Category Archives: guest posts

How to remove software cracks and keygens from file hosting sites

Software piracy is a real issue for every software company, large and small, and it isn’t going away any time soon. So when I heard that fellow microISV owner Nikos Bozinis had created a tool to help software vendors fight  piracy, I asked him to write a guest post. He kindly agreed to write this post about software piracy, the Digital Millennium Copyright Act and his CrackTracker product.

Why buy something when you can download it ‘for free’? Billions of dollars are lost every year from illegal downloads of music, movies and software. People around the world seem to have very lax morals when it comes to abusing digital content. Downloading the latest movie or windows software from rapidshare.com somehow doesn’t strike them as theft — it’s not like stealing a loaf of bread! The traditional music industry is already down on its knees as a result, and software may be the next to follow.

Software authors and music enterprises are fighting back by tightening the DRM (Digital Rights Management) of their products in a futile effort to stop online piracy. But usually crackers have no problem circumventing any protection system that we can dream up. To add insult to injury legitimate customers are usually hurt by such reinforced software protection and activation systems. A little bit like the war on terror, isn’t it?

A different line of defense for ailing copyright owners is the Digital Millennium Copyright Act (DMCA), a US law with global reach for copyright protection (the european EUCD equivalent is not as broadly known). This law is very broad, and not without controversy, but it works – closing down websites that distribute illegal content and removing copyright infringing downloads from file-hosting websites with summary procedures, among other things. So if you discover your software illegally distributed in some warez website, you can send a so called “DMCA section 512 takedown notice” to the website host and they are expected to remove that particular file from circulation — or risk the wrath of the law.

Software Piracy

I have been a microISV for over 10 years so lets forget about the entertainment industry and concentrate on my field, software. There are over 200,000 programs listed on download.com and that’s just for Windows. Many are created by very small to medium sized companies — many even run by a single programmer/webmaster/marketer/entrepreneur. I bet that all these programs are cracked in one way or another — at least those popular enough for crackers to care about them. If you search for warez or torrents you will find the software you want for free, either the latest or an older working version.

Piracy statistics from Business Software Alliance report 2009 (click image to enlarge).

I sell a file manager called xplorer². I track how many people install the program every day and also I have a good guesstimate for the number of people using cracked versions of xplorer². I estimate over 70% of the regular users use one of the known keygens. Imagine if this 70% didn’t exist or it was converted to regular paying customers!

How is it done?

Downloadable software falls into 2 categories: those that run in trial mode until you buy a key to unlock the full functionality; and those that are special downloads for customers that pay the registration fee. In all cases some sort of unlocking takes place using a plain key, or a license file, or online activation, or some combination thereof. Many ISVs write their own licensing code, while others rely on off-the-shelf protection and licensing products (Armadillo, WinLicense etc).

Imagine you shipped your source code along with your program, then it would be trivial for even amateur crackers to bypass your protection and run the program without paying. Very few vendors supply source code, but people in the know can read off your licensing logic like an open book using specialized reverse engineering tools (softICE, IDA and other debuggers and disassemblers). Then they can create a ‘patch’ or modification to your executable that bypasses the protection.

An even worse type of compromise is a keygen. When the cracker uncovers the logic of your unlock keys, he can create a program to generate such keys which look and behave exactly like the legitimate ones you sell to your customers. Then he doesn’t need to patch your program, he just supplies this keygen to the warez community and everyone can help themselves to your program. You can guard yourself against such attacks using asymmetric encryption algorithms for your keys.

Is there a perfect protection system?

In short, no. If you consider that your program is presenting its logic to anyone with moderate experience in machine language, then sooner or later any protection can be circumvented. Professional protection schemes utilize encryption to protect sensitive parts of your code, but even they won’t withstand the cracker test. And remember the harder your DRM the more likely your program will be mistaken for malware (!) as many viruses and trojans use encryption tricks.

Even if there was a perfect system, your sales would still be at risk. All that’s required is some of your customers to post their unlock key in a warez site, and the game is lost. You would then blacklist that serial, until another one was leaked and so on.

The warez scene

There are people who don’t spend any time in Facebook or YouTube. They surf the internet for free stuff. Cracked versions of commercial software (aka warez) circulate in some shady forums that bring together the crackers with the downloaders e.g. http://www.warez-bb.org.  Browse a warez site and you will find any software, movie or music you fancy, with an assortment of popups and dodgy advertisements of the usual internet 3P products (Pills, Poker and Girls [sic]). For your convenience there are even specialized search engines that search a number of such forums simultaneously, e.g. http://www.warez.com.

These forums do not host the actual files. They refer the traffic to specialized file hosting services like rapidshare.com. To make the most of warez you need to buy a subscription to access such file hosting sites (e.g. unlimited downloads from $9/month). Incurable cheapskates could get away without paying anything though, as you can download for free after a forced (nag) waiting of a minute or two.

A bit more up-market are download sites where to gain access you need to purchase a subscription, e.g. http://www.nowdownloadall.com. I have never paid to enter such a site, but they promise access to any download you can imagine. So you pay a monthly fee to download as much as you like. Note that this is different from paid-for hosting mentioned above. I suppose that you need a file hosting subscription on top to get the actual files downloaded. With so much stuff available for free I don’t know if this approach makes economic sense.

Finally there are traditional peer-to-peer file sharing networks, where people share their software music and video through torrents. After the demise of Napster torrents are still strong, with completely decentralized databases immune to legal intervention. The downside of torrents is their inherent unreliability, so people in a hurry will prefer the immediate gratification of a full download from rapidshare.com and the like.

Why do they do it?

It is easy to understand why someone will prefer ‘free’ software instead of paying up. But what about the crackers, the people who circumvent the DRM and distribute these warez. Why do they do it? Here are a few plausible motives:

  • For kicks. The traditional hacker stereotype is a geeky person whose pastime is breaking into computer networks. Cracking into a software’s protection and stripping it clean must be a pleasure in itself, a ritual destruction of the evil Death Star.
  • For glory. Marxist theory claims that private property is theft. This concept has struggled with real tangible property, but digital property is the ideal trophy. Many groups feel that software and music should be free (!) so taking down the big media and software corporations is a noble cause for them. But many small ISVs fall victims too, and the real motives are far less revolutionary…
  • For profit. Marx is dead; long live Das Kapital. Warez downloads are big business in a number of ways:
    • Direct subscriptions charges to access the downloads
    • Selling password unlockers (e.g. you download something in a ZIP archive which is locked and you need to buy some software to unlock it)
    • Distributing malware. Many downloads are packed with malware (sample report for a keygen), from straightforward scams and ransomware to trojans that turn your computer to a zombie, waiting for instructions to launch a DDoS attack or send spam.

