[geeks] generating unique systemids

Doug McLaren dougmc at frenzied.us
Tue Aug 28 09:09:40 CDT 2007 

On Mon, Aug 27, 2007 at 07:53:44PM -0500, Lionel Peterson wrote:

| Does it need to be the primary MAC ID? Why not just check for the
| licensed MAC ID, thenif there is a disaster, they can migrate the
| nic and have an active license.

No, that's reasonable, but then you could just take a random ethernet
card, change it's mac address, then put it into your computer and not
even hook it up to anything.  Every computer on your network could
have a card with this address.

Actually, I forgot one other often used system ID -- the primary IP
address.  All the same gotchas apply, however.

None of this stuff is hard to defeat at all -- there's a dozen or so
ways of doing it, from manually changing the MAC address (or whatever)
to overriding/changing the system/library call that looks up whatever
you use as a system ID.  (Almost trivial with an open source OS, and
not that hard with closed OS's.)

And no matter how easy it is to overcome, your legitimate customers
won't bother, and will need new license keys whenever something
changes.  Or when they lose them.  And often they'll need them at 3AM
on Saturday morning because there was a disaster, or because they
scheduled an upgrade and didn't realize this would be a problem.
Perhaps they could defeat the protection themselves, but they paid for
this software, dammit, and they shouldn't have to ...

And if you do use primary MAC address, what if your system doesn't
actually have a network type with a MAC address or the equivilent?
You should not have to add an unused ethernet card to a system just to
make some software license happy.

Ultimately, my point is that this might not be a great idea.  It won't
stop those who want to crack it, and will create extra work for you
supporting your paying customers.  I'm quite familiar with this, as I
work in customer service at Vignette, and some of our products are
licensed this way -- and it causes a lot of headaches, and I don't
think it provides much benefit.

-- 
Doug McLaren, dougmc at frenzied.us        An idle mind is worth two in the bush.

More information about the geeks mailing list