How do you manage software serial keys, licenses, etc? [closed] - licensing

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
My company is trying to find a tool that will track serial keys for software we have purchased (such as Office), as well as software that we write and sell.
We want software that will allows us to associate a particular computer with the software on that computer and the serial key(s) and license(s) for that software. We'd also like to track history of the computer, such as when software is removed from a computer and moved to another computer.
I've looked around Google and various software sites, but all of the results I've found are for licensing software and creating serial keys, not managing the serial keys that those tools generate. I know this problem has been solved; many companies license software and keep records of the serial keys they generate. So I'm curious if any of you have solved this same problem without writing your own custom software?
Edit: I forgot to mention, I am not asking about the merits of licensing software -- the software we write is not COTS and purchases are controlled at a contractual level. Still, we need to manage how serial keys are generated.

A couple of options (including the one you don't want):
Write your own database for this; Perhaps a simple app using SQLite. (Not very appealing, but not hard either)
You just need an application that lets you create name:value pairs and assign them into groups. A customizable address book would work in a pinch. Each contact could be a program name or a customer name with the license/serial as the data. Then you could group by computer, customer, etc.
This sounds like the classic kind of problem that Access (and programs like it) were designed to solve. You start with access, use it for a couple of years, and then later hire someone to port the data into a custom app when you've outgrown that solution.
I would be extremely tempted to try and use an address book program for this to start. (Note: I'm using Apple's address book program in my mind for referencing features) It allows for custom fields, notes, and groups. The downside is that you have to do more work: searching for part of a serial number to make sure it is not already in use, manually adding a note to two "contacts" indicating the transfer of a license from one to the other.
On the other hand, if the license tracking of your own software is key to your business, it is probably worth your time and money to develop a custom app on top of a SQL database. Write down a list of everything you want to be able to do. Go back and write down any rules or constraints (e.g. can two or more machines have the same license?). The database schema and programming rules will fall right out of that document.
Another idea: programs that track books, dvds, etc. Primarily ones that allow you to keep notes about when you lend them to people.

Take a look at SpiceWorks:
http://www.spiceworks.com/
It does a lot more than just inventory / asset management and is free.

not off-the-shelf, but perhaps a database like MySQL or OpenOffice Base (or Access, bleah)? This sounds pretty simple if you're not looking for many frills; just a couple of tables, e.g. users, computers, software types, license keys, and cross-tables to associate these with each other.

This might be useful, but I have not used it for what you are looking for:
http://www.ezasset.com/i/front.html?page=front_ezindex
There are a number of ways you can handle this - perhaps a license is also considered an asset (not just a computer) and you an group the assets together?
There is a notion of a parent asset and sub assets I think.
It is free for up to 100 assets. Assignment and location are also handled.

My suggestion is PassPack - we use them for password management and they are excellent.

I've used this in the past and been pretty happy with it. The downside is that it runs in FileMaker

