Johan; thinking out loud.

Today a made a new release of logview4net.

I got an error report from a user who had set up a UDP logger with log4net and got loads of weird characters in logview4net. I had hard coded Unicode and log4net was sending something else.

This led me to add a drop down list with available encoders to the Udp Listener. I might do the same for the file listeners in the near future.

This release is number 7.39

The documentation at http://logview4net.com will be updated with new screenshots soon.

Share This

Today I added the Linux radio show lugradio to my ever growing feed list in jsiPodFetch. Since I am very close to filling all available time now I think it will take quite long for me to catch up, but I’ll give it a try.

Share This

I got reminded about the ??-operator in C# today. It is a coalesce operator and works like this:


string a = null;
string b = a ?? "Woops, a is null.";
Console.WriteLine(b); <- Will write 'Woops, a is null.'


I really need to read the language specification at least one time per year to remind myself about all the things I don’t use frequently. It is way to easy to keep on solving programming problems with the same old tools all the time. I like to learn new languages. At least to the level that I know what to google about if I have to use a specific language. But at the same time I think one should try to master at least one language. C# has been my favorite tool for years so I am blushing a bit as I confess my shortcomings.

Share This

Today I added Rubiverse, a podcast about Ruby, to my jsiPodFetch feed list.

I’ve recently learned some Ruby and I like it a lot. I will definitively install IronRuby when it is properly released. Currently I’m using ‘real’ Ruby for my jsiPodFetch build scripts and for aggregating data from my weblogs. It feels a bit awkward to install something like Ruby just to do some scripting in Windows though, maybe I should look at Powershell instead. That is a bit more classic shell scripting. I think the things I’m using it for is more like programming. I’m not sure when something is to be called a program and when it should be called a script.

The best thing to do is probably to learn lots of languages and frameworks so that one can make educated decisions when it comes to solving new problems.

Share This

This is probably the last paid post here for a while.

Masterseek is a recently started searchable directory of business organizations around the world.

Since masterseek takes submissions for free right now it is a perfect opportunity for small organizations trying to start up on a small budget.

Submissions may include a free text description so that potential customers can find you by your unique key words.

Share This

This article will describe how I have implemented license keys in jsiPodFetch. I hope it will help someone else trying to do this. It would also be nice if someone reading this gave me feedback if this solution doesn’t work in practice since I haven’t analyzed this solution thoroughly enough to swear by it, but I think it will work.

Through out this code there are places that are open for variation. Most important if you reuse my code here is that you use your own unique strings.

Most payment processors (SWReg, Plimus, and so on) will be able to query a URL of your choice to create a license key. This solution uses a PHP-script to create a license key that can be validated by code written in any .NET-language. I will use C# for my examples.

The solution uses a multi part license key so that you can change the application code that checks the license when/if it gets cracked or keygened.

Let’s start with the PHP-code that creates the license key.

I start by creating three unique strings. Let’s use ‘AAA’, ‘BBB’, ‘CCC’. (I use more than three, but it will be enough to make my point.)

$g1 = 'AAA';
$g2 = 'BBB';
$g3 = 'CCC';

…then I create a hash from the unique string concatenated with the e-mail address used for registering the application.
By the way; I am constantly truncating the values at five characters to make the key a bit smaller. It will make the hash values weaker, but I think it will OK anyway.

$key1 = substr(md5($g1 . $_GET["email"]), 1, 5);
$key2 = substr(md5($g2 . $_GET["email"]), 1, 5);
$key3 = substr(md5($g3 . $_GET["email"]), 1, 5);

… and that’s about it. Now I can concatenate the individual hashes and the e-mail address.

$license = $_GET["email"] . “-” . $key1 . “-” . $key2 . “-” . $key3;

…then I create a hash of the license and concatenate that with the license.