You *can* remove illegal downloads

If your software is available to download from warez sites, either compromised (patched or keygened) or simply accompanied by a simple serial number to unlock it, you will definitely lose sales. The good news is that, using DMCA provisions, you can have these unauthorized downloads removed. Without these downloads prospective users will have no choice but to buy your software — or move on to your competitor’s cracked software.

Here is how to remove illegal downloads:

  1. Find your download links. All illegal downloads end up in a host like rapidshare.com or megaupload.com (I know of more than 100, but there are 10-20 big player websites). A standard Google search for your software name plus ‘crack’, ‘keygen’ or ‘rapidshare’ will find some hits, especially if you search in groups or blogs. Even better use specialized warez search engines like http://www.filestube.com with just your software name as a keyword — the results will be just downloads.
  2. Validate download URLs. Some of the download links you discover may be dead (e.g. very old). Click on each one to see if they are valid or 404.
  3. Send DCMA notices. Group the download links by provider (rapidshare, hotfile, etc), and send a DMCA notice to the abuse email address of each website. Usually this is abuse@website.com (e.g. abuse@rapidshare.com). Each website lists the steps for filing DMCA notices for file removal.

This sounds like a lot of hard work, and it can be, but it works. File sharing websites like rapidshare.com run a legitimate business — they are not responsible for cracks — so if you send them a polite DMCA takedown notice they will remove the copyright infringing downloads.

The DCMA takedown notice

Strictly speaking when you send a DMCA notice you are making allegations of copyright infringement, which is a serious crime. You would imagine that a formal complaint should be launched under the guidance of a solicitor/lawyer. Given the amount of copyright infringement that goes on, the red tape would bring everything to a standstill. The beauty of the DMCA law is that it simplifies the procedure. Sometimes a plain English email explaining the situation to the download site, along with a list of your download locations is all that’s required to have the links removed.

A few websites require a more formal DMCA email including details such as your company address, contact telephone numbers, and some boilerplate statements like “I swear, under penalty of perjury, that the information in the notification is accurate…”. You can find many sample DMCA notices online so I won’t repeat them here. The general idea is that you present yourself as the copyright owner and declare the download URLs as unauthorized, and therefore infringing your copyright.

Torrents slip by

DMCA is very good for removing illegal downloads hosted in popular file sharing websites, but it is powerless against torrents. There is no single source for the download, as the files are kept in many computers. You would have to contact each and every person who shares illegal copies of your software in the peer-to-peer network. This would be hopeless and a waste of effort. Thankfully for the ISV, torrent use is on the decline. People prefer direct downloads of the full package instead of slower peer-to-peer downloads.

The sales pitch

Anyone can search and remove illegal downloads manually. I was doing it the hard way for quite some time, each time I released a new version of my software tool (there’s a lot of cracker activity for each release as they need to update their patches and keygens). However this is very tedious, as you must:

  • enter shady warez forums to search for your keyword, facing annoying popups and adverts you wouldn’t want your wife to see
  • search many locations to ensure you get as many download URLs as possible
  • validate each download URL to see if it is still alive or dead
  • organize download URLs and write DMCA takedown emails for each file hosting website

Even if one wipes all the illegal downloads, new ones will appear over time. So the locate-report-remove cycle must be repeated regularly. This was the motivation for writing Crack Tracker, a tool that simplifies the removal of illegal downloads.

Crack Tracker is a desktop tool, with a meta search engine that securely scans warez databases for your downloads. You supply the search keyword (e.g. your software title or company name) then crack tracker will do an exhaustive search, collect a list of suspect download locations and verify the links with robotic efficiency. After you examine the results you just hit a button and the relevant DMCA emails are sent automatically. It doesn’t get any easier than that.

Crack Tracker doesn’t have a fancy user interface but it is very easy to use. It knows of more than 120 file hosting websites and works with 6 major warez search engines (the list is expanding). It is free to try as a search engine; to send the actual DMCA emails you need a registration, but I believe the price is very reasonable, especially if you consider the money you lose in pirated versions of your software.

Why don’t you try it for free and see how many cracks of your software it finds?

Download CrackTracker for Windows (318KB)

Nikos Bozinis ditched his Process Systems Engineering PhD to run his own microISV ZABKAT since 1999. He also writes a weekly blog focusing on file management and occasionally on programming, debugging and running a software business.

Selling your software in China

how to sell software in chinaI think a lot of people in the software business are wondering whether China will soon become a significant market for software and/or a source of competition in existing markets. So I was very interested to read a forum post about the realities of selling software in China from Felipe Albertao, an ex-Silicon Valley software engineer currently living in China. He kindly agreed to expand his forum post into an article for this blog.

Disclaimer: Although I live in China, I absolutely do not claim to be a China expert. I accepted Andy’s kind invitation because I have not seen anything at all written about the business of software in China for microISVs, and I humbly hope it will positively contribute to the discussion. This article is mainly based on my observations, and not on proven techniques. Use them at your own risk, and please report back your own findings!

Getting Paid

The first thing I need to say, right off the bat: Chinese users will not buy your software. Period. That does not mean that there is no money to be made, it simply means that they will not pay for your software license. The reasons are many, but for the sake of conciseness let’s suspend our “piracy is bad” mindset, and simply accept this fact as a reality. Think of the positive side: no payment processors or merchant accounts to worry about!

Chinese users will not buy your software, but Chinese companies might. Actually, let me clarify that: They will not buy the software license alone, but they are willing to pay for the license if it is part of a package that includes services (customization, installation, support, training, etc…). So, to get paid in China, you must offer services connected to your software. Of course, it would be very hard for westerners who do not speak the language nor have contacts in China to provide such services, but there are opportunities to partner with local independent professionals or small businesses in your target industry. More on that later.

