Dec. 30, 2009, 8 p.m.
<b>Introduction</b> So you’ve written the next great killer app. It’s going to be huge. <a href="http://ifartmobile.com">iFart</a> huge. But this is a .NET desktop client or PHP server product. You don’t have the advantage of a locked platform like the iPhone. You need to implement your own copy protection. This is written with the assumption that any copy protection can be cracked eventually. Hackers have been cracked the copy protection for computer games for years. You can’t prevent your software from being copied if somebody really, really wants to. However, for our purposes, it’s probably much less likely for a cracker to spend large amounts of time trying to crack a niche business application. <b>Copy Protection != Licensing</b> Licensing is defining how you want to license your software. Copy protection is implementing controls or DRM to enforce that license. Sometimes you purchase a license for a program. Sometimes you purchase a license for a feature of a program. I’m not sure how many versions of Windows 7 there are, but when you purchase a license for Windows 7 Starter, you’re not going to be able to run Windows 7 Ultimate until you give Microsoft some more money. When you purchase a license for a desktop application, you’re usually purchasing a license to use all the features of that application. If the vendor wants to license desktop apps on a per feature basis, or have some other way to up sell the customer, they will usually provide different versions of the application and charge accordingly. Server applications sometimes license on a per connection or even per CPU basis. You have a license for n number of database connections, and if you go over that, any more connections to the database will be refused. <b>Copy Protection Mechanisms</b> Floating licenses are a pool of licenses that live on a license server somewhere. When a new instance of a program is started, it talks to the license server and tries to allocate a license from the pool. If all the licenses are taken, you’ll have to wait. The advantage is the licenses are not locked to a particular computer, as they are with node locked licensing. Node locked licenses are usually locked to the MAC address of the network adapter where the software is being run. When the software is installed, you either send the MAC address and get a license key in return, or the software itself sends the MAC address to a server over the internet, which responds with a license key. <b>Obfuscation</b> Nowadays, much of the software out being sold is at a higher level than native code. PHP code is text. You can open it in Notepad and mess with it. .NET executables are byte code. You can download .NET Reflector and disassemble it. If you integrate or write your own copy protection in one of these interpreted languages, it will be trivial for somebody to circumvent your protection mechanism. Obfuscators encrypt your source code or byte code in a way that prevents attackers from looking at it. Like anything else, it can probably be cracked if somebody really wants to, but it will prevent the majority of people from trying. Newer obfuscation products are implementing copy protection. We’ll read more about this later.
Dec. 8, 2009, 10:28 a.m.
I might be repeating myself, just deleting this from our knowledgebase here and didn't want to lose it. <strong>Running Keychain on Windows</strong> Running svn+ssh means we can use the users that already exist on the Linux server, and we're tunneling our revision control over a secure connection. The downside is it requires you to login every time you connect to the server. There's a way to get around that. First off, make sure you have installed the OpenSSH and keychain packages in Cygwin. Then, run ssh-keygen. Don't make the mistake of not entering a passphrase. You will now have a private and public key pair generated in ~/.ssh. Use scp to copy your public key to the server you want to access, like this: scp id_rsa.pub username@server:.ssh Then, ssh to the server and append your new public key to the authorized_keys file in ~/.ssh: cat id_rsa.pub >> ~/.ssh/authorized_keys Now, logout of server and try ssh'ing back in. It should ask you for your passphrase. This means ssh on the server side found your public key in the authorized_keys file and wants to make sure it's you. Let's make it even easier. Edit (or create) a new .bash_profile in your home Cygwin directory. It should look something like this: # .bash_profile # Get the aliases and functions if [ -f ~/.bashrc ]; then . ~/.bashrc fi # User specific environment and startup programs eval `keychain --eval id_rsa` That last line will run keychain, which is a wrapper for ssh-agent, with your private key. ssh-agent caches your ssh keys and will provide them to any clients (ssh, scp, etc.) who are connecting to a host that has your private key in the authorized_keys file. Now try closing your Cygwin window and opening a new one. If this is the first time you're running keychain since you logged into Windows, it will ask you for your passphrase. This is the password for the key you created with ssh-keygen. Enter it, then try to ssh to the server. You shouldn't have to enter a password. The final step: create a file named ssh.cmd in your Cygwin directory (c:\cygwin, for example). It should contain one line: d:\cygwin\bin\bash.exe --login -c "/usr/bin/ssh %*" Right-click on a folder in Windows Explorer, then click on "TortoiseSVN" and "Settings..." Click "Network" and put the path to ssh.cmd in the space for "SSH client." Now try an update. You'll see a console window for a second as it authenticates, then your update should continue without prompting you for a password.
Nov. 15, 2009, 7:15 p.m.
I have a development server running MOSS 2007, and am running WSS 3 locally on my development laptop (<a href="http://community.bamboosolutions.com/blogs/bambooteamblog/archive/2008/05/21/how-to-install-windows-sharepoint-services-3-0-sp1-on-vista-x64-x86.aspx">thanks Bamboo!</a>). I am trying out a few things locally, but ran into a feature dependency issue when I tried to use a site template I had created on MOSS 2007 on my WSS 3 local development instance. This worked for me, any comments/suggestions are welcome. <ul> <li>Download <a href="http://www.codeplex.com/STPInspector">STP Inspector</a>.</li> <li>Download template file by clicking on it in template gallery.</li> <li>Open template (.stp) file in STP Inspector and click "Inspect" to view dependencies.</li> <li>Make a note of failed dependencies.</li> <li>Deactivate MOSS features that might not be installed on WSS 3 (see below), and re-create template on MOSS server. Re-download template file.</li> <li>Open template file in STP Inspector again and verify features with just GUID (no name) are not checked.</li> <li>Change extension from .stp to .cab.</li> <li>Unpack CAB archive and open manifest.</li> <li>Search for GUIDs that are not checked in STP Inspector and delete them.</li> <li>Create CAB (Google for CABARC and download the CAB SDK from the first result) using this command-line: <code>makecab ADTemplate4\manifest.xml ADTemplate4.cab</code></li> <li>Rename .cab file to .stp file.</li> <li>Upload .stp to template gallery in WSS and try creating a new site using the modified site template.</li> </ul>
Sept. 18, 2009, 9:10 a.m.
