Member
|
Have you considered something like this:
If the software triggers a license revalidation, do not immediately kick the user out, instead warn the user that they have 1 week to get it sorted before it deactivates. However, and here's the part to make sure that fooling around with the system clock doesn't work, during that 1 week grace period require an internet connection to start the program. This kind of stuff is my day job, so if you want to seriously consider it, feel free to mail me for some implementation help. |
#21 |
Senior Member
Join Date: May 2014
Posts: 292
|
While such a system works relatively well. It does open the system up for an extra point of possible vulnerability. This together with the fact that systems like that have been cracked numerous times (including with major companies like Adobe). I don't think this is a smart functionality to implement. And as Rob stated situations like this are relatively rare, together with the fact that most of the situations can be user anticipated meaning they can request a reset before doing any of such actions. Which in my eyes doesn't warrant an approach that might add vulnerabilities to the system.
Also seeing the new feature in the license menu (unlink license). I think they might actually be working or have implemented a system to de-activate your license before doing major alterations to your system. (haven't tried using the system yet so this is just an assumptions of what it does. Planning to test it out myself later today actually) update: Seems it doesn't allow for license movement. Just tried it between 2 machines of mine. (So not sure what that feature does) Last edited by Togainu; October 7th, 2015 at 05:08 AM. |
#22 |
Member
|
I know that it's easy to implement it in a way that leads to vulnerability, which is why I offered to help. That wasn't a joke, my day job is implementing network security for a company that you probably know.
|
#23 |
Senior Member
Join Date: May 2014
Posts: 292
|
Kind of think you are missing the point I was making. No matter how secure you implement it you are adding another point of entry for attacks. Making the program as a whole more vulnerable by default.
Secondly not everyone plays in areas that have access to internet. Meaning they won't be able to start up the program. Course then you can choose to not allow save options. But that means you need to start making notes outside of Hero Lab and enter them at a later point (if you remember and didn't loose your notes which are very realistic scenarios (which is actually how it currently works meaning the connection solution only solves the issue for some users)). And again it only triggers with major changes to your machine. Which are in majority of the cases user induced meaning you can request a license reset before doing them Edit: Also seeing the machine ID changed it can't identify itself as the old system anymore, meaning you run into the same issue as before. If someone gives a full copy of their hero lab to someone else. The week reset period can't check reliably if it used to be a legit system. Last edited by Togainu; October 7th, 2015 at 09:34 AM. |
#24 |
Senior Member
Join Date: Sep 2012
Location: Ottawa, Canada
Posts: 781
|
Just remember that LWD also answers to the product owners, not just us the consumer.
Rob is a middle man being squeezed by the IP owner and the IP leaser. It is easy to suggest what will be better for us, but remember the owner of the IP has to be kept happy, or we have no IP to lease. Exmortis aka "Scott" RW - Needs Rez spell HL - Game Master/Designer RPG Tools - Campaign Cartographer 3+, D20 Pro Ultimate Real Life - IT Security Hobby - Anything on water or ATV |
#25 |
Member
Join Date: May 2010
Posts: 36
|
So is there a fix for the Windows 10/fast ring problem? I can't seem to move My license as it can't connect to the server and it just locks up the whole program until end task on it. I have an email into support.
|
#26 |
Senior Member
Volunteer Data File Contributor
Join Date: Jan 2010
Location: Chicago, IL (USA)
Posts: 10,729
|
Have you installed the latest version of Hero Lab which is v7.3 as it was suppose to have some Windows 10 fixes.
Hero Lab Resources: Pathfinder - d20pfsrd and Pathfinder Pack Setup 3.5 D&D (d20) - Community Server Setup 5E D&D - Community Server Setup Hero Lab Help - Hero Lab FAQ, Editor Tutorials and Videos, Editor & Scripting Resources. Created by the community for the community - Realm Works kickstarter backer (Alpha Wolf) and Beta tester.- d20 HL package volunteer editor. |
#27 |
Member
|
Quote:
If anyone on the dev team is reading this: I'm working on a PoC for both methods and will mail you when they're complete so that you may fix them. Quote:
However, once it detects a license invalidation, it will phone home and start a week long "trial mode" and require an internet connection from that point until the license becomes valid again. I can see how this won't work for people that play without internet connection, but for the rest it would provide a nice way to avoid a ruined gaming evening. As for abuse, this system would obviously invalidate the license for use on any system ID when it gets flagged, this would mean that the original user can no longer update until he contacts lone wolf, and the person he shared it with can only use it once, for one week. Continued abuse would quickly become apparent. |
||
#28 |
Member
Join Date: May 2010
Posts: 36
|
Ok, I have now installed the latest version, and when I go to retrieve the license it can't communicate with the server. I have verified that it is white listed.
|
#29 |
Member
Join Date: May 2010
Posts: 36
|
Support got me squared away. Thanks for the help folks!
|
#30 |
|
|