Education is a huge business in China, especially for skills that give them a professional lead, like English language or IT. So, if you can somehow “plug-in” your software to an education-related service, that would also be another way to make money. For example, if you offer a component for ASP.NET, why not offer training on ASP.NET itself using your software? I am sure they will not pay for a self-paced course, but there is a good chance they will pay if you offer a hands-on remote live course. That is, a service rendered by a human, as there is no value perceived in the standalone immaterial software itself. Of course there is huge local competition, but one thing we have going for us is the fact that westerners enjoy a high degree of trust among Chinese people.

I suspect SAAS may be another way that Chinese users will pay for software (with a big question mark here). For example, today they do pay for services like site hosting, advertising and e-commerce presence, so we can assume there is at least a perceived value in subscription-based intangible products, though only the ones provided by well-known established companies, and not independent vendors. However, as the marketplace gets more fragmented and niche-oriented, I believe there will be opportunities for small players as well.

Web Site and Software Translation

Young Chinese people normally have a good grasp of written English, so I don’t think translation of the software itself is essential, although it always helps. IT professionals tend to be more English-proficient, as well as undergrad-level students. However, I do believe that the documentation must be translated, especially with IT-related software. Differently than western users, Chinese people actually have enough attention-span to thoroughly read a manual, and I have seen English-proficient programmers choosing frameworks and components based not only on the quality of the software itself, but whether the manual is in Mandarin Chinese or not (it’s always easier for them to read Chinese). So, translation here is not really a necessity, but a promotional strategy.

The “larger attention-span” assessment is also valid for the web site. We are used to the Web-2.0-ish recipe of a catchy one-liner plus 3 benefits and the big “Buy” orange button, and in China that probably works too, but users expect much more than that. I have observed that paid services almost always include some kind of workflow with arrows and circles and boxes explaining how the service works. Long explanations (not just a FAQ) are also quite common, and people actually read them! The fact is that here in China there is no such thing as “money back guarantee”, so people and companies normally think a lot before putting their hard-earned money into something. And forget the big “Buy” orange button: Instead, the call-to-action should be “Free Download” or “Free Sign Up”.

Sales

You are now probably asking yourself “Then where does the big ‘Buy’ orange button go?”, and the answer is: nowhere on your site! One fact you should be aware of is that here in China nothing happens without an established relationship (Google the keyword “guanxi” for more information). It is very unlikely that you will get any paid conversions originating from an ad or email. The goal of your conversion funnel should not be “sales” but instead “relationships”. Then, from the established relationship, the user can recommend your software to their boss, or whoever is the actual buyer. Of course the sales cycle is longer and it requires much more effort, but the rewards may be bigger too as you will be selling a package, and not only the license. Also, since guanxi is such an important part of making business, Chinese people are quite receptive when approached with a business proposition, differently than in the west where sales are normally met with resistance.

However, note that I have not suggested that you should be the one personally cultivating those relationships. Maybe it is possible to do it remotely and in English, but it would be more effective if you partner with locals and funnel the leads to them. They do not need to be sales professionals per se, but they need to know your software and be able to help prospects. They could be software students for example. Of course, at some point you must get involved, but your partner can help you to filter the good leads as they cultivate the relationship. The reward for them could be payment per hour or a percentage of the sale. Students might also be eager to help a foreign company, so they can add that experience to their resumes.

A word about consumer-oriented microISVs: I am extremely skeptical about independent microISV B2C sales in China, because I honestly cannot imagine an individual paying for independent software. That does not mean that microISV B2C cannot succeed in China. My point is that B2C sales are in fact B2B, because businesses who deal with consumers are more likely to pay. And B2B requires guanxi.

Approaching bloggers

As in the west, approaching bloggers is probably the most effective way to let users know about your product. You can use Google Translate to find sites and bloggers that you would like to contact: Google Translate does a good job in translating keywords (that you can use on searches on Baidu) as well as entire pages (so you can read the blog posts). For IT-related blogs, cnblogs.com (Microsoft-focused) and javaeye.com (you guessed correctly) are the most popular ones.

You can contact the bloggers directly in English, as most young Chinese people have a good grasp of written English. Foreigners in China are well-respected, especially in the IT industry, so this is a point in our favor.

Dealing with piracy

Actually “Dealing with piracy” is a misleading title, because in reality there is no way to deal with piracy. People will crack, copy and use your software as they wish, and they will not even feel guilty about it. Again, let’s not judge, but accept the fact that piracy is simply part of the culture (for some it is piracy, for others it is just sharing)

Instead of talking about code scramblers and licensing keys, let me offer here a contrarian (perhaps even controversial) point of view, in the wisdom of “if you can’t fight them, join them”. You should consider yourself lucky if your software gets pirated, because that means that it got traction. For every pirated software there is always a happy user behind it (after all, they chose to pirate your software, and not your competitor’s), and if this user convinces their employer to use your software, then there is a good chance that these companies will be your future clients.

SEM / SEO

By no means am I an SEO expert, let alone a China SEO expert. However, I can tell a little about the users’ search behaviors: Non-technical users very rarely use Google. In fact, my observation is that while Google is a somewhat known brand, people first turn to Baidu hands-down. Baidu has the best search results in Mandarin Chinese, and they have a service similar to AdWords (though you might need help to set-up an account, as the interface has not been translated to English)

Technical users have a different behavior: These are IT professionals and students, and because English is so pervasive in IT, they normally do have a good grasp of the language. So, for technical searches they might use both Mandarin and English keywords, but still Baidu is their first choice. However, interestingly enough, Gmail is also quite popular among Chinese techies. So, if you are selling IT-related software, your SEM/SEO strategy should include keywords in both Mandarin and English, and include both Baidu and Google (or more specifically, AdWords targeting Gmail).

Face

I cannot finish this article without mentioning such important part of the culture: Face. There is not enough space here to explain the concept (Google “mianzi” for more information), but it’s suffice to say that it’s basically the same as in the west (face as in reputation), except that in China face is much more important.

