Right you are, Slava. But some times i can't get mine in the hands to be cold and easy when i see that one person trying to hack programs. I don't think that it's so expansive to buy, If you can't buy it - why don't to try as developer give you a registartion code? :) Or be a betta tester - some companies gives free reg. codes for external betta testers.
Anyway even you hack program for your own pleasure - don't post it in the web. Thing about that developers spent a lot of time writing program. Without developers you'll have no to hack. Think about it... And try to put yourself on the developers' place. What do you feel? Nothing? You're not a developer. Angry? right you are. Not just angry but agains for the hackers.
And what is the most upseting - hackers don't hear us. When we catch 'em and saying ="don't do it again" they just laughing and nothing more. But when we have to do some actions to protect your's products they scolding!!! Are you so fullish?
Well, be clever. Do what ever you wish but don't desturb us do our work.

I proudly register software I use. But I find it unacceptable to even imagine a developer including such code in an app. It disgusts and horrifies me. Vigilante justice is just what it sounds like. What if the programmer makes an error and their app accidentally deletes a legit user's home directory? I could never trust such a company.

Why don't you tell us the company's name? I need to know so I can avoid them. How did you aquire this knowledge? If you won't tell us who it is on your site, please email it to me.

Aaron: the reason I am not posting the developer's name and product on the site is because I don't want to badmouth him. Maybe it was a design mistake, or he will change his mind if he ever sees this discussion - the software he makes is obviously pretty useful overall, aside from the 'piracy protection' part.

I have to agree. Pirating software isn't the proper thing to do and usually if you really need a program you can find a free alternative or some other way to get the job done. Despite my or anyone's opinion on piracy though I think it is horrible that any developer would go to that sort of extreme to protect from piracy. From their stand point too if it ever got out of what they were doing people would stop trusting their products, I know I would, and if people stop trusting and using your products it is really bad for business.

Can you tell us in which country this developer resides? I don't know about the law in other nations, but in the United States, anyone who released an intentionally malicious program designed to destroy other users' data would find himself/herself is very serious legal trouble. This is a felony in the US, and the developer will risk a long jail term.

I agree. You should let us know who's doing this. No, I'm not a hacker or a pirate, but practices like this are unsavory, and unacceptible in my book.

For what it's worth, I'm a software developer: shareware, freeware and pay-ware. Deleting user data outside of my applications would be totally counter to mine and my company's core philosophies.

Slava wrote: "Maybe it was a design mistake, or he will change his mind if he ever sees this discussion..."

You know who the developer in question is. Would you be willing to send him a link to, or a summary of the comments here? That might be a start.

anon: I did e-mailed the developer the link to this blog post. Maybe he will read it and the accompanied discussion, and possibly make comments.

The more I think about this, the more I think this developer is out of his mind. Not only is he risking arrest, but in addition, we all know that there is a lot of overlap between the serial-trading community and the hacking/cracking community. It is only a matter of time - probably less than 24 hours, if this developer's software has any level of popularity - before word will leak out that Mr. X's software is wiping people's hard drives. And at that point, a number of hackers are going to go after him with a vengeance.

I want to know who the developer is. If I'm a user of his software I will delete it immediately from my hard drive and ask for a refund. Like you and other have already said, this is totally inacceptable. I do not want a piece of software like this on my disk, even if I have a perfectly valid licence for it.

On the one hand I agree with probably most people that deleting users' data is a bad idea. How does the program know it's not a legit user whose key was generated by a 3rd party. Or a legitimate user whose key was stolen by a vindictive ex.

On the other hand although I see people would avoid such a product and maybe it's developer's other stuff, if the destruct decision mechanism was flawless, which it can't be, and had a clear warning "Click Continue to Erase Your Hard Drive", what if everyone did it? It might have an effect.

As far as it being a felony, I'd check the license agreement. Would Disk Utility be considered felonious under some circumstances?

I happen to know the developer in question, and while I don't agree with what he did, I empathize with his frustration over this whole matter. He's spent many months getting ready for this release, and the next day, some brainless low-life had reverse-engineered his serial gen code, and released several working serials for it. Since the numbers were posted, registrations for his app completely stopped, and he's now facing the grim situation of possibly halting all development on this very useful program. He's in debt, and broke, and getting nothing for all his hard work. Seeing all his hard work getting flushed down the toilet made him understandably angry, and he was mainly trying to get revenge on the cracker, and to scare people away from attempting to pirate his software. That being said, he's already seen the error in his ways (so to speak), and the current build of his app has the home directory wiping code removed. If you download it now, the serials won't work, but it won't wipe your home directory anymore. He's contemplating less drastic measures, and new ways to protect his app, but won't be destroying user data anymore, even if they are just pirates. I think this was something that was done in the heat of the moment, in the frustration of seeing the thoughtless acts of a cracker destroy his income from this work, and went a bit overboard. I wouldn't be so hard on him, as I'm sure it's something many developers have thought of doing, and wished they had the balls to actually carry through. I think many in his position would have done something similar. At this point, the offending code is gone, and the pirates' data is safe, however the future of the (extremely useful) app is very uncertain, as registrations have all but stopped. I hope he doesn't have to stop development due to lack of support, but the actions of that cracker who shall not be named may well have forsaken this app's future.

