XYplorer Beta Club

admin wrote:
Oh, I know (and said so numerous times in the forum). The LL is not an anti-piracy thing, but adds some value for the paying user.

Nevertheless I will implement a key verification system soon. It's so bloody easy to get XY for free that it's quite demotivating for the potential customer to actually pay.

If you mean Activation, I would strongly request that you do not. I absolutely cannot stand apps that require activation. Not only are you screwed if you need to install on a machine with no internet connection, but if the company goes under, you're really burned.

I would rather you simply make it so that the trial version cannot be registered - and paying users can log in and download the actuall full app. Don't get me wrong, I dislike that system as well - but I prefer it to software activation by no small degree.

Mesh wrote:

admin wrote:
Oh, I know (and said so numerous times in the forum). The LL is not an anti-piracy thing, but adds some value for the paying user.

Nevertheless I will implement a key verification system soon. It's so bloody easy to get XY for free that it's quite demotivating for the potential customer to actually pay.

If you mean Activation, I would strongly request that you do not. I absolutely cannot stand apps that require activation. Not only are you screwed if you need to install on a machine with no internet connection, but if the company goes under, you're really burned.

I would rather you simply make it so that the trial version cannot be registered - and paying users can log in and download the actuall full app. Don't get me wrong, I dislike that system as well - but I prefer it to software activation by no small degree.

The system I have in mind, ok let's call it Activation, will connect to the net one time to validate the key. If the key is valid a binary file ("lic.dat" or so) is created in your app path that certifies that activation was successfull. No further calling home.

admin wrote:The system I have in mind, ok let's call it Activation, will connect to the net one time to validate the key. If the key is valid a binary file ("lic.dat" or so) is created in your app path that certifies that activation was successfull. No further calling home.

Don, a word of warning if I may. Some of the latest games require activation and a few months ago I was in a situation where I had to connect to the Internet via a proxy server on the network. This meant that I manually had to enter the proxy server info into pretty much every application that wanted to access the web. However, those "activators" that games used are too dumb to detect that and allow me to configure their Internet access. I hope that, if you do consider to go ahead with online activation (even if it's a one-off), you'd consider every possible circumstance that a person may be in.

admin wrote:
The system I have in mind, ok let's call it Activation, will connect to the net one time to validate the key. If the key is valid a binary file ("lic.dat" or so) is created in your app path that certifies that activation was successfull. No further calling home.

And if something happens to you, or if you should decide to become a Tibetan Monk, then users can no longer perform new installs.

In all honesty, as someone who has been in IT for decades, let me save you a lot of time and effort - don't bother with the Activation route. Honestly. Right now, people can use a keygen or grab a serial. If you make this change, then crackers will simply change their methodologies, and patch XY instead. You will have spent all that time for nothing, and only created additional headache for legitimate users.


Believe me, I understand your frustration. You're on the right track by thinking of offering special services that only legitimate users can access. But if you go the route of hardening the app itself, you're playing a game you can only lose. Not only is there nothing you can do that a cracker can't bypass, but if you really make it work, you will be significantly curtailing the exposure of new customers to your application.

You're better off leaving the app as is, and going the route of services. Having beta versions only accessible to legitimate users is an excellent approach. While users running pirated versions will be able to post requests and bug reports, they will not be able to access the new build that you release the next day which has those fixes or fulfills those requests. That's far more effective than trying to harden the application, which will only cause problems for you and legitimate users.

Thanks for the opinions everyone! I'll go into think mode...

Mesh, I may be totally wrong here, but as I read it, the "Activation" was related only to the 'License Lounge' and not XY itself, so that users could avoid having to deal with login to XY site if they chose to use that method...and that obviously wouldn't prevent users from installing XY no matter where Don happens to be.

j_c_hallgren wrote:Mesh, I may be totally wrong here, but as I read it, the "Activation" was related only to the 'License Lounge' and not XY itself, so that users could avoid having to deal with login to XY site if they chose to use that method...and that obviously wouldn't prevent users from installing XY no matter where Don happens to be.

No, because he was talking about a binary file being created in the application directory.

well, here are my two cents...

While I don't have a problem personally with software that uses activation (even though I do take some offense at the general suspicion toward the user as opposed to the general trust without it), I know quite a few people who wouldn't touch a program just because it needs to be activated (and honestly I don't know wheather I would've ever bought it knowing this, even though - as I said - I don't have a problem with it now). So how sure are you that it will create more paying users (or at least keep the unpaying from using it). Not to forget: someone who didn't buy it is far from likely to buy it if he is stopped from using it by technical means.