When it comes to software, always keep in mind that most (if not all) decisions are made based on face: Users will use your software to be more efficient in a certain job, and thus look better to the boss; or to show that they have knowledge that other colleagues don’t have; or to show to their clients what cool software they have, and not their competitor. The contrary (that is avoiding face lost) is also true: To finish a job quickly so they can deliver the project on time, and thus avoid getting the boss mad; or to learn a new skill that their colleagues already have; or to show their clients that they also have the same cool software their competitors use. In the west we also make decisions based on face, but in China it is so much more prevalent. Keep that in mind when creating your promotional material.

Conclusion

I have no doubts that China will become a major technology consumer in the very near future, not only because of the sheer size of its Internet user base (which today surpasses the size of the entire US population), but also due to the number of high-quality IT professionals graduating at their universities.

The key message I want to communicate is that your China strategy should be a long-term one. It takes time and effort, but the rewards are worthwhile. Even if you conclude that there are no opportunities to be pursued, at the very least you should have a strategy to protect your marketshare against competitors that decide to go to China.

You don’t necessarily need to be so enthusiastic like me and move to China (although I guarantee you would have an experience of a lifetime!), but at the same time you cannot simply ignore it. Chinese users will certainly knock on your door, and you can even ignore them, but your competitors won’t.

Felipe Albertao is a software engineer with more than 15 years of experience, and has been living in China since June 2009. He is a native from São Paulo, Brazil, and lived in Silicon Valley, USA for 8 years. Felipe blogs about software and China at shanzhaier.com.

How to find a great software product name

A while back I exchanged a few ideas with Dennis Gurock about names for their new testing product. Choosing a name is difficult, but it is something every product developer has to do. So I asked Dennis to write a guest post about the process they went through before they ended up with ‘TestRail’.

Coming up with a great name for your new business, product or service is hard. I’m sure you already noticed that! But what is a good name anyway? Deciding if you like a name is, of course, pretty subjective. But there are some useful criteria that can help you find a great name.

Around a year ago we desperately needed a name for the new test management software we had been working on. We aren’t very good with names. In fact, we used a codename for the project until the very last minute, so that we didn’t have to come up with the product name earlier. Still, even with many months to think about a name, it was difficult to find one that we liked.

So what did we do to finally decide a name? We made a list, of course (we are programmers for a reason). A list of objective criteria that the new name should meet. This helped us quickly evaluate new names that we brainstormed. So I figured, if it helped us coming up with a name, why not share our tips with other fellow programmers? So here are the criteria that we used to find a name for our new product.

#1 The shorter, the better

A good, catchy name needs to be short. Do you think Google would be used as a verb today if it had six syllables? I don’t think so either. But even if you don’t plan to become the next Google, having a short name that can be used in everyday discussions is a powerful way to make your brand stick. “Have you seen the bug report in Jira?”, “Could you post your meeting notes to Basecamp?”, “What’s the project status in TestRail?”

#2 Make it easy to spell

Coming up with “creative” and “hip” ways to spell your new name is generally not a very good idea. I’m pretty sure Joel Spolsky has regretted more than once naming his bug tracker FogBugz. I once talked to a customer who kept calling it fog bug zed and I’m sure he is not alone. You don’t want a customer’s purchasing department not find your product on the web because they are unable to spell it correctly.

#3 Own the .com domain

Did you notice that a lot of companies don’t own the .com domain of their new brand names lately? There’s a good reason for it: most good .com domains are taken. If you have been trying to register a good domain name recently you know how frustrating that can be. Still, I don’t believe it’s a good idea to just own widgethq.com, or foobarapp.com. Invest the time and resources to come up with a name that you can  register or buy the .com domain for. You don’t want a competitor to purchase “your” .com domain from a domain squatter after you invested tens of thousands of dollars to promote your brand name.

#4 Trademarks, or: how not to get sued

This one is important. You really want to make sure that you are not infringing on someone else’s trademark. So make sure your new name is not already used or registered (at least in your industry) and that it’s not similar to an existing mark. Ideally you come up with a name that you can easily register with your country’s trademark office (and then do so when you actually use it). I’m not going to pretend that I know everything about trademarks and I’m not a lawyer. So make sure to either contact a lawyer or do your own research on this topic. I found Trademark: Legal Care for Your Business & Product Name from Nolo pretty helpful.

#5 Google is your friend

I’m sure Microsoft didn’t foresee how a simple name could impact developers’ life so negatively when they decided to name their new software platform .NET over ten years ago. It turned out that such a generic name (especially with a leading dot) made it really difficult for developers to find related resources online using a search engine. Don’t make the same mistake. Choose a name that is unique and can be easily found on Google. It can also help your search rankings if your product name contains relevant search terms. For example, our new product is related to software testing and having the term ‘test’ in the product name helped us considerably with this.

#6 Consult a native speaker

Are you not a native speaker of the language your primary market communicates in (e.g. English)? Have you found a great name that is unique, that no one uses, has no trademark registration and is available as a .com domain? Congratulations, you’ve probably found a name that is severely offensive to native speakers in one way or another! If it weren’t so embarrassing, this would now be the place where I told you a story about how I once almost named a product similar to a body part you don’t usually want to talk about in a business conversation. The moral of the story is that you should always discuss your name ideas with a native speaker before making a complete fool of yourself.

It can be a challenge to find a name that meets all these criteria perfectly. Some of the criteria are obviously more important than others, but I still recommend trying to come up with a name that meets most of them.

So how did we end up naming our new product? We called it TestRail. It’s not the best name in the world, but we are happy that we came up with a name we like. And most importantly, having finally found a name allowed us to concentrate on doing what we enjoy most: building great tools for software teams.

Dennis Gurock is the director and co-founder of Gurock Software, a company specialized in tools for software development teams and quality assurance departments. Gurock’s first product SmartInspect is a .NET, Java and Delphi logging tool. Gurock’s second product TestRail is comprehensive web-based test case management software to efficiently manage, track and organize software testing efforts. Dennis can also be found on Twitter as @dgurock.

It can also help your search rankings if your product name contains
relevant search terms. For example, our new product is related to
software testing and having the term 'test' in the product name helped
us considerably with this.

Donationware – An interview with Hillel Stoler of GetSocial

This blog is hosted on WordPress.com. This has its advantages, but it means that I can’t use the huge range of add-ins that are available to those that host their own WordPress server. In my attempts to find a simple way to add social bookmarking to WordPress posts I stumbled across GetSocial, a Windows desktop program that generates the social bookmarking icons you see at the bottom of my recent posts. GetSocial is donationware – the author requests a small donation if you find the software useful. But the software is not crippled or time limited in any way and the donation is optional. I found the software useful so I made a small donation.