Cisco <a href="http://www.cisco.com/en/US/products/sw/secursw/ps2308/">will not be providing a version of the existing VPN client for 64-bit Windows</a>. The AnyConnect client does not, and will not, support IPSEC connections. There are a couple alternatives. Make sure to <a href="http://www.citrix.com/lang/English/lp/lp_1680845.asp">install the DNE updates</a> before you install anything. <ul> <li>The <a href="http://www.shrewsoft.com">ShrewSoft</a> open source VPN client. I haven't got this to work against our ASA yet, but I think it's just a configuration issue.</li> <li><a href="http://www.ncp-e.com/en.html">NCP Secure Communications</a> also offers a client. They offer a 30 day free trial and it seems to be working for me so far.</li> </ul>
Aug. 9, 2009, 9:36 a.m.
So as part of the migration from the 2nd gen 40G iPod to the new iPhone, I spent most of last night looking for freeware to move the MP3 files off the iPod to a MacBook Pro. iTunes doesn't let you drag MP3 files off a device into your library, even regular non-AAC files. This tool works well: <a href="http://www.yamipod.com/main/modules/home/">Yamipod</a>.
July 28, 2009, 8:44 a.m.
<ol> <li>Uninstall old version.</li> <li>Reboot.</li> <li>Install new version.</li> <li>Reboot.</li> <li>Copy over license and perform magic incantations.</li> <li>Reboot.</li> <li>Start troubleshooting and pouring over Wireshark traces.</li> </ol>
May 5, 2009, 2:56 p.m.
In my quest to avoid looping in code when I can figure out how to use a query: <code>select cast((select count(*) from tblA where foo is not null) as float) / (select count(*) from tblA) * 100</code>
April 5, 2009, 2:10 p.m.
I grew up using WordPerfect on a Commodore Amiga, so I found <a href="http://www.wordplace.com/ap/index.shtml">this first-person account of the company's history</a> a really interesting read.
March 29, 2009, 9:24 a.m.
I'm experimenting with an inexpensive ($9.99/mo) VPS from <a href="http://www.echoservers.com">Echo Servers</a>. I have some ideas that I want to put somewhere, and this seemed like a good time to try out some of the new virtual hosting options. I share a dedicated server from ServerMatrix as well. This will be a comparison with a dedicated server, as well as some notes about running (or trying to run) an app server on a VPS with limited resources. Note that I am by no means a sys admin, as you will see. :) I picked configuration VPS Hosting 2. This comes with 5Mbps bandwidth, 300G a month, 10G of storage, and 128M of RAM (with the capability to use 192M for short periods of time, I think). Right off the bat, I will tell you one advantage of using a VPS: the admin control panel is running on the host, not on your dedicated server. We use cPanel on our shared server, and while it is very good for creating and managing multiple accounts for multiple people, keeping it up to date has been a challenge at times. With my VPS, I don't have to worry about my control panel being a security hole. Obviously, cPanel also does things like e-mail management that require running on the guest. Echo Servers provides cPanel access if you want it. I had the option of choosing between Cent OS, Debian, Ubuntu and Fedora. I've used Ubuntu a little recently and liked the wide availability of packages and documentation. It also seems like more people are adopting Ubuntu. Ubuntu Server only used 138M of disk space or so when I first logged into the VPS. This is really nice. I don't know if this is the default server install or not, but I really like it compared to default server installs that include X, Gnome, KDE, etc. I had to "apt-get install man" to get some documentation on the server. I installed MySQL and Apache 2.2 and immediately started running into resource issues. It turns out that, from what I've read, that swap on a VPS is not recommended. I'm going to ask Echo Servers if this is true and what my options are. But for now, I wanted to run a HTTP server and database on my VPS. I also want to use Ubuntu packages to do this. I tried reconfiguring Apache to only start one process but no matter what configuration I tried, it wouldn't start with my limited RAM. If somebody knows a way to do this, let me know! So I installed <a href="http://www.lighttpd.net">Lighttpd</a>. It looks like I can run PHP and Python with it, so we'll review that more in an upcoming post. But I was able to run it no problem on the VPS. Next, I revisited MySQL. With Lighthttp and MySQL running, I didn't have much free memory at all. So I installed PostgreSQL. I've used PostgreSQL before and liked it. MySQL is pretty ubiquitous these days, and I probably could configure it to run in a smaller space, but I wanted to see if the default PostgreSQL install would be any different. Now I've got Lighthttpd and PostgreSQL running and according to top, I'm using 59M. Much better! Obviously, we'll see what happens once I actually start doing something. :) My guess is Apache and MySQL allocate caches more aggressively than Lighthttpd and PostgreSQL. We'll see. To be continued...
March 2, 2009, 9:30 p.m.
Here's what happened: <ul> <li>Had my app redirecting HTTP to HTTPS using a rewrite rule.</li> <li>Requiring HTTPS for session cookies by setting session.cookie_secure = 1</li> <li>Disabled SSL for some reason, forget why.</li> </ul> Unfortunately, this coincided with me pointing Apache at a new version of the app, which then broke. I just found the reason on Google: if you require a secure session cookie, you better have SSL enabled and working. Or just comment out the line in php.ini. Either one.