Encode 3.0

[FrostedPopTart]

I really hope IPB 3.0 and up won't be encoded. That would make it much harder to do mods and other edits (such as manual security patches).

[bfarber]

I really hope IPB 3.0 and up won't be encoded. That would make it much harder to do mods and other edits (such as manual security patches).

Just a note about security patches...

If the file was encoded, you wouldn't be able to modify it, thus uploading the entire file when there's a security patch wouldn't be an issue.


I'm staying out of the rest of the comments, as I don't know the company's intentions either way. :) This is one of those subjects that of course comes up, but as you know we haven't done it to date. What we do in the future though, I have no idea.

[Lindy]

There are no plans to make IP.Board a fully encoded application. We wouldn't cut the modification community off. :)

[Yoso]

encoding sucks realy

look vbseo, this was fully encodet and all versions was avalible on the warez sites - and now they have removed the encoding for better performance

i hope, i must not see an encodet version in the next time of IPB, than i dont think about to install that ioncube crap on my server ;)

[Energizer]

encoding sucks realy

look vbseo, this was fully encodet and all versions was avalible on the warez sites - and now they have removed the encoding for better performance

i hope, i must not see an encodet version in the next time of IPB, than i dont think about to install that ioncube crap on my server ;)

If they encode something, then one also can decode it. It is only a question of the effort.

[Tony]

encoding sucks realy

look vbseo, this was fully encodet and all versions was avalible on the warez sites - and now they have removed the encoding for better performance

i hope, i must not see an encodet version in the next time of IPB, than i dont think about to install that ioncube crap on my server ;)

With vBseo is something different. They was offered two versions, one encoded with Zend and other with Ioncubed. Since they've "nulled" the Zend version, there was no need to keep it encoded since they already know the source code.

[jenolan]

What would be nice is some way to know if a site has a licence. I know that this might raise 'privacy' issues but especially for mod authors if we could somehow verify a url as being valid it would put a small crimp in pirate board receiving support from us :)

[Digi]

There's a difference between cracking and decoding. I can almost guarantee you that, if the project is large enough, no mnulling is going to be arsed to "decode" the project to plain text again. Even if they did, it wouldn't be as easy to read/use as you think ;)

[Lindy]

What would be nice is some way to know if a site has a licence. I know that this might raise 'privacy' issues but especially for mod authors if we could somehow verify a url as being valid it would put a small crimp in pirate board receiving support from us :)

We're considering ways that would allow trusted affiliates to verify the validity of licenses. This would obviously not be a tool available for the masses and will likely include an agreement between IPS and the vendor/affiliate for the protection of customer privacy and other considerations.


It's definitely something we are working on.

[Lindsey_]

Nevermind

[stoo2000]

Why it's feedback on their product ?

[Κeith]

We're considering ways that would allow trusted affiliates to verify the validity of licenses. This would obviously not be a tool available for the masses and will likely include an agreement between IPS and the vendor/affiliate for the protection of customer privacy and other considerations.

It's definitely something we are working on.

I don't really see it as the responsibility of the coder/skinner to check the license. If they're paying you for work, you provide skin files or instructions on how to install the mods, it's not like we're handing out source files to illegitimate boards.

I mean sure, if I see a board that's suspect I'll report it to the piracy team, but I don't go out of my way to validate every potential customer just in case.

They can purchase the skin/mod and if the board is removed from their site, no loss to me. :P

[Lindy]

I don't really see it as the responsibility of the coder/skinner to check the license. If they're paying you for work, you provide skin files or instructions on how to install the mods, it's not like we're handing out source files to illegitimate boards.

I mean sure, if I see a board that's suspect I'll report it to the piracy team, but I don't go out of my way to validate every potential customer just in case.

They can purchase the skin/mod and if the board is removed from their site, no loss to me. :P

I didn't say it would be required. To each his own - we're simply asked this quite frequently. We have many developers that understand the importance of intellectual property protection (being that they are developers themselves) and wish to, not only help us, but also ensure they're not doing business with a thief (if they stole the product they hire you to customize, what are they going to do with YOUR work?) Then there are others that don't care where their revenue stream comes from - that's fine too. Not sure how I feel about capitalizing on another web product yet not be overly interested whether or not the customer has obtained said product legally or not. That's for another discussion, however.... again, to each his own. :)

[Digi]

Not sure how I feel about capitalizing on another product yet not caring whether or not the customer has obtained said product legally or not. That's for another discussion, however.... again, to each his own. :)

Just so we know Keth's thoughts were clear. It isn't that we don't care if a customer comes to us and we find out that their forum is nulled. We do, and promptly report it. That does not mean that we should stop providing the service we provide in my opinion, especially since every time we've found a nulled forum it was after work had already begun or was completed. Very few sales come from nulled folks anyway at our prices. Once a person wants it free, they want everything free or at unrealistic prices. Do you think if we say no it will make the person move to a non-nulled forum? I don't.