I use a number of donationware products. Human nature being what it is, I rarely get round to making donations – despite the best of intentions. It just never quite makes it to the top of my ever expanding TODO list. I have also heard various tales about how dismal the donation rates are. So I was curious about how well the donationware model works in this particular case. I emailed the author of GetSocial, Hillel Stoler, and he was kind enough to do this interview.

What was the motivation behind GetSocial?

GetSocial is not a business – it’s my contribution to the WordPress.com community. I needed a way to generate social bookmarking buttons for my own blog, and when I saw none was available I made GetSocial. I decided to request donations because I too was curious about the feasibility of donationware, and wanted to investigate the subject. I hate spammy “business models” such as installing Toolbars, embedding ads and so forth and wanted to make software that I would like to use.

Does anyone actually make a donation?

Surprisingly, yes. Many people donate, and I think all of them are glad to do so.

What is the average donation?

At the beginning I was only asking for a fixed amount (5 USD). The reason for this was that a fixed donation simplifies the donation process (because the potential benefactor needs to make one less decision). I’ve selected 5 USD because it was the lowest sum of money for which the PayPal commissions amounted to less than 10% of the donation.

Recently I’ve enabled donations in different currencies and variable amounts (but only on my websites, donations made from inside the application are still fixed). I’ve seen some decline in the ratio of donations per download (although it could be explained by many factors, and cannot be directly attributed to the added complexity of the process without applying proper A/B testing methods). However, the average donation has increased to 9.19 USD, and I’ve also received donations of over 20 USD. This is interesting because 19.99 USD is enough to purchase many commercial software products. To date, no one has donated less than 5 USD.

What is the donation/download ratio?

First of all, please consider that GetSocial is upgraded frequently, and I cannot differentiate between a new download and an upgrade download. Also, I can only count downloads which originated from my own websites. That said, dividing the number of the donations by the total number of documented downloads yields a donate/download ratio of about 0.55 percent (e.g. a single donation is received on average about every 182 downloads).

Can you make any money out of donationware?

I do make some money out of GetSocial, but I’m far from making a living out of it. With the current donation/download ratio, GetSocial will only begin to become economically interesting when it hits the 500k download mark. It’s not impossible market-size wise (there are about 10 million bloggers in WordPress.com) but it’s not easy.

The amount of money one can make with donationware is directly proportional to the number of people involved. For example, in the case of GetSocial, take a million downloads, divide by 182 and multiply by 5 dollars and you have 27k USD (before PayPal commissions). This amount of money can cover the development costs for many small software products.

That said, a million is a big number, even for free software. If you’re thinking about making real money out of a donation based product, I would recommend that you research the size of your market carefully. Getting those million downloads is not an easy task.

I personally don’t think that money is the sole motivation for doing things though. When discussing profits, we should also take into account the indirect benefits I receive from GetSocial such as incoming links, a user base, visits to my website, comments, world fame (or at least some publicity), and even fan mail!

And hey, the donationware model works for Wikipedia, doesn’t it?

Why did you choose a donation model instead of selling licences?

The reason I made GetSocial was that when I started hillelstoler.com (on a WordPress.com platform), I wanted to add social bookmarking buttons for my visitors. When I realized no one was doing that (there was an old text file floating around for manual use) I decided to make GetSocial. I wanted to attract visitors to my new blog, and I knew that distributing a hyped piece of free software would help me build credibility and acquire an international audience. It did.

Why did you choose donationware over freeware?

Out of curiosity, I guess. I wanted to know if one could make any money this way, and if people actually pay when they don’t have to (especially in cases where no one is looking). Today I can clearly say that I was pleasantly surprised. I think that Donationware is a beautiful (and very user-friendly) concept, and I’m glad it’s not just another web myth. Besides, I knew that people needed GetSocial, but to be honest I didn’t really think that anyone would actually pay for such a service at the time. In the end, I think that my potential buyers are also the ones who made the effort and donated, even though they didn’t have to. I’ve actually received some donations larger than what I could possibly charge if GetSocial was a commercial product!

Another important factor in my decision was the fact that I could do it rather easily. Recall the old days, when Donationware DOS programs asked you to kindly snail-mail some cash to a P.O box? That’s the kind of thing I would never bother with, especially when we’re talking about an international market.

Do you think you have made more money through donations than you would have through selling licences?

Absolutely! When I’ve received my first donation I was surprised (so people do donate after all), and as donations kept pouring in I realized that there is a donation culture. Selling licenses also meant becoming a part-time police officer, and that’s not what I was after.

What really amazed me, is that even in this very specific niche of social bookmarking for WordPress.com blogs (where I offer an industry grade solution for free) competition still sprung!

How did you promote GetSocial?

I didn’t. I’ve posted about it on the WordPress.com forums several times, and wrote about it on my website, hillelstoler.com. Other people wrote about it too. No paid ads or anything like that. You’ll notice that I didn’t even include a link on the toolbar itself (the viral ‘Get one!’ link you see everywhere else) because it was important to me not to impose.

You now have a web version of GetSocial. How long did that take to create compared to the desktop version? How do the desktop and web version compare in terms of the amount of use and the amount of donations?

GetSocial Live (the on-line version) started as a weekend project actually. GetSocial is a Windows application, and many people wanted a Mac version. Since I don’t even own a Mac, I decided to make a cross-platform web service (currently, about 40% of GetSocial Live visitors are indeed Mac users). It was easy to make, because I copied some of the code directly from GetSocial. The images are all photos I took of the plants in my house. In the end it did mean additional costs (hosting, domain, etc), but originally it was hosted for free on (the late) Google Pages service.

Later on, I discovered that the on-line version made GetSocial much more flexible and dynamic. I can now post updates much more quickly and effectively. The web version is also much easier to upgrade and maintain because it lacks some of the internal complexity of the GetSocial application (things like self encryption).

Do you get any useful revenue from the Google ads on getsociallive.com ?