BTW, the pirated serials in question were not even assigned to anyone, so no innocents would be harmed, and it only affected those exact serials, so a mistake is highly unlikely. The home dir-deleting code was only on their server for about 1/2 day, and so it affected very few people. It was an unfortunate decision made in a moment of weakness, in a blind rage, as the dev saw all his hard work being tossed out the window. Since the app is geared towards technical users (who'd be likely to participate in pirating communities), the publishing of the serials has almost completely stopped registrations, and the decision was hastily made to do something about it, without fully thinking it through. The developer is now regretful of his actions, and hopes to put this whole ordeal behind him, so that he can focus on improving his app. I think it would be a shame to let this incident be the end of this very useful (and unique for the Mac platform) software.

Perhaps we should all show our support of the software and support him by buying it.. I think the reasons WiseWeasel have stated make it clear as to why he'd go to the extent of trashing user data, even though we know it's all wrong. So lets support it.. what url is it at?

Where is all of the moral outrage behind the piracy that brought this on in the first place?!?! People steal software because there is no associated cost; this developer, while waaaay over the top, reminds us that the collatoral costs for piracy can be MUCH HIGHER than that reg fee, whatever it might have been, was.

I find it sickening that all these people can come here and preach about how wrong it is for this guy to wipe someones home directory, talking about "mine" "my data" "not yours" but say NOTHING of the turds that ripped the guy in the first place?

Hrm.

I've done some snooping around on this and I have two things to say:

1.) Slava, you should drop this. Its not helping anyone.
2.) The dev that did this is impetuous but not malicious. I talked to him (AND I'M NOT TELLING WHO HE IS) and I know the circumstances of this particular bad judgement call.

The code was removed, and as Wiseweasel said, never had any chance of affecting anyone but the users that specifically used those unassigned numbers. Its done and over, and should be forgotten.

This should as slava said be a lesson to us ALL, on either side of this issue. respect other people's work, and property.

Still, its an ironic choice for the application's NAME, doncha think?

I'm just sayin'.

I think the reason no one is particularly outraged at piracy is we agree that's wrong and are against it - it doesn't need to be said.

However, vigilante justice like this is worth discussing. I have to agree with other posters that I would not deal with any developer that ever resorted to such tactics. I don't care *what* the reason is, that ranks up there with trojans, worms and viruses, as it is deliberately malicious.

You lost shareware revenue and are broke. I hate to break it to you (and I'm a former shareware developer myself), but it happens more often than not in shareware and is a fact of life. You deal with it and move on. Redesign your serial checking algoritm so it's far less hackable (as yours would appear to be) and send new numbers to your users (at least you're not dealing with a rogue user). Look into some techniques to obfuscate how the registration codes are processed and calculated.

I used a single code for everyone, and while sure it was pirated, I still got registrations as people genuinely liked the software.

joshua..that's a crap arguement :)

'let's shun him because he shot the burglar'!

C'mon. As its been stated, the scheme in question only targeted the cracker (iDave) and his cronies...and the specific serials created. What's more, since slava misreported this, the app didn't really delete the home directory; it obfuscated it. Only by further PIRATE THIEF ACTION would it actually have been wiped.

Which is why I said slava should remove this, because its obvious that he never talked to the dev, and is doing the Friend of a Friend thing...which annoys the hell out of me.

Believe me, the developer has been BEAT UP REPEATEDLY ABOUT THIS from other devs, and his users, that feel the way slava does.

He's suffered enough.

JackHandy: while I agree that I am getting the information from the third hands, I did some additional research. Yes, I misreported the fact it deleted the home directory. It didn't. It moved it to /tmp, which is about equal to deleting it as soon as user, not understanding why suddenly apps crash (cant find ~/Library) would reboot. Rebotting cleans /tmp. Voila. Point still stands.

As I also said before, I did apologized to the developer in the update to the blog post. I am envisioning this particular topic right now as a general example of how a developer shouldn't go, not a particular example of an unnamed product with the unnamed author.

Hope this clears it up.

I work with Steve at Cocoatech (creator of Path Finder), and we deal with the piracy problem constantly. Even from a very narrow sample like our upgrade system shows that hundreds of people have attempted to use pirated serials to purchase Path Finder upgrades; I'm sure the actual number of people that are using pirated versions is much, much higher.

That said, I completely agree: no matter how problematic the piracy issue is for a developer, the user's data is golden. If you didn't install it on the system, you must absolutely get permission to access or manipulate it, or it must be obvious what your application is accessing via the interface or feedback.

