Will new features be limited behind a paywall?

[nulledone]

So, I've just installed the latest pre-release version and I'm amazed that you've completed this far. I remember this project back when it first went open source. Anyways, while creating a new box I've noticed that it requires supporter certificate from now on. I just wanted to ask is it for early access or will this program become a freemium software eventually?

Small bug:

• [x] When always on top is enabled, certificate dialog appears behind of the app itself.

[DavidXanatos]

The requirement for a supporter certificate to use new features will apply also to future builds.

[TeslaMagic]

Is this "supporter certificate" available to only Patreon accounts or donations as well?

[DavidXanatos]

This is described here: https://sandboxie-plus.com/supporter-certificate/ and I believe I have put some links to this location in the plus UI.

To summarize there are 4 ways to get a certificate:

1. Become a Patreon and get a certificate for at least as long as you are a patron, as i need to send those out by hand it may take a day or two
2. Purchase a certificate directly on my homepage, then you get it instantly as it is generated by the system.
3. When donating, indicate that you want to receive a certificate, to get one also sent by hand so it may take some time.
4. contribute to the project in a meaningful way, if you did that already drop me an email as GitHub does not have PM's and does not show emails so I can't reach contributors directly, then you'll get one as well.

[isaak654]

The simplest way to contribute is to help keeping updated the GitHub copy of the Sandboxie documentation by providing a number of meaningful changes, more volunteers are needed to keep it constantly updated with the new introduced settings mentioned on the changelog.

Small bug; When always on top is enabled, certificate dialog appears behind of the app itself.

EDIT: Reported in #1615

[DavidXanatos]

You could make a translation for the language of your country, to get a certificate. And yea, if someone self compiles everything including the driver they can add/remove/change any feature they want.

[isaak654]

Thanks. I would like to translate, but there is someone who translates even though it is disabled due to this inactivity.

Turkish language is not properly updated anymore since February (more than 20 versions ago) because the last Turkish translator removed its own GitHub account, so if you're interested, you could take care of it. If you need a few hints: https://github.com/sandboxie-plus/Sandboxie/discussions/1123#discussioncomment-1203489

[sandboxfan]

I can't activate my supporter certificate

[isaak654]

I can't activate my supporter certificate

Did you try to paste the entire block of text (starting from the Name line)?

[sandboxfan]

I can't activate my supporter certificate

Did you try to paste the entire block of text (starting from the Name line)?

[DavidXanatos]

I think there may be an issue with some Unicode characters, if you write me an email with the old cert I'll verify that and send you an new one that is tested to work

[sandboxfan]

I think there may be an issue with some Unicode characters, if you write me an email with the old cert I'll verify that and send you an new one that is tested to work

Thanks problem solved by e-mail

[qgymib]

I can't activate my supporter certificate

Did you try to paste the entire block of text (starting from the Name line)?

@DavidXanatos Also have this issue, maybe Unicode characters in NAME causes some problem. Can I send my cert to you, too ?

[DavidXanatos]

yes just email me to get a new tested one

[Aholicknight]

Your email is not posted here

[isaak654]

Your email is not posted here

The importance of search results: https://github.com/sandboxie-plus/Sandboxie/issues/1416#issuecomment-987679003

[isaak654]

I would suggest to implement a contact form on the main website or a contact page like the old one: https://sandboxie-website-archive.github.io/www.sandboxie.com/ContactAuthor.html

[Zetvue]

Why can't I use any other box that isn't the default without paying? That's confusing to me.

[DavidXanatos]

Because you probably have a super old Sophos version that required a license to run multiple boxes? Or something is broken with your box config, try again with a new sandboxie.ini

[isaak654]

You can test the other box types by creating new sandboxes of those types, however processes in these will be auto terminated after 5 minutes without a certificate.

[Aholicknight]

Why can't I use any other box that isn't the default without paying? That's confusing to me.

It appears that it has been cracked, you can use all the features without worrying about the programs terminating after 5 minutes.

[mitchcapper]

It appears that it has been cracked, you can use all the features without worrying about the programs terminating after 5 minutes.

@Aholicknight I am not sure why you have posted multiple times about this app being "cracked". It is open source, modifying it is not meant to be difficult. This is applying to someone who is in the position where the normal functionality is not enough and requires the select enhanced registered only features from this software. In this situation one hopes they can also pay the $1/month to support their continued development or make a meaningful contribution in another way.

[NotepadPlusUser]

SUGGESTION: I just spent far too long trying to find where to paste the certificate. I looked everywhere on the Xanasoft website and these GitHub pages, and duckducked a bit. Eventually I stared long and hard at the screenshot above, and so finally worked out where it is located — of course I then felt a complete idiot.