As in the case of the donations, I was curious about AdSense. I know for a fact that I never click sponsored links myself, but I guess some other people do because Google makes a living out of it. I didn’t bother with A/B testing and other cash boosters, I just added a single ribbon of ads.

So far revenue has been disappointing (this is also the place to mention that the process of getting my AdSense account approved was very annoying and arbitrary, with zero support). There were some cases where I got more than 1 dollar per click, but I currently get more money through donations than through AdSense. Interestingly, the ratio of ad clicks per page view is similar to (though a bit lower than) the ratio of donations per download.

You can find out more about GetSocial here and GetSocialLive here. Hillel’s blog is here.

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to Yahoo BuzzAdd to Newsvine

The art, science and ethics of software box shots

Perfect Table planI have recently revamped the PerfectTablePlan payment pages. I asked Andrew Gibson of 3d-box-shot.com to create an image of the PerfectTablePlan packaging, using the existing artwork. I was very impressed with the result. The image is much cleaner and more aesthetically pleasing than I could have achieved by photographing the physical packaging. But I am much less keen on the practice of using box shots of software where is no box (i.e. download only). It seems disingenuous, at best.  Andrew kindly agreed to write a guest article for this blog with an insider’s view on the art, science and ethics of software box shots.

Almost every time the subject of box shots is raised in any sort of software marketing forum, opinion seems to split diametrically in two opposing camps. The first group don’t see any ethical problem with displaying a box shot for a “download only” product. The typical argument used in favour of box shots is that it makes a product appear more tangible to consumers. They can see what you’re selling without having to read about it. It removes any doubt that the site they are looking at has software to sell and, when used effectively, can add an air of professionalism to a site. Finally, there’s a widely held belief that because of this, displaying a box shot can improve conversion rates.

In contrast, the opposing group believe that displaying a box shot for a “download only” product is ethically wrong and fundamentally dishonest. They maintain that customers would complain about not receiving a physical package in the post that’s identical in every respect to the “bogus” box shot displayed on the website. I run my own Micro ISV, selling amongst other applications, a product called 3D Box Shot. As a result, you might be inclined to think that I fall into the first camp. However, I’m actually quite ambivalent about the issue. I use box shots on some of my sites and have never received a single complaint from a customer about them not receiving a physical product in the mail. However, consumers in different markets don’t all behave the same way, which is why advice that works for some ISV’s can be commercial suicide for others. I’m entirely willing to accept that in some markets, some customers may indeed complain about not receiving a physical product. I just haven’t experienced this first-hand.

It’s worth noting that existing users of your product can often be persuaded to purchase additional copies to give as gifts. They may not even make this connection themselves, so why not put the thought in their heads? Send a festive email offering to ship additional physical copies of your products (gift wrapped) to friends and relatives. Add something like the following to your site to make the point visually:

selling-software-as-a-gift

click for a larger image

It’s often stated that adding a box shot to your site can dramatically improve conversion rates for your products. It may come as a surprise to learn that I’m not convinced that this is true in all cases. Generally speaking a box shot isn’t some sort of magic bullet that will transform your sales overnight. However, if it is an integrated part of your marketing strategy then it can make a real difference.

So how do you go about integrating a box shot into your marketing strategy? From a design perspective you can integrate a box design by keeping everything visually consistent. Use your company and product logo on the box and clearly display your website URL as well. This will help to increase the marketing potential of your box shot.

One less obvious method is to add you box shot to the image for your PAD Screenshot. Most download sites are worse than useless when it comes to driving traffic to your site. So instead of thinking of the screenshot referenced in your PAD file as just a screenshot, think of it as a blank advertising canvass that thousand of download sites are happy to display for you free of charge…

PAD-Screenshot-replacement

click for a larger image

Using this method, you can attract visitors to your site even from low quality download sites that don’t even supply a link back to your website.

So how do you get a box shot designed? As a designer I have a fairly unique approach to software box design. I treat a design as a conceptual puzzle than needs to be solved in order to create an effective cover. The criteria I use are simple. Someone needs to be able to look at the box shot and immediately understand what the product is and does. If a box doesn’t meet this challenge, then it isn’t doing it’s job. It’s normally possible to create an effective visual metaphor for a product that explains visually what it’s all about. Here are some examples of the sort of designs I’m talking about:

Example-Designs

click for a larger image

Trends in box design can change. Not so long ago lots of people were asking for Windows Vista Style boxes, but as it became more apparent that Windows Vista was destined to be seen in the same light as Windows ME, this requirement has tailed off. Nowadays the vast majority of design jobs that I do are for DVD cases, both virtual box shots and full print insert designs.

If you’re artistically talented and have access to a good quality image editing tool like Adobe Photoshop and have an easy means of transforming your 2D designs into a 3D Box, then you may well be able to create an effective looking box shot yourself.  However, once you consider the time this takes, hiring a designer seems a lot more reasonable. Since I design boxes commercially, I’ve acquired a lot of design resources including hundreds of royalty free vector images and a library of stock photography. I can draw on these resources when I’m creating a box design. This lets me develop designs quickly through the draft stage through towards the final design. However, as an experience box designer, I still find it challenging and rewarding work. But it is very time consuming.

If you’re determined to “do it yourself” then bear the following points in mind:

  1. The box shot needs to visually show what your product is and does. Show your design to someone that’s never seen your product and ask them to tell you what your product does. If they can’t do this, then your design isn’t up to the job.
  2. Make sure your website address is clearly visible on the box shot. If you ship a physical package you’ll have no way of controlling where it ends up. The box itself can drive traffic to your website. You don’t have to slap it on the front of the box, just make sure it’s there and can be seen.
  3. Try to design a cover that fits with the look and feel of your website. Use the same (or at least, non conflicting) colour scheme as your site and try to use the same fonts. This will prevent your box shot from standing out on your site like a sore thumb.
  4. Never use more than three different fonts in your design. Unless you are selling a font management application, this is sure way to spoil any design.
  5. Design so that text is still visible when the box is reduced to a 250 x 250 thumbnail. If the text is legible at this size on your design, then unless the design carries the message all by itself, the box won’t work very well as a marketing tool.
Perfect-Tableplan white background

click for a larger image

The image above was created in a rendering application at very high resolution. It took around 6 hours to complete on a dual core system. The resulting image is big enough to be used in print ads, or can easily be resized for use on the web.

