Re: Protecting Software w/ Software License -- a modest
Re: Protecting Software w/ Software License -- a modest
- Subject: Re: Protecting Software w/ Software License -- a modest
- From: Michael Gersten <email@hidden>
- Date: Thu, 27 Jun 2002 10:28:58 -0700
>
>> File sharing systems like LimeWire that will download a file via
>
>> multiple parallel streams from different sources are just about
>
>> guaranteed to download unusable kracker-krap when multiple differing
>
>> version of the same file appear to be identical.
>
>
>
> Umm. They are starting to use file hashes to uniquely identify files.
>
> That will probably break this part of your scheme since the crackers may
>
> publish hashes for working versions on their web sites.
>
>
...
>
And even if the file-sharing services adopt a scheme which recognizes a
>
file-item with a hash in the filename, and actually verifies the item
>
against the hash, (which would be an interesting and difficult trick, given
>
that the recent file-sharing services do not store the file -- just arrange
>
for its transmission between users)
First, any multiple source/multiple download steam peer to peer sharing system has to be able to deal with different files that have the same name. That's a given.
I can't speak for gnutella. I have looked at cloadload (Kazaa, Morpheous, etc).
The individual peers run an HTML server. The index page advertises files/URLS with titles that are hashes. The header information contains extra headers with all of the meta information.
The result? Since the filenames are hashes, different files with the same name and different contents show up in different download groups. There's no need for the downloaders or search engines to verify the contents against the hash because the remote server is trusted.
And, I can guarantee you that there are real, dedicated crackers out there that would consider it their duty to certify "This key really does seem to work", or if not, put out "Beware, so-and-so's version is bogus". I've seen comments/meta data on cloadload that indicates exactly that already.
Still, the idea of making it harder to pirate has some merit. But keep in mind the real scope of the problem:
Yes, if the real, working key has a value of $100, and there's a lot of fakes, the value of a given unknown might be only $2 or $3. But once one person has managed to get a known working key, it can be certified, and the fakes will disapear off the peer sharing, and the good key will dominate the peer sharing. Only one person has to pay the overhead cost of getting a good key.
I'd like to propose another idea: How about an unrestricted trial key (Nag ware, title bar "Trial edition", or "Unlicensed"), or just a simple "Welcome to the trial. Click here to begin. To run an automated server, or to automate scripting, or <...>, and not need to click here, order at 1-800-xxx-yyyy" panel. Followed by a "Thank you. Again, order at 1-800-xxx-yyyy" and a second click. (Amazon has that one click patent after all :-)
Demo versions are entirely appropriate. But saying "You can't save", or "You can't make a large database", or "You can't use this long enough to see how it really works" (and 30 days is not long enough for most real world apps -- that only gives you one monthly cycle, and no quarterly cycles) is not the way to do it.
--
I am a Mac 10-Cocoa/WOF/EOF developer, and I'm available for hire. Please contact me at michael-job @ stb.nccom.com if interested. Resume at
http://resumes.dice.com/keybounce
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.