cthrall.com

I’ve got XCode installed on my MBP, so you’ll need that. Then, follow the instructions in this great post.

A couple notes:

• You’ll need to download the Apache PHP mod 44-2 source tarball from the Apple site. This doesn’t match the PHP build version number in php_info(), but that’s ok.
• Use the 64-bit instructions. Even though PHP info said I386, when I used the 32-bit instructions GD was enabled when I ran php -i from the command-line but not from php_info() in a browser.
• Add --disable-dependency-tracking to the configure command line for the JPEG library.

1. Boot, if you see RAID configuration screen, hit Ctrl-I to enter setup and remove all drives from array.
2. Boot into setup and: make sure your drive configuration is set to RAID ATA
3. Also, enable virtualization in the CPU settings. This will let you install 64-bit operating systems.
4. Follow these steps to install VMWare ESXi

Here are a couple things I learned about converting VMWare images this weekend. First off, if you get an error that says “failed to obtain lock,” go find .lck directories in your image. Rename them or move them out of the folder.

Also, if you get an error “failed to open file,” make sure the VMWare image is local to the computer where you are running the converter. My source image was on a USB drive. Once I copied it locally, it worked. Part of the problem might be I’m running the conversion tool in a VMWare instance on my MacBook Pro.

After I removed the .lck directories and copied the image to my VMWare guest on the MacBook, it worked fine. I was able to convert the image and send it over the VPN to my ESXi server.

My Requirements

I have been working on two types of software products: .NET desktop applications, and Apache/PHP/MySQL web applications. The .NET applications will be node locked using the MAC address of the computer running the software. The web applications will also be node locked using the MAC address. In addition, they will be licensed on a per feature and per connection basis.

Activations over the internet are becoming more common, but they have their own issues. For one, many of our customers are going to be in a corporate environment, which typically involves being behind some sort of firewall or HTTP proxy. Microsoft’s Windows activation provides users a way to activate via telephone, but we’d rather not do that. The end result is it will be a requirement that the user be able to download a license key or file, or have it sent via e-mail.

Note that I only evaluated these products for .NET and PHP support. As I started looking into this, I found that there are really two categories for copy protection software: simple obfuscators and “kitchen sink” licensing solutions. What’s interesting is the products that provide obfuscation and encryption for interpreted and byte code languages are starting to provide some level of licensing, usually a simple node locked MAC address scheme.

Since none of the “kitchen sink” copy protection products do both .NET and PHP (that I could find, anyway), I am leaning towards using two different obfuscators that support node locked licensing.

HASP

We evaluated HASP, by Aladdin Software (http://www.aladdin.com). HASP provides both code protection/obfuscation and copy protection for native code and .NET (it might support Java as well, but we didn’t evaluate that). HASP will support dongle-based copy protection as well as software-based activation. If you are really paranoid about somebody copying your software, buy HASP and make your users plug a physical device into a USB port.

HASP will handle everything for you using the software as a service model. You can either host the HASP activation server at your location, or pay Aladdin a subscription fee for each activation.

All this comes at a price. HASP is expensive. It’s a huge product, so installation and configuration are not trivial. And as it doesn’t do PHP obfuscation, it would just be one piece of the copy protection puzzle for us. But if you have a C or .NET app, you should take a look.

LM-X License Manager

LM-X (http://www.x-formation.com) seems to be a lighter version of HASP. No dongle support, but they do provide a SaaS model for license activations. Like HASP, you need to run SQL Server to store all your customer and license information. HASP seemed more polished but is more expensive than LM-X.

LM-X does have an interesting feature: the ability to create reseller objects and have products under the reseller with different pricing. I didn’t look for this feature in the other products, so I’m not sure if it’s there.

SolidPHP

SolidPHP (http://solidphp.com) looks very promising. It handles everything you need to sell your PHP application over the web, from payment processing to customer and license management. There’s even a free version. However, I could never get it to work for me. The SolidPHP guys were helpful, even though I was just using the free version, but there is very little documentation and for some reason the license files I got from the SolidPHP web site never worked with the IonCube obfuscator they are using. I made sure to try it on my XP desktop, just to make sure it’s not some issue with Windows 7 and 64-bit. I’ll be trying the latest version when it comes out, but after the initial experience I am a little wary.

Introduction

So you’ve written the next great killer app. It’s going to be huge. iFart huge. But this is a .NET desktop client or PHP server product. You don’t have the advantage of a locked platform like the iPhone. You need to implement your own copy protection.

This is written with the assumption that any copy protection can be cracked eventually. Hackers have been cracked the copy protection for computer games for years. You can’t prevent your software from being copied if somebody really, really wants to. However, for our purposes, it’s probably much less likely for a cracker to spend large amounts of time trying to crack a niche business application.

Copy Protection != Licensing

Licensing is defining how you want to license your software. Copy protection is implementing controls or DRM to enforce that license. Sometimes you purchase a license for a program. Sometimes you purchase a license for a feature of a program. I’m not sure how many versions of Windows 7 there are, but when you purchase a license for Windows 7 Starter, you’re not going to be able to run Windows 7 Ultimate until you give Microsoft some more money.

When you purchase a license for a desktop application, you’re usually purchasing a license to use all the features of that application. If the vendor wants to license desktop apps on a per feature basis, or have some other way to up sell the customer, they will usually provide different versions of the application and charge accordingly.