Andrew Gibson is the head developer and lead designer for www.3d-box-shot.com, provider of box shots, packaging design, e-book covers and more. Box shot images from scratch start at $100. Box shots images from existing artwork can be created for as little as $25. All the images in this article were created by them. The original PerfectTablePlan packaging was designed by Nicola and Adrian Metcalfe.

7 Ways to be a healthier programmer

Developing software is an indoor job with no heavy lifting. How dangerous can it be? Actually, the long term dangers to your health are all too real. Humans have bodies evolved for running around the African savanna, not sitting motionless in front of a computer for hours at a time. I have heard several stories of developer careers cut short by RSI. Imagine if you couldn’t type any more, because it was too painful? Yes, it could happen to you. I started to write an article about ergonomics for developers. Then I realised I knew someone who was a lot more knowledgeable about it than me. Derek kindly agreed to write it instead.

It may seem hard to believe that working at your desk can cause you long term harm, but unfortunately the real toll of sitting in the same location and doing the same operations over and over again may not be felt until it is too late.  Here are some simple precautions you can take.

1. Setup your work environment to be ergonomic

Make sure that your whole working environment is set up correctly. This includes your monitor, keyboard, mouse, your desk height, your chair, and possibly a foot rest. Adjusting your seating position relative to your workstation layout encourages good posture. Do this on a regular basis, not just when the ergonomic assessment forms come around once a year. Setting up your chair correctly is probably the most important step and is covered in detail at healthycomputing.com.

2. Try using an ergonomic mouse and keyboard

There are a wide range of ergonomic mice available nowadays, and while some of them may look a little strange, you may be surprised how comfortable they are compared to conventional mice. The Evoluent VerticalMouse is ergonomic, easy to use and available in left and right hand variants. If you find an ergonomic keyboard inconvenient for programming, consider looking into one with a small key travel distance, like the keyboards on laptops where the keys only need to be depressed a small amount, as this reduces the finger movements and effort required.

3. Remember to look up from your monitor

Staring at your computer screen for long periods will lead to eye strain, tiredness, headaches and dry eyes. Every few minutes, look up from your monitor and focus on objects in the distance, either by looking out of the window or at the most distant end of the room. You can do this by using ScreenRest set to remind you at fixed time intervals. It is also worth adjusting your monitor screen to eliminate reflections from light sources behind and above you.

4. Sit up and stop slouching

Leaning forward, sinking down in your chair or resting you elbows on the desk places unnecessary pressure on your back. Poor posture, maintained over a period of time, leads to back pain and more serious back conditions. Make sure that you regularly correct your posture, sitting slightly reclined and supported in your chair with your shoulders relaxed.

5. Keep yourself hydrated

Don’t forget to keep up your fluid levels throughout the day. Even mild dehydration can leave you feeling lightheaded or bring on a headache. Often when you feel hungry it is actually that you’re thirsty, so don’t reach for the biscuits, get a glass of water first. Staying hydrated will help keep you clearheaded, more alert and help counter the dry environment around computers.

6. Take regular rest breaks

Get up and walk around regularly, taking a few minutes to relax. Try to avoid the temptation of carrying on with that feature that is “nearly finished”, or doggedly tracking down that bug that you’ve “almost fixed”. Taking a break will refresh you both physically and mentally. Also, use the break as a reminder to change the type of task you’re performing. If you use the keyboard and mouse extensively, you may want to use ScreenRest set to remind you based on the amount of usage. It can be surprising how much you use a computer continuously without realizing.

7. Look after yourself before it is too late

As a programmer your livelihood depends on you being able to use a computer. Pay attention to any discomfort, tension or pain you may feel while using the computer. Don’t think that computer-related conditions won’t happen to you and ignore those nagging pains until they become something more serious.

Do not underestimate how severe and uncomfortable repetitive strain injury pains can become and how long they will persist throughout the day and even into the night and will eventually impact leisure activities you enjoy doing. Once the damage has been done even the simplest of movements, not just using the computer, can be enough to trigger pain.  There are tools available, such as speech recognition software, to help with basic computer tasks such as emails and browsing basic websites, but it is of no use when controlling complex development IDEs.  Speech recognition can frustrating to control at the best of times and is impractical in an open plan office environment, due to the background noise.

Derek Pollard

Derek Pollard is the developer of ergonomics software ScreenRest, for the prevention and relief of eye strain and the management of RSI while using your computer.

