Friday, April 20, 2007

What goes on at Castle Sonalksis?


I feel I ought to give a quick update as to what's going on behind the scenes.

TBK3 finished its first beta phase.
A few minor things to tidy up... and a decision that it should go even nastier.
So, it's just ridiculous now. Totally ridiculous.
Set to extreme settings I can't make any sense of what's going on at all. :D
I think the testers like it. Audio perverts.
So, now it's just polishing and making sure all the bugs are closed and buried.
With luck and good weather (which we've been having a lot of in the UK recently!), it should be a few more weeks to release.

I guess it's time to read some books on writing about high-energy action adventures, so I can write the manual... ;)

In other news.
I finished the DSP and plugin-y-ness for another new plugin... a useful utility-type thing. It still needs a UI, so it hasn't gone to beta yet; so that'll be out after TBK3
Specs are confirmed for another two plugins, which I intend to start veeeerrry soon ;) NO DETAILS FOR YOU! :P

In other other news.
I bought a copy of FogBUGZ. I used to use it at Focusrite/Novation, and it was one of the best things ever. It still is one of the best things ever.
It's frankly astonishing that a piece of software can turn bug tracking into an enjoyable experience. I've no clue how it's done, but if you have bugs to track, throw out whatever you're using and get FogBUGZ now.

I bought a copy for my mac. It's all working now, but pheww... it took some time...
To get it to work I had to:
1) Install the latest PHP ('cause the one that ships with macos is lame)
2) FIGHT this thing called PEAR (which seems to be some kind of package manager); I say FIGHT because there were two versions installed that were fighting. If you get into the same trouble, the answer is: sudo pear config-set bin_dir /usr/bin, THEN do all the sudo pear upgrade PEAR stuff. and use sudo pear -V LOTS. You need it to say that the version number is 1.5ish, or better. 1.3.6 is right out.
3) Use PEAR to install some PHP modules (i think thats what it did)
4) Install MySQL off the 'net
5) Learn the bare minimum to get MySQL working (install all 3 things in the dmg, open system preferences, click start. know that by default db passwords are blank)
6) Poke around 3 or 4 setup screens for FogBUGZ
7) Configure my php.ini... but which one?!!? The one HIDDEN in /usr/local/php5/ of course!
8) Reboot apache lots. Thank goodness apple have a button for this in system prefs.
9) Configure my my.cnf file. It doesnt exist yet. It goes in /etc/. It needs to contain about 2 lines of text.
10) ENJOY!

Now, as you can see, had I installed it on a Linux machine, I could have skipped stages 1->9. Let this be a lesson to us all! :D :D :D

Now I've moved the buglist from Excel into FogBUGZ which is working just lovely on my machine. It's very exciting. Admittedly there aren't THAT many bugs to enter, but the joy is, I can assign myself new tasks as feature requests for building new things! YAY! :)
FogBUGZ is so wonderful because:
1) Things that live in databases that you can't see feel much more safe and secure than .xls files on your desktop
2) It forces you to work in a formal way, and this in turn makes you feel much better and safer about things
3) It remembers all these things for you! You can even leave messages to yourself! What more could you ask for?
4) It is so simple that anyone ever could learn to use it in less than 3 minutes, without a manual.
5) There is a strange and magical process inside my brain that works like this: if something is in a place where I know it is safe, and other people can see it, then I don't have to burn braincycles on worrying about it. In this way, FogBUGZ makes me feel better about my life in general. Weird huh? It just destresses me. I'm sure the same thing will work for you too if you have bugs to track, or features to implement :)

So, that's my exciting news. I have some bug tracking software which is so good I want to write pages of blog about it. Oh, and lots of new plugins on the way.

I'm planning to take a holiday at the start of next month. I'm considering Palma/Majorca or Barcelona... or maybe Paris. Any suggestions?
I'm just thinking that with the weather being this good over here at this time of year, it's nuts to go away, but a nice holiday away somewhere would be just the ticket.

Bye for now,


Monday, April 16, 2007

Hackers Again.


It looks like I haven't blogged for a while, but actually I have another post I just haven't finished yet.

There's a big thread on KvR where someone is offering $1000 reward for information that leads to prosecution of some hackers. I think that's a paltry reward given what's being asked for, but of course, everyone's opinions vary- the thread is about 55 pages long now. Some people are pro hackers, some people against. I've made my position clear before- or at least I thought I had...

