Domain: aladdin.com
Stories and comments across the archive that link to aladdin.com.
Comments · 14
-
Re:Bad Policy
But at least Nintendo could have resolved this in a more user-friendly manner if they wanted to make it easy and still limit piracy. HASP modules is one solution. Each console equipped with a key allowing the user to move the key to another console in case there is an upgrade or a warranty problem.
You don't really need to make it that complicated though.
You've already purchased those games on-line, through Nintendo's storefront. You've got to have an account or a credit card on file or something. Why not just use that information to authenticate and download the games to new hardware?
It's simple enough to do... It isn't some technical hurdle that Nintendo just can't get over...
The basic problem is that if they let you re-download your games, you don't have to buy new ones.
-
Re:Bad Policy
I'm surprised that there aren't hacks available yet that would take care of that issue.
But at least Nintendo could have resolved this in a more user-friendly manner if they wanted to make it easy and still limit piracy. HASP modules is one solution. Each console equipped with a key allowing the user to move the key to another console in case there is an upgrade or a warranty problem.
-
Re:Why are we talking about this?
I was referring to encrypted hard drives, where the encryption and key storage is entirely performed in hardware (e.g. this). (Yes, the "hardware" is probably itself a microcontroller running software, but the point here is that the key is stored on the hard drive itself, not in the main computer's RAM). Even these drives are vulnerable to an evil bootloader, but at least the key isn't floating around in RAM as it must be for a software disk encryption solution.
-
Security at it's finest......and who is to blame?
I would prefer to blame the device manufacturers that allows the use of easy passwords in the wild. It is so outdated by now and any sensitive devices should have a protection that is better than only using a password to protect them. Using a certificate solution (smartcard or similar) together with SSH will make things a lot harder for any intruders.
-
Re:None at all
--In the work place, most people might enter a fake installation code for example, but won't go as far as to apply a crack. If the software requires you to apply a crack to use it, then I think most people at work will get their company to buy it. If it just installs anyway with just a small nag screen or something, then most people won't buy it.--
I agree some corps will buy one and install many if you don't have something. I have heard of a hardware lock that doubles as usb memory device so that you can take your work home and just have one license.
Here is a link to one that is used on many CAD systems.
http://www.aladdin.com/ -
The best product I've ran into in this area
I've got a demo of this product named etoken by Aladdin, it gives you the ability to take with you your passwords on a usb token which you'll have to remember its password only, and it will contain passwords for many sites/applications.
I used it few years ago.. actually it was nice, the token itself is encrypted (3 years ago it was encrypted with 128 bit key)..
here's a link for those of you who actually needs this kind of solution (I actually don't think it worth the money, for me atleast) : EToken - Aladdin -
Some thoughtsSlashdot Rants
First, let's get the slashdot mentality out of the way.- You're evil because all source code should be free, no matter how much blood, sweat, and tears were put into it.
- Your design is fracked and you should go out of business because you suck.
- It's technically impossible to keep code secure, so again, youre fracked.
There. That's a little better.
Two Distinctly Different Problems
Your question has an unstated assumption that might be steering you in the wrong direction. You assumed that you have to release your source code. You might not have to do that...
Application Layers
In the theoretical world, a web application has the following components:- Back-end storage system, typically some SQL server variant
- Business rules of some sort, most likely the location of the true IP of the company
- A presentataion layer such as PHP or JSP that presents/manipulates the business data
- A web server to execute the presentation layer
Given these layers, what are you willing to open up? The web server is probably already open source or an off-the-shelf purchased product. Same with the back-end storage system. This leaves the presentation layer and the business rules layer. What are your top-tier customers going to do to your application? Change the way it looks, change the way it behaves, or add missing functionality? You need to know the answers to these questions before you move on...
Licensing Models
You can license the whole mess as one big slab of source code, or maybe a bunch of loadable modules and just open source the "glue". If you open source the glue, the customers can make major changes to your application without having the source code... Look at the PDFLib libraries. They are very powerful, cross platform, and completely closed source. Can't you do the same thing? Maybe build all of your business rules into a collection of libraries and make them binary only? Then wrap them with a license key or even a hardware dongle if desired. There are several software vendors that do this for a living. Talk to them.
SAAS
If your core codebase is really "all that", why don't you look at a three-tier model? Your customers can host their own web server and database, and pay for a leased line back to your office for the business rules. There are many variations on this theme.
Other Options
You could open-source your code and copyright it so that only you could release software under the current name. Depending on whether your revenue model makes more money out of service or sales, this might actually be a viable option.
You could offer a turn-key "vendor supplied" package consisting of a pre-loaded server and hard-lock your software to that server. Sort of a Google Appliance for your app model. This way you can retain control of the platform and the customer can have your platform on their site. -
Keys/Dongles
I wouldnt worry about these keys getting duplicated easily...
My guess is that they use a system similar to hardware dongles that you buy for uber-expensive software.
Companies like http://www.aladdin.com/ make these keys for a living and from what i hear, they are NOT easy to crack/copy. Any cracks are invariably done by very talented people with debuggers in software, not by duplicating the hardware key.
So basically, if you can modify the software of the car, then perhaps you'll be able to steal it. But that would require flashing the onboard system, which would certainly need further authentication (IIRC you need some sort of dealer code to update the onboard software), and time, during which you'd likely be noticed with your laptop hooked up to a roadside car with the hood open.
To prevent even that sort of problem, I can easily imagine them putting the necessary algorithms/data on a non-flashable chip, akin to the TPM chips in computers. -
Re:Game Keys.
Such a device would probobly be similar to this:
http://www.aladdin.com/hasp/ -
Shameless "use a gateway solution" plug
We live in an era when desktop antivirus is just not enough.
This baby stopped 100% of sober.p traffic:
Aladdin's eSafe -
Re:GPL = communism?
Not everyone who uses the GPL have in mind RMS's software commons. Some use it as a business method, and strategically choose to release some GPL code and some proprietary code, or sell rights to use GPL code in a proprietary way. The argument, by Russell Nelson, was "When I write proprietary software I expect to get paid"; his company, Crynwr, follows this model, as does Aladdin, the company that brought you Ghostscript.
The BSD model is more communist than the GPL model. "From each according to his ability, to each according to his needs", as Marx said. It is the BSD model that asks people to give away their work without restriction: with the GPL, it's a trade: I'll give you mine if you give me yours. I respect people who release their own work under BSD-like licensing (that's the license used for the largest free software project I was part of, Ptolemy), but I have no respect for those who demand that others use BSD-style licensing: these are just people who want a free lunch.
-
L. Peter Deutsch
of Ghostscript fame is always worth listening to. Check out his OOPSLA2001 comments.
-
Re:Disney all over again?
The company that makes Ghostscript, Aladdin Enterprises, has a very informative homepage on all the other "Aladdin" companies on the web. Aside from the makers of Stuffit Expamder for Macintosh, there is an Aladdin Knowledge Systems that makes software security products, Aladdin Industries that makes Thermos (tm) bottles, the Aladdin Casino in Las Vegas, and an Alladin company in Queensland, Australia that no one seems to know what they do.
-
Re:Closed source is the way to go
Well, not exactly...
According to their web site, the latest-and-greatest is free for non-commercial use, copying, and distribution, while the previous version actually _does_ get GPLed so you can charge for making copies.
Not many know this, but there is a _third_ version called Artifex Ghostscript which you can license only for commercial use.