Selling REBOL scripts - Scott's Distributed Licence - tm

Hi first post, I am intrigued by the different flavor of discussion one gets with a non open source community. Anyway there is an easier way to "sell" rebol software while giving away source code. Lets call this copyrighted method the Scott's Distributed Licence First with rebol being internet ready there is no need for all of the code to be distributed to the user. All of the software you sell can securely connect to your site for key componets. But what are the key componets that you want to host. That compent would be the lincens audit feature. Whenever someone runs the software they hit your server so you know where it is being used. Any particular user licences it for maximum number of concurrent users. If they go above they have to pay more. But how do you stop a user from modify the code so that it doesn't access your site at all. First there has to be a minumum ammount of usage otherwise the consumer has to pay a very large kill fee under the assumeption that it has been hacked "you put this in the contract" Second you make the code self inspecting, so that periodically the code will copy the version on your customers machine to yours so you can do a audit of the software. So here is as way to keep source code open, and sell it at the same time. Note, the customer should get the right to inspect your code too. to make sure you are not incorporating their code into your product either. Basically its arms inspection. Anyway that is/was my first post. I hope you guys find some merit in my idea. Scott

There are some common issues too. I remember when PGP was floating around as a source, a crucial question was "how do I know this source has NOT been inappropriately modified?" A couple of points responding to yours. Self-inspecting code is a good technique. As I wrote earlier, I've been experimenting with checksumming as a QA tools, example. if (checksum read %myapp.r) <> 3574439 [print "Re-install, please" halt] But, with the source available, this is so easy to bypass: ;if (checksum read %myapp.r) <> 3574439 [print "Re-install, please" halt] I've also experimented with having an installation routine which sends me an email. That makes copying at least evident. But because Rebol has such a light touch on a machine someone can install my application elsewhere simply by copying the installed application files. Now, if (on windows) I could write and check a Registry entry, my installation routine would be harder to bypass (they'd have to find the bit that reads the registry and comment that out). I also--as you did--think about connecting to my server on a regular basis. But I saw two problems here. First, the availability of my server becomes an issue in someone else's downtime. That's far too centralised an approach for me. Second, I am working with many Not-for-Profits across the world. Some of them have only intermittent or expensive ways of connecting to the Internet. And some may be working a long way away from a phone. Enforcing them to make regular phone calls is not an available option....It would goad them into wielding a few semicolons on the code. I have no problem in many cases for people to have a copy of my code. I just want as many barriers between my application and their copy of the source code as possible. With C source a user has got to be very determined to change the source, recompile, relink, rebuild and perhaps reinstall before their change takes place, With Rebol as it stands now, a curious user can junk an entire application by loading it into Word to take a look, and accidentally saving it back as non-ASCII. I think applications that fragile are scary. Sunanda.

if thats the problem, how about distributing your scripts compressed? one has to use some tricks (select the compressed 64#{..} and store it to a file using write %file.r #{..}). thats similar effort as compiling?

*grin*: %start-script.r : rebol[] do %application-script.exe with normal rebol-code there. word & co will not open. windows will say its broken, but you its a special kind which needs to be started by the rebol-script. usual users will handle it respectfully and more skilled are clever enough not to edit code with word? *gg*

-Volker

-- Ryan Cole Programmer Analyst www.iesco-dms.com 707-468-5400 The contradiction so puzzling to the ordinary way of thinking comes from the fact that we have to use language to communicate our inner experience which in its very nature transcends lingistics. -D.T. Suzuki

Yes indeed. I've experimented with that too. Here's the outline of code to compress a script: foreach script-name [Main utilities Recovery gui-tools] [ Script-file: read/binary to-file join script-name [".r"] ;; Loads of embarrassing early code omitted (I was ;; learning the basics back then) ;; 1. remove all comments (I should have used 'mold) ;; 2. obsfucate and shorten variable names ;; 3. strip multiple spaces and all newlines write/binary to-file join script-name [".rll"] compress script-file ] ;for where each script (main.r etc) is an object full of functions. Then to execute the code (ie make the objects available for use): if error? try [do decompress read/binary %main.rll] [print "Corrupt script. re-install, or panic now" halt] etc the application I wrote the "compressor" is just over 211K of scripts (including comments, loads of spaced out code). the "compiled" version is just under 40K I chose RLL as an homage to DLL But this sort of "safe" distribution technology can easily be built into Rebol. It'll be safer (my compressed files are easily uncompressed by anyone with a modicum of Rebol). And it'll be standard and secure, and give us all loads of additional advantages. Sunanda.