Related

Data masking for data in AWS RDS [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 4 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Improve this question
I have an AWS RDS (AuroraDB) and I want to mask the data on the DB. Does Amazon provides any service for data masking?
I have seen RDS encryption but I am looking for data masking because the database contains sensitive data. So I want to know is there any service they provide for data masking or is there any other tool which can be used to mask the data and add it manually into the DB?
A list of tools which can be used for data masking is most appreciated if any for mine case. Because I need to mask those data for testing as the original DB contains sensitive information like PII(Personal Identifiable information). I also have to transfer these data to my co-workers, so I consider data masking an important factor.
Thanks.
This is a fantastic question and I think your pro-active approach to securing the most valuable asset of your business is something that a lot of people should heed, especially if you're sharing the data with your co-workers. Letting people see only what they need to see is an undeniably good way to reduce your attack surfaces. Standard cyber security methods are no longer enough imo, demonstrated by numerous attacks/people losing laptops/usbs with sensitive data on. We are just humans after all. With the GDPR coming in to force in May next year, any company with customers in the EU will have to demonstrate privacy by design and anonymisation techniques such as masking have been cited as way to show this.
NOTE: I have a vested interest in this answer because I am working on such a service you're talking about.
We've found that depending on your exact use case, size of data set and contents will depend on your masking method. If your data set has minimal fields and you know where the PII is, you can run standard queries to replace sensitive values. i.e. John -> XXXX. If you want to maintain some human readability there are libraries such as Python's Faker that generate random locale based PII you can replace your sensitive values with. (PHP Faker, Perl Faker and Ruby Faker also exist).
DISCLAIMER: Straight forward masking doesn't guarantee total privacy. Think someone identifying individuals from a masked Netflix data set by cross referencing with time stamped IMDB data or Guardian reporters identifying a Judges porn preferences from masked ISP data.
Masking does get tedious as your data set increases in fields/tables and you perhaps want to set up different levels of access for different co-workers. i.e. data science get lightly anonymised data, marketing get a access to heavily anonymised data. PII in free text fields is annoying and generally understanding what data is available in the world that attackers could use to cross reference is a big task.
The service i'm working on aims to alleviate all of these issues by automating the process with NLP techniques and a good understanding of anonymisation maths. We're bundling this up in to a web-service and we're keen to launch on the AWS marketplace. So I would love to hear more about your use-case and if you want early access we're in private beta at the moment so let me know.
If you are exporting or importing data using CSV or JSON files (i.e. to share with your co-workers) then you could use FileMasker. It can be run as an AWS Lamdbda function reading/writing CSV/JSON files on S3.
It's still in development but if you would like to try a beta now then contact me.
Disclaimer: I work for DataVeil, the developer of FileMasker.

How can I prevent my legitimate customers from Breaking my license? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 7 years ago.
Improve this question
I have a commercial plug-in on top of Visual Studio.
My product is licensed per individual developer, so the developer may make copies on more than one computer, as long as the use of the product is by the same developer.
After a period of time I discovered that many of my customers purchase one developer license and distribute the product over all the team members (and it is not rare case).
I spent many hours (here in StackOverFlow and outside) searching on how to prevent this issue, but I found most of people talk about protecting per-machine license.
My question is how can I prevent my legitimate customers from illegally distribute my product over more machines if I can not restrict them to any number of machines?
Throw my search I get one solution, but I want to ask you if it is acceptable or not?
I can restrict the license per Windows user name, while the customer activate the product for the first time I record the windows username with the product serial number, so he can not run (or even reactivate) the product on any machine with another Window username.
If you purchase any product that licensed per-developer, is this approach is acceptable for you?? (or in the other side this policy may be reduce my sales?).
Best Regards,
You can use many forms of DRM to protect your product. Consider though that you will be hurting and annoying legal owners on occasion. If someone changed computers or reinstalled windows then he will not be able to install your product again. DRMs can also be broken and are usually never worth the time invested in them.
My advice is that you don't try to prevent piracy of your software, since you can't stop it. If you are aware of a specific client that abuses your license, send them a friendly but firm Email requesting they acquire legal licenses for all their copies. Failing that, you might want to pursue legal actions.
All in all, trying to fight software piracy is a lost cause. You might consider other types of licenses that make it easier for a company with multiple developers to acquire your plugin. If you give group discounts they are more likely to pay.
I guess it depends on how the plugin is used. If it's primarily used in an office environment where having computers set up in a windows domain is the de facto standard, then yes, it could be acceptable.
It could become a problem if the developers are used to being able to use the plugin at home on their home computer as well, since the username will probably not match.
Edit: You could perhaps set a limit of 2 usernames per user. That could solve the use-at-home problem.
I'd say trying to bind the license to the windows user name would be sufficient, and somewhat acceptable. In your case you likely don't have any protection against several machines/users/etc. using many copies of your license - making it trivial for several people to use it. Most legitimate people will buy the additional licenses if it becomes non-trivial to do otherwise, binding it to the login name provides easy incentive to get additional licenses.
Just keep in mind:
You can't protect against every way to circumvent licensing.
You don't need fancy license protection, you just need it to be easier
to get an additional license than it is to circumvent the licensing.
Don't make it hard to use a licensed product.
One caveat I have as a sole developer on some projects though, is stuff bound to just 1 machine (or perhaps user account) - I always need 1 additional license for my build server and/or my machine-at-home.
it is very annoying to have to pay for a license for that machine even if it's just me using it - so think about that. For your product, it'd mean I'd have to have at least 2 licenses - one for my work computer, one for my home cumputer (different users/domains).
Invent some kind of setting which everyone will want to have set their own way, and keep that setting value on your server, for a license. If it's the same programmer using the app from three different PCs, he'll have no complaints on that the setting is the same everywhere. (In fact, he'll like it). But different people have different tastes, and people will soon be tired of re-setting the option the way they like it only to later find it reset back to someone else's preference again. They'll think that maybe buying a cheap personal copy instead of going through all this crap is not a bad idea after all.
The more of user preferences you automatically move around, the better it is for a single user and the worse it is for cheaters.
Goerge, what you describe is pretty common in your industry. The battle is lost already. Small companies will not purchase as much license as they should, but bigger ones will eventually respect your licensing terms.
You must adapt your pricing strategy and take in consideration this fact.
Adding more protection will do the inverse, preventing you from getting new customers or keeping the existing ones.
Don't make it hard to use. I have seen bad results, like Blu-ray which almost failed because of so much DRM on them. Some people had to resort to Slysoft Any HD-DVD to play blu-ray because software player that was supposed to play Blu-ray wouldn't play the disc they bought.

