Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
I have a few C++/DirectX games that I want to start selling from my website. What's the best way to protect my games from being copied/shared? I don't really want to use a classic DRM and the games aren't well suited for the ingame purchase/freemium model.
I don't think revealing the download link after the visitor pays a fee is the correct answer...
If DRM is the only way - even if I don't like it - is there a lightweight DRM solution used by other game developers? (Something with minimal protection)
Thank you!
It's easy if the games are meant to be played online only... perform part of the game calculation only on the server, and use logins. But if you have a single-player mode...
A good "minimal" protection would be to use a hardware fingerprint and a matching HMAC downloaded from the server. When the user moves the game to a different computer, they have to use their credential to generate a new HMAC. The game itself doesn't contain the private key necessary for HMAC generation, only the public key necessary for verification. This will prevent accidental unauthorized copies, and there's very little you can do about skilled crackers anyway.
It's probably a good idea to include sunset logic, in case you shut down your server someday, you don't want your paying customers left with no way to reinstall. The likelihood you'll still be seeing significant income from sales more than 3 years after release is miniscule. You could also release an "update" with the license checks removed at some point in the future if you get tired of checking licenses.
For some extra information on why you don't want to join the arms race, see this answer of mine: The #1 law of software licensing
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
My requirement is to seamlessly hot deploy code update to a running service without losing the current status, including collection data. Is there any c++ framework out there I can use to develop such a solution?
You probably should read some research papers on dynamic software updating, e.g. on Kitsune (which you might use)
There is a major issue about updating the call stack (and instances in local variables); read also about continuations; and you might have some special case (if your application is event loop driven like most GUI applications are, you probably want to update the code outside of event handlers).
You certainly should think of dynamic software update very early in your design. Perhaps some terminology and concepts from garbage collection & persistence & serialization techniques are relevant.
Your requirement (to seamlessly hot deploy code update to a running service without losing the current status) is very hard and will need a lot of work (probably years) and is still a difficult & interesting research topic (definitely it is a good PhD subject).
You might want to use your own meta-programming techniques, that is generate most of the relevant C+++ support code by your own code generators.
If you already have a significant code base, you could consider customizing a recent GCC compiler with MELT (e.g. to query the compiler's internal representations and generate some code from them) -but even that means a lot of work-
PS. Coding in something better than C++, like Erlang or Common Lisp, would make your goal less difficult.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
I work as a Programming tutor and course developer, in Dot Net using VS 2013 /15'
Owing to college policies I have lost local admin rights to my work machine resulting in many calls to help desk to for install simple actions such as updating Visual Studio (even the extensions!) configuring and updating SQL Server Management Studio, new software, etc.
As a professional programmer, does your employer have such draconian regulations? I have seriously thought of walking away from a job I love over it, its too restrictive for no reason.
I need to make a case that this is an unacceptable working condition.
To be honest, if your employer is providing the hardware, it's theirs not yours and they have the ultimate say on what's on it and what's not. Anyone working for a company using their hardware or their network will always be doing so under an acceptable use policy. Even if the company supports a Bring-Your-Own-Device policy, there will be some form of stipulation that you have certain levels of security on the device.
I think what your argument, though, is about the impact to your productivity. It's less around the unacceptability of the working condition, and more about the waste that comes into play for you to achieve the tasks you are given. If you work as part of an R&D organization, the "Research" part of the job description usually entails installing new packages in order to determine their suitability for the product being developed. If you need to lose an hour / a day / a week waiting for these packages to be installed, there is a bottom line to the company that these policies are causing. But, you have to be able to show it. Otherwise it just falls into a he-said/she-said finger-pointing exercise.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
We're running an experiment which will involve collecting data from multiple stations around the world. Each station will be providing HDF5 files with magnetic field measurements in a rate of 1 kHz and some auxiliary data in real time. The latency is going to be a few minutes.
