Re: [ActiveLock-Development] Re: Calling all developers...
Brought to you by:
ialkan
Menu
▾
▴
Re: [ActiveLock-Development] Re: Calling all developers...
|
From: Thanh H. T. <th...@sy...> - 2003-07-31 08:17:22
|
Hi, > I've got WinCVS and TortiseCVS (I use TortiseCVS), but I'd like someone to tell me how to get it working so Well, I'll let Mr. Crute answer this since he's becoming pretty much a guru with CVS lately. Regarding your private key exchange idea, that's very similar to ideas we've throwing around in the forum and in the meetings [be good if you could join us for some of them ;-)]. We decided for first phase of AL2, that's like hitting a fly with a sledge hammer. We're not sure if it's necessary to encrypt the whole communication channel; it may be sufficient to encrypt only some sensitive data, the rest doesn't need to be encrypted. Have to wait for the outcome of the alpha testing rounds to see if our decision was the right one. We ARE using private keys for license encryption and authentication, however, as I'm sure you might have noticed from reading the CVS commit emails. > The part that makes this special is that the file in step 3 would be an > essential part of the program, such as printing, you > you can comment out the "make sure I'm registered" hooks, but you can't add in the print function > without re-writing the program. Yes, like the part of the program that saves the license key to a key store. But I think you're mixing 2 issues: 1) encrypted data communication between AL (the server) and the client application, and 2) encryption of the license key (analogous to your print function). I think these are two similar but not identical problems. Re: 1), I already commented above. Re: 2) I don't think you can ever get away from the "make sure I'm registered" hooks. At some point, you've got to do some sort of an if-test in order to check if the license is valid. I guess the trick is to make those if-tests as unobvious to the mediocre hackers out there as possible. As for your client-server idea, we may have to resort to that when we implement concurrent licensing. I've been scratching my head trying to find ways to do it without needing a server. May be you can tackle that piece? If we ever do it, we need to make sure that it's an optional component only (e.g. only required for concurrent licensing). If my customer wants to buy single licenses, it's overkill to make them dedicate another machine so that I can put my license server onto their environment to police their usage of my software. There's that sledge hammer thing again. Licensing is good (for the software vendors). But it must not be an inconvenience (for the end users), otherwise you will never sell your product. Regards, Thanh. ----- Original Message ----- From: "AJcompany AJcompany" <ajc...@ya...> To: <act...@li...> Sent: Wednesday, July 30, 2003 7:47 PM Subject: [ActiveLock-Development] Re: Calling all developers... > Ok, I was just (today) working with trying to get CVS > source for the files, > and I've got WinCVS and TortiseCVS (I use TortiseCVS), > but I'd like someone > to > tell me how to get it working so that I can get (and > put) files as my sf > user (ajcompany). I currently try to get the files via > anon, but that is (at > least the last sf update said) about a day slow. > > On another note, I had some idea for an > encryption/registration method > (process follows): > > 1. client generate private/public key pair > 2. client send public key (and some other info, > whatever is usually used, > possibly encoded in the key instead of randomness) to > server > 3. server encrypt a file with it's private key, and > then the client's public > key > 4. server send file to client > 5. client decrypts with it's private key and then with > the server's public > key (encoded in the client to begin with) > 6. client checks registration and saves the decrypted > file. > > The part that makes this special is that the file in > step 3 would be an > essential part of the program, such as printing, you > can comment out the > "make sure I'm registered" hooks, but you can't add in > the print function > without re-writing the program. An even better idea > would to store the > entire set of data the client got from the server and > then unpack that file > at runtime, and keep it in MEMORY ONLY so the file > couldn't be replaced. > (ok, there may be a flaw or so, feel free to point it > out) > > Comment at will, > AJ > > ----- Original Message ----- > From: "Thanh Hai Tran" <th...@sy...> > To: <act...@li...> > Sent: Tuesday, July 29, 2003 7:28 PM > Subject: [family] [ActiveLock-Development] Calling all > developers... > > > > Hi all, > > I know everyone is very busy with either work or > school. But since you're > > in this group, it means that you want to help. > > So rather than playing possum, here are some of the > ways that you can get > > involved: > > > > - Be active on the forum and on this mailing list. > Generate discussion > on > > ideas, features, philosophical beliefs, > whatever...but please.....none of > > those non-productive BS that was going on in > YahooGroup here please. > > > > - Check out the existing ActiveLock2 developement > codebase from CVS, play > > with it (there's a test app). > > See Mr. Mike Crute for assistance in setting up > CVS if you don't know > > how. > > Make suggestions on how the code/test app can be > improved. > > If you find any problem with the code, > > either report it on SourceForge bug tracker > > > http://sourceforge.net/tracker/?group_id=70007&atid=526385 > > or even better fix it yourself. > > > > - Check out the unassigned tasks on SF Task List > > > > > http://sourceforge.net/pm/task.php?group_project_id=25539&group_id=70007&fun > c=browse > > See if any task that you can work on. Either > talk to Mike Crute to be > > assigned, or re-assign it to yourself > > > > We're getting close to the Alpha 1 release and we > need all the help we can > > get. But if you are not willing or able to help, > then you shouldn't be in > > the development team. Prolonged inactivity in the > group will entitle you > to > > being kicked out of the project. > > I apoligize if I sound harsh, but we need productive > members in the team > in > > order for the project to be successful. > > > > Mike, please feel free to jump in and correct me if > I sound out of line. > > > > Regards, > > Thanh. > > > > > > > > > ------------------------------------------------------- > > This SF.Net email sponsored by: Free pre-built > ASP.NET sites including > > Data Reports, E-commerce, Portals, and Forums are > available now. > > Download today and enter to win an XBOX or Visual > Studio .NET. > > > http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 > > _______________________________________________ > > Activelock-Development mailing list > > Act...@li... > > > https://lists.sourceforge.net/lists/listinfo/activelock-development > > > __________________________________ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site design software > http://sitebuilder.yahoo.com > > > ------------------------------------------------------- > This SF.Net email sponsored by: Free pre-built ASP.NET sites including > Data Reports, E-commerce, Portals, and Forums are available now. > Download today and enter to win an XBOX or Visual Studio .NET. > http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 > _______________________________________________ > Activelock-Development mailing list > Act...@li... > https://lists.sourceforge.net/lists/listinfo/activelock-development |