Is Access 2007 with a touch-screen POS interface the right choice to convert my INFORMIX-SQL app? [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 years ago.
Improve this question
I have evaluated several development tools for converting my informix SQL-based app. They are: Genero/4Js, FileMaker, Oracle APEX, VFP, Clarion and Access 2007. I have a CRUD pawnshop app (see video-demo www.frankcomputer.com) This app centers on customers who pawn, sell or buy merchandise. I need to have one CRUD multi-table form which displays one customer master on the top half with all of the customers associated items which they have pawned, sold or purchased on the bottom half. Can CRUD be accomplished from within one form in Access? The main reason I'm leaning towards Access is because of its integration with Excel, Word and other modules, plus many people have it and experienced using it, plus it's Microsoft. Can anyone who has developed apps with Access tell me if I can mimic my INFORMIX-SQL based app and what limitations does Access have? Also, can a touch-screen POS front-end like Microsoft Dynamics be used or are other POS application generators/rapid development systems available to re-write my current app?
I suspect if you ask Foxpro developer, they would tell you that's the best tool of choice.
And I'm sure if you ask a filemaker developer, they would tell you to choose their tool.
So much of the question is, for the most part if you ask an access developer, that developer would also answer yes.
I would be hard pressed to imagine that all of the above tools you mentioned above, all of them have the capability of displaying information from more than one table in a screen. That's pretty much a requirement for any development system today. So in a nutshell, you're really asking the wrong question here.
I don't think the question is do they have the capability of displaying information from more than one table. They all can do this. Perhaps a fair question would be how much work and how well does each product slice and dice together these multiple tables?
In access you place text boxes and controls on a form, and to display related data, you can you place a control called a sub-form control. This approach allows you to model this classic can typical master to child record table relationship, and do so without having to write one line of code.
And of course you're not limited to one to many, but you can actually insert two sub forms side by side, and have a one to many, and in turn have the 2nd sub form control display many more records from that second table.
Here's a screen shot of what I mean:
In above you have one main record at the top with information about donation date and event. On the left you have a list of people and their donation amount (one to many).
Then on the right side, for each person, you have the donation amount split out into multiple accounts. (and the green box shows red when the amounts don't balance).
So, the above creates that classic accounting problem that just about every accounting package from Quickbooks all the way up to hi end accounting packages have done from day one when splitting out funds to multiple accounts.
The above form has very little code in it, and most of the relationships and setups and filtering and displaying of the child records is all handled automatically by access.
So at the end of the day, I'm pretty much of the view that all of products you mention above are capable of modeling and developing these types of screens. And, they all will result in an screen and user experience that would be relatively similar to what you have now.
Now course I'm a biased towards access, and I believe that I can build screens like the above quicker, faster, and with less hassle less code and effort than most of the other products you mentioned .
However, at the end of the day what platform and tools you use and find as appropriate is certainly not going to be centered around the ONE QUESTION and ONE CONCEPT that you have need to display multiple pieces of information on a form for multiple tables. As mentioned, this is gonna be given for any modern development system, including web based development systems.
Other considerations and factors is what type of reports, and outputs to you need? Do you need his column are reports, or do you need to send an invoice style forms type report to a printer that's preprinted invoice forms. I think these are bigger questions then your current question.
The real question here's not can any modern development system display multiple pieces of data on a form, they all can. The REAL factors and issues here are what platforms, hardware requirements, and systems do you need the software to run on?
So the issue is will some of the locations have multiple users? Will some of the locations need secure backup or some type of encryption? How do you plan to issue bug fixes, and updates to the next great version of the software?
Other issues are how many developers will you have working on this. What kind of distribution method will you use for the software. What kind of support infrastructure will you have to give customers support and installing the software. So, this list goes on and on and all these issues dwarf the question about the ability to display multiple pieces of information on one form.
In addition to all of the above issues, you need to consider your own training and skill set in development of software. To really master any software development system, you need to invest a considerable amount of your own time to learn. While I think the access is a very good RAD (rapid application development) tool, I will actually say that access has a considerably larger learning curve then say that of VB6 for example.
Choosing a platform is very much like a marriage, you have to invest enormous amounts of your time (months, and even years) to really learn and become proficient at developing software with such a system .
If you're jumping into a new set of tools, then the following list of skill sets needs to be taken into consideration **:
Stage 1 Innocent (never heard of the product)
Stage 2 Aware (Has read an article about X)
Stage 3 Apprentice (has attended a three-day seminar)
Stage 4 Practitioner (ready to use X on a real project)
Stage 5 Journeyman (uses X naturally and automatically in his job)
Stage 6 Master (has internalized X, knows when to break the rules)
Stage 7 Expert (writes books, gives lectures, looks for ways to extend x)
One should NEVER attempt a project with a team consisting with Stage 3 or lower people. (**** Page-Jones, Meilir. "The Seven Stages of Expertise in Software Engineering", American Programmer, July-Aug 1990).
So you just can't jump into a new tool and expect to be proficient at developing complex applications. I have an article here about converting a legacy application into ms access .
There are some great lessons in this article:
Notes on Conversion of a Pick (Multi-Value database) Application to a Relational database system.
http://www.members.shaw.ca/AlbertKallal/Articles/fog0000000003.html
Good luck in whichever platform you choose.