Then there are the technical questions. Will the binary file be in effect a license file? will it be machine independant? If not that's a real problem and/or pain in the ass
I.E.: Can I obtain one and use it on another machine? This also sounds like you plan to have the code needed to create it in the application, which means hackers can just use it to create their own license files...
You could use public/private key cryptography, have the server send the license file signed with a private key of yours, then how would the app validate it? Obviously against the corresponding public key, but how will it get it? If it's part of the application it can just be exchanged to allow fake signatures, if it's taken from the server that connection can be faked (simply redirected via host-file to localhost for example might do) to do the same.
Also don't forget they can just patch the .exe
And it becomes your responsibility to make it possible for them to use the program, meaning: supply proxy support or some alternative way to activated it for an employee of a company who don't allow programs like this at all - or return the money...

My point is this: It's incredibly hard to do this properly and in an unbreakeable way, are you sure it's worth the effort?
I still think it might repell potential new users and is unlikely to gain you even just close to the same amout of people from the group that currently uses it cracked (who are probably more likely angry you took away their nice program).
Whatever you do: make sure you don't inconvenience either long-time customers, new ones or both too much or it'll backfire horribly!

Ah I forgot to add my alternative Idea:

I think your idea with the license lounge was right: add more value for customers.

I'd just go a step further, integrate it into the program itself. Have a script browser, allow uploading/downloading of scripts from within, also some voting (typical 5 star system or whatever). There are quite a few more possibilities along these lines, like downloadeable configurations/layouts, where users can read a description of the author describing the workflow making use of that layout and so forth...

I think that License Lounge is a great idea. I also think that it is entirely Don's decision in terms of what to do with both LL and XYplorer licensing. We can put our suggestions across, but at the end of the day it's his business and he'll act in the best interests of it.

It's simply not possible to please everyone. Just look at the Wishes section. Some people think things that get asked in there are bloat and others think that they widen the extent of XY's configurability. It's very difficult to find a compromise. I, for one, will deal with whatever way Don will decide to pursue things in

Well of course it's Don's decision, that was never even in question (at least not from me). It's obviously his program
I was just offering my opinion, he can do with that as he pleases

Just to get back to the actual topic: I do have a slight (technical) problem with the license lounge. My browser (Opera) doesn't offer me to save the login data when logging in. I don't know exactly how to trigger that, probably just by naming the two fields right (like username and password or something). In any case, it would be great if you could change something to make this work, it's quite a hassle to get the serial manualy from the .ini every time I want to login

Thank you!

First thanks everybody for their opinion on my planned key verification system! You saved me from making a mistake.

Creat wrote:Just to get back to the actual topic: I do have a slight (technical) problem with the license lounge. My browser (Opera) doesn't offer me to save the login data when logging in. I don't know exactly how to trigger that, probably just by naming the two fields right (like username and password or something). In any case, it would be great if you could change something to make this work, it's quite a hassle to get the serial manualy from the .ini every time I want to login

Hmm, that sounds like a problem that should be solved in Opera. You cannot really expect that websites (with 100% HTML) are adjusted to make your browser work as expected.

Actually it seems to be a general problem, just tried with IE and Firefox, neither offered me to save the password
I guess all the browsers rely to some point on recognizing field names (like 'username' and 'password' or something) to offer auto-completion, it might also be because the regkey-field isn't a password-type-field (with hidden input, displayed as * or some other character, depending on settings, OS and the like).
If you login there, does your browser offer you to save the credentials? that would cause me to go looking for what the hell I did wrong

btw: I'm glad you decided to drop the activation-thing

don it seems your new to this, here is the situation with activation , simple it doesn't work , i have been around the internet a very long time, some big company's spend millions protecting their applications, and the next day its hacked , cracked or patched, even with your lic.dat idea lets say the offending party does buy it activate it what stops them from releasing the lic.dat file or hacking their own up since they learn how it works. or even if you do somehow make a full proof activation its still software, someone with some assembler / hex editing skill can break it in a few hours.

sadly this has been around since the first PC, old floppy's used to have some protection be it a dongle, or a key / password, if someone wants it bad enough they will get it.

Lets just take micros*ft for example one of the biggest company's, has their activation scheme that im sure they spent a ton on stop bad copys? the simple answer is no..then also comes into play OEM say a company wants to "bundle" your software with their pcs, they don't want the users bothered by activation.

the best thing you can do is write your own exe compressor put in some debug detection, and offer a member section like you just did.. or else its just a cat and mouse game.

another thing is paying customers don't like activation , its bothersome whether it be a driver (that can cause its own problem (such as os variance x86,64,mips, and os versions) , i remember paying for some DRM movies awhile ago then the company went under now im stuck with the movies and they are useless since you cant open them without their drm server.

I have some ideas if your interested. or i can help you report some links that get posted on download sites.

Addition to the login-thing:
forget the thing about the name of the fields, it's enough to change the type of the second input-field to "password" to get browsers to offer you to save the login credentials.