The problem I see here is this: pirated serials get spread around. It's not beyond imagination that a generally well-meaning user might get a copy of the application and one of the poisoned serial numbers inadvertently ("Hey, check out this cool application - here's a serial to go with it"). It could have been their first time ever using a pirated serial, or the user might be curious but plan to purchase if they like the application. Either way, this kind of punishment doesn't take this into consideration - it's off with the hands no matter what.

That said, I really like what Nick Bradbury (developer of the Windows applications Feed Demon and Top Style) does: he inserts a deliberate crash into his application which only appears whenever it is registered using a pirated serial. This helps him determine who's using the serials, plus who's trying to get tech support for pirated versions. Pretty brilliant.

[xxx] is the program is question should anyone want to start a class action lawsuit against the programmer for willingly posting a Trojan to the community.
I already contacted Home-Guard about this and they will be seriously looking into it. He can expect a knock on his door. For whatever good intention he was trying to do doesn't matter, the fact that he willingly created such a code is illegal and the author knows it.

(I don't this the authot will allow this to be posted but he shoud be aware what he had done was just as illegal as someone posting serials.

Ummm...the notion of this guy deleting data on targeted machines is something that would not stand up in court; its an unclean hands deal. You'd have to prove that you as a legit user were harmed. Since no legit users were harmed, its sort of a moot point.

That said, I think, as I stated before, more harm was done to him than any THEORETICAL harm to the "community' at large, and by posting the author info here, you've basically just vidicated the MacserialJunkie crowd...they do soooo much to help us all.

This is again, slava, why i said you should have just pulled this. NO innocents were hurt, but now a young novice coder (and he's both) with a great idea gets to pay for it "forever" and the asses that got it handed to them score a "victory".

wow what a heated arguement. doesnt look too good for unsanity to bring on the "Jerry Springer" style action.

Methinks many developers are happy about this, and would love for the nefarious app to remain a mystery. Why? Paranoia may spur legitimate sales.

"Don't pirate that app! It may be the one that erases your hard drive!"

This is most definitely not "Jerry Springer" style action. These are real everyday legitimate issues facing software developers and their users.

As Slava has said, this was never meant to point a finger. It did not point anywhere or at anyone. It is a discussion of something that happened, and the reasons we think that course was wrong. It is a public statement of our stance on such things. It is an encouragement for the rest of the developer community to avoid such blunders. (as that is truly what it was)

I hope there are others reading this who will learn a thing or two about what tactics can and should be used in software piracy protection and those that should never be considered.

"Unclean hands" would be irrelevant here, since the release of a program designed to destroy data is a federal crime (and a state crime, in many states). It wouldn't be the individual pirate suing the author of such a program, it would be the government going after him with criminal charges.

There's a problem of equity here as well. If Alice pirates a serial number for a $20 shareware program written by Bob, that doesn't mean Alice can't seek civil relief if Bob burns down Alice's house in retribution.

Jerry! Jerry! Jerry!

Hah - though I harp about this not being springer-style stuff, the Jerry chant made me laugh. :)

ALD...you are wrong...

Again, the software isn't and wasn't a virus or malware...it targeted specific machines and users...and more importantly, NO ONE CAN MAKE A CLAIM UNLESS THE USED THE PIRATED SERIALS you NINNY.

Screw equity...this kind of apathy is deplorable.

No reg'd user would have EVVVVEEEEERRRRR been effected by this. Ever. EVER.

These same twats that ripped this dude's app (and for the record, it AIN'T mine and I ain't him) would damned sure not have walked into a walmart and yanked it off the shelf, because the risk of some REAL PUNISHIMENT is there.

Back in the Day (the C=64 days for the kids at home) software was designed all the time tio cause *real* physical damage to hardware (head crashes on 1441's...or worse)..this is HARDLY in the same league.

if Alice takes *anything* of mine, she should damn better be sure she's getting the boot to arse.

You don't know ALD, how much damage was done to this guy by the piracy...do you? Do ya? Alice indeed :)

Yeahhh boyy....

I cannot believe anyone is lending the least bit of support to the developer in question. What he did - heat of the moment or a frustration - is completely unacceptable.

Last fall someone in my dorm (and I think I know who the scum was) sat down on my computer and accessed the serial numbers of several of my applications. (Why software developers put serial numbers in about boxes, I don't know.) I only found out about it when I tried to buy an upgrade and was told the serial I reported was pirated. The discussion I had with the shareware developer in question was NOT a happy one. I understand his frustration but I didn't appreciate being called a pirate.

Now imagine if that developer had imployed the home directory erasure scheme with his upgrade.

iDave is that you? what a shame...

I cannot believe someone was irresponsible with THEIR computer and feels THEY should not be held accountable for its use.

No wait...yes, yes I can.

::shakes head::

David, this situation was TOTALLY DIFFERENT. Perhaps if you followed the thread of note at [xxx] you'd have a bit more insight. suffice it to say it was not random. he knew where the serials were coming from; they were not "stolen" they were faked, and made by pirates for pirates and distro'd thru the pirate underground.

No innocents children were harmed in making this...point.