Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Delivering Software, Electronically?

Cliff posted about 12 years ago | from the beyond-simple-file-transfers dept.

The Internet 220

zpengo asks: "I'm trying to find the best way to implement a large-scale Electronic Software Delivery (ESD) service for my software company. I've been able to find very little information online (after weeks of research) so I must take it to America's best and brightest. Have you ever worked with ESD on a higher than plain-vanilla FTP level, and if so, what did you learn from it? When do you consider the product 'delivered'? Was it worth it? (I'm planning to put together a public domain whitepaper on the subject with the information I gather, to help fill in the gaps I found while researching online)."

Sorry! There are no comments related to the filter you selected.

Product delivery (5, Funny)

Anonymous Coward | about 12 years ago | (#4537904)

When do you consider the product 'delivered'?

When it's available on Kazaa?

Web-logons (2, Insightful)

Anonymous Coward | about 12 years ago | (#4537963)

At my school, there's a page set up for your basic freeware (acrobat reader, PuTTy), and other more expensive site-licensed software (X-Win, CRT, Dreamweaver) require a user logon to download. The IT department keeps a log of all the downloads, and whoever's logon is used is responsible for the software. For the really expensive stuff (MATLAB, Mathematica), paperwork is necessary.

Take a look at it: []

Re:Web-logons (-1, Troll)

Anonymous Coward | about 12 years ago | (#4538053)

Sally? If it is you, you should know that I have herpes. You should probably get yourself checked out.

Jive of the day: VBD (-1)

JiveMofoDude (609780) | about 12 years ago | (#4537905)

VBD: n. A less than satisfying excursion with a member of the opposite sex; Abbreviated form of 'very bad date'

"Yo, Trisha! I lay de haps on de VBD on you yet?"

"No girl, hit me wit' de 411."

"Check it! He ankle me ta Denny's since he ain't got no ride. He act like it my birt'day so's I eat free, den he take me bowling an' make me swap earth pads wit' him. Afta dat, we lay some cow ta his repent pad an' he says, "gimme some suga'!!" wit' his licker swingin' out an' chunks a' grub all stuck up his biters! Damn, girl, I almost didn't hit it wit' him!"

front-page summary (-1, Troll)

Anonymous Coward | about 12 years ago | (#4537908)

And now your slashdot front-page...yadda yadda. Is anyone here not a troll?

Underwater Computing
Jew Starcraft: Major Film Studio Trailers
Government Web Sites Are Not For the Incompetent
NASA Budgets Are Now Out-of-Pocket
Vicks Vapo-rub Pentium 4 System
Star Trek: Next Generation Fans (square, with colored LED's)
File Traders Warn CEO's On Studios, RIAA Reconsiders Anti-GPL Stance
Linus says 2.6 kernel will be out by June 2003 However, Charlie Brown says he has no idea how to code it.
How Mac Freaks Stave Off Suicide Not pretty

and finally,

Microsoft Lifetime Award Goes To '1984' It was just a matter of time

Delivering software electronicaly (1, Interesting)

Anonymous Coward | about 12 years ago | (#4537914)

Yeah, I'v seen a white paper a few years back regarding this topic. I'm pretty sure that AT&T worked on a new economic model based on that.

Anyone remember this?

Fifth Post! (-1, Troll)

Anonymous Coward | about 12 years ago | (#4537917)

Holy Shit!

ximian's red carpet (4, Informative)

j1mmy (43634) | about 12 years ago | (#4537923)

it's now available for anyone to use as a server or client.

Re:ximian's red carpet (-1, Troll)

Anonymous Coward | about 12 years ago | (#4537947)

Red carpet? ISn't that only for redhead-loving lesbian linux users?

Ehem... (5, Funny)

ekrout (139379) | about 12 years ago | (#4537925)

I've been able to find very little information online (after weeks of research) so I must take it to America's best and brightest.

Um, this is Slashdot, dude...

Re:Ehem... (3, Funny)

Servo (9177) | about 12 years ago | (#4537953)

Hey, he's new here, OBVIOUSLY. :)

Re:Ehem... (1)

plus5insightful (619932) | about 12 years ago | (#4537999)

I think you meant to say "OBLIVIOUSLY".

Re:Ehem... (2)

Servo (9177) | about 12 years ago | (#4538037)

Yeah, that would certainly apply too.

Re:Ehem... (-1, Troll)

Anonymous Coward | about 12 years ago | (#4538050)

I think he meant "plus5insightful is a fucking retard whose only redeeming value is his mom, who will fuck anything for a quarter."

But i could be wrong.

Re: your sig (0)

Anonymous Coward | about 12 years ago | (#4538289)

"I'd be a Libertarian, if they weren't all a bunch of tax-dodging professional whiners."
- Berkeley Breathed

Re:Ehem... (3, Funny)

Anonymous Coward | about 12 years ago | (#4537974)

Exactly, the crowd who beleive in the business-model...