We support you guys whenever we can, including giving referrals to all our larger clients looking for a forum with their web site (sent atleast 6 sales your way for that, at business level I believe) and reporting forums when we find them (like any other customer).

If you were to provide a service in which we could validate forums for validity, we would definetly use it to report to you. It would further help us set a fraud flag since, as I mentioned above, those that duped one person will try it on others. I think it is a good idea for some other things though (like IPB resources sites that want to validate a person as an actual customer). I just don't see how a business can afford to investigate every request that comes in for legality. Can you image the costs if we did that for every service we offered? Beyond large scale software, how about validating the software license on all files on the server just to make sure the person isn't a crook...it's just not practical.

If you know a way to make it practical, I'm all ears! I'm all for digital ownership and protecting those rights. By providing my service I don't hurt those rights (especially when we report violations). In fact I recall a couple times when we founda nulled forum early and posted a price 200% the normal value of the work hoping to stick it to the theif...none have accepted :(

I'm speaking from a purely custom service perspective of course, where the item in question was designed specifically for the client. Pre-fabricated items would be another story altogether, not to dissimilar, but different no less.

[stoo2000]

I think a method of validation would prove very useful for Commercial add-ons, for example if that addon is encoded maybe so the calls cant be cut out, the software could just say no, you are not allowed to install this untill you have a valid license. And to be fair by that time the person has already bought your software, which is bad luck on them if you stated it wouldnt work on a nulled forum.

[Digi]

In addition to the above (and as a reply to stoo), there are a lot of things we can't control in regards to what you call a "valid" license. I know that yearly people, or expired licenses, aren't able to update their working URL for example. I assume your API would allow checking against your database, what if that information is out of date and we force the client to jump through hoops for no (valid) reason. This, among other things, make it difficult, or impossible, for us to handle management of "who's valid" before we service.

P.S. Stoo, good luck trying to not give a refund to someone whom bought something only to find it will not work. Regardless of the circumstances, no CC company (or PayPal) is going to take your side there.

[stoo2000]

I would expect with an expired license or like myself with a yearly license, IPS database can still distinguish between those and know which ones are legally held. As i said earlier though it would enable a commercial product to disable iteself, but as what you are getting at where you do custom work, I think that's just another ball game. Unless you included a class for checking the validity and enabled it after you had done the work. But you dont want to look like someone that's going to stitch people up. I can see how it would work well for one thing, but not so well for others.

[Κeith]

I didn't say it would be required. To each his own - we're simply asked this quite frequently. We have many developers that understand the importance of intellectual property protection (being that they are developers themselves) and wish to, not only help us, but also ensure they're not doing business with a thief [b](if they stole the product they hire you to customize, what are they going to do with YOUR work?)[/b] Then there are others that don't care where their revenue stream comes from - that's fine too. Not sure how I feel about capitalizing on another web product yet not be overly interested whether or not the customer has obtained said product legally or not. That's for another discussion, however.... again, to each his own. :)

They'll probably take it and pass it around the warez community. :P

It's not like we go to every forum we get project requests for either. I think the only time I really visit the customer's site before we get into development is when we're doing a skin, and I want to poke around and see what their external site and/or current skin looks like. (at this point, can you really tell me which sites are legal or not by just viewing the skin/public side of the forum?) I'd say, safely, that 8/10 times, we get a request, work out specifics, generate a quote, get paid, perform the work on our server. All without even going to theirs.

It's not until it comes time that they want us to install it that we'd even have access to the board (ftp/acp), which at that point would be just a little too late to say, "Oh, sorry you can't have your product now."

So as I said before, when we find an illegitimate board, we report it, but we don't actively seek them out.