What is the best way to handle my softwares licenses? [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
By best I mean more time tested, easier to implement and easier for the users to work with. I do not want my licensing crap to interfere with their work.
I was thinking of launching a WCF service that check with my license DB if it's a valid license and if it is, send a True.
If the returned response is False, then shut down the program after telling them to fix their license.
Do you think this is a good way to handle it?
You will need to develop or find an algorithm that creates sufficiently complex strings for your license keys.
Generate the license key based on some bit of information unique to a user, like their E-Mail address.
Your program would then require the user to enter their E-Mail address and license key. It would then ensure the license key is correct by running the same algorithm you did to generate it in the first place.
The approach i have used in the past is a simple one but effective. I generate about a 1000 keys to my software and run them through a hashing algorithm. I then include them within my program (maybe as an array which takes up little space)
I then give out one unique key of the 1000 generated to each customer and when they enter that into my software it is hashed with the same hashing algorithm and compared against the included hashes. If it compares true you are registered so save it in your config file.
Every so often i update the program by another build number and recreate the keys and hashes included in that build. You just have to keep track of what keys go with what build, but you can control this with a nice database, etc.
Never had any trouble with this system as it can all be fully automated.
You could try generating license keys strings using the user's name + dob + user-selected-password.
OR
Use the user's h/w serial numbers and give them a license key online post install. I am assuming at this point only one computer per license is allowed.
Pinging the web service will not work if a net connection is not available. You should use a combination of pinging and a grace period. If a customer cannot validate/activate the license within 'X' number of days, THEN you declare it as unlicensed.
Try CryptoLicensing which supports this scenario.
I suggest you take a look at OffByZero Cobalt (obligatory disclaimer: it's produced by the company I co-founded). You're better off buying an existing proven solution than rolling your own.
As we point out in Developing for Software Protection and Licensing:
We believe that most companies would
be better served by buying a
high-quality third-party licensing
system. This approach will free your
developers to work on core
functionality, and will alleviate
maintenance and support costs. It also
allows you to take advantage of the
domain expertise offered by licensing
specialists, and avoid releasing
software that is easy to crack.