Server applications sometimes license on a per connection or even per CPU basis. You have a license for n number of database connections, and if you go over that, any more connections to the database will be refused.

Copy Protection Mechanisms

Floating licenses are a pool of licenses that live on a license server somewhere. When a new instance of a program is started, it talks to the license server and tries to allocate a license from the pool. If all the licenses are taken, you’ll have to wait. The advantage is the licenses are not locked to a particular computer, as they are with node locked licensing.

Node locked licenses are usually locked to the MAC address of the network adapter where the software is being run. When the software is installed, you either send the MAC address and get a license key in return, or the software itself sends the MAC address to a server over the internet, which responds with a license key.

Obfuscation

Nowadays, much of the software out being sold is at a higher level than native code. PHP code is text. You can open it in Notepad and mess with it. .NET executables are byte code. You can download .NET Reflector and disassemble it.

If you integrate or write your own copy protection in one of these interpreted languages, it will be trivial for somebody to circumvent your protection mechanism. Obfuscators encrypt your source code or byte code in a way that prevents attackers from looking at it. Like anything else, it can probably be cracked if somebody really wants to, but it will prevent the majority of people from trying.

Newer obfuscation products are implementing copy protection. We’ll read more about this later.

I might be repeating myself, just deleting this from our knowledgebase here and didn’t want to lose it.

Running Keychain on Windows

Running svn+ssh means we can use the users that already exist on the Linux server, and we’re tunneling our revision control over a secure connection. The downside is it requires you to login every time you connect to the server.

There’s a way to get around that. First off, make sure you have installed the OpenSSH and keychain packages in Cygwin. Then, run ssh-keygen. Don’t make the mistake of not entering a passphrase. You will now have a private and public key pair generated in ~/.ssh. Use scp to copy your public key to the server you want to access, like this:

scp id_rsa.pub username@server:.ssh

Then, ssh to the server and append your new public key to the authorized_keys file in ~/.ssh:

cat id_rsa.pub >> ~/.ssh/authorized_keys

Now, logout of server and try ssh’ing back in. It should ask you for your passphrase. This means ssh on the server side found your public key in the authorized_keys file and wants to make sure it’s you. Let’s make it even easier.

Edit (or create) a new .bash_profile in your home Cygwin directory. It should look something like this:

# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi

# User specific environment and startup programs
eval `keychain –eval id_rsa`

That last line will run keychain, which is a wrapper for ssh-agent, with your private key. ssh-agent caches your ssh keys and will provide them to any clients (ssh, scp, etc.) who are connecting to a host that has your private key in the authorized_keys file.

Now try closing your Cygwin window and opening a new one. If this is the first time you’re running keychain since you logged into Windows, it will ask you for your passphrase. This is the password for the key you created with ssh-keygen. Enter it, then try to ssh to the server. You shouldn’t have to enter a password.

The final step: create a file named ssh.cmd in your Cygwin directory (c:\cygwin, for example). It should contain one line:

d:\cygwin\bin\bash.exe –login -c “/usr/bin/ssh %*”

Right-click on a folder in Windows Explorer, then click on “TortoiseSVN” and “Settings…” Click “Network” and put the path to ssh.cmd in the space for “SSH client.”

Now try an update. You’ll see a console window for a second as it authenticates, then your update should continue without prompting you for a password.

I have a development server running MOSS 2007, and am running WSS 3 locally on my development laptop (thanks Bamboo!). I am trying out a few things locally, but ran into a feature dependency issue when I tried to use a site template I had created on MOSS 2007 on my WSS 3 local development instance.

This worked for me, any comments/suggestions are welcome.

• Download STP Inspector.
• Download template file by clicking on it in template gallery.
• Open template (.stp) file in STP Inspector and click “Inspect” to view dependencies.
• Make a note of failed dependencies.
• Deactivate MOSS features that might not be installed on WSS 3 (see below), and re-create
  template on MOSS server. Re-download template file.
• Open template file in STP Inspector again and verify features with just GUID (no name) are
  not checked.
• Change extension from .stp to .cab.
• Unpack CAB archive and open manifest.
• Search for GUIDs that are not checked in STP Inspector and delete them.
• Create CAB (Google for CABARC and download the CAB SDK from the first result) using this
  command-line: makecab ADTemplate4\manifest.xml ADTemplate4.cab
• Rename .cab file to .stp file.
• Upload .stp to template gallery in WSS and try creating a new site using the modified site
  template.

Cisco will not be providing a version of the existing VPN client for 64-bit Windows. The AnyConnect client does not, and will not, support IPSEC connections.

There are a couple alternatives. Make sure to install the DNE updates before you install anything.

• The ShrewSoft open source VPN client. I haven’t got this to work against our ASA yet, but I think it’s just a configuration issue.
• NCP Secure Communications also offers a client. They offer a 30 day free trial and it seems to be working for me so far.

So as part of the migration from the 2nd gen 40G iPod to the new iPhone, I spent most of last night looking for freeware to move the MP3 files off the iPod to a MacBook Pro. iTunes doesn’t let you drag MP3 files off a device into your library, even regular non-AAC files.

This tool works well: Yamipod.

1. Uninstall old version.
2. Reboot.
3. Install new version.
4. Reboot.
5. Copy over license and perform magic incantations.
6. Reboot.
7. Start troubleshooting and pouring over Wireshark traces.