Home Page
Archive > Posts > Tags > DRM
Search:

Quickbooks Pro Activation Failure
Intuit has lost a customer (and hopefully more than one)

I acquired a copy of Quickbooks Pro 2003 [in 2003] that I have used for accounting since. I have never seen a reason to upgrade because the interface works just fine, and it does everything I need it to. Every time I have had to reinstall it after a format, though, getting it working has been more of a pain.

To install and use the copy of Quickbooks, Intuit (the company that makes Quickbooks and Turbotax) requires a serial key, and then activation via either online or the phone. I used the online activation for at least a year, until it stopped working. After that point, I had to call in whenever I needed to install it, talk to a representative in [most likely] India who can barely speak English, give them my serial number, and get back an activation key.

Most unfortunately, this last time I attempted calling in to activate it they claimed (in what somewhat resembled the English language) my serial key was no longer on file, so I could no longer use my product. Fuck them. I was able to find the information I needed in the registry (of which I make backup copies before formats) of my old computer. I just transferred everything from “HKEY_LOCAL_MACHINE\SOFTWARE\Intuit\QuickBooksRegistration\12.0\pro” to my current registry, and everything worked like a charm.


I was also quite upset after buying TurboTax last year (Home & Business Edition, which isn’t exactly cheap) that I could only use it for 1 year.

Because of both of these incidents, I will never again buy an Intuit product, and I hope no one else who reads this does either.

Sony eBook Readers
Why can you never find a product that has all the features you want!

To start off, Merry XMas ya’ll! (And Happy Holidays, of course! [I’m actually Jewish by heritage for those who don’t know me personally ^_^; ] )


I decided to get an eBook reader as a present for someone for the holidays, so I tried out both the Sony PRS-505 and Sony PRS-700. I decided on the Sony readers for now as they can handle most, if not all, of the main eBook formats. Here are the important things I discovered out about both.


Sony PRS-505

This is a minor upgrade to the first eBook reader that Sony released in September of 2006 (the PRS-500), and costs $300. It works as it should and is advertised, and does everything I’d really want from a basic eBook reader.


Sony PRS-700

This is a major update to Sony’s eBook line, released in September of 2008, and costs $400. The most important new feature to this is the touch screen, which has some major pros and cons.


The main comparison points that I found between the 505 and 700 are as follows.
  • I immediately noticed upon comparing the two how much lighter and more reflective the screen is on the 700, making it much harder to read. After some quick research, I found the following here:
    Sony added a touch layer on top of the e-ink display and embedded LED side-lights into the frame that surrounds the display. Clever. But this comes at the expense of contrast and glare, and the Sony Reader PRS-700 looks more like a grayscale notebook screen than an eBook reader. The glare isn’t nearly as bad as the average PDA or gloss notebook display-- it’s on par with matte finish notebook displays.
    As far as I’m concerned, very unfortunately, this makes the product completely worthless as far as an eBook reader. You might as well just use an LCD display instead of an eInk display for the quality and price!
  • The touch screen (that comes with a pointer pen too) itself is a spectacular design, and would make the device far better than the 505 if it didn’t ruin the readability of the device. The ability to navigate the device is much easier, quicker, and more intuitive due to the touch screen interface, which also allows for a lot of additional functionality including a virtual keyboard and selecting text.
  • The 700 “turns pages” about twice as fast, due to the processor being about twice as powerful.
  • The 700 also has many more zoom levels by default, which is a big plus for people who need the eBook devices specifically for bad eyesight. The “Large” zoom level on the 500 just doesn’t always satisfy what is needed in some eBooks, but the XL and XXL on the 700 definitely go that extra step. I was told by a rep at the Sony Style store that there is a way to download larger fonts to the system (possibly through the eBook files themselves), but I have not fully researched into this yet.
  • The 700 allows for searching for text now because of the virtual keyboard. I find this to be an incredibly useful feature for a book reader.
  • The 700 also allows you to takes notes and make annotations on pages due to the virtual keyboard.
  • The 700 has side lights that can be turned on, which is kind of neat, but this is really just an extra luxury.

One unfortunate annoyance of both devices is that you cannot use them while they are plugged into the computer (for charging via the USB interface or uploading new books).


After playing with both, I’d definitely recommend the 505 for now. If they could fix the contrast problem with the 700, it would be perfect and well worth the price.

I’d like to try the Amazon Kindle too, but their stock of it is so far backordered, I don’t feel like dealing with it for the time being. When I checked around the 23rd of this month, they had a 13 week wait to have the product shipped to you! The Kindle is also, unfortunately, more DRM laden with proprietary formats. This can be bypassed though.