1: Write free software.
2: ?
3: Profit! hardly the best and brightest :)

Re:Ehem... (0)

Anonymous Coward | about 12 years ago | (#4538148)

I think you mean...

1. Rail against all forms of capitalism and/or profit
2. Mention Microsoft in every single post (making sure to type "Micro$haft" or "Micro$oft") and how purely evil they are
3. Claim that free competition is necessary to produce good software
4. Write free software
5. ?
6. Profit!

Re:Ehem... (2, Funny)

Anonymous Coward | about 12 years ago | (#4538015)

Yup, it should have read

" I've been able to find very little information online (after weeks of research) so I must take it to America's best and brightest. But before that, let me ask on Slashdot..."

We deliver our software electronically... (0)

Anonymous Coward | about 12 years ago | (#4537927)

...and protect with the PACE system. It works great and is easy to implement.

ESD (1, Informative)

Anonymous Coward | about 12 years ago | (#4537930)

I did ESD delivery for my company a couple years ago. We used "Wininstall" with great success. The only real problem I ran into was variances and testing.

You know, Joe Schmuck loads his own software, and blammo my ESD job breaks. IF you have rigid controls on your environemnt, ESD works great.

Best and brightest? (1, Funny)

Anonymous Coward | about 12 years ago | (#4537931)

I've been able to find very little information online (after weeks of research) so I must take it to America's best and brightest.

Good idea, but what are you doing on Slashdot?

American? (1)

jo_ham (604554) | about 12 years ago | (#4538130)

You offend me! Wel, no, I've been called worse.

We're not all American here.

The best people to ask: (0)

Anonymous Coward | about 12 years ago | (#4537933)

Are warezers: nobody has more experience in online software delivery than them

Java? You could try Java Web Start (4, Informative)

atomray (202327) | about 12 years ago | (#4537941)

I've worked with this before on a project, and it's usefulness depends on your needs. It's essentially an extension applets; it does not run in a browser, but does run in a secure sandbox.

If you have a pure java swing application, this is probably the way to go. If not, read more about it and decide whether it's appropriate.

The technology was a little rough at first, but I assume it's matured somewhat, considering that it's now part of the standard java environment.

Java Web Start [] (5, Insightful)

jukal (523582) | about 12 years ago | (#4537944)

I'm trying to find the best way to implement a large-scale Electronic Software Delivery (ESD) service for my software company.

What software, which audience, which principles? It makes a difference whether you are building ESD like tucows or for a special product for a special market - for example. It might be possible for you to get some real information out from here, but you will have to tell more. Don't be scared, if someone wants to look up your company, he is already well capable of doing it :) (5, Funny)

scott1853 (194884) | about 12 years ago | (#4538056)

Don't be scared, if someone wants to look up your company, he is already well capable of doing it

Like somebody smart enough to click on his name in the story ;)

Yeh, on slashdot? (2)

A nonymous Coward (7548) | about 12 years ago | (#4538133)

Come on, these guys don't even read the stories they themselves submit, and neither do the moderators or posters or even the slashdot crew. You expect them to do enough research to actually read the slashdot story too? (1, Informative)

Anonymous Coward | about 12 years ago | (#4538069)

I realize that this is /. and open source solutions are preferred. But if you want something scalable, professional and with lots of bells and whistles (like multi-platform support), may I suggest:

Full disclosure: I work for Big Blue, and despite my bias I can tell you some HUGE companies and government agencies are happily using this product. (plus lots of small ones too)

"to America's best and brightest" (1, Funny)

steveadept (545416) | about 12 years ago | (#4537946)

If that's what I am, I fear for our nation!

Re:"to America's best and brightest" (0)

Anonymous Coward | about 12 years ago | (#4537952)

Mod parent: -1, Redundant

Software Delivery (1, Informative)

cyberlotnet (182742) | about 12 years ago | (#4537948)

I really wish people would take some time to do "research" like they "say" they did instead of just come to Slashdot, it shows people are lazy and in some cases ( possibly this one ) Should be thinking about improving there own lifestyles and work habits before starting up a software company..

If the above doesnt fit you then your answer is below.

There are a number of companys out there that specialize in software lic's.

Most can be included into a couple diffrent lang's with very little effort at all.

One very good example of this would be..

This and more information can be found on google without a problem. ( But of course this persons "research" didnt include simple searches on the most popular search engine.. But he did research, He really did research hard, I got that link in 1 minute, He spent weeks? researching and sounds like he found nothing? )

Re:Software Delivery (1)

cyberlotnet (182742) | about 12 years ago | (#4537961)

Oh, before someone comments, I assume since he is looking for more then just ftp/http downloads that he wishes to track/protect/sell his software in some manner..

This requires a method to keep only purchasing users from using his software..

Hence the need for something like elicense which in general would cover all his needs.. All he would have to do is put the file up on cnet downloads or something..

But again he researched this all for weeks..