<p style=”text-align:left;” class=”getsocial”><img style=”border:0;margin:0;padding:0;” src=”http://getsocialserver.files.wordpress.com/2009/08/gs1003.png&#8221; /><a title=”Add to Facebook” href=”http://www.facebook.com/sharer.php?u=https://successfulsoftware.net/2008/10/26/7-ways-to-be-a-healthier-programmer&#8221; rel=”nofollow” target=”_blank”><img style=”border:0;margin:0;padding:0;” src=”http://getsocialserver.files.wordpress.com/2009/08/gs1013.png&#8221; alt=”Add to Facebook” /></a><a title=”Add to Digg” href=”http://digg.com/submit?phase=2&amp;url=http%3A%2F%2Fsuccessfulsoftware.net%2F2008%2F10%2F26%2F7-ways-to-be-a-healthier-programmer&amp;title=7%20Ways%20to%20be%20a%20healthier%20programmer&#8221; rel=”nofollow” target=”_blank”><img style=”border:0;margin:0;padding:0;” src=”http://getsocialserver.files.wordpress.com/2009/08/gs1023.png&#8221; alt=”Add to Digg” /></a><a title=”Add to Del.icio.us” href=”http://del.icio.us/post?url=http%3A%2F%2Fsuccessfulsoftware.net%2F2008%2F10%2F26%2F7-ways-to-be-a-healthier-programmer&amp;title=7%20Ways%20to%20be%20a%20healthier%20programmer&#8221; rel=”nofollow” target=”_blank”><img style=”border:0;margin:0;padding:0;” src=”http://getsocialserver.files.wordpress.com/2009/08/gs1033.png&#8221; alt=”Add to Del.icio.us” /></a><a title=”Add to Stumbleupon” href=”http://www.stumbleupon.com/submit?url=http%3A%2F%2Fsuccessfulsoftware.net%2F2008%2F10%2F26%2F7-ways-to-be-a-healthier-programmer&amp;title=7%20Ways%20to%20be%20a%20healthier%20programmer&#8221; rel=”nofollow” target=”_blank”><img style=”border:0;margin:0;padding:0;” src=”http://getsocialserver.files.wordpress.com/2009/08/gs1043.png&#8221; alt=”Add to Stumbleupon” /></a><a title=”Add to Reddit” href=”http://reddit.com/submit?url=http%3A%2F%2Fsuccessfulsoftware.net%2F2008%2F10%2F26%2F7-ways-to-be-a-healthier-programmer&amp;title=7%20Ways%20to%20be%20a%20healthier%20programmer&#8221; rel=”nofollow” target=”_blank”><img style=”border:0;margin:0;padding:0;” src=”http://getsocialserver.files.wordpress.com/2009/08/gs1053.png&#8221; alt=”Add to Reddit” /></a><a title=”Add to Blinklist” href=”http://www.blinklist.com/index.php?Action=Blink/addblink.php&amp;Description=&amp;Url=http%3A%2F%2Fsuccessfulsoftware.net%2F2008%2F10%2F26%2F7-ways-to-be-a-healthier-programmer&amp;Title=7%20Ways%20to%20be%20a%20healthier%20programmer&#8221; rel=”nofollow” target=”_blank”><img style=”border:0;margin:0;padding:0;” src=”http://getsocialserver.files.wordpress.com/2009/08/gs1063.png&#8221; alt=”Add to Blinklist” /></a><a title=”Add to Twitter” href=”http://twitter.com/home/?status=7%20Ways%20to%20be%20a%20healthier%20programmer+%40+http%3A%2F%2Fsuccessfulsoftware.net%2F2008%2F10%2F26%2F7-ways-to-be-a-healthier-programmer&#8221; rel=”nofollow” target=”_blank”><img style=”border:0;margin:0;padding:0;” src=”http://getsocialserver.files.wordpress.com/2009/08/gs1073.png&#8221; alt=”Add to Twitter” /></a><a title=”Add to Technorati” href=”http://www.technorati.com/faves?add=https://successfulsoftware.net/2008/10/26/7-ways-to-be-a-healthier-programmer&#8221; rel=”nofollow” target=”_blank”><img style=”border:0;margin:0;padding:0;” src=”http://getsocialserver.files.wordpress.com/2009/08/gs1083.png&#8221; alt=”Add to Technorati” /></a><a title=”Add to Yahoo Buzz” href=”http://buzz.yahoo.com/buzz?targetUrl=http%3A%2F%2Fsuccessfulsoftware.net%2F2008%2F10%2F26%2F7-ways-to-be-a-healthier-programmer&amp;headline=7%20Ways%20to%20be%20a%20healthier%20programmer&#8221; rel=”nofollow” target=”_blank”><img style=”border:0;margin:0;padding:0;” src=”http://getsocialserver.files.wordpress.com/2009/08/gs1093.png&#8221; alt=”Add to Yahoo Buzz” /></a><a title=”Add to Newsvine” href=”http://www.newsvine.com/_wine/save?u=http%3A%2F%2Fsuccessfulsoftware.net%2F2008%2F10%2F26%2F7-ways-to-be-a-healthier-programmer&amp;h=7%20Ways%20to%20be%20a%20healthier%20programmer&#8221; rel=”nofollow” target=”_blank”><img style=”border:0;margin:0;padding:0;” src=”http://getsocialserver.files.wordpress.com/2009/08/gs1103.png&#8221; alt=”Add to Newsvine” /></a><img style=”border:0;margin:0;padding:0;” src=”http://getsocialserver.files.wordpress.com/2009/08/gs1113.png&#8221; /></p>

“Think you can’t get a virus by visiting a web page? Think again!”

Are you just one click away from disaster? The following post on ASP forums woke me out of my complacency (reproduced with the author’s kind permission):

It happened to me today with FireFox 3.

While searching Google for some information on a movie I watched recently (wasting time, more or less), I clicked on a link that I thought was to IMDB. I only glanced at it in the Google search results before I clicked on it. As soon as the page loaded the browser closed, my desktop background was changed and some sort of fake scanner window showed up. Then I saw desktop icons appear. Then a BSOD, or so I thought.

It turns out it was a pretty common piece of malware called Smitfraud combined with a fake AV malware software called “AntiVirus XP 2008”. They kept asking me to register the software in order to clean the 2700+ virus that it found during its “scan”. The BSOD was a cleverly designed screen saver, I assume designed to make a user reboot without trying any real scanner software.

Luckily I use Acronis TrueImage to do incremental backups every night so restoring to what I had at 4AM this morning only took about an hour but it really woke me up. I had disabled the Avast resident scanner a few days ago thinking that I didn’t need it – I mean, I don’t download random EXE files from the net, I don’t visit “bad” sites and I don’t use any p2p file sharing network so I’m safe – right? WRONG! Talk about a humbling experience. Here I am, an uber nerd, and I just had my entire system hosed in about 4 seconds by visiting a website. If I weren’t obsessed with backups and redundancy I could have lost the source code to all of my software or worse, allowed some cracker kid to install a rootkit and gain access to my desktop on demand. Talk about a nightmare!

I can only assume I ran into a site exploiting some new QuickTime or Flash vulnerability. I definitely didn’t download and run anything from the website – I only clicked the link from Google.

If I could remember the site I would try to return to it in a VM with an anti-virus software enabled to see if it could catch it before bad things happened. I can only hope that my huge mistake of not turning my AV software’s resident scanner was the main thing that allowed the software to be installed.

I’ve since started using OpenDNS.org, set Acronis to do incremental updates twice a day, enabled Avast’s resident scanner and installed the Teatimer program from Spybot Search & Destroy. Oh, and I uninstalled Flash and QuickTime just in case (though I checked and I had the most recent versions of both!).

Mitchell Vincent, www.ksoftware.net

The responses included several suggestions to use the ‘Noscript’ add-on for FireFox. I have been trying it for a few days. It is slightly annoying to keep on having to OK scripts on trusted sites. But that seems a price worth paying. And don’t forget to do your back-ups.