-3

I'm wary about on-premise solutions. It appears to me that the client has access to the source code and can easily steal it. Is this software business model safe for the vendor?

Are there any successful companies that are based on on-premise solutions?

coolster1278
  • 109
  • 1
  • 3
    "On premise" has been what every company has done since the invention of the microcomputer. Microsoft, Oracle, whoever else all made it big selling software you installed on your site. Apple, the biggest company in the world, sells software you install on your own hardware. – Philip Kendall Sep 26 '18 at 22:34
  • Hm, my concern still remains. I just saw GitHub's on-premise solution. It appears they give the GitHub source code to the client. It seems that the client can easily steal the code. – coolster1278 Sep 26 '18 at 22:36
  • Use a language that produces compiled binaries. – GrandmasterB Sep 26 '18 at 22:43
  • 3
    @GrandmasterB: a) There is no such thing as "a language that produces compiled binaries". Languages don't produce compiled binaries. Compilers do. Every language can have a compiler. b) In order for the user to execute the program, the program needs to be understandable by the CPU. CPUs are much, much dumber than humans, so if the CPU can understand the program, a human can, too, and if a human can't understand the program, then the CPU can't execute it. No amount of obfuscation (the CPU still needs to understand it) and encryption (the program needs to contain the encryption key) can help. – Jörg W Mittag Sep 26 '18 at 22:46
  • 7
    @JörgWMittag don't be pedantic, you knew exactly what I meant. And if binaries could be so trivially de-compiled we would not have a software industry. – GrandmasterB Sep 26 '18 at 22:52
  • 3
    Possible duplicate of [How do you prevent the piracy of your software?](https://softwareengineering.stackexchange.com/questions/10340/how-do-you-prevent-the-piracy-of-your-software) – Blrfl Sep 26 '18 at 22:55
  • 2
    @GrandmasterB: We even have an open source software industry that successfully sells software you can also get for free, including the source code, which you are not only allowed but even encouraged to copy. – Jörg W Mittag Sep 26 '18 at 23:30
  • @JörgWMittag: `so if the CPU can understand the program, a human can, too` Yes and no. **Yes**, any compiled binary can be decompiled. **No**, that doesn't mean that a decompiled binary can be converted to **readable** code. As a simple example, if I refactor all the methods/variables/parameters of a codebase to a randomly selected word from a dictionary, the codebase becomes nigh unmaintainable. A client can always copy your binary. But having access to the source code implies the ability to make changes to it for other uses; which is not at all obvious to do from a decompiled library. – Flater Sep 27 '18 at 08:39
  • @Flater, assembly code is readable. It's hard, but it's readable. All binaries executable are thus readable. And folk hack those binaries. – David Arno Sep 27 '18 at 09:38
  • 1
    @DavidArno: The effort needed to decypher a compiled file, for something you don't know the base algorithm for (since you're trying to steal the algorithm from someone else), is far greater than simply making your own library. In either case, you're going to need deep knowledge about the workings/intentions of the algorithm. If you already have that deep knowledge, it'd be nonsensical to spend the same effort doing something illegal than you would spending the same effort doing something legal. – Flater Sep 27 '18 at 09:47
  • @Flater, absolutely. Which is why people can sell software. The number of folk willing to hack such software is small and these days it's really only criminals that then want to add nefarious additions to that app that bother. But it's still possible. – David Arno Sep 27 '18 at 09:49
  • @DavidArno: I specifically said it was possible in my first comment. What are you refuting then? – Flater Sep 27 '18 at 09:50
  • @Flater, probably nothing :) – David Arno Sep 27 '18 at 09:51

1 Answers1

9

I'm wary about on-premise solutions. It appears to me that the client has access to the source code

No. They have access to an executable that is semantically equivalent to the source code, but it doesn't have to be the source code.

and can easily steal it.

Yes, they can.

Is this software business model safe for the vendor?

Stealing is illegal. This business model is exactly as safe as selling cars, which can also be stolen.

If you don't want your software to be stolen, don't do business with criminals.

There are also some other things you can do to discourage stealing your code:

  • Make the software so good that people want to pay for it to reward you.
  • Make the software so cheap that nobody needs to steal it.
  • Offer additional services that are so valuable that people who haven't officially bought the software are at a serious disadvantage.

Also, there is a very important aspect for a lot of enterprises: buying software gives you a contract, and a contract gives you somebody to sue. They don't actually spend the money for the software, they spend the money for the right to sue you if your software screws up their business.

And even if people still steal your software, you can view that as free advertising. That's what Microsoft did for a long time. They knew that lots of students were pirating Windows, Office, and Visual Studio. However, they knew that once those people got into the workforce, they were all trained Windows, Office, and VS users, and so the companies bought those products.

Are there any successful companies that are based on on-premise solutions?

Yes. From the 1960s until about 10 years ago, every software company. Since 10 years ago, almost every software company.

Some companies that you may have heard of that made their success using on-premise software:

  • Microsoft
  • Oracle
  • Pretty much every game company, whether that be console games, PC games, or phone games
  • Every company selling apps on any of the app stores
  • Pretty much every Linux company (they even sell source code that they don't even own and that you could also get for free somewhere else and are allowed and even encouraged to freely copy)

Stack Exchange also used to sell an on-premise version of their software. All the clones, however, were written from scratch, nobody copied the code.

I just saw GitHub's on-premise solution. It appears they give the GitHub source code to the client. It seems that the client can easily steal the code.

So? What can they do with that?

You cannot clone GitHub without the massive server infrastructure. And if you can afford that infrastructure, then you can also afford to negotiate a proper license deal. Also, even if you clone GitHub, you haven't cloned its community.

Also, GitHub has open-sourced many of the building blocks of their site anyway.

And again, the kinds of companies who buy GitHub Enterprise, they do that out of legal considerations, because they feel uneasy about hosting their source code somewhere else. Now, how likely is it that somebody who is so concerned about legal aspects has at the same time the criminal energy to steal your source code?

Enterprises don't steal software. They in fact pay overpriced in exchange for safety.

The Microsoft Windows 2000 source code was leaked. Just recently, parts of the Windows 10 source code were leaked. Under the Shared Source Initiative, you can buy a license for the Windows source code. Governments and researchers get access to the source code. You could, and still can, easily steal it; you just have to download it. Did that hurt Microsoft? How many competitors started selling their own variants of Windows? How many Microsoft customers canceled their support contracts and started maintaining their own versions of Windows and fixing their own bugs?

In the very, very, very early beginnings on computing, computers filled an entire floor, cost as much as the GDP of a small country, and were one-of-a-kind, so the very idea of "selling software" didn't make much sense. Software was purpose-written for one customer for one computer and all access to that computer was via remote terminals.

However, that changed in the 1960s, and ever since then, on-premise software has been the default, and in fact the only way to deliver software. Only in the last few years has network bandwidth and latency made it possible to even have something like web apps or SaaS. So, from the 1960s until the 2000s, there was nothing but on-premise software, and even now a significant portion of software is on-premise. For example, I haven an account for Office Online, but I still have 4 copies of Excel installed on-premise, one on each of my devices, and I very much prefer using those.

On-premise software has been the norm for decades, it is still the norm today, and it will probably be significant for quite a long time.

Jörg W Mittag
  • 101,921
  • 24
  • 218
  • 318