Resuming (3, Interesting)

Daveman692 (558544) | about 12 years ago | (#4537949)

My biggest concern is that if the transfer fails in the middle you can pick it up from that point. Also that it doesn't need you to install funky software before hand.

abwe (0)

Anonymous Coward | about 12 years ago | (#4537951)

alt.binaries.warez.eds ;-)

ESD (5, Funny)

cscx (541332) | about 12 years ago | (#4537954)

Always make sure you're wearing one of those wrist-strap thingies.

Re:ESD (1)

inputsprocket (585963) | about 12 years ago | (#4538026)

it was yellow if it helps any... ;)

WoW! (0)

Anonymous Coward | about 12 years ago | (#4537955)

Can you imagine a beowulf cluster of electronic software delivery guys ?

America's best and brightest? (-1, Flamebait)

Anonymous Coward | about 12 years ago | (#4537956)

huhuhu ... he said soft.
Yea .. hehe.. public.
zpengo rules!
No you dumbass, cliff rules!
Bite me fartnocker.

Best and brightest? (-1, Redundant)

Anonymous Coward | about 12 years ago | (#4537958)

"so I must take it to America's best and brightest."

Then why do you ask here on slashdot?

Valve is doing it (3, Informative)

TheAntiCrust (620345) | about 12 years ago | (#4537962)

Valve Software (makers of Half Life) created a program called Steam. Steam allows you to download patches and goodies (player skins, models, and maps) but you can also buy and download full games. Here is thier website dont know how helpful it will be though.

Re:Valve is doing it (2)

Billly Gates (198444) | about 12 years ago | (#4538109)

If it only it worked through NAT firewalls. Grrrr

Re:Valve is doing it (1)

Guspaz (556486) | about 12 years ago | (#4538216)

You're in luck! It works perfectly through NAT and firewalls.

How do I know for certain? I just headed over to the website and installed the thing. I'm sitting behind a hardware firewall/router.

I'm particularly impressed with Steam's efficientness. I participated in the early beta, but things have come a long way since then. From the time I visited the web page for the first time, to the time I was sitting in the game watching the in-game intro (The whole transit system bit), complete with MP3 music, less than five minutes had passed. This truely is a revolutionary way to deliver software. What's more, their beta servers were unable to provide my with more than ~700-1000kbit of bandwidth over my 3.5mbit connection. When they go live with much greater ammounts of bandwidth, those five minutes of prep time could be reduced to two or three minutes!

Steam is truely an incredible experience.

Regards, Guspaz.

Re:Valve is doing it (3, Informative)

sfe_software (220870) | about 12 years ago | (#4538268)

Off-topic, but:

If it only it worked through NAT firewalls. Grrrr

The server is blocking ICMP requests, which means it will not see the ICMP Fragmentation Needed packets your NAT'd boxes will send. You need to reduce the MTU to around 1412 on the machines behind the firewall, or force the MTU in the firewall itself.

If using Linux 2.4/iptables, see the netfilter kernel config help option for "TCPMSS Target Support"...

Note that, technically, this is a problem on the server side (blocking ICMP for "security" reasons) but it can be solved on your end.

(I fought with this for months before I found the problem)

rsync and rdist (4, Informative)

jutpm (550776) | about 12 years ago | (#4537966)

What is wrong with rsync [] and rdist [] ?

From the rdist website: "RDist is an open source program to maintain identical copies of files over multiple hosts. It preserves the owner, group, mode, and mtime of files if possible and can update programs that are executing."

From the rsync website: "rsync is an open source utility that provides fast incremental file transfer. rsync is freely available under the GNU General Public License"

Web Based Software Delivery (5, Informative)

BuildMonkey (585376) | about 12 years ago | (#4537967)

My business is software configuration management. Electronic software delivery is a critical part of many solutions. Typically we use a web site. The system has access control, software submital, notification, approvals at various levels, retrieval based on approval level, and logging.

For examply, only users identified as Development can submit software. At that point Software Configuration Management is notified to reproduce the software (can SCM build the same binaries as the developers?) SCM retrieves the software from the web site. Once SCM approves the software, Test is notified.

Test retrieves the software and puts it through its paces. If it passes Test grants its approval through the web site. Otherwise the software fails and Test provides a URL explaining the problems. And on...

At any point program management can see the state of the software in its track to customer delivery. PM has override ability to approve software for customer delivery even if it has, for example, failed testing.

The web site makes it easy to access. Access control and approval manage the software delivery process. Notification keeps everyone on the ball. And logging provides CYA - and has covered my butt on numerous occasions.

My boss particularly loves to be sitting in a Change Control Meeting and hear the development manager say, "The software's been delivered to SCM. We're waiting on them." And he can say with confidence, "Not yet it hasn't."

what are you deliver matters - java app - dll - ? (3, Interesting)

johnjones (14274) | about 12 years ago | (#4537968)

what are you trying to deliver ?