Could I suggest that your certificate email, and your website, give instructions to go to Options —> Global Settings —> Support.

Better, also move the button to Options —> Help, where most software place activation buttons, and rename it 'Install Support Certificate'.

Thank you for all your painstaking work. It is a great achievement.

[dumpsters]

Amazing, can't even duplicate my existing box now

[isaak654]

UseRuleSpecificity=y is one of the features behind paywall, did you try to remove the command from your box? Alternatively, you could also receive a perpetual supporter certificate by contributing to the project in a meaningful way.

[dumpsters]

UseRuleSpecificity=y is one of the features behind paywall, did you try to remove the command from your box? Alternatively, you could also receive a perpetual supporter certificate by contributing to the project in a meaningful way.

[isaak654]

UseRuleSpecificity=y is also inside the DeviceSecurity template, please make sure to remove Template=DeviceSecurity. In the GUI, the template title is reported as Filter access to \Devices\

It won't be present on v1.0.16 anyway.

[Aholicknight]

It appears that it has been cracked, you can use all the features without worrying about the programs terminating after 5 minutes.

@Aholicknight I am not sure why you have posted multiple times about this app being "cracked". It is open source, modifying it is not meant to be difficult. This is applying to someone who is in the position where the normal functionality is not enough and requires the select enhanced registered only features from this software. In this situation one hopes they can also pay the $1/month to support their continued development or make a meaningful contribution in another way.

@mitchcapper if you patch the check out, build it, you cannot use the program without disabling driver signing or signing it with a test signature

[mitchcapper]

It appears that it has been cracked, you can use all the features without worrying about the programs terminating after 5 minutes.

@Aholicknight I am not sure why you have posted multiple times about this app being "cracked". It is open source, modifying it is not meant to be difficult. This is applying to someone who is in the position where the normal functionality is not enough and requires the select enhanced registered only features from this software. In this situation one hopes they can also pay the $1/month to support their continued development or make a meaningful contribution in another way.

@mitchcapper if you patch the check out, build it, you cannot use the program without disabling driver signing or signing it with a test signature

Correct you have identified how one builds this software.

[AqlaSolutions]

Where can I get the list of paid features which I can't use for free?

[DavidXanatos]

For the most part the UI tels you that when you encounter them, in details its currently: Rule Specificity Boxes with privacy mode, Compartment type boxes, Configurable process break out

in a soon to come future builds it will also include a few new hardened isolation features

[Aholicknight]

@mitchcapper Correct you have identified how one builds this software.

did you ever look at https://github.com/TheCruZ/kdmapper? it allows drivers to be loaded without disabling driver signature enforcement or having the driver test signed.

[DavidXanatos]

Yea and in my expirience more up to date windows version just plainly declined to load the vulnerable inlet driver. Also would you really want to have such a gaping hole opened on your system intentionally.

If you are looking for a safe solution go got efiguard, the rootkit you can trust. It allows you to enable and disable driver signing on demand and much more.

[mitchcapper]

did you ever look at https://github.com/TheCruZ/kdmapper? it allows drivers to be loaded without disabling driver signature enforcement or having the driver test signed.

Nah I have $1/mo and use a VM for development.

[DavidXanatos]

@barrywilcox could you please sharing the location where this was written?

Why should I take it of github only because of a few bad people? That would be a disservice to the public.

[diversenok]

This david guy seems to be a joker, he claims his software is open source but clearly its not, or we could compile a version of it with his paywall crap disabled and have the full features.

@barrywilcox , you show a blunt misunderstanding of the topic. Sandboxie is open source and you can easily compile a version that has all functionality unlocked. But keep in mind that because of Microsoft's policy, you will need a code-signing certificate to use it outside of a test environment. Open-source tools never include keys for code-singing certificates because that would violate the terms under which CAs (certification authorities) issue certificates.

In the end, you have four options:

1. Use the releases provided and signed by David, and thus, agree to the terms they are distributed on.
2. Compile the project yourself unlocking full functionality and use it in a test environment without signing the driver.
3. Compile the project, buy a code-signing certificate that satisfies Microsoft's requirements, sign the driver, and use it anywhere you like.
4. Use sketchy methods that patch David's releases or map unsigned SbieDrv in runtime by relying on vulnerable 3-rd party drivers.

[mitchcapper]

This david guy seems to be a joker, he claims his software is open source but clearly its not, or we could compile a version of it with his paywall crap disabled and have the full features.

David do yourself a favor and take the code off github or something man. This type of marketing is shameful. You should be ashamed of yourself.

Yep and the guys who cracked his stuff actually said that they had to write a driver bypass for it and have said on their site that they really dislike david and think that he is only in this project for the money, saying that no one should support him or give a single dime. It was eye opening to say the least. I have never seen any groups actually say such things about a developer before.