[Mark]

P.S. Stoo, good luck trying to not give a refund to someone whom bought something only to find it will not work. Regardless of the circumstances, no CC company (or PayPal) is going to take your side there.

Not sure about the US, but in the UK you only have to give a refund if:

• The item is not as described
• The item is not fit for it's purpose
• The item is not of satisfactory quality
  

(Unless it is sold to a minor or person who is "mentally incapacitated" - Source: Sale of Goods Act 1979)

So, you could argue that if you stated it wouldn't work in x situation then you are not legally obliged to give a refund (like if I went out and bought Windows Vista then demanded a refund because it wouldn't work on PC which doesn't meet the requirements, I'm not legally entitled to a refund)

Not saying that one should do that, just sharing :)

[/offtopic]

[Energizer]

If they do not encode the IPB, then they will always be able to remove features which are meant for a check of the licence. I already have reported many obvious illegal IPB to IPS, today, they still exist. Many reports are already longer than 1 year.
I nevertheless am against an encoding. I am not responsible for it if others use the IPB illegally. I have honestly paid my licence. I more cannot do.
It annoys me if others use the IPB illegally while I have paid for it. However, it still would annoy me very much more if the IPB would be encoded for me as an honest customer.

[stoo2000]

I wouldnt like a completly encoded product either. A suggestion further back in this thread is to incode say the kernel folder, which would have any licensing calls in, because pretty much if you remove anything in this folder your board is not going to work. That way you can protect your license checking facility, and protect your software from piracy becuase the end user would not easily be able to remove the call backs with out disabling the complete software package.

Another possibility based on this would be to completly disable all functionality of the software unless it's validated with a license server..

pps. by only having the kernel folder encoded this would allow most modifications to work and would allow you to make your own file changes.

[FrostedPopTart]

There are no plans to make IP.Board a fully encoded application. We wouldn't cut the modification community off. :)

Glad to hear. :) As long as mods can be freely done to IPB forums I'm happy. :D

[Mark]

There are no plans to make IP.Board a fully encoded application. [b]We wouldn't cut the modification community off.[/b] :)

Aren't both Nexus and Converge both fully encoded? :unsure:

[bfarber]

There's few modifications really possible for Converge. If you are looking to pass extra data there are already (undocumented, though) APIs that can do this.

For Nexus, it's a business application. It's easy to forget that, but remember that IPB geared towards the average joe and Nexus geared towards businesses, there are likely to be differences. And Nexus allows a lot more customization without modifying the files via automated plugins and hooks, so the modification community is certainly not cut off completely. :)

[Louis M.]

What would be nice is some way to know if a site has a licence. I know that this might raise 'privacy' issues but especially for mod authors if we could somehow verify a url as being valid it would put a small crimp in pirate board receiving support from us :)

I remember back to the flame war days of licenses and customers running the tool before it was disabled. Then people started faking output. Chunks of threads were shut down, the mod stick, the ban stick, and the admin stick were out alot during that time. Then people started making threads I reported MarkhamLA for piracy but his site is still up?!?!?!? What the heck?!?!?!?!?! Then it started all over again. I pray these days NEVER return. /shudder

I will say that I hope there is no license server in the mix. Validation is a PITA. I already have to play wiht MS to get Vista and Office validated. I don't want to start playing those games wiht my website.

Regardless of how this turns out people will be pissed. If IPS doesn't enocde something people will whine that their purchases aren't protected because Joe Shmoe can go d/l IPB from warez.com. If they do encode it people will whine that they can't modify any or that one specific file that they want to. There is no fool proof system that will make every single person happy. IPS has the right to protect thier IP however they want to. If they want to hire more staff to manage "activation" issues they can, but expect to see the price go up.

What happens when something on my server goes corrupt, just enough to cause my activation to fail. Do my mods stop working? Does my forum display a message to my users saying "This forum isn't validated"? People that say that can't happen, look at Vista/XP. Sometimes the activation data goes bad. I have seen it happen. What happens if IPS's call back serer is down? My forum needs to call home to verify the license is STILL valid, but it can't reach the server. Does my forum shut off or does the site still continue to operate? If it continues why won't the person block that site on the server firewall? I could do that on my VPS. Costs (including the customers costs in dealing wiht issues) vs. benefits does not seem to be at that level.

I still think the best system to put in place is what we have. if I find a questionable site I report it and forget about it. IPS will take care of it from then on.