I built a app that for win32 sat in the systray and then looked at a internal FTP and checked the manifest against its own on the machine if anything was new download and ask the user for interaction

on the java side their was webstart which is really nice and is default on MacOS X.x
this automatcally does what my app did and is a hell of a lot nice and secure

apps like windows update are pretty silly as you have to ask the user to look every day and how many lusers do that ? let alone people who know better

its what crontabs where ment for (-;
of course you can build it into the app

and if you just want to deliver software to customers use sftp

its nice and you can even get it on a java applet so that you can point people to a web page and get them to enter username and password and then its server side chrooting them to the right dir

have fun


John Jones

You are using it right now (3, Insightful)

I'm not a script (612110) | about 12 years ago | (#4537969)

Try this [] EDS solution.

Yeah, right (3)

Animats (122034) | about 12 years ago | (#4537970)

"Software delivery", per se, is easy: you click on the link and download a file.

If there's a problem, it's probably related to getting paid for it. Or, worst case, figuring out some way to "deliver" some kind of hostile code (adware, spyware, etc.) to the user's desktop.

Duh...Digital didn't look that hard (0)

Anonymous Coward | about 12 years ago | (#4537972)

lazy prick

I do! (5, Insightful)

Superfreaker (581067) | about 12 years ago | (#4537973)

I developed (insert plug here-

We do about 5,000 transactions per month.

Our method is this (note, this is after 5 iterations of delivery systems- all of which had issues):

- When a customer pays, we create a unique copy of the purchased product and place it in a queue directy for download. This unique file is prefixed with the customers transaction ID, so
"" becomes ""

We then provide a direct link to the file. We also send this direct link in an email to the person.

After 48 hours the file is deleted. after which time, the customer must request more downloads from the merchant.

We tried many other methods but there always arose a browser/platform issue. The ONLY reliable method has been to provide a direct link to the file for download.

It can create server load and file storage issues if you have a large scale site.

Hope that helps, feel free to contact me off list.

Re:I do! (5, Funny)

Superfreaker (581067) | about 12 years ago | (#4537995)

erm, that should read 5,000 per week. Shit, I even used that damn preview button. I should walk my fat ass into oncoming traffic.

Re:I do! (1)

fulldecent (598482) | about 12 years ago | (#4538079)

Why not augment this method to the current ideology?

  • move original files to downloads/private
  • echo "Order deny,allow \n Deny from all" > downloads/private/.htaccess
  • Then rather than copying the zip, ln -s it

Hint: Three Letters, and it hurts really bad (1)

Superfreaker (581067) | about 12 years ago | (#4538099)

IIS baby!

Re:I do! (1)

greenrom (576281) | about 12 years ago | (#4538168)

File storage issues?? Maybe I'm missing something, but why not just create a unique link to a file and delete the link after 48 hours? Duplicating the entire file each time seems like overkill.

Re:I do! (1)

Superfreaker (581067) | about 12 years ago | (#4538184)

How would you create a unique link to the file? They will see the path to the file and then can guess the names of any of the other files.

Links that try to use tricks to redirect, etc. fail becuase of browser/os compatibility issues.

Re:I do! (0)

Anonymous Coward | about 12 years ago | (#4538219)

I think he means using a symbolic link on the disk (totally outside of the web server). Since you have not thought of this, I bet you are running a Windows server. Windows does not have the concept of symbol links, by you might be able to use Shortcuts instead.

Re:I do! (0)

Anonymous Coward | about 12 years ago | (#4538269)

You can't use a shortcut (.lnk) in windows either, because it contains the link to the original file. Also, you have to RUN the shortcut (atleast that has been my experience) in order to make it link to the file. Under unix, you could just create a symlink to the file and call it whatever you want. I'm not sure if it would work flawlessly here though.

I do too! (1)

sfoster (441894) | about 12 years ago | (#4538296)

This system allows someone to snoop e-mails going out to you customers and obtain freebee software urls. I guess this would take a day for a /.er who's never done dodgey stuff before, or 20 minutes for a l33t k1dd13.

I do adding an entry to an .htaccess file, the password for which is entered by the user on an https form. This may save the embarrassment of having your client's stuff warezed on p2p.

Hey wait, more fundamental to caring for your clients' stuff; don't use IIS.

I worked for a company that did that (3, Informative)

infonography (566403) | about 12 years ago | (#4537975)

I worked for, they were hired guns for this sort of thing back about 2000 or so, they seem to have dropped off the net since then. Other players like Digital River were around too. Not to hard to implement, Stick a few apache servers behind a load balancer like an F5 on a big pipe like Exodus and make them pay up front. once you got their money send them a url and password combo that lets them in. The rest is simple stuff. Remember to wash your hands after your done.

Re:I worked for a company that did that (1)

Superfreaker (581067) | about 12 years ago | (#4538029)

Not that easy...
How do you stop port snoffers from determining the direct path to the file and posting it on a NG ?

The trick is not to divulge the path to the real files.

Re:I worked for a company that did that (1)

infonography (566403) | about 12 years ago | (#4538097)

True, but if you keep that specific door open only for a short time and once a successful down load is complete it's closed again. It's all tied up in the configuration of your database and your load balancer.

