Do you have a source? It seems that guy was selling MDMA and marijuana. Here's the relevant quote from https://pthorpe92.dev/intro/my-story/

I was caught with MDMA coming in the mail from Vancouver, and some marijuana coming from california (the latter of which is what I am currently serving my time for right now)

The files "Vulnerabilities/Fetched Data.txt" appear to be output from an automated security scanner that targeted public-facing web servers. Some directory labels are inaccurate. For instance, a company listed as a crypto exchange—Cryptopro—is actually an IT consulting firm focused on cryptography and PKI.

A number of Word, Excel, and PDF files containing corporate reports and similar materials appear to be publicly accessible online and even indexed by search engines. I was able to locate several by searching their titles.

One file, "Part 1/Report those Russian ringleaders/russRingleadersPerDFUNAFO.txt", seems to be the likely source of the "Kremlin Assets in the West" mention. It’s a brief list of Twitter accounts and may have been assembled through open-source intelligence methods.

While the leak might contain some mistakenly published or sensitive material, I didn’t come across anything as significant or dramatic as implied by the article linked.

I have personally received threats of having such experience, from a director of the company I was working for at that time. Happened in Moscow around 2010. The director was from FSB, unfortunately the company forgot to mention that detail in the job ad.

> emigrant press, who often do not have any firsthand Russia experience

LOL. The reason you only read about cases like that in emigrant press, local journalists don't want to be murdered in a forest.

Generate a key pair, embed public key in your executable, keep private key private.

A license is some JSON or XML or whatever, signed with the private key. If your licenses are permanent, and you don't need different license types, a license is just a signature of some computer ID (like hard drive serial), with that private key.

Unlike the older RSA, ECDSA results in very small signatures, even for very strong curves like NIST P-521. These signatures only take couple lines in Base64 text format.

The software story is OK by now. I had little to no issues with that aarch64 Linux in their VMs. I didn't need a lot though, only mysql, asp.net core runtime, and related OS setup (SELinux, built-in firewall, etc).

I format them, and gift to some people around here who could make a good use of them (friends, neighbors). Usually, I replace disks because I need more storage, the old ones have quite a few years of life still left. These people know me, getting good hardware for free, and I'm reasonably confident they won't sell them to digital forensic experts on e-bay.

Got an impression that code is not that useful to an outsider. It can help answering extremely specific questions how a particular small isolated function is implemented. Even ignoring legal issues, it won't significantly help building competing products, let alone building a successful business around such product.

When we hire people, they gain access to complete source code, documentation, continuous integration environment, bug tracker, and most importantly to the current developers. It usually takes them months to become productive. With just the source code, would probably take a year even for very smart person.

Or they pay small fraction of the price on gray market: ebay.com, scdkey.com, allkeyshop.com, etc.