Encrypting credit card data

[Fairlight]

Is it just me, or did Bill Campbell say:
> 
> We did a lot of work with the Unify RDBMS until they changed their
> licensing to one with an indeterminate termination date at which point I
> refused to ``upgrade'' to the new versions.  We still have production
> accounting software running on the older libraries, SCO COFF libraries
> dating back to 1991 or so which only run on OpenServer or fairly old Linux
> kernels).

And if Bill stands behind it like that (and I respect his admin
sensibilities), then it's "not just me".

> It wasn't that I have a problem paying for software, but that I refused to
> build mission-critical applications based on software that might stop
> working due to something that I cannot control.  

Amen.  And that's something that I've heard cited as a rationale for not
moving ahead with upgrades in such products--including filePro.

I -personally- refuse to bend over for Adobe.  I wanted a couple of
their packages.  The price is bad enough at about a grand a piece for
sub-standard, poorly coded, bug-laden software...industry standard or
not.  It still does some neat things though.  But the dealbreaker is that,
even though I would be purchasing it and paying full price for it, and
even though I'm online 100% of the time on the system on which it would be
installed, they treat their customers like criminals nowadays, -requiring-
you to have an internet connection to even activate the software as of
CS4.  You know, bend me over on price, or require stringent activation
controls--but don't insult me with both behaviours.  They've lost a couple
grand in sales over this just from me.  I now refuse to touch any Adobe
software that's not free (Reader and Air clients).  They lose a -lot- more
to the pirates that just crack the stuff anyway and torrent it.  I simply
use far less expensive alternative software (mostly Serif's...I turned
around and bought pretty much their entire suite of products rather than
buy even one Adobe product, and I'm far more productive and don't have to
be treated like a criminal--in fact, Serif is not only 90% less expensive,
they actually discount their software if you bother to call them.)  It's not
saving these companies any losses in all liklihood--it's adding to
them--especially when you factor in protection R&D.  

Look at EA with Spore.  They're being -sued- over SecuROM (half-justified,
half FUD on the part of the plaintiffs) being snuck in with Spore.  It cost
them in legal proceedings, and it definitely hurt their sales.  Piracy
jacked up sharply as people rebelled.  (I got mine off Direct2Drive.com, my
usual preferred source.)    It cost them in bad publicity when there was a
-campaign- of low ratings on Amazon and other sites specifically in
retalliation over the DRM.

Yet look at GoG.com.  They're the model of exactly how to do things.  They
procure worldwide rights to older, high-quality games (still
software...this model could be used for any software), sell them at
ridiculously low prices ($6-10/title), and their user base won't even
consider pirating from them because they're loyal as hell to the company
for the high-quality work they're doing in bringing back many fantastic
older titles that would otherwise be unavailable.  Their community is
-great-, actually.

> At a minimum, it would probably happen on Friday night,

So Murphy and you aren't just on a first name basis, he's actually moved
in with you?  :)

> and not be able to get licensing fixed until Monday.

You know, Novell screwed themselves with SLES-10.  Their engineering
in-house went to hell at Novell with SP1.  It isn't much better with SP2.
They refuse to actually let you talk to a technician about a critical
system issue (the system won't BOOT!) when the -only- thing that was done
was application of a kernel patch directly from Novell, unless you have a
support contract.  They don't even sell their own licenses, either.  When
it expires, it doesn't indicate so in any way.  The only indication you
have is that there are no patches available--silently, as if none have been
released, same as a week with no patches in general.  You go to get their
assistance and they force you to dink with a reseller that takes -days- to
get you a new license and activation code before you can patch a critical
security hole.

I flat-out told them that the next time around for the clusters I maintain,
if I have significant input, they're done.  I'll go to OpenSuSE or another
distribution entirely, but I will not keep subjecting my clients to their
shenanigans.

Another case of corporate greed influencing software into the realms
of bad design.  The bottlenecking of -one- supply site for patches for
the commercial version, compared to dozens/hundreds of mirrors for the
open-source version is just a kick in the nuts.  And I have yet to ever
see a way to get the SRPMs out of them for the commercial version--which
means that when they go EOL, I'm not going to be able to -cheaply- hold the
systems together until migration/update for 1-2yrs, it's going to have to
be done more expensively, or upgraded in advance.

Incidentally, when you -do- get support, it sucks.  I actually had to fix
the last two problems myself because I knew what the error messages meant
when support didn't.  I mean, they actually used different commands than I
do (I never use rug unless on the phone with Novell, for instance), but
they don't -comprehend- the error messages they get back, while I actually
can connect the dots and fix it 15min before they've gotten to even talk to
"the other department" that invariable is deferred to, because Tier 1
support sucks at -every- company these days.

The point of all this is that "following the big boys' example" is not a
good idea--the big boys are doing it -wrong-.  Even if you have to volume
to stand by that decision, you're still making a tactical mistake.  That
mistake is amplified if your very existence hangs in the balance and one
final "little" mistake can cost you your business.

> In the worst case, the vendor would be out of business and the customer
> would be out of business.

And in some cases, I've -hoped- it would happen for some of the stuff
companies put their legitimate, loyal, paying customers through.

Our industry is so FUBAR sometimes.

mark->
-- 
"I'm not subtle. I'm not pretty, and I'll piss off a lot of people along
the way. But I'll get the job done" --Captain Matthew Gideon, "Crusade"