1 - send company list of paid buyers by back channel like a direct T1 to server's Database

2 - Wait till someone uses the key

3 - Close tunnel after your done

once it's downloaded this part is done, if someone goes and puts it on Kazaa, that's another matter. Portsnifflers just don't seem like a good way to pirate software. Just wait a while, it may or may not show up on kazaa.

Honestly, it's a matter of what security you put into the install codes not what you do to protect the distribution. If you got good install protections then they just downloaded 200 megs of inert junk, that's a lot of time on a 56k modem....

Sig- Maybe we should rate article here on signal to noise ratio.

Consider this...(corporate plug) (3, Informative)

jlcooke (50413) | about 12 years ago | (#4537976)

Package your application in a self-extracting/self-decrypting archive which uses two keys (k1,k2). k1 is either zero-length or known to the group of indented users. k2 is kept secret until published online at some central site at a time specified by the publisher. If k1 is zero-length, then it'll be an open release of software/data.

software = Decrypt(software, key), where key = Hash(k1 concatenate-with k2).

This is called time-lock crypto as written by Rivest Shamir Wagner in [3].

CertainKey [] offers this service with all the software/crypto you need at a modest price see [1].

note: I'm a founder of use discretion.

[1] []
[2] []
[3] []

Re:Consider this...(corporate plug) (0)

Anonymous Coward | about 12 years ago | (#4538040)

known to the group of indented users

What, did somebody poke them with a stick? Or do they have really bad acne?


America's Best and Brightest? (3, Funny)

guttentag (313541) | about 12 years ago | (#4537977)

I've been able to find very little information online (after weeks of research) so I must take it to America's best and brightest.
When the folks at Mensa solve your problem, will you let this ragtag international band of Slashdotters know?

Who accepts liability ... (2, Insightful)

LL (20038) | about 12 years ago | (#4537984)

... when things goes wrong? If you view software as a service, then someone along the line has to make a decision to deploy it. Usually it is some sysadmin who ultimately is responsible for the smooth running of the who ball-of-string (ignoring any CTO stupidity). IMHO that is why they like ftp/http/app-get in that it is a conscious decision to review and vet any new release.

On the other hand, if you are offering automagic updates (a la MS) then I hope the software contract indicates what happens if things goes wrong. The actual mechanism (whether JavaBeans, .BET, or ASP) becomes a side issue when lawsuits are flying, especially for any mission-critical software (cf backbone router flash-upgrades).


Paul Wellstone, U.S. Senator, dead at 58 (0)

Anonymous Coward | about 12 years ago | (#4537989)

I just heard some sad news on talk radio - Paul Wellstone was found dead in a plane this morning. There weren't any more details. I'm sure everyone in the Slashdot community will miss him - even if you aren't a Democrat from Minnesota, there's no denying his contributions to American government. Truly a American icon.

Steam (1)

XopherMV (575514) | about 12 years ago | (#4538002)

I know Valve software has been working on this for automating customer updates for their Half-Life franchise. I know they plan to make their content delivery system available to third parties. Check out Steam at:

Please restrain the knee-jerk reaction (5, Informative)

Jucius Maximus (229128) | about 12 years ago | (#4538003)

As much as we like to poke fun at Steve Gibson, you might want to take a look at the way he delivers [] his flagship product SpinRite.

It's also similar to the way F-Prot Antivirus [] is delivered.

Basically each customer gets a login for the web site and can download from there. It avoids serial generators and cracks because you can't just download the shareware and then apply a crack. The only people who even get the opportunity to download the software are those who have paid so it's less likely (but still inevitable) that they will give it away, share it on kazaa, etc. (5, Informative)

DreamerFi (78710) | about 12 years ago | (#4538017)

Kagi [] has a lot of experience with this. Check them out.


Unix or Windows? (1)

Dunkalis (566394) | about 12 years ago | (#4538018)

If its Unix, apt-get is your ally. With apt-get, just set up a cron job that updates the apt-get database daily, and then the user can install software at their leisure. If you aren't using Debian, you can use apt-rpm. Red Carpet also has similar facilities.

If its Windows, its going to be a bit more difficult. Maybe Windows Update?

"Electronic Software Delivery" (0)

Anonymous Coward | about 12 years ago | (#4538030)

"ESD", what is that, some kind of silly euphemistic acronym like "DRM"?

The best I've seen for this (besides apt-get or fink, of course) is OmniGroup's Mac OS X software. You just download the app in a single file, and drag the file to your hard drive. Installed. Maybe a demo version if you're lucky.

Then you buy the license code, which is emailed. They have various license codes, per-machine, per-person, floating, etc. Then you type it in and you have the full version.

If a new version comes out, just delete the old file and download the new one. No "installer" bullshit, no "please pay us again and again for our bug fixes" bullshit. Customer-centric.

electrostatic discharge (1)

misterhaan (613272) | about 12 years ago | (#4538038)

interesting . . . 8 or so years ago when my dad brought me along to sign up for internet access, the guy from the isp made me ground myself before he gave me the setup (floppy) disk. this was because of "ESD," which back then was bad for software!