Usually they say to buy the software if you can afford it, support the team, etc, but in the case of david they lambast him and say he is not a good guy. amazing.

I guess his reputation proceeds him.

@barrywilcox as others pointed out, you clearly don't know the first thing on what you are talking about. As a leech on other peoples work who then belittles their contributions and attempts to shame them, it is pretty clear you are the one who should be ashamed. Still, let me elaborate a bit further, so you understand your contributions vs the team, and how "not a good guy" David is.

First, there is 0 reason any open source project needs to have every aspect of its functionality free. Open source means that segment of a project has the source open. David and the team maintain SBIE _forfree, putting in hours of time to ensure compatibility with Windows changes and the latest features. There is nothing that would stop someone from making a closed source commercial addon for SBIE that added the range of features that have already been added and charging whatever they want.

Instead the team adds new functionality and features, some of which do request you to contribute to the project itself to use (monetarily or through help with documentation/code). This is not functionality that previously existed as free and open that users have some misconstrued 'right' to have for free in the app, this is new functionality. They add this code still open source, right into the main tree rather than obfuscating it or hiding it away. I also said "request" rather than "require" because that is what it is. Having the features directly in the open source code means someone (and some do) modify the code to remove the license restrictions. Really, what it boils down to, is you are so lazy you are requesting someone circumvents this request for you. On top of that, you want them to also make it as easy as possible for you to use this circumvented version as you cannot be bothered by the ways you could already run an unsigned driver.

As a project should 'never' operate in such a way: There are countless examples of products that operate exactly this way (well actually they are normally far more restrictive in terms of access to premium features). In fact this type of model is called "open-core" and there are thousands of instances of products that use it. As you appear ignorant having not done your research or understanding what open source is before spewing hate, let me educate you further. Here is one of the many million websites out there that talk about open-core: https://en.wikipedia.org/wiki/Open-core_model . Not only are there many, many examples of great projects using that model, there are tens of thousands of well known open source software that support open-core projects as well. GitLab, for example, operates an open-core model that makes over 100M a year. There are many massive open source projects that support them by putting their software on gitlab including GNOME, VLC, KDE, Drupal, Debian, Tor, Samba and many many more. David is not getting rich off SBIE, and believe me certainly doesn't spend the hundreds of hours he does on SBIE 'for the money'. He would make far more money doing almost anything else.

If you are so greedy as to feel you deserve people to literally be your slave and add new features to a product for your enjoyment while providing 0 compensation may I suggest these options to you and 'the guys':

• STFU you get what you get and don't throw a fit when you are a freeloader. Your negative attitude is only likely to result in volunteers working LESS to support the software you so clearly care about but don't feel needs to be paid for. As an open source developer I can tell you no one likes entitled users, who contribute 0, and then nastily demand more from you than people who actually pay.
• Fork the software, that's the great part about open source, you feel the project is going the wrong direction? Great fork it and make your own version with your own enhancements for free. Recruit your on contributors and tell them how to work forever at no charge for you, because you know, I am sure it will be highly successful. Then others can come along and tell you how to run your project.
• Please feel free to payroll David or any other developer with similar skill set a human's salary to work on the software as a real job, because, well you know it's WORK. It has PR open.
• Go use an old version of the software before David spent countless hours adding new features, then you won't accidentally run into a completely new feature that requires a license.

[mon-jai]

Is having a paywall legal?

All additional features are derivative works of the original Sandboxie code, which is licensed under GPL v3.

[DavidXanatos]

Yes it is, else you would not have Red Hat enterprise Linux, Google android and a bazillion other open core products.

Also keep in mind that the new UI is not based on the old code and those a separate entity, using generic means of IPC communication to talk to the core components.

[mitchcapper]

Is having a paywall legal?

All additional features are derivative works of the original Sandboxie code, which is licensed under GPL v3.

Also, as pointed out numerous times here, all of the source code has been released. GPL v3 does 0 to stop you from selling a product using GPL v3 code, it only has the requirement that you publish the source for derivative works.

[mon-jai]

@mitchcapper

...publish the source for derivative works (under the same license).

The binary of derivative work might be proprietary. But anyone received the binary should also have access to the underlying source code, and be able to compile a GPL licensed version of the binary.

[mitchcapper]

@mitchcapper

...publish the source for derivative works (under the same license).

The binary of derivative work might be proprietary. But anyone received the binary should also have access to the underlying source code, and be able to compile a GPL licensed version of the binary.

