Delivering Software, Electronically?

zpengo asks: "I'm trying to find the best way to implement a large-scale Electronic Software Delivery (ESD) service for my software company. I've been able to find very little information online (after weeks of research) so I must take it to America's best and brightest. Have you ever worked with ESD on a higher than plain-vanilla FTP level, and if so, what did you learn from it? When do you consider the product 'delivered'? Was it worth it? (I'm planning to put together a public domain whitepaper on the subject with the information I gather, to help fill in the gaps I found while researching online)."

.....tell...us...more...

[jukal]

I'm trying to find the best way to implement a large-scale Electronic Software Delivery (ESD) service for my software company.

What software, which audience, which principles? It makes a difference whether you are building ESD like tucows or for a special product for a special market - for example. It might be possible for you to get some real information out from here, but you will have to tell more. Don't be scared, if someone wants to look up your company, he is already well capable of doing it :)

Web-logons

[Anonymous Coward]

At my school, there's a page set up for your basic freeware (acrobat reader, PuTTy), and other more expensive site-licensed software (X-Win, CRT, Dreamweaver) require a user logon to download. The IT department keeps a log of all the downloads, and whoever's logon is used is responsible for the software. For the really expensive stuff (MATLAB, Mathematica), paperwork is necessary.

Take a look at it: http://www.bu.edu/software/ [bu.edu]

You are using it right now

[I'm not a script]

Try this [apache.org] EDS solution.

I do!

[Superfreaker]

I developed (insert plug here-http://payloadz.com)

We do about 5,000 transactions per month.

Our method is this (note, this is after 5 iterations of delivery systems- all of which had issues):

- When a customer pays, we create a unique copy of the purchased product and place it in a queue directy for download. This unique file is prefixed with the customers transaction ID, so
"filename.zip" becomes "a1dys3ad4a-filename.zip"

We then provide a direct link to the file. We also send this direct link in an email to the person.

After 48 hours the file is deleted. after which time, the customer must request more downloads from the merchant.

We tried many other methods but there always arose a browser/platform issue. The ONLY reliable method has been to provide a direct link to the file for download.

It can create server load and file storage issues if you have a large scale site.

Hope that helps, feel free to contact me off list.

Who accepts liability ...

[LL]

... when things goes wrong? If you view software as a service, then someone along the line has to make a decision to deploy it. Usually it is some sysadmin who ultimately is responsible for the smooth running of the who ball-of-string (ignoring any CTO stupidity). IMHO that is why they like ftp/http/app-get in that it is a conscious decision to review and vet any new release.

On the other hand, if you are offering automagic updates (a la MS) then I hope the software contract indicates what happens if things goes wrong. The actual mechanism (whether JavaBeans, .BET, or ASP) becomes a side issue when lawsuits are flying, especially for any mission-critical software (cf backbone router flash-upgrades).

LL

Too Vague.... No Doughnut :(

[TechnoGrl]

ESD is just another buzzword until you actually understand what it is that you want. What DO you want?

Do you want to deliver upgrades or patches?

Do you want to tie your system into a point of sale mechanism?

Are you worried about security? (you should be)

What security mechanisms are you able to implement?

How many people will download your software each day? Each hour? How many do you expect to do so next year?

What platforms will your target audience be running?

I could go on and on....but my point is that you cannot go to anyone, even "America's Best and Brightest" (whereever they are) and ask for a one-size-fits-all solution to a software delivery system - even if you do have a fancy buzzword like ESD to make it sound sort of sexy.

You first step here (AS ALWAYS) is to define your specifications. You can *start* with the questions above but if you haven't thought of 4 times that many yourself in your specs then you don't really know what you want... and hence can be offered no real solution.

Take a look at SVGames

[SysKoll]

Take a look at SVGames.com. This is an outfit that sells, among other things, PDFs of old TSR AD&D books (the PDF were obtaining by scanning the books). The PDFs are a few bucks each and are sold only through download.

The neat thing is that they offer a temporary download URL that allows you to redo a download wihin a few days if the first one failed. You don't even need to bookmark the temp URL, you just reenter your name and CC number for authentication and can redo the download (without being charged twice, obviously). This is a very cool feature. I suggest your site adopt a similar functionality.

-- SysKoll

Shareware model?

[GrouchoMarx]

It depends in a huge part on the type of program, but for general-public use (what some would term "consumer" but I'm trying to erase that word from my vocabulary) a Shareware/registration system is often the easiest, if you have some sort of unique identifier to use.

For example...

In the Palm OS world, most software is released in a Shareware fashion. Every Palm OS device has a HotSync ID that is used to identify it on a PC, and to keep that device's data separate from other Palms on the same PC. Two people could very well have the same ID, but not on the same PC, and the vast majority of users just use their own name as their ID, so the odds of two people with identical IDs meeting is neglibible.

What most developers do is release a single binary version of the program that includes all of the functionality, but sometimes blocks it with popups, disabled functions, timeouts, or whatever. If the user decides to register, they go to a web site (usually PalmGear.com) and enter their HotSync ID along with their credit card data and the web site generates a unique registration key for them based on their HotSync ID and some program-specific key, known only to the developer. The user enters that code into the Palm program and they're all set and registered. The program can then just generate what the reg code should be against the HotSync ID and the secret key (which it has compiled into it), and determine if the entered code is valid or not. The reg code is stored in the device's Preferences database (sorta kinda the Palm version of the Registry, though better implemented), so the user can easily beam the program to others and SHAZAAM!, the other user now has the unregistered, shareware version of the program! Yay, viral marketing! :-) It also means that you need to maintain only one binary version, and you can make it a simple direct URL which is compatible with every browser in existance.

Yes, it is possible for the user to fudge the HotSync ID with 3rd party programs, but that's not very common. And frankly, if someone is going to do that to "get around" your registration system, they would never have paid for the program in the first place, so you've lost nothing.

Of course, that is all predicated on the platform supporting that sort of unique ID. I don't know if that sort of user-defined, constant, pseudo-unique ID exists on any other platform. I wish it did, it would make it a lot easier to develop shareware-type apps. E-mail address is possible, but is subject to change more often.

[insert obligatory commentary about why you should be releasing GPLed software instead of commercial software here.]

rsync over SSL

[Pierce]

When I need to transfer large amounts of data, I use rsync where possible. This allows for updates of the data without transfering all of the data, unless everything changes in the current update.

Re:Software Delivery

[Anonymous Coward]

Ack, no, not eLicense.

There are five separate unwrappers for that, all of them work perfectly. One of them doesn't even need a license.

It has many compatibility problems, and is a very slow and "noisy" install - and it installs, I might add, every single time you run the program.

If it is trivial to apply protection, it is more trivial to remove it. Please don't use commercial protection systems - they are ALL snake oil.

Re:Confirmation

[Dwonis]

All it takes is a few different copies of the program, and a person can find out where the differences are and anonymize the program. "Phoning home" can be removed.