01 Jan 2017

Buying a microscope

History / Edit / PDF / EPUB / BIB / 1 min read (~92 words)

  • Max magnification
  • Lighting
  • Megapixels

  • Max magnification
  • Included digital camera
  • Megapixels
  • Comes with prepared slides

13 Oct 2016

Business model

History / Edit / PDF / EPUB / BIB / 1 min read (~194 words)
php

  • Some development must be done in order to protect the software against forbidden use (no subscription)
  • May require a "call-to-home" (Internet connection) to verify the subscription is still valid
    • Might be easily countered by firewalling the application
      • We may allow it to go unchecked for 1-X days until we tell the user to connect, but that is bad user experience

  • Similar to subscription based, but on a per use basis

  • Code is freely available
    • Makes it more difficult to live on producing the software

  • ($X*0.2)/user/year in support fees
  • Fee per request

  • X$/user (one time fee)
  • ($X*0.2)/user/year in support fees

  • Tools are never shared with the outside world

  • Develop tools to use on a per-project basis, where clients spent 5k$+ on a single pass
  • Tools are never shared with the outside world

23 Sep 2016

Licensing CLI

History / Edit / PDF / EPUB / BIB / 2 min read (~332 words)
php

  • Encapsulate the application within a .phar
  • Use obfuscation (can only obfuscate variables inside function/methods as anything else must remain with the same name in order to allow for dynamically called methods (or simply do not support such code))

  • Must not make it easy to extract the original source code
  • Must checksum itself for modification
  • Should prevent usage by sharing a single license (TBD?)
  • Should not be possible to reuse a trial forever in a VM

  • Relying on opcode (to act as a binary) probably implies you are dependent on the php version used. Furthermore, it also means that the extension must be available and enabled for the code to work
  • Given the current implementation of opcache, the cache cannot be reused on other machines as it contains the system ID as part of an opcache file header

  • OPCACHE
  • System ID

  • Timestamp

  • Checksum

-> zend_accel_load_script (persistent_script, from_memory)

  • Replace classes methods with (generated) traits that contain one or many of the classes method
  • Compression/optimization by creating variables

  • Even with obfuscation, PSR0/4 based code is too easy to distinguish (no reason to obfuscate libraries)

  • Find some way to transform the original source such that it is in symbiosis with a client identifier (and thus cannot be removed)

  • Replace variables within functions with obfuscated names
  • Concatenate all files into a single file (or bundle of files)
    • Pre-process require/include, or do not allow their use (as the files will not be available)
  • Randomize file order
  • Scramble method order
  • Inject junk code
    • Insert junk code with encrypted user identification
  • Generate a differently scrambled version per download/user

23 Sep 2016

Obfuscator

History / Edit / PDF / EPUB / BIB / 2 min read (~375 words)
php

  • Encapsulate the application within a .phar
  • Use obfuscation (can only obfuscate variables inside function/methods as anything else must remain with the same name in order to allow for dynamically called methods (or simply do not support such code))

  • Must not make it easy to extract the original source code
  • Must checksum itself for modification
  • Should prevent usage by sharing a single license (TBD?)
  • Should not be possible to reuse a trial forever in a VM

  • Relying on opcode (to act as a binary) probably implies you are dependent on the php version used. Furthermore, it also means that the extension must be available and enabled for the code to work
  • Given the current implementation of opcache, the cache cannot be reused on other machines as it contains the system ID as part of an opcache file header

  • OPCACHE
  • System ID

  • Timestamp

  • Checksum

-> zend_accel_load_script (persistent_script, from_memory)

  • Replace classes methods with (generated) traits that contain one or many of the classes method
  • Compression/optimization by creating variables

  • Even with obfuscation, PSR0/4 based code is too easy to distinguish (no reason to obfuscate libraries)

  • Find some way to transform the original source such that it is in symbiose with a client identifier (and thus cannot be removed)
  • Obfuscate php built-in functions
  • Zend Host ID limited deployment: It appears that Zend Guard allows the software to be limited to run on only specific "Zend Host" (what are those?)
    • Zend Guard Loader is a custom extension? for PHP which requires a licence_path to work

  • Replace variables within functions with obfuscated names
  • Concatenate all files into a single file (or bundle of files)
    • Pre-process require/include, or do not allow their use (as the files will not be available)
  • Randomize file order
  • Scramble method order
  • Inject junk code
    • Insert junk code with encrypted user identification
  • Generate a differently scrambled version per download/user

17 Aug 2016

Business

History / Edit / PDF / EPUB / BIB / 1 min read (~132 words)
  • Identified a problem
  • Determine if it is of importance (metrics)
  • Explain why your solution is better than existing ones
  • Define a clear pricing model
  • Define how your product will be marketed
  • Define how the product will scale from personal to large corporate use

  • Determine sale pricing
  • Evaluate various sale models
    • Packages
    • Monthly
    • Per action/item/amount
  • Determine various cash flows
    • Money paid to employees/self
    • Money paid for services required by the product
  • Evaluate tasks that have to be done globally and per client/project (if any)
  • Evaluate anything that has to be paid for every client/project and once/globally
  • Determine all factors that may vary
    • Number of customers
    • Number of days/months/years
    • Disk space usage, bandwidth usage, computer usage

  • Track users requests
  • Track users feedback