You may or may not be aware that I got a little message wishing me a happy new year from some hackery-type people. That left me somewhat perplexed. I wasn't sure if they were sincerely hoping I had a happy new year (although a perhaps somewhat impoverished one), or if they were just being mean? I'm pretty sure they read the blog, and I'd love some clarification. I can't trace anonymous comments, so there's nothing to stop you posting to me. In fact, I'd love to find out.

I did ask in a previous post that if anyone does feel the need to crack Sonalksis software, they should update the UI graphics to make sure everyone knows they did it. I've even made this easy to do. Perhaps I should make the installer files available to make it easier still for them?

The argument that plugins should be free is false.
You want Sonalksis plugins. They require X amount of working time to develop and test.
For me at least, if it wasn't a day-job, I could not find the time to do the work necessary.
Free plugins = non-existent plugins.

Not so! You say - there are many free plugins!

Yes, but evidently the circumstances that apply to their authors do not apply to us at Sonalksis.
If you want Sonalksis quality (and customer support and updates and new features and...), you need to get it developed by Sonalksis. For that to happen, we have to have the time, and that means taking things seriously.

Even if you disagree that circumstances are different (though everyone's circumstances ARE different), that makes you an ethically justified user of free plugins, not an ethically justified user of cracked non-free plugins.

Essentially, when you buy something, you are saying not only that you want that item (and support for it in future) but that you want the manufacturer to provide you with similar future items which also appeal to you.
By using cracked Sonalksis software when you can afford not to, what you are saying is that you DO NOT want more Sonalksis software to be available. Now, if that is what you mean to say, then that's fair enough - but pay for the software you do use, and tell us that for whatever reason you want us to go bust. That's the only ethically defensible position, I'm afraid.

I have started to get the impression that a lot of people think of plugin companies as big fat-cats, all rich beyond their dreams, driving porsches and ferraris. Big glass offices, server rooms with millions of blinking lights. Water fountains. Multi-million pound mansions in the countryside with stables and maybe a racetrack for practicing rallying at the weekend.
Yeah, that's the dream, but actually, I don't know of ANY company who's got that far (except perhaps Waves at their highest peak).

So some reality just so you can ground what it's really like. Most plugin companies are very small. 20 people is a HUGE number of employees for a plugin company. Pay is never great - there's always more money working for some faceless corporate consulting outfit. I've almost finished paying off my student debts - maybe another year or two will get it. No-one at Sonalksis owns a car, let alone a Porsche or a Ferrari (although one of the guys has a van!).

Making plugins is not (as far as we can tell!) a way to get rich and retire, making a killing exploiting the musicians of the world. Actually, making plugins isn't even I.T. It's not the same market. It's the music industry. The market for a plugin company IS NOT everyone with a computer, it's PURELY musicians. I think we ALL know how much money there isn't in this industry.

This is why my comment above about sustaining company development is moot. No-one in this industry (not even Waves!) is sitting back and laughing (WUP?). Not any more. We're all doing the best we can to stay in business. We're all still trying to live the dream - making a living in the music industry! Everyone goes about things in different ways, and I'm sure different approaches have different merits - even though I strongly disagree with a few things going on today.

When money comes through the door here, it gets invested in three things:
1) Making new plugins. This is the only way we can stay in business.
2) Supporting existing plugins. This is the only way we can guarantee that we're a company worth buying from. No-one wants to be a bad company, do they?
3) Growth. We need to advertise to have new customers, we need to take on people who are good to do the stuff we're bad at, we need to expand as a company in order to keep growing (because otherwise you shrink and die)

So, now you know. No fat-cats smoking cigars. No Ferraris. Not even a second-hand Lamborghini. What you're paying for is for us to keep making new plugins, and to keep the old ones working.

Hopefully you remember that I'm not hopelessly naive about these things and I can tell a lost sale from someone who never would have bought. So I'm not arguing that a 13yr old with his first sequencer is destroying the industry - that's clearly nonsense. However, a studio selling recording time and using cracked software clearly IS. If they didn't pay for their hardware, someone would be in there to retrieve it nice and quick. If they didn't pay for their electricity, it'd get shut off. Cracked software should be the same deal, but it's not. This is what led me to request that hackers badge cracked software. But let's not think of it as "going after people who OUGHT to be paying".

