that would give those supposed bank robbers the "extra" money at the awards
and that's the target group, but it does still exist.

dwoz
March 24th, 2011, 08:10 PM
Rewarding software security crackers, is like giving bank robbers extra money if they pull off a heist successfully, and then point out the weakness of the premises that they exploited.

THEY STILL ROBBED THE BANK
:headpalm:


There is a recognized "white hat/black hat" designation in the software security world...

It's really not analogous to breaking in to a bank or other physical place, unless you're able to break in to the bank by exploiting PROCESS vulnerabilities. (i.e. we all know that a certain level of explosive charge will take out the door, so proving that correct is no help to anyone.)

The problem is that software is not like physical structures, where you can evaluate the vulnerabilities in a design/implementation review. In a structure, you know what the designed security 'hardening' is, and you can physically verify the installation. But with software you have to do it via extensive testing. Often that testing is too broad in scope for the purveyor of the software to do in a comprehensive way, and still achieve reasonable delivery schedules.

For example, if a building has 5 security systems, you have 5 different scenarios to test. With software, if you have 5 interacting components, you have at minimum 25 scenarios but more likely 5-factorial (5!) or 120 different scenarios to test.

So a "white hat" is commonly employed to do his/her best to exploit the system, to apply the state of the art of infiltration technology to the state of your security art.

The usefulness diverges, of course, when we differentiate between software used by the public-at-large, and software that's in a closed system. For example, the white hats that discover Microsoft Internet Explorer exploits and publish them on the web, are indeed performing a valid public service, though they are also indeed doing damage to Microsoft, forcing them to patch the exploit on what is probably a very unrealistic timetable.

But exploiting something like Waves Native Bundle, is obviously of limited actual public value.

cwatkins
March 24th, 2011, 08:58 PM
Yeah, see you explained that WAY better than I did.

Actually why on the subject of mentioning "whitehats" and such
another new book that is out is called "kingpin" it's about a whitehat that "went bad" per say. He coined and ran "whitehats.org". Interestingly enough, he was a roomnate for awhile.

The book just kind of illustrates how easy the line is to cross, especially over time. I would guess police face this with large sums of cash too, human nature is hard to overcome.

sidechain
April 2nd, 2011, 07:41 AM
a lock only keeps an honest man out.