Re:electrostatic discharge (0)

Anonymous Coward | about 12 years ago | (#4538096)

I ain't ever heard of a floppy disk getting deleted from static electricity. Now a magnent will erase that baby in a few waves of the hand. And ESD will wreck havoc on your hardware. Speakin as somebody who's fried 2 motherboards with ESD, use the damn discharge bracelet! Yeah you look like a tard, but it's better than frying the mobo and being a tard.

Re:electrostatic discharge (1)

misterhaan (613272) | about 12 years ago | (#4538182)

i've never heard of ESD zapping a disk either, except from this guy. he said that a few people had gotten the disk home and then it didn't work so he decided to ground everybody before handing them a disk. this was the only time i've ever worried about that, and i never zapped any of the many disks i handled

Re:electrostatic discharge (0)

Anonymous Coward | about 12 years ago | (#4538222)

Perhaps the disks were sh*t and simply just were not reliable?

Existing standards and design patterns (3, Funny)

hargettp (74445) | about 12 years ago | (#4538039)

A lot standard exist; whether they are useful depends on the platform you are targeting and/or the architecture of your product. You've shared nothing about either, so I'll just point you at some general standards that you may find helpful, or as sample design patterns that may bring you closer to your goal. Check out the OSD specification [] at the Web Consortium's main site. An XML-based software description language, it's raison d'etre is electronic delivery of software. I know Microsoft used the format at one point, and I know of at least one other company that architected their product to use the OSD language for software installation as well. An alternative to the OSD model is Sun's Java Web Start [] , tailored to automatic installation of software for the Java platform. If you still need to roll your own, may I suggest that you consider the package format [] used in the Debian GNU/Linux distribution as a good design pattern to follow? Because the format exposes extensive amounts of meta-data in each package, a complete array of tools exist to automatically resolve, download, and install dependencies--one of the major benefits of using Debian as a Linux platform. Finally, if you are a member of the ACM, their online Digital Library will no doubt have extensive information, as would the IEEE online resources (again, membership required). A free resource similar to those of the ACM and IEEE that I often find helpful is Citeseer [] . Hope some of those help!

How could you not find alot of info? (1, Informative)

Anonymous Coward | about 12 years ago | (#4538044)

I did some searches, and there seems to be a fair amount of info available on this.

There's some good payware service providers like Digital River, Metatec, Intraware, etc. And some decent freeware/open source ones that you could build off of, like And there's always freshmeat, twocows.

It really depends what you're trying to achieve - what you're trying to deliver, to whom and for what reasons. You may need accountability, tracking, different views for different user sets, etc. Usually, you're best off just rolling your own if you have the time & resources to implement it.

Oh, and for resuming transactions, you can use HTTP 1.1 "Range" header protocol to do that if the files are large, and you lost connectivity.

Too Vague.... No Doughnut :( (5, Insightful)

TechnoGrl (322690) | about 12 years ago | (#4538047)

ESD is just another buzzword until you actually understand what it is that you want. What DO you want?

Do you want to deliver upgrades or patches?

Do you want to tie your system into a point of sale mechanism?

Are you worried about security? (you should be)

What security mechanisms are you able to implement?

How many people will download your software each day? Each hour? How many do you expect to do so next year?

What platforms will your target audience be running?

I could go on and on....but my point is that you cannot go to anyone, even "America's Best and Brightest" (whereever they are) and ask for a one-size-fits-all solution to a software delivery system - even if you do have a fancy buzzword like ESD to make it sound sort of sexy.

You first step here (AS ALWAYS) is to define your specifications. You can *start* with the questions above but if you haven't thought of 4 times that many yourself in your specs then you don't really know what you want... and hence can be offered no real solution.

Confirmation (5, Interesting)

Anonymous Coward | about 12 years ago | (#4538054)

I am currently adding ESD capability to my eCommerce software, so that I can deliver electronic goods to customers.

The approach I am looking at is one where after payment has been accepted, the user gets a secure account where they can download the files they have a valid licence for, and the file is passed through a script which checks that the user has authenticated properly. This means they cannot simply post a URL to allow everyone access to the file.

In order to authenticate, and so that they can download this file again at a later date (maybe their hard disk blew up or whatever), they must enter a random 4 digits of the credit card used to purchase the file. This means they would not simply post a username/password and allow everyone access to their account.

When they receive the file it will be archived. When they unarchive the file, the custom unarchiver will request authorisation from my server, informing me they have the file, and what the md5 hash is. This confirms to me they have a valid file and helps against credit card refunds.

Inside the archive, I will look for ways to have unique ID's hidden inside various files, so I can then track the file's owner should it appear on any file sharing sites/networks. This doesnt have to be done in realtime, you can prepare 1000 files in advance and assign them to customers. I will look to write into the EULA a clause that states it is their sole responsibility to keep the file and contents secure, and that any lost sales will be charged to them if it could be proven they were neglegent in securing their computer/network.