I've seen, and I like it. I have one of their t-shirts.
I saw their forums. Wheeewww... A lot of very angry people there, who've been done-over by large software companies, and now feel that their piracy is justified.

Well, what can you say to someone who's been put through so much pain that they'd rather pirate software than pay a cent to support the companies. Shame on the companies that messed them about! But that's not enough, because NOW, every other company will feel their wrath. It's worth noting that these people are in the large paying customers who're not prepared to pay any more - they want the companies that have mistreated them to go bust, and as long as they stick to non-cracked software, they are ethically sound!

We make a point of looking after our customers. We are a small company, and as I've probably mentioned before, all of our customers (so far.. touch wood) are lovely!
This might be related to the fact that customer support is essentially our highest priority as a company. Sometimes growth/new products suffer as a result; we just have to interpret that as a measure of how tough the market actually is. We can't afford to let customer service suffer, or we'd be out of business in a week.
Nor can we differentiate between the level of support a demo-user vs a customer gets. We've no way of demonstrating that we offer good customer service to customers unless prospective customers get the same service too.
So customer service is opened up to everyone.
Now out comes a crack, and suddenly TWENTY TIMES as many users have the plugins.
How fair does it feel that the cost of supporting them through customer service is paid for by the legitimate customers?
To clarify that- I can't distinguish between someone who is "using the demo and needs help" and someone who is using the crack. The former represents a potential sale, the latter most likely does not. I have to help them both.
Or maybe I only offer customer service to existing customers... would that be popular?

But on the flip-side, TWENTY TIMES as many people have now heard of Sonalksis... maybe they'll buy? Well... the demo period is (we think) pretty generous, so it's not the benefits of try-before-you-buy. So maybe it's a marketing thing?
Perhaps there is some benefit there?
But marketing is something you ought to take control of - if you had to choose between spending X amount advertising to random people, or the same amount advertising in a magazine read by your target audience, which would you choose?
I have a funny feeling this analogy isn't a million miles from the way it is, whether you measure X as cash expenditure or lost sales.

Ah well. There's really no fixed answer to this type of argument.
There's no hard data - and there never can be.
You can prove precisely nothing.

There's another angle that interests me though.
Why do crackers crack?
I suspect it goes something like this:
1) Young, very smart, technically gifted, wants to acquire some status
2) Does a few cracks which get some attention, acquires desired status
3) Gets surrounded by a network of people who really want more cracks done
4) Gets half-way emotionally blackmailed into it, and keep cracking until finally s/he gets the opportunity to stop.

It's well known that hacking (white hat) is something people do because it's interesting and fun. That explains the first few cracks (black hat). But surely there comes a point where it becomes routine and monotonous. Points 3&4 are my theory as to WHY people would carry on cracking after it's become dull. Suppose you've cracked CP mechanism X, and you did it because it was fun. Well, now it's cracked, why would you keep on cracking it for other plugins?

I believe that points 1-4 form a valid explanation for the motives and actions of crackers. It makes sense. To start with, they find something technically fascinating (although illegal), and they dive into it. Then, they find themselves locked into it, long past the fascination has gone.

I don't believe for one second that the crackers we have heard of are immature in any way. The concept that someone could have the immaturity to keep trying to attain status in a childlike way just bears NO conceivable parity with the level of skill required to crack software.

However, while I /like/ 1-4 as an explanation, I have two more potential hypotheses:
A) Crackers believe they are ethically justified
B) Crackers hold a vendetta against their victims
Now, as I have said, anyone with the skills to crack software is necessarily mature enough to realise that A is clearly false - there isn't /really/ an ethical justification. If they really do think that, then all we can conclude is that that's a +frightening+ state of affairs.
As for B... well, why? It would have to be a very generic vendetta too. Some kind of prejudice against plugin companies? Weird.

The handiwork I've seen from crackers recently indicates that the level of skill required to enter the arena is higher than ever before. The crypto knowledge alone is not something you'd learn at university... So here we are talking about people who could WALK into some of the highest paid jobs in the IT industry...

I just wonder why they don't surf over to, spend 20 minutes figuring out DSP, and start their own plugin companies?

Any ideas?