Re: serial number (activation code)
- From: "G.Doten" <gdoten@xxxxxxxxx>
- Date: Tue, 31 Jul 2007 18:17:45 -0400
Jon Skeet [C# MVP] wrote:
G.Doten <gdoten@xxxxxxxxx> wrote:Fine. Let me quote.What I don't fathom is his insistence that the things I've said are not true. Especially the one about the IEEE MAC addressing standard.I still haven't seen where he said that isn't true - which is why I asked for a specific quote.
<quote>
Me: The statement is correct in that a built-in MAC address on *any* device that has one is without question supposed to be unique.
Peter: That's the error right there. It is mostly true that the MAC address is unique among default, manufacturer-assigned MAC addresses. But beyond that, no uniqueness is assured.
</quote>
Well, there's a difference between "MAC addresses are designed to be globally unique" and "default, hardware-assigned MAC addresses are designed to be unique". I *suspect* that's what Peter was getting at, given the rest of the post.
I don't. He clearly says "It is mostly true that the MAC address is unique among default, manufacturer-assigned MAC addresses." Insisting on "mostly true" when he knows darn well it is true. He's splitting hairs here just to argue with me.
This is where he started his random contradicting. He knows damn well what I am saying, but must make me sound like I am stating some sort of "error" when I say that. The built-in MAC address is without question supposed to be unique. There is no error in that statement. Peter then continues to sing that same song inferring that I can't read English.
I'd venture to suggest that you're the one implying that he's denying that manufacturers are meant to assign unique addresses, despite there being no such denial.
But there is that denial, and of the standard itself. Venture what you'd like; it's a free Internet!
<quote>
me: Further, it is codified in the IEEE MAC address standard that these built-in addresses are unique. That's all I'm saying.
Peter: And as I said, even if you assume that the built-in addresses are unique, that isn't relevant in this context.
</quote>
It's not an assumption! I've had to repeat that a number of times. And he keeps refuting it.
It's an assumption that they *are* unique - i.e. that everyone follows the standard without any errors creeping in. We've all agreed that manufacturers *can* make errors, therefore it would be foolish to believe that all the built-in addresses genuinely are unique.
No, it wouldn't. That's like saying it would be foolish to follow the standard when dealing with these addresses. There must be many standards that are misapplied, yet what they say can still be used. If a problem with a particular implementation is encountered it can be worked-around, especially in this specific case of built-in MAC addresses.
Peter's wider point in that quote was that you still couldn't trust the *reported* MAC address anyway though.
Sure you can! You're losing me.
And from the same reply:
<quote>
Peter: This is, in fact, the underlying basis for everything I've written in this thread: a copy protection scheme based on the MAC address is a bad idea. There is no reliable way to obtain a unique MAC address in a useful way for copy protection.
</quote>
He knows damn well that everyone--including myself--agree that using a MAC address for this purpose is a bad idea.
The difference being that you believe (as far as I can tell) it's always realistic to retrieve a built-in MAC address reliably.
Yes, I do. I may easily be wrong.
Well, here's just one:Although I think he finally came around in his last couple of posts. From "there's no such standard for built-in MACs" to "yeah there is but they can be overridden." I think he knows damn well what I'm saying.Where did he say there's no standard for built-in MACs? He's repeatedly acknowledged that - but stated (and I agree with him) that that's completely different from the MAC addresses which are *used* being unique and standardised.
<quote>
Peter: That is the standard for how manufacturers assign the default MAC address for a device. That is _not_ the standard for MAC address as they are used in networks.
</quote>
I don't see where that says that he says there's no standard for built-
in MACs.
"That is _not_ the standard for MAC address as they are used in networks." Wrong.
Finally coming around to agreeing there is a standard, and it that it does dictate that built-in MAC addresses be unique ('It is true that "no two manufacturers can possibly assign the same MAC address to two or more devices" (to the extent that manufacturers don't screw up...they do, you know)'), he then tries to say the standard is not used in real-life networks.
And indeed it's not, because in real networks MAC addresses *are* assigned - often enough to make it non-negligible, IMO.
We disagree on the meaning of non-negligible, I think.
Then it pretty much devolves into device drivers, and things like "WMI does not provide a specific API to retrieve a MAC address" (it does, and in a very standard way), and this beauty: 'The Windows API is a standard. That doesn't mean that any code I implement using the Windows API is using a "standardized way" to do something.' That's just precious.