I think that the above will be a good set of measures to take. Of course, it all depends on how important/valuable your software is.

Remember, if someone is really persistant, they will find away to share your files without detection. So things like great customer service, and value add will be your biggest help in keeping your customers loyal to you.


Dude, you crack me up - (2)

(void*) (113680) | about 12 years ago | (#4538072)

I must take it to America's best and brightest.

Will you be here all week?

perl ESD? (1)

ozzy_cow (453986) | about 12 years ago | (#4538076)

this is little bit on a tangent...

my copmany is developing a colaboration app in perl for internal use. i was recently approached by management asking if there is a possibility for resale of the application weve been developing for quite some time now.

of course theres a big problem with very nature of perl... its an interpreted language. how would someone go around to resell something like a perl script and then prevent people from freely distributing it? only other modules its using is CGI::Application and all the data are stored in mysql database.

does anyone have experience w/ reselling compiled perl binaries?


Re:perl ESD? (2)

codepunk (167897) | about 12 years ago | (#4538299)

No need to worry about that with perl code. The syntax is so damn ugly it looks binary anyhow. Just remove the comments and ship away!

Take a look at SVGames (3, Insightful)

SysKoll (48967) | about 12 years ago | (#4538082)

Take a look at This is an outfit that sells, among other things, PDFs of old TSR AD&D books (the PDF were obtaining by scanning the books). The PDFs are a few bucks each and are sold only through download.

The neat thing is that they offer a temporary download URL that allows you to redo a download wihin a few days if the first one failed. You don't even need to bookmark the temp URL, you just reenter your name and CC number for authentication and can redo the download (without being charged twice, obviously). This is a very cool feature. I suggest your site adopt a similar functionality.

-- SysKoll

What about the rest of the world? (1, Interesting)

Anonymous Coward | about 12 years ago | (#4538085)

So no foreigners are allowed to reply?
First idea, stop thinking that the best and the brightest are all American.
Second, do a spider diagram of all the possobilities.
Third, remove the ideas from the diagram that are not feasible.

Presto, a solution.

But who is going to write your Draconian EULA? (5, Funny)

Proudrooster (580120) | about 12 years ago | (#4538091)

Don't forget that once you have distributed your software over the Internet to an untrustworthy, evil user, s/he is going to give it away for free. S/he is going to start buring illegal copies of the software he downloaded for all his friends and will probably download it right into his P2P upload directory.

After the Electronic Software Delivery (ESD) is complete, the user has to get through the EULA so he can install it.

Just who are you going to get to write that EULA?

Might I humbly suggest,

These guys specialize in incomprehensible leagaleze and by the time they are done, your EULA will stand a proud 250 lines long and allow you to have your way with both the user of your software and his/her computer.

Good Luck!@

Java Web Start for Java programs... (2)

aquarian (134728) | about 12 years ago | (#4538093)

If your programs are written in Java, then Java Web Start is unbeatable.

How about sneakernet (3, Funny)

Billly Gates (198444) | about 12 years ago | (#4538095)

You need a good removable storage device on both ends of the network which will act as the adapter. A cd-rw is good but it holds less but is faster to create and send down the sneakernet network. A tape drive is another popular adapter. It hold alot more but takes awhile to get the data ready for transfer. The office messenger transfer protocal ( or me ) would be the typically the transfer protocal which works great around the office or through several office buildings. However the messenger protocal does not work well for many wans since it can run around the office better then getting in a car and driving around the wan.

However I recommend third party fedex or ups wans. They add great routing and delivery support and would mix your data with their own delivery network. They integrate well with the messenger protocal since they both use the mail room gateway as a standard to retrieve and sometimes even store data. The mailroom is the default gateway between the messenger and fedex and ups protocals.

The downside of course can be transfer time and very high latency. For example using a third party network like fedex can take a day or two to ship the data to Hong Kong and can be pricy depending on how quick you want the data to move.

The good side of sneakernet is that when the network is down I can still get data from one side of the office to the next. When the network is congested I can still move around huge amounts of data depending on the store medium used. With me implementing the messenger layer of the sneakernet protocal suite, you do not have to worry about hiring any expensive consultans or installation fee's. All you need is the store medium like a tape or cd-rw drive on both nodes.

Ps. I am looking for work and wouldn't mind doing this at this point. :-)

Active Directory (0)

Anonymous Coward | about 12 years ago | (#4538102)

Assign an application to a computer using Active Directory and .msi's, this way the user has no choice. The software is on the computer and that's the way it is.

And it's all clicky clicky gui.

Not Novadigm unless its a big company (0)

Anonymous Coward | about 12 years ago | (#4538103)

It depends on the operating system. But I heard that Novadigm has software distribution fit for a big company, i.e. 50,000 or more people. If your smaller, its a complete waste of time. You need to spend a million for the liceneses and another few million in salaries to support the product, i.e. a team of 6 or more.

