Page 1 of 1

Hosted versus licensed applications

Posted: Sun Jan 20, 2008 11:10 pm
by alex.barylski
I think more and more applications will be delivered as a service rather than a product that comes with a license...

I certainly like the idea of keeping the code centralized and not having to worry about clients 'tinkering' with source code, etc. I also like the added security through obscurity as well as the prevention of theft.

For me, the benefits far out weigh the negatives.

I'm curious though, as a developer how do you feel about software as a service? Do you push that on clients or are you stuck on licensed software? What are some key benefits you see in licensed software over hosted/SaS (Software as a Service)???

Cheers :)

Re: Hosted versus licensed applications

Posted: Mon Jan 21, 2008 12:26 am
by Mordred
Hockey wrote:What are some key benefits you see in licensed software over hosted/SaS (Software as a Service)?
The question is what benefits would the client see. Imagine a web app for internal company use - they would certainly want it hosted in their intranet only, and won't accept third parties having access to their corporate information. In that case, a licensed solution is your only choice really, so put a clause saying they shouldn't thinker with the code etc.

And of course you can't trust any corporate lying descendant of a female dog, so if you're really paranoid about it, put some technical measures as well. Think blackhattish - backdoor(s), call-home, source obfuscation, checks against environmental variables... Now, you live in a 1st world country, where one could maybe hope to sue (if you can manage to catch them violate your contract). Here - I just prefer being errrm technically insured.

Here's some output from my in-house obfuscator. The whole piece-of-software the client gets is one 300k file with no comments and whitespace :twisted: . Deployment of new versions is a charm - here's your file, just copy it over.

Code: Select all

function qd0g1pmy7($rVn8mvB,$_ddoexuvX=0){return $this->_q1w0tx5($rVn8mvB,0,0,$_ddoexuvX,Array());}function zabi0_d($OXFXYTEF,$womkfXN5k,$em1kohcL,$U2jCIkn,$N3DrDNgHJz){$KSF4tx_=$this->ng3dy76a8c($OXFXYTEF,$womkfXN5k);$hLPl3wN=$OXFXYTEF[floor($N3DrDNgHJz/2)];$AoFkbtQYQSp=$N3DrDNgHJz%2?'DESC':'ASC';$U3onZfkjJ=$this->zd6p982xzv($em1kohcL,$U2jCIkn);

Re: Hosted versus licensed applications

Posted: Mon Jan 21, 2008 4:25 pm
by alex.barylski
Mordred wrote:The question is what benefits would the client see.


I actually wasn't interested in that...I truly wanted a developers opinion. Seeing as most developers are the party responsible for finding new technology, promoting it internally, etc...
Mordred wrote:Imagine a web app for internal company use - they would certainly want it hosted in their intranet only, and won't accept third parties having access to their corporate information. In that case, a licensed solution is your only choice really, so put a clause saying they shouldn't thinker with the code etc.
I wasn't really targeting top secret gov't agencies. :P Yes privacy and security are concerns for any enterprise but most applications don't deal with that sensitive of data. At least not the market I am looking into.
Mordred wrote:And of course you can't trust any corporate lying descendant of a female dog, so if you're really paranoid about it, put some technical measures as well. Think blackhattish - backdoor(s), call-home, source obfuscation, checks against environmental variables...
I am not really concerned about people tinkering with code, so long as they don't come asking for free help (part of support) when they break something.
Mordred wrote:Now, you live in a 1st world country, where one could maybe hope to sue (if you can manage to catch them violate your contract). Here - I just prefer being errrm technically insured.
You could sue someone in Canada or the United States maybe...but I dought very much you would get anywhere if the offender was outside of the western world...it's certainly easier to just host an central application...
Mordred wrote:Here's some output from my in-house obfuscator. The whole piece-of-software the client gets is one 300k file with no comments and whitespace :twisted: . Deployment of new versions is a charm - here's your file, just copy it over.
Obfuscation would work fine for average laymen...but what about determined 'hackers'?

Re: Hosted versus licensed applications

Posted: Wed Jan 23, 2008 12:08 am
by Mordred
Hockey wrote:Obfuscation would work fine for average laymen...but what about determined 'hackers'?
The purpose of obfuscation is not to make it theoretically impossible, but to sufficiently raise the bar, so that in practice the "cost" would be comparable to that of re-writing the damned app. I personally wouldn't touch such obfuscated code for a price less than 10x the amount I took writing it. Obfuscation also helps a bit to cover some of the more advanced measures I've taken against stealing my code :twisted:

Re: Hosted versus licensed applications

Posted: Wed Jan 23, 2008 12:42 am
by Christopher
Hockey wrote:For me, the benefits far out weigh the negatives.

I'm curious though, as a developer how do you feel about software as a service?
I am wondering why you are curious when your mind seems made up? I would be easier if you got down to brass tacks rather than answering "I am not really concerned about" various guesses.
Hockey wrote:Do you push that on clients or are you stuck on licensed software? What are some key benefits you see in licensed software over hosted/SaS (Software as a Service)???
I don't understand this question. Software that is leased/rented is done so via a license. Software that is sold is done so with a license. Open source software is distributed with a license. So I am left trying to find the question here?

I think Mordred is on the right track. The direction that provides the most benefits the client in the long run will probably be the best for both parties.

Re: Hosted versus licensed applications

Posted: Wed Jan 23, 2008 1:54 pm
by Chris Corbyn
In my last job we were successfully selling a "service" to schools in the UK for monitoring student behaviour. They didn't get a copy of the source, we just enabled them in a database and they used the internet to access it. Nobody seemed to mind since the benefits of this system were the very fact it was centralized; students could move school and all their records move with them in the system; education authorities could log in and monitor all the schools in their area etc; police could have access. In fact, the techhies were really happy since it was one less thing for people to pin the blame on them for.

I guess this is boiling to down to the same as Mordred's statement. It depends what the benefits are to the client. I imagine if we were trying to sell them a staff leave management system they'd rather have it installed on their own servers.