I am not sure what you are getting at mon-aji? The license can be found at: https://github.com/sandboxie-plus/Sandboxie/blob/master/LICENSE.Classic

The source code used to compile the binary can be found literally right next to the download link on every release: https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.1.3

[mitchcapper]

I am sorry but that's wrong and shows a fundamental lack of understanding of GPL or source licensing. There is nothing stopping the commercial use of GPL v3 work as long as the source code is released, which it is.

I believe morally and legally he has to make these items free or else stop distribution of this software immediate He is not morally or legally compelled in any way to do so.

it was never in the spirit to hide all the most used features behind paywalls The existing features were not paywalled. New features were developed and the option is to help the project financially or through other means to access them, or to compile them yourself.

Open source work is a joke of a way to make any sort of money for nearly all developers. The hours people like David put in to a project are crazy, and then to have people like @barrywilcox throw a tantrum because it isn't easy for them to exploit all the new hard work exactly how they went is ridiculous. All it does is encourage them to put their time on other things.

It sounds like you are a big supporter of opensource work to make such demands so I recommend to you two things:

1. Make a massive contribution to the eff, I am sure if you are a guardian of open source they will be happy to checkout this 'violation' of the GPL as a thanks for your kind donation find it at: https://supporters.eff.org/donate/join-eff-m--h
2. Fork this project, hire a developer to do your every whim, and respectfully take yourself on over to your new kingdom.

Github is for bugs, this is not a bug. David has been more than patient at letting you try and publicly bash him. I have no control over this project but I would recommend locking this thread to contributors, as it is far beyond productive at this point.

[DavidXanatos]

@barrywilcox You are not a lawyer period!

Think about it, Red Hat is not the original author of linux but they are selling it for a lot of money: https://www.redhat.com/en/store/linux-platforms Do you really genuinely think such a large company would be allowed to operate if anything they do would not be 100% above board?

GPL gives you free like in freedom not like in free beer.

You don't like how the code behaves i.e. requiters a digitally signed certificate to perform certain actions? Compile it yourself, and change that behavior, the GPL gives you the freedom. IT DOES NOT give you the freedom to tell me how I have to make the code behave, that's my freedom, don't like it don't use my builds, make your own.

Also you don't have to use my alternate UI, you can fork sbiectrl.exe and make it great add all things I was to lazy to add to that old UI. Or make your own new alternate UI for sandboxie, may be in .NET that looks even more modern than my Qt based one.

[mon-jai]

@DavidXanatos I am confused. Aren't some parts of this repo licensed under a different license than GPL?

[DavidXanatos]

@mon-jai yes but they are separate applications they don't link (neither dynamically nor statically) with the GPLed core components, instead they are using only generic IPC (Inter Process Communication) mechanisms to talk to the sbie core. The alternative UI and the core components are distributed in mere aggregation.

Like for example Xilinx's Vivado studio https://www.xilinx.com/products/design-tools/vivado/vivado-ml-buy.html installers include the GPLed GNU tool chain and other GPLed components.

An other example would be Qt which also in their proprietary licensed editions still include MinGW with the GCC compiler and other tools.

It is a common industry praxis to bundle different components together.

An other example would be android which despite using the GPLed linux kernel itself is licensed under the apache 2.0 license.

[DavidXanatos]

I have revised the certificate descriptions a bit, the wording "at least" is removed, the Large and Huge certificates are now allowed to be used not only by the holder but also by their close family.

I have also added an overview of the various options and features: https://sandboxie-plus.com/feature-comparison/

[bastik-1001]

I also like to point to anyone that comes across this issue, that the supporter certificate is not required for all new features that got added. There was SandboxieLogon=y, for example, which extends Sandboxie's isolation to work between sandboxes. Such a feature can be used by anyone.

[KindlyOnes]

I also like to point to anyone that comes across this issue, that the supporter certificate is not required for all new features that got added. There was SandboxieLogon=y, for example, which extends Sandboxie's isolation to work between sandboxes. Such a feature can be used by anyone.

It would be very useful if there was a document about the commands we can use in the .ini file.

[isaak654]

It would be very useful if there was a document about the commands we can use in the .ini file.

@dickyharper Here it is: CHANGELOG.md. You can highlight the commands with a simple search of the = sign in your browser and then use the keys F3 / SHIFT+F3 to go to the next or previous one. However, it is still necessary to search for them on GitHub as some may have been removed from the source code. Alternatively, there is the least updated AllPages.md with the most known commands.

If you have a specific suggestion, feel free to open a new issue at sandboxie-docs repository.

@everyone Please note that a further off-topic comment on this issue could be removed or hidden from view.

[eebssk1]

Besides, there's a more secure method for some modern platforms. > https://github.com/HypsyNZ/DSEDodge-Signed-Kernel-Driver