I'm assigned to design this program (in C++, with clients/server model, with server being in linux and clients being cross-platform), and apparently I'll be designing this from scratch. My first concern is not to really do everything from scratch because this will be more error prone and pure wrong, so my question here is: What information/file transfer protocols/libraries should I use so that
The program can live for 10+ years with minimal maintenance
I can have very good support from the community for when I need help.
Since we need something relatively secure, my first thought was libssh (the only cross platform opensource library available out there for ssh), but then after discussing with some pros there I realized that the support there isn't so wonderful because only a few people work with libssh. The pros there hesitated in suggesting OpenSSL, but with OpenSSL I'll have to write my own authentication (apparently, I'm not an expert and that's why I'm asking).
What would you suggest? Please share your vision to whether I should go for OpenSSL, libssh, or something else.
PS: Please, if you're going to start off by saying this question is off-topic, move on and ignore it. Consider being helpful rather than critical.
If you require any additional information, please ask.
I think that OpenSSL might be a good choice.
No you do not have to "write you own authentication" - you just need to generate certificates and keys and put them in the right places - that is all.
I would suggest to look at the examples in <openssl-source-dir>/demos and <openssl-source-dir>/apps to get you started. Reading a book about OpenSSL would also be a good idea - for many other reasons (sometimes not directly related with SSL/TLS).
I hope that helps.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
Does anyone know some site where I can find information about autonomy??
I'm looking after code samples, architecture posts, and things like that, both about
autonomy IDOL search engine
autonomy interwoven content management server
side note:
I cannot understand why there're so many barriers to access theese product's developer resources. I thought that HP would change autonomy's policy about this but It stills the same: there's absolutely NO access to libraries, code samples, etc... you're forced to have a partner account...
If I could I'd move to opener alternatives... but it's not completly in my hand ;-(
There is little public information available about Autonomy's products.
The best way forward is to build your own network of people who know the product and have had experience with implementations.
The information that is shipped with the product can also help. Specifically regarding the Autonomy IDOL server and the calls you can make - some resources
The IDOL Administrator manual: Probably the most complete document available. It will help you understand the components which make up an IDOL architecture. However, it will not go into too much detail on complex architectures.
The Online Help: (http://:/a=help) Most components have an online help which documents all the calls and parameters.
The GRL: (http://:/a=grl) Gives you the most recent commands sent to a component. The best way to 'reverse engineer' how to components are interacting with each other.
I found that most active discussions regarding Autonomy's product suite can be found here.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
I am working on a small cross platform product for Windows and Mac written in C++/Obj-C. I have been asked to implement a licensing module for the same. This task is part of a very ambitious project to introduce licensing for all our products. At the end of it, we will have a complete licensing scheme where we will be able to sell licenses to our customers which support yearly renewals, license levels, etc. My problem is that I do not know the first thing about implementing license checkers. Can any one point me to some how-to's for the same? Are there any open source licensing modules around that I can study?
I use a system of Partial Key Verification (PKV), and I've implemented this in C# with a PHP generator. Google will come up with various hits, explanations, and implementations; but Brandon Staggs wrote a good overview (albeit in Delphi!), here:
http://www.brandonstaggs.com/2007/07/26/implementing-a-partial-serial-number-verification-system-in-delphi/
PKV works by encoding certain information (license type, serial number product, date, etc) in the key along with a hash of the user name, and hashes of the encoded information. Much of the key actually consists of multiple one char hashes. The idea is that you only check a subset of these hashes. The exact subset that issued can be changed over time for some security and to protect against certain kinds of reverse engineering.
I would also encrypt the key to help obfuscate what each char in the license means. Otherwise someone with multiple keys might determine certain char positions mean certain things ("oh, chars 3-4 are the serial number"). This might be a chink in your armour!
Any license system you develop is going to be imperfect. It will be crackable, and if your products are popular, will be cracked. However there's a strong argument that a license system exists to keep the honest people honest, and produce enough hurdles for the slightly dishonest people - but not so many hurdles that it becomes too much of an inconvenience (eg. I'm generally against hardware locking). Those who do hack your system probably weren't going to pay for it anyway.