$hash = substr(md5($license), 1, 5);
$license = $license . "-" . $hash;

Finally I return the license key:

echo ($license);

The result is this:

foo@foo.com-fb821-90d34-8b8c6-ca6ab

Now it’s time for some C# code. The main obstacle was getting a PHP compatible hash value out of strings in .NET. I googled a bit and found this (I’m not sure where it came from though so I can’t give proper credit.):

public static string Md5Hash (string pass)
{
  MD5 md5 = MD5CryptoServiceProvider.Create ();
  byte[] dataMd5 = md5.ComputeHash (Encoding.Default.GetBytes (pass));
  StringBuilder sb = new StringBuilder();
  for (int i = 0; i < dataMd5.Length; i++)
  sb.AppendFormat("{0:x2}", dataMd5[i]);
  return sb.ToString().Substring(1, 5);
}
This method will return the same string as the PHP md5() method given the same input.

Since I hashed all concatenated sub keys I can now validate a given license key with this:

public static bool LicenseIsValid(string license)
{
   int lastHyphen = license.LastIndexOf("-");
   if(lastHyphen < 4 )
   {
     return false;
   }
   string l = license.Substring(0, lastHyphen);
   string hash = Md5Hash(l);
   string[] lines = license.Split('-');
   return (hash == lines[lines.Length -1]);
}

I could include a fourth secret string when I do the hash of the full key, but at this stage I only want to validate that it is a license key for my program. I don’t want to check its authenticity yet.

To authenticate a key I get one of the hashed sub keys. With this function:

public static string GetKey(int n, string license)
{
   string[] lines = license.Split(’-');
   return lines[n];
}

I then hash the secret string I used for the n’th value together with the email and compare the result with the sub key from the license.


string email = GetKey(0);
string validHash = Md5Hash ("AAA" + email);
if(validHash == GetKey(1))
{
   //Allow registered stuff
}
else
{
   //Inform user that thy have to pay.
}

To make it a little bit harder to crack this, make sure to write this code in several places. If you encapsulate it in a method there is only one place to bypass.

When someone has created valid keys you can recompile the application and use your second secret key so that the key maker has to restart his work. You could also move the checking code around a bit so the cracker has to redo his work.

That’s all there is to it.

One thing I miss with this solution is the ability to encode data, like a date, into the key.

Share This

While taking the survey on Software Engineering Radio I got noticed of a couple of other technical podcast so I have added IT Conversations and ARCast to my jsiPodFetch feed list.

Share This

As you have seen I have done some paid posts on this blog. I really hope I can counter balance those posts with more ‘real’ posts because it hurts me to see to many paid posts on the first page. To, potentionally, make that problem worse I recently joined PayPerPost.

PayPerPost is one of several companies offering money to bloggers for writing blog posts and helping advertisers with their blog marketing. As far as I can tell they pay a little bit more than those of their competitors I have joined before. That will hopefully keep me from writing more than one or two paid post per month. We’re not really talking about a lot of money so the risk of me getting greedy and making every second post a paid one is not so big. My goal is to move to another host and have all my web activities be self financed. Any money left after paying the web host and domain registrars will probably go into marketing jsiPodFetch, my podcast downloader.

When writing for PayPerPost not all opportunities require the blogger to disclose the article as a paid post. This is such a post, but I will always disclose a paid post in the title. If there are opportunities that require the blogger to NOT disclose it as a paid post I will not take it.

If I were required to disclose this as a paid post it would look like this:

Share This

My list of new shows in jsiPodFetch is getting very short. It will be empty before the weekend. So I need to find some new podcasts to subscribe to.

Currently I subscribe only to software related podcasts, but I might try to find something else now. I listen to podcasts mainly on my commute to/from work so it doesn’t really bother me that the current selection is a bit single minded. It would be nice to, occasionally, be mentally kicked in the *ss though.

Share This

I will probably start differencing the functionality for registered and unregistered users of jsiPodFetch. Since it doesn’t do much there is not many functions to take out. I will start by directing unregistered users to a downloading page when there are upgrades instead of downloading the new installer automatically. Nag screens are also a viable solution, but I will give that a second thought. Nag screens has converted me from a free rider to a paying customer some times. I have on the other hand completely abandoned software that was a bit too intrusive.

jsiPodFetch is a utility for getting podcasts to your phone or ipod clone. It will create a well ordered playlist and keep track of what shows can be deleted from the media player.

Share This