WinGate Forums

[kalvos]

Is the product activation portable?

If activation requires a new license key on reinstallation on an upgraded server box, does QBik have a key escrow company authorized to provide a key unlock patch in case of QBik's failure to meet terms or bankruptcy?

If there is a key escrow, that is good. I do not purchase "tethered" products, and would be very sad if I had to end my relationship with WinGate, which has served well since version 3.

I have searched the website, and these activation terms are not identified in the product description of WinGate 6 -- only in the announcement here. That is pretty surreptitious, regardless of the sort of activation involved.

Dennis

[adrien]

If by portable you mean can the activation file be used on another computer then the answer is no. In fact, the whole reason for activation was to clamp down on the rife multiple-use of WinGate licenses. The license itself can be installed on another computer, if it is deactivated on the first one, or if we clear the records for it at our end.

Since we took over distribution of WinGate, and control of the domain wingate.com, we have been in a position to gather information about many licenses that are in use in many many installations, clearly in breach of our license agreement. This is not even counting the over 90% of WinGate installations that use a key that we didn't even generate.

I can of course understand your reluctance to invest in a product that relies on the continued existence of its creators in order to operate, and rest assured we have not created such a situation, and I am happy to do whatever is required to alleviate any concerns you may have in that area.

Regards

Adrien

[adrien]

PS, if you need to rebuild your server, then as long as certain parameters do not change, you will be able to use your previous activation file. We did consider this scenario when we designed the activation system.

Regards

Adrien

[kalvos]

the whole reason for activation was to clamp down on the rife multiple-use of WinGate licenses. The license itself can be installed on another computer, if it is deactivated on the first one, or if we clear the records for it at our end.

So it is challenge/response, then.

I understand the problem perfectly. I used to write software 20 years ago and saw copies out there that I never sold.

And you understand that the idea of being tethered to the fortunes of any company is not a pleasant one, particularly in this market of sudden changes and here-today-gone-tomorrow tech companies. Those of us who depend on software -- depend on it working at 2 in the morning when we've had to rebuild a crashed machine, or in 2008 when we are trying to recover a project we'd spent months creating -- do not want to place our future in the hands of corporate fate.

That being said, I will be very happy if QBik takes the simple step of providing the code generation software or skeleton key to a third party and places it in escrow. I have actually outlined this in some detail at http://maltedmedia.com/books/papers/sm-copyp.html

It's not the upgrade price that bothers me. I expect that I can keep my copy of WinGate 5 safe for recovery purposes, and get WinGate 6. Unlike other software in which I have enormous work invested (such as Finale), I can live without WinGate should that day come.

But for the future, please consider a way of reassuring users that a key system has been placed in safe, third-party hands.

Dennis

[genie]

Hi, Kalvos

Unfortunately, serial key approach has proved to be the weakest part of software registration process, especially in case of mass-market software (i.e. a software package, which is not targeted to a very specific and tiny group of people, like, for example, Wingate vs. Newton MessagePad wireless support). The more people use a package the more its registration routines will be under attack - simply because for many using a cracked key does not pose a real problem as opposed to paying 10,20,50 or more dollars for a copy. Simple serial keys are crackable by their virtue because they are too generic and do not carry any particular link to the computer, the product is being installed on - so anyone who can get a validly composed key ( generating it by cracking an algorithm or re-using previously bought key over and over again) can use the software. Challenge-response scheme provides this required link between the key and the computer or a person the software is supposed to be running with. Other software providers of mass-market packages rapidly switch from simple serial keys to the challenge-response schemes of various natures.

[genie]

I forgot to mention the similarity of the serial key problem to the access token problem. Back then, when the computers were big and rare, noone cared about properly secure computers access simply because not that many people knew how to operate the beasts or how to connect to them. Now there are hundreds of various methods that ensure that the person logging into the computer is a legitimate user.

[kalvos]

serial key approach has proved to be the weakest part of software registration process (...) Challenge-response scheme provides this required link between the key and the computer or a person the software is supposed to be running with.

Since a system exists, you can place it in escrow. Then -- should you no longer be able to support the product for business or technical reasons -- the response part of the system can be shipped to all users. The software is patched with a challenge/response that takes place transparently and internally.

Put yourself in your customer's place first, and it gives you the will to accomplish it.

If you can't accomplish it, then put refund money in escrow instead -- now *that's* scary! :)

Dennis

[adrien]

It's not exactly challenge response.

there is a single transaction that is initiated to generate an activation file. this is simply a digitally encrypted file, encrypted with 4096 bit RSA private key.

Once you have this however, you no longer need us to exist as long as certain parameters of your server don't change, e.g. your server name.

So, if you need to rebuild your server, you should be able to re-use your activation file without us being involved.

So I guess you should back it up!

If we get wiped out by a meteor, then no-one will be buying new licenses from us anyway. So, the problem then is how do existing customers run.

In this case, if they have done their activation, then they have their license file, and should be able to use that indefinitely.

In this respect, the license file is no different to a very big key.'

Adrien

[kalvos]

It's not exactly challenge response.

Thanks very much for your response.

It sounds you've come up with a very responsible way to handle this licensing to the benefit of both Qbik and their legitimate customers.

Dennis

[Jimmy]

I note that this is an old Forum sequence… but seems closest to my request, so thought I would append my query here… I’ve recently purchased version 6 and I’m now wondering how I would go about upgrading from Windows 2000 on an older box to a newer box with XP…

Please allow that in most instances, one will normally try to prepare the new server before replacing the older one and that then the switch-over would need to occur in the shortest possible period (to limit down-time).

[Pascal]

1. Install new server and enable a trial license.
2. Configure it and get everything up and running.
3. Activate a trial license on the old box (If you can, otherwise might need to skip this step)
4. Deactivate the registered license on the old box (Make sure you have the details you received when you purchased)
5. Activate the registered license on the new box
6. Deactivate the trail licenses all round