You get much more bang for the buck with Microsoft Active Directory. And its easier to find Active Directory expertise.


I'm too lazy to do my own job (-1, Troll)

Anonymous Coward | about 12 years ago | (#4538122)

Hi, I am imcompetent enough to do my own job so I figured I would let /. do it for me, do you know where I find information on electronic software delivery...I know you can do it, your the best and brightest...

Re:I'm too lazy to do my own job (0)

Anonymous Coward | about 12 years ago | (#4538229)

kinda figured that was coming, but at least I can sleep at night knowing I can find a girl (that's not online) to have sex is could, you all should try it sometime

Ask slashdot (0)

Anonymous Coward | about 12 years ago | (#4538125)

I'm trying to find the best way to install a large-scale Electronic Software Product (ESP) for my software company. I've been able to find very little information online (after weeks of research) so I must take it to anyone who is willing to listen to me. Have you ever worked with software on a higher than Playstation level, and if so, what did you learn from it? When do you consider the product 'installed'? Was it worth it? (I'm planning to put together a public domain whitepaper on the subject with the information I gather, to help fill in the gaps I found while researching online).

why not partner with digital river? (1, Interesting)

zonker (1158) | about 12 years ago | (#4538143)

these guys [] have been doing this kind of thing for years (if i remember correctly they started out with the old locked cd's and selling people keys to the software and then moved onto web distribution when it became feasable)... of course they'll want a cut of sale, but it'll be easier to manage than doing it yourself...

Shareware model? (3, Insightful)

GrouchoMarx (153170) | about 12 years ago | (#4538155)

It depends in a huge part on the type of program, but for general-public use (what some would term "consumer" but I'm trying to erase that word from my vocabulary) a Shareware/registration system is often the easiest, if you have some sort of unique identifier to use.

For example...

In the Palm OS world, most software is released in a Shareware fashion. Every Palm OS device has a HotSync ID that is used to identify it on a PC, and to keep that device's data separate from other Palms on the same PC. Two people could very well have the same ID, but not on the same PC, and the vast majority of users just use their own name as their ID, so the odds of two people with identical IDs meeting is neglibible.

What most developers do is release a single binary version of the program that includes all of the functionality, but sometimes blocks it with popups, disabled functions, timeouts, or whatever. If the user decides to register, they go to a web site (usually and enter their HotSync ID along with their credit card data and the web site generates a unique registration key for them based on their HotSync ID and some program-specific key, known only to the developer. The user enters that code into the Palm program and they're all set and registered. The program can then just generate what the reg code should be against the HotSync ID and the secret key (which it has compiled into it), and determine if the entered code is valid or not. The reg code is stored in the device's Preferences database (sorta kinda the Palm version of the Registry, though better implemented), so the user can easily beam the program to others and SHAZAAM!, the other user now has the unregistered, shareware version of the program! Yay, viral marketing! :-) It also means that you need to maintain only one binary version, and you can make it a simple direct URL which is compatible with every browser in existance.

Yes, it is possible for the user to fudge the HotSync ID with 3rd party programs, but that's not very common. And frankly, if someone is going to do that to "get around" your registration system, they would never have paid for the program in the first place, so you've lost nothing.

Of course, that is all predicated on the platform supporting that sort of unique ID. I don't know if that sort of user-defined, constant, pseudo-unique ID exists on any other platform. I wish it did, it would make it a lot easier to develop shareware-type apps. E-mail address is possible, but is subject to change more often.

[insert obligatory commentary about why you should be releasing GPLed software instead of commercial software here.]

Companies specialize in doing just that... (1)

phyjcowl (309329) | about 12 years ago | (#4538162)

I used to work for one called Intraware ( [] ), that's basically their whole purpose for existing--they deliver software electronically for other companies.

Americas best and brightest? (0)

Anonymous Coward | about 12 years ago | (#4538244)

Experience with large scale software delivery? Yes, we have.....

But since you are only interested in the suggestions of Americas best and brightest, I am afraid we don'y qualify.

Maybe it would be helpful if you learned looking over the fence a bit?

Excellent solution exists (1)

TheProgressor (596035) | about 12 years ago | (#4538255)

Try Steam by Valve LLC. Go to

Eletronically (2)

Jagasian (129329) | about 12 years ago | (#4538265)

Do you really care whether you use electronic hardware to send your software, or are you interested in sending software over the net? Computers and the internet don't necessarily have to be based on electronic hardware.

I wrote something to do this a while ago... (3, Informative)

marko123 (131635) | about 12 years ago | (#4538283)

Upgrade Suite []

It's windows, and freeware now. You might learn about some of the issues from the documentation.

rsync over SSL (2, Insightful)

Pierce (154) | about 12 years ago | (#4538284)

When I need to transfer large amounts of data, I use rsync where possible. This allows for updates of the data without transfering all of the data, unless everything changes in the current update.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?