New ask Hacker News story: Ask HN: Should I open source my licensing server?

Ask HN: Should I open source my licensing server?
4 by keepamovin | 7 comments on Hacker News.
Recently developed an in-house "zero trust" license server based on PKI idea, blockchains, and proof-of-time, to convert a regular "vendor hosted" license server, into one that can be hosted on the buyer side. A lot of anti-piracy goes into obfuscation, and while I consider that defense-in-depth, I also consider obfuscating client-controlled code useless, and tried to make the system depend on cryptographic guarantees as much as possible. No such system where possibly adversarial clients control the license server, especially in an offline scenario, is perfect, but with immutable secure logs, and PKI chain of trust through a hierarchy of root authorities, I think we have a fairly solid approach. Open sourcing might lay bare some flaws which could be fixed. Or it might lay bare some flaws which could be exploited. This is mostly theoretical, we will probably not OSS it right now, but I consider it a useful exercise to crowd-think through the possibilities. In the rare chance that it is actually something novel, secure and useful, it might help other companies secure their deployments in a zero trust way.

Comments

Post a Comment

Popular posts from this blog

New ask Hacker News story: Brother Printers Sending Ink Data to Amazon?

Brother Printers Sending Ink Data to Amazon? 29 by Ajay-p | 13 comments on Hacker News. A most unusual thing. Every once in a while I get an email from Amazon that it's time to re-order Brother ink. I always delete these because I rarely print, but also figure it's just Amazon reminding me to buy something. Today I decided to opt out/unsubscribe once and for all. Instead I see this at the bottom of the email: "Click here to view or manage settings, including the option to opt out if you are already using another replenishment service. This took me to https://ift.tt/nMGIXiy "The data shown is based on estimated consumption reported by smart devices and orders you place through Amazon." Here it had a link to "Consumption history" which upon clicking showed me the ink levels of my Brother printer for the past two weeks . Date and time. WTF?! It is not apparent that I can disable this function. Can anyone else duplicate? Update : This is part of Alexa it
Read more

New ask Hacker News story: Tell HN: Equifax free credit report dark patterns

Tell HN: Equifax free credit report dark patterns 4 by PopAlongKid | 0 comments on Hacker News. For years, I have been obtaining free annual credit reports (annualcreditreport.com) which must be provided by law. Recently, for the first time, when I tried to obtain my Equifax report, I was prompted for an email address and a mobile phone number, a new requirement that apparently cannot be bypassed. The other two bureaus, and Equifax previously, confirmed identity by asking knowledge based questions. They do not need my phone or email for anything. Next, trying to obtain the report by phone instead of web site per instructions, I got to the point where I entered my ZIP code on the phone keypad, the voice menu system correctly repeated the number back to me, but every time I press 1 to indicate it is correct, the system acts like it got an invalid response and only gives me the option to enter further information by voice, not by the phone keypad. Just as with my phone number and email
Read more