FPGA Programming and how does IP Core licensing work? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I have been looking into developing a hardware module for HD video capture. I an new to the whole thing so I looked around and found that I need an FPGA development board to test my design out and then may be deploy it through ASIC or FPGA itself.
I found that people have already written cores in Verilog/VHDL which I can directly use in my designs, e.g. a PCIe interface module, a DDR3 memory controller module etc. I just need to connect them a logical way and test out my designs.
I was wondering how does the licensing of these IP Cores work. On certain vendor sites I see terms like "SignOnce" etc. Once I have a design that works and I want to mass produce it, how do I license the core?
I know it may depend on the specific vendor I am buying cores from but I just want to get a general idea, like a few examples etc, or if something similar you may have done in the past.
Thanks!
As others have said there are many models for licensing.
The opencores cores are of very variable quality, so you might find a lot of work involved in getting it going. On the other hand, some of them do work out of the box. BTW, how the GPL (which is how some of them are licensed) affects the disclosure of the rest of your FPGA code is still under debate :)
In terms of commercial licensing, my experience is that many companies are still to be operating under an ASIC frame of mind, where they charge a huge amount up front. There are some who will also license per-project, or take part of the payment as royalty.
And then you need to consider whether you just want a "netlist" or the actual source for the core. Figure on 10x in price if you want the source.
SignOnce is a license which means you only have to get your lawyers to check it out once and then you can proceed with various vendors knowing that the legalese is the same with all of them. It says nothing about commercial terms as far as I recall.
Once you get to having multiple cores, making them all interact can be interesting as well. That's one of the benefits of the IP offerings that are integrated with Xilinx and Altera's SOC development products. They are all built around a common bus (which admittedly differs between X and A, but at least within their own tool its common). This means they can be joined up in a point-and-click way. If you have wildly different bus structures on your IP, you find yourself writing a lot of glue code :(
There are all kinds of possible licenses. You will have to discuss the details with whatever vendor you are buying from since many will work with you and write up a custom contract that meets whatever needs you might have.
On the other hand, why pay to license IP cores? There are many quality FPGA cores available at opencores.org that can be used royalty-free.
From what I recall (and of course depending on the licensing agreement you negotiate), you have multiple models available:
license per "product" (i.e. royalty on each "product instance" but limited to a specific "product")
license per "product instance" regardless of "product type"
one-time, all-you-can-eat, license
etc.
While there are many license, most are full usage or per product type. Few charge per instance built. Those from Altera and Xilinx are full usage or per product type. However for putting it in an ASIC/HardCopy/FastPath, they usually have an additional fee.

Resources