The infamous Tuttle!
Previously known only for making the headlines for https://www.theregister.com/2006/03/27/tuttle_email/
A sysadmin and his partner pleaded guilty this week to being part of a "massive" international ring that sold software licenses worth $88 million for "significantly below the wholesale price." Brad and Dusti Pearce admitted one count of conspiracy to commit wire fraud and each face a maximum penalty of 20 years in prison. …
This account of a "pirated Avaya licenses scam" appears to concern providing means to unlock features in software already in a customer's possession. The underlying issue seems similar to that reported in the article linked to below.
https://www.theregister.com/2023/09/18/opinion_column/?td=rt-3a
The matter generalises further into vendor attempts to restrict access to controlling software in agricultural machinery, and yet more into the territory of repairing or reconfiguring devices such as mobile phones.
With respect to software, it may be argued that any bundled with a device (or telephony system) falls in its entirety into the customer's hands to use with the device as he wishes. If full functionality requires 'unlocking' with a code, rather than installation of additional software, then a customer devising means to unlock or paying somebody else to do so is responding sensibly to a rigged market.
Then vote with your feet and go to a manufacturer that doesn't play that game, don't just break the law anyway.
We're talking about telephony, something you need ZERO licences for, can host entirely in-house, can use pretty much any handset you like, etc.
The providers at my previous employer are still annoyed from years back that I moved everything to VoIP and denied their annual demand for payment for physical lines. (They were also singularly unable to demonstrate a single working SIP line to us, after much faffing and blaming our firewall, whereas a competitor did so almost immediately with no firewall changes required).
Then they started getting shirty about internal telephony, so I put in Asterisk on cheaper, better handsets, no ties, and joined to the same SIP trunk provider. Cut them out of the picture enormously.
I've also seen people RENTING telephony including cloud control and Yealink handsets... yes, renting a £25 handset. With monthly charge, minimum terms, completely reliant on their platform (which provides no way to export any of the setup, etc.) and without significant control without having to get someone else to make changes for you. The first monthly charge alone would have paid for the handset outright.
Like the BMW story of selling "heated-seats unlock codes" - if you don't want that to happen, don't GIVE THEM MONEY and then illegal unlock your BMW and risk further problems down the line.... just don't buy one, don't buy that add-on, or complain to BMW and let it be known. Because people did exactly that and now... BMW have backtracked, as reported only the other day on The Reg.
Same thing at my previous employer. We were leasing a non-VOIP phone system for just under $2000 per month. Add to that, we had several PRI's coming into that system.
I set up a new VOIP system based on asterisk. We purchased our phones outright (Grandstream - big mistake buying Grandstream). For an initial outlay of about $4500, we had our new system. Our monthly usage costs went from about $2300 to $150. So, all of this combined, we paid for the new system in one month's time. That's one hell of an ROI.
The previous phone system provider, and our former service providers were not very happy, but they couldn't come close. They thought we would be running back to them, they even told us so. Three years later, everyone still liked the new system much better. The cost savings were huge!
The situation where there is let's say some moral justification for cracking something is if you have purchased a license for the software and it works fine and reliably... except for the licensing checks which are an absolute pain in the ass to keep working, contain a rootkit or a critical vulnerability, or similar.
Not talking about this case, obviously.
Here, I would agree.
Sadly, it turns out that the ones who do this the most, are the ones who deploy the strongest protections and who get the shirtiest if you bypass it.
It's 2023 and I still have a machine that has to have a USB key plugged in in order for some software to work.
At a previous employer, we had a piece of software with a very annoying licensing mechanism.
It required a "license server" to be running on one of our servers at all times. When you installed the software, it would go and claim a license from the license server. If you ever un-installed the software, it would credit the license back to the license server. God help you if the drive died in that PC, or you had a virus, and had to wipe the drive. You had to call the software company, and have them remote into the server running their license server to recover the license. This, after spending time on the phone to convince them that you couldn't avoid the situation. We owned more per-seat licenses than we would ever use, so it was never an issue of use exceeding our licensing.
At one point I had enough of this BS. I started looking closely at the application. It had a cleverly hidden file named gdlicense.dll. That dll exported only three functions GdInstallLicense(), GdRemoveLicense(), and GdCheckLicense(). After a little testing, I found that these functions only returned True or False.
So, it didn't take much effort to create a simple dll to replace the original that just always returned True for any of the functions. I replaced the dll in their installer pack, and no more license problems.
There is no physical difference* with license-enabled features in software, and I am happy to pay less for a package when I don't need the more advanced features that the IP-holder has paid to develop and needs to maintain and support - especially when I can just buy an upgrade if I later find I need those features.
* apart from it using a bit more disk space.
If full functionality requires 'unlocking' with a code, rather than installation of additional software, then a customer devising means to unlock or paying somebody else to do so is responding sensibly to a rigged market
What is the difference from "input code to enable feature X" and "install additional software to enable feature X"? Your argument is that if the software to operate the feature is already present, theft is justified?
How many software products are there which are licensed and require licenses to support additional users or additional features? You think stealing is justified in all those cases? Or is it only if someone sells HARDWARE that contains software (i.e. every hardware product sold today except for hammers and forks, pretty much)
Yes, that's exactly what they think. Not that it would help them very much; if by some miracle they made the law agree with them, anyone with software that had different license levels would produce licensing libraries which had to be installed with the license for the new feature to work. I'm sure they'd find a reason why not paying for that license was justified as well.
Comparing this to the right to repair movement is silly. As a strong supporter of that, I want to indicate that my right to the stuff I bought does not mean, in my mind or those of many others, a right to that which I have not bought. The last thing I want to do is hand the hardware manufacturers another argument to use while locking me out of my hardware.
It's easier to bundle software as one, and have features unlocked as needed.
Getting into any sort of argument that even mentions real world elements is asinine - there is no analogue.
Software is a product easier built as 1 thing with everything that can be done worked on as development goes along. If from day 1 some of those features were always planned to be DLC or whatever thten so what
《It's easier to bundle software as one, and have features unlocked as needed.》
My concern is that the unused/locked code is still there leaving a much larger potential target for exploitation.
If the code weren't there it couldn't be exploited.
Given the very low quality of embedded software generally and worse security this is a valid concern. This is undeniably the case for consumer devices but also arguably with business/industrial grade devices.
Bit like buying the same portable computer which is sold to the consumer and the military markets but with the thermite charge only enabled by a software key in the MIL spec device. :)
From the article's headline I would have suspected the BOFH but for the facts a) he was caught b) has a spouse. :)
So one day (about 20 years ago) the head of Avaya's UK operation held an employee meeting to discuss the imminent launch of the new IP Office platform but started bemoaning the lack of ongoing revenue from it and now they couldn't charge extra for its (then) advanced features. After an awkward silence, a junior developer piped up and suggested a dongle/license.
Seemed a staggeringly obvious solution but with hindsight, I'd say the short term profit gains ultimately cost them their market share ( product it replaced was #1 in a lot of countries).
I don't know how this system works, but many dongles I've seen just identify the computer. If the dongle is tied to the key during registration, then a user can either add a key to it or doesn't need to, with the dongle still identifying that this computer has a base product license and the key activating a feature in it. However, when I get software that requires a dongle, I start thinking about finding some software that doesn't, because my experience has been that some part of a licensing system that intense is going to stop working at an inconvenient time.