Ayende @ Rahien

It's a girl

Yet another good interview test

Yes, this is another challenge that I ran into which I consider well suited for an interview.

  • It is short
  • It doesn't require specific knowledge
  • There are a lot of ways of solving that
  • I can give the develop access to Google and the test is still valid

The test itself is very simple:

  • Detect if another instance of the application is running on the network which is registered to the same user
  • It doesn't have to be hack proof, and it doesn't have to be 100% complete. The purpose it to stop casual copying, not serious hackers.
    • A great example of the feature in action is R# detecting that two users are using the same license at the same time.

Oh, and for real world scenarios, use a licensing framework instead of rolling your own.

Comments

Rik Hemsley
10/26/2008 10:13 PM by
Rik Hemsley

Nice idea for a challenge. I'd quite enjoy writing the code and would probably start with a simple UDP listener in each app, doing a broadcast at startup. I wonder if Windows Firewall would be my first problem...

Brian Chavez
10/26/2008 10:56 PM by
Brian Chavez

I dont think it makes a bit of a difference in real world scenarios whether or not you choose a licensing framework. History has shown, time and time again, if your app is popular enough and there is demand, it will be broken.

Ayende Rahien
10/26/2008 11:01 PM by
Ayende Rahien

Brain,

You are missing the point of licensing frameworks, I think.

I don't expect for a moment to stop the determined hackers. In fact, I don't believe that I'll even try.

The point of licensing is to get the honest people to pay, because they would.

Brian Chavez
10/26/2008 11:08 PM by
Brian Chavez

Yes, the point of licensing is to get honest people to pay. My point is, whether you 1) roll your own, 2) put in a time-nag, or 3) go with a high-grade licensing framework, in the real world it doesn’t matter, because (in the end, as you indicated) honest people pay. So it doesn’t make a difference. IMHO.

Ayende Rahien
10/26/2008 11:14 PM by
Ayende Rahien

Oh, yes it does.

The issue of how to deal with licensing is complex enough.

Here is a simple example. You license per user. This means that you don't care if they use the software of their laptop and on their desktop, as long as it is the same user.

But if you have two different users sharing the same key, that is a reason to flag & stop them.

Again, it is not a matter of stopping hackers, it is letting the honest people know that an honest mistake was done.

Or maybe they have 5 concurrent licenses, and they started to use 6 concurrent instances.

That is why you want to go with a licensing framework, because they already have this scenarios, and presumably they spend some time thinking about how to solve them, rather than you having to take the burden of maintaining code that is important, but isn't part of the core business value that you actually would like to deliver.

Brian Chavez
10/26/2008 11:39 PM by
Brian Chavez

It’s not hard to implement that a scenario. In fact, I’ve done something very similar to your licensing scenario with one of my products DepositWiz and I’ve rolled my own licensing framework. Do honest people still pay? Yes. Is there anything wrong with rolling my own? No. Is it hard to maintain? No.

If you can afford the cost of using a commercial licensing framework, then go for it, but if you can’t, then there is absolutely nothing wrong with rolling your own. This is my point. You seem to indicate that there is.

The only difference is a trade-off between: Cost and Convenience.

Whether or not you roll your own [that fits your needs] or use a commercial licensing framework [that fits your needs] doesn’t affect an honest person’s free will decision to emit payment.

Ayende Rahien
10/26/2008 11:49 PM by
Ayende Rahien

Brian,

I can almost guarantee that a licensing framework would cost more than a developer day. Most likely it will take a week.

This is going to be significantly cheaper than most licensing frameworks.

And you end up with a more mature solution that you don't have to deal with.

The point is that you should focus your efforts on your core business. Licensing frameworks is usually very firmly NOT your core business.

Ayende Rahien
10/27/2008 12:01 AM by
Ayende Rahien

Rik,

Yes, UDP is probably the easiest way to do it.

Ayende Rahien
10/27/2008 12:01 AM by
Ayende Rahien

Rik,

Another interesting way (way over engineered, though) would be to use WCF peer to peer stuff.

Brian Chavez
10/27/2008 12:11 AM by
Brian Chavez

Long term “how much it costs” claims are questionable and it really depends. But let’s quickly compare, I know ComponentFactory (1 man shop MicroISV) uses SWReg:

SWReg’s tax load of fee table:

http://www.swreg.org/pricing/29percent.htm

vs.

A quick integration solution with Google Checkout:

http://checkout.google.com/seller/fees.html

Chargebacks do happen. Check payments do happen. American Express payments do happen.

In the long run, SWReg’s fees will add up, and will eventually surpass the upfront cost of “rolling your own”.

This is one simple reason why I rolled my own.

Ayende Rahien
10/27/2008 03:55 AM by
Ayende Rahien

Brian,

I think you are confusing things.

There is a difference between licensing framework (component, one time cost) and a payment provider (service, running cost).

I think that it makes a lot of sense to optimize the payment processing part, after you are making money. But that is beside the point, what we are talking about here is licensing components, not payment providers.

Chris McV
10/28/2008 12:07 AM by
Chris McV

Ayende,

Are there any licensing frameworks that you would recommend? Particularly for subscription based licensing, where users effectively lease software?

Ayende Rahien
10/28/2008 05:45 AM by
Ayende Rahien

chris,

I am currently investigating, I'll let you know when I have come to a conclusion

Comments have been closed on this topic.