BTW, just for reference. I've always registered the shareware/
programs I've cracked. I figured it was the least I could do for
breaking the registration scheme. Sometimes I'll tell why, sometimes
not. It all depended on how friendly/open the author seemed to be.
But in any case, none of them ever changed their registration scheme
even after I informed them about it. <shrug>
On Apr 9, 2006, at 11:30 AM, Travis Siegel wrote:
It's funny you should mention the security through obscurity.
This is the single most lamented cause of security exploits, as
evidenced by my time on the various security lists I used to be an
active participant on.
I've also broken several registration scheemes on various dos/
windows software packages, not because I didn't want to spend the
money to register, but because they were packages who authors
annoyed me in one way or another. In one case, I even mailed the
author, using the registered version of his program. Interestingly
enough, he never noticed.
I've never distributed my cracks to anyone, just wrote them more as
a proof of concept than anything else, but it is interesting the
things people think are secure.
Well, ok, I lied.
I did distribute one crack, but it was only to two other people,
and one of them had already bought the program, but had lost their
license file. The other person would never have registered the
program in a million years, and I wanted them to have something
that actually worked, rather than using something else that would
not work for them. And besides, both of them were in Australia
anyhow which the author never even considered a supportable venu.
(go figure)
On Apr 9, 2006, at 1:47 AM, Kafka's Daytime wrote:
On Apr 9, 2006, at 1:06 AM, John Weir wrote:
Re NLS, maybe we need to start a campaign to contact our congress
men and senators to get them to reconsider so there is Mac
suitable SW available. Vickie Weir
Ah, now you're talking. I think lots of voices are the only way to
maybe help tilt the odds in favor of having the NLS books
supported more broadly...by multiple vendors and on multiple
platforms. It's not just the closed system that is alarming but
the apparent single-vendor situation proposed. In terms of DRM
it's most important that they avoid a security-through-obscurity
approach. A DRM scheme can be published for all to review and
implement - without compromising the integrity of the security. In
fact, it's the private, proprietary, non-peer-reviewed, security-
through-obscurity schemes which are almost invariably least secure
(often laughably so). The reasonable approach would be to publish
the DRM scheme for peer review and then, upon completion of
review, make available to the general public (again, this is not
less secure this is more secure). After that, providing support
for DAISY is, as developer types are so fond of saying,
straightforward. The just-described approach would open up
development on any and all platforms, ensure the broadest support,
healthy competition and reasonable pricing resulting from same.
The problem is, that means NLS would need to completely rework
their proposed approach (as outlined in their business plan) - and
void the contract they've already awarded to the single vendor
selected to do the development.
Joe
