rlb@rtpark.rtp.ge.COM (Bob Boyd 8*565-3627 11-Aug-1987 1656) (08/11/87)
Keywords: copy protection, SID register, license enforcement
There have been a lot of questions about identifying cpus and such.
I have some VERY strong opinions about copy protecting software for mass
distribution.
Let me express first of all that I am not opposed to people protecting their
investment. I think every software vendor(DEC included) should be encouraged
to:
1. Make their software easy to install.
2. Make it EASY for user installations to comply with licensing
restrictions.
3. Make their software insensitive to hardware revisions.
4. Make their software capable of being licensed to run on multiple
cpus from one copy(particularly for clusters).
5. Provide a customer controllable capability to run the package on a
backup processor while the licensed processor is down. This kind of
capability needs to be EASY to use -- not require 15 different keys
having to be typed in after calling up the vendor!!! I can't have
my whole staff tied up typing in new keys for each of 20 different
packages that might have to be switched to another cpu!
It is trivial for a package to be tied to the cpu serial number. The
information is available through a call to SYS$GETSYI requesting the SID item.
The biggest problem with this is that the SID has lots of stuff in it besides
the Serial Number. ONLY THE 15 LOW ORDER BITS CONTAIN THE SERIAL NUMBER!!!!
***** FLAME ON *****
ANYONE USING THE WHOLE 32 BITS FOR A MATCH IS SAYING "I WON'T LET YOU BE
PROPERLY SERVICED BY YOUR FIELD SERVICE ORGANIZATION WITHOUT FIRST GETTING AN
UPDATE FROM ME" -- this is RIDICULOUS - anyone who is going to the trouble to
use this number should exercise the responsibility to obtain a VAX ARCHITECTURE
HANDBOOK and VAX HARDWARE HANDBOOK and STUDY the layout of the SID register!!
Recently we have been bitten by 2 packages: Teradyne's LASAR package and
ECAD's IC Design Verification package. LASAR croaked after a revision to our
VAX 8800 console to correct a number of problems we have had. They had to send
us a new "customer data file" -- which took 3 days to arrive -- they couldn't
give us something over the phone, they didn't think to ask to send it to my
home address over the weekend, etc....!@#$%#@#!
IF YOU WON'T CONVINCE YOURSELF TO TRUST YOUR CUSTOMER SYSTEM ADMINISTRATORS TO
TRY TO ABIDE BY THE CONTRACT, AT LEAST DO THE JOB RIGHT.
***** FLAME OFF *****
GE normally negotiates an extra clause in contracts with ALL software vendors.
This clause says something to the effect that GE will be licensed and able to
run the package on a temporary basis on a backup cpu in the event that the
licensed cpu is unavailable due to failure or required maintenance.
In a turnkey environment it is extremely important that switching to the backup
cpu not take a monumental effort. There are many ways to accomplish this. One
is to try trusting the system administrators at customer sites. Some packages
are secured by the distribution of keys that go into a site description file
maintained by the site administrator. We have through the use of ACLS and
SYSTEM RIGHTS made it very easy to be sure that we are complying with the
license. We also have a 15 to 30 second operation that is all that is required
to make the switch (in our cluster) should the licensed cpu fail.
We have used this approach on software purchased from DEC, Unilogic, and
others. It works GREAT! I will be glad to send the command procedure and an
example control data file to anyone who wants it.
Essentially what we do is set up an identifier for each licensed package. At
boot time on each cpu a procedure is invoked that reads the license control
data file. This procedure determines which licenses are to be enabled on the
current node. If a machine goes down, all that needs to be done on the other
cpus is to run the procedure again, and it will re-determine which licenses
should be enabled due to the abscence of the down cpu.
On each executable and/or control file that is essential to the execution of
licensed packages we place an ACL which has the following form:
(IDENTIFIER=<package>_ADMINISTRATOR,
OPTIONS=PROTECTED,ACCESS=READ+WRITE+DELETE+CONTROL)
(IDENTIFIER=<package>_LICENSE[+batch or other mode restrictions],
OPTIONS=PROTECTED,ACCESS=EXECUTE) (or READ if data only file)
(IDENTIFIER=[*,*],ACCESS=NONE)
The 2 identifiers that must be created are <package>_ADMINISTRATOR and
<package>_LICENSE.
Again if you would like to get a copy of our LICENSE.COM, please let me know.
It is currently about 200 lines of DCL. I would be glad to see an
implementation in Fortran, Pascal, or C. If enough people ask for it I'll just
post it to INFO-VAX.
-----------------------------------------------------------------
Bob Boyd Usenet: rlb@rtpark.rtp.ge.com
GE Microelectronics Ctr. Voice: (919)549-3627
POB 13049, MS 7T3-01 GE DIALCOMM: 8*565-3627
RTP, NC 27709-3049 GE DECnet: RTPARK::RLB