Date stamp a stack

J. Landman Gay jacque at hyperactivesw.com
Tue Dec 30 11:36:43 EST 2008


Bill Marriott wrote:
> But perhaps you're a little modest.

I've been accused of that before. :)

> Yes, there are a variety of schemes for trials, and not all of them are 
> time-limited. Some publishers offer a limited number of program launches 
> before a trial ends, instead of a specific timeframe, for example.

Right, everyone's needs will be different. My primary concern is that 
whatever method Zygodact might use, if it is cracked, then everyone who 
has integrated Zygodact into their work will be affected if word gets 
out. So I'm thinking it would be better if software authors use whatever 
method they prefer to track trial dates, and the more varied, the better.

Zygodact's internal registration scheme is unique for each user copy, so 
it doesn't matter if "word gets out" on that aspect. Even if someone 
discovers how it's done, it would be very difficult to decrypt that 
particular copy's hash scheme.

> 
> Since Zygodact generates the activation codes, I think it would be a handy, 
> optional feature to bake an encoded expiry date into trial codes, ala 
> Revolution trials. The developer can't really customize that aspect of the 
> system, right? Hm, maybe if they appended an encoded date before/after/into 
> the code generated by Zygodact?
> 
> Anyway, codes with embedded expiry dates is probably a more foolproof way to 
> ensure people don't abuse trials. A weakness of the hidden stack/file 
> approach is that a user can simply find that file and delete it to 
> reactivate a trial.

That's the problem. I've written other client registration schemes with 
embedded expiration dates and they work fine, but we kept the user 
database on a server and the app had to "call home" to check its own 
validity. TeachMac is one example that uses Zygodact's algorithm, but 
since it is a fully online training system, contacting a server is a 
normal part of its activity. But most people don't want their software 
to require online access (and I personally don't like it at all.) 
Zygodact does return data to the scripts that will allow authors to use 
the server method if they want to, but I leave that up to the author.

> This way, they have to request a new key to keep a trial 
> going. Not perfect, but you could at least see when emails keep coming in 
> from the same IP address, mail server, etc. (Without the kind of "phone 
> home" activation most users find offensive, you can't really do anything 
> about determined trial abusers.)

I'm thinking about this about for a future update, among other features. 
But again, the problem is in using a method that would affect all 
Zygodact users if it were discovered.

-- 
Jacqueline Landman Gay         |     jacque at hyperactivesw.com
HyperActive Software           |     http://www.hyperactivesw.com



More information about the Use-livecode mailing list