Well, using the instructions you were suggesting, WMI isn't providing an API to get at the original, built-in MAC address. Part of the process you were suggesting is "just" clearing registry keys - a critical part of system configuration. *That* certainly isn't a "standardized way to get at the hardware's default MAC address". The WMI part isn't the big problem - it's the preceding step.
No, I think that would work fine. Supposedly it does, anyway.
I think we disagree about the meaning of "feasible".Could be; it's not like it has a technical definition or anything. Would you not agree that a technique that is used by a shipping product is indeed feasible? If not, then we are indeed using different definitions for the word.
It depends on whether that scheme actually *works*. I could ship a "licensing scheme" that relied on an invalid user not creating a file called licence.txt - I wouldn't say that's feasible as a real licensing scheme.
Yes, it works; it is used by products.
Please don't start name-calling. It's not useful at all.I didn't realize I called you a name, Jon.
I never claimed that you did. I just don't like it when newsgroup posts involve slanging matches whoever's involved.
I sheepishly agree with that.
I think "the mighty" can fend for himself, as far as I've seen. He's
certainly used worse on me (not that I care). However, you're right,
name-calling is not useful at all.
Does that mean you'll stop doing it?
Maybe.
Regardless, using a MAC address is not only workable (using the normal definition of the word)
We certainly haven't agreed on that. "Workable" presumably means that something "works" doesn't it? For a copy protection scheme to work, it must detect when someone fakes their MAC addresses. I don't have enough experience of such products to know whether they manage that - but I suspect they don't.
That's your definition of licensing scheme (and isn't a bad one). Because a product ships with a "MAC address licensing scheme" that may (or may not) let MAC addresses be spoofed does not mean it isn't a legitimate licensing scheme. I would say that there is no licensing scheme that is 100% accurate nor 100% secure. A product company may decide that this hole may be perfectly acceptable for their needs.
This is what makes such a licensing scheme workable.
it is and has been done.
Products have certainly been shipped using it. Are they genuinely protected by the licensing scheme? That's a different matter.
True.
Why, out of interest? It certainly works pretty well in all the situations I've used it in. Admittedly I've never tried to hack round it, and I don't know how secure it is in that sense (it'll vary depending on scheme, certainly).I've had systems (programs, I mean) become disabled at critical times because I've changed hardware. Yes, there are work-arounds of calling a telephone number (at least for the software I've used), but it's a pain in the patuty when you are under a deadline. Personally I just don't think I should have to prove I am legally using a piece of software every time I run it. But this is getting way OT, and admittedly this is just a personal opinion of mine.
Hang on a sec - I specifically spoke about one-time validation. Not "every time I run it" validation, nor validation which dies when hardware is changed. I certainly don't like either of those.
Well, we agree on that. I don't like any of those schemes either, including the one-time validation ones. All of them are relatively easy to crack.
Perhaps. But I hope you are not disagreeing that software has and does ship that uses MAC addresses for their licensing scheme.hardware hash technique that I understand Microsoft's product activation to use (though I really don't know the details there). That technique is fraught with problems, yet, just like with a scheme that utilizes a MAC address, can be made workable. Again, desirable? No!Again we disagree on the meaning of "workable", I believe.
No. I just dispute whether it's reasonable to call that licensing scheme "workable" if it doesn't provide any real protection.
I don't see how it can be denied that it is a workable technique, but whatever. I never claimed, nor would I ever claim, it is a perfect solution. But I would say it is perfectly acceptable for the needs of some companies.
Should they? Hey, it's their software...
True.
Which is why they can define how bullet-proof or not bullet-proof their licensing scheme is.
You make an excellent proxy for Peter, BTW.
--
-glenn-
.
- Follow-Ups:
- Re: serial number (activation code)
- From: Jon Skeet [C# MVP]
- Re: serial number (activation code)
- References:
- Re: serial number (activation code)
- From: G.Doten
- Re: serial number (activation code)
- From: Jon Skeet [C# MVP]
- Re: serial number (activation code)
- Prev by Date: Re: Orcas Beta 2 Released (a few days ago)
- Next by Date: Re: Orcas Beta 2 Released (a few days ago)
- Previous by thread: Re: serial number (activation code)
- Next by thread: Re: serial number (activation code)
- Index(es):
Relevant Pages
|