The IPod Touch
And IPhones

So I decided to go over to the evil side recently and get an IPod Touch. I originally wanted to just try it out in The Apple Store, but I just couldn’t find out all I wanted to about it there, and was getting highly annoyed by the completely ignorant sale reps, who couldn’t answer any of my questions anyways, hovering over my shoulder. And, yes, I asked them a few questions and neither they nor their managers had a clue. >:-(

However, all the sales reps I’ve been talking to lately at different stores about the IPod Touch and other electronic products I’ve been interested in buying have been pushing me to just buy them, and return them if I’m not satisfied. This sales tactic is a bit new to me, and I don’t like buying something and returning it needlessly, but they suggest it, so I decided what the heck! I guess it’s assumed most people will buy it and either decide they like it, forget to return it, or are too lazy to return it! So I decided to go to Fry’s to grab one (IPod Touch 2G v2.2) for testing and possibly keeping if I liked it because The Apple Store were really uncool about a lot of things, and also charged a hefty restocking fee on return... jerks. The jury is still out on if I’ll be keeping it or not, but I decided to share some of my findings.

When I talk about the IPod Touch here, I am also talking about the IPhone, because they are basically the exact same product. The IPhone just has the camera and the phone features, but the rest of the software is all the same (they run on the same OS). I also have a few IPhone specific comments below, as a good friend of mine got one for XMas and I helped him out with setting it up and found out a few things about it at the same time. Whenever I refer to the IPod Touch from here on out, I am referring to both IPod Touches and IPhones.


First of all, as is advertised and highly touted, The IPod Touch has style. The design is wonderful, it has a lot of nifty features, and has lots of useful applications in the App Store, many of them free. The product itself is by far better than anything else I’ve tried on the market for music playing and general PDA (personal digital assistant) purposes.

The Blackberrys I’ve tried out at a Verizon store (the Storm and Curve IIRC) weren’t even in the same league as the IPod Touch. I also tried out a G1 (Google phone) at a TMobile store, and initial impressions were not spectacular. However, I can’t make a solid judgment on the G1 because I didn’t spend as much time with it as I could have, as I knew I couldn’t use it anyways. This is because I refuse to switch from the Verizon network because the signal quality and customer support I have received from them are worlds better than what I had ever received from Cingular (now AT&T), AT&T, and Sprint.


Now that I’ve gotten the initial information out of the way including why the IPod Touch is nice; on to all of the problems I’ve found with it.

  • Apple has horrible draconian policies regarding what can be put on an IPod Touch. Applications can only (legally) be put on the IPod Touch from the App Store, and Apple specifically regulates what is in the store, only allowing in it what is “best for their interests”. This, of course, includes denying any application in the App Store that “duplicates functionality” of an Apple product. This is bad for many reasons.
    • First and foremost, it’s not Apple’s place (though they argue that it is) to say who can develop and what can be developed for the IPod Touch, as long as it is not malicious in any way.
    • Apply very specifically blocks, quite often, products that would be excellent with great functionality because it “competes” with their generally inferior applications. Of course, one can unlock older IPod Touches, and I’m sure newer ones will be unlockable soon enough, so this problem can be bypassed. When a phone is unlocked, it can be theoretically used on a compatible network (not AT&T), and you can install any application you want to on it for free (as long as you can find it). The legality of this is questionable, but it’s not really risky.
    • This can force developers who have spent their time and effort to build a good product to not be accessible to the market, thereby completely screwing them after the fact. Apple is not specific on what can be put on the store, and is very subjective about the whole matter. Unfortunately, many developers have found themselves in this position after submitting their application to Apple for inclusion in the store.
    • Apple can decide to block a product after it has been released and people have bought it, deleting it from their phones without refund. I believe (but have no proof) that this has already happened when a product “duplicated the functionality” of a new application or feature in an application of theirs that was added after the fact.
  • The SMS (texting) interface on the IPhone is horrible. It only allows you to see part of the message that you are typing at any time (40 characters as a hazy guess). This could easily be fixed through a third party application, but Apple blocks any application that has SMS as it is “duplicating” the functionality of something they built. See the above bullet for more information.
  • The keyboard correction on the IPod touches leaves much to be desired, and there is no text prediction (suggesting words you are typing).
  • The virtual keyboard itself, while far ahead of any other virtual keyboard on a cell phone I have tried as far as usability goes, also leaves a lot to be desired, and can be quite annoying. I did get used to it pretty fast, but mistakes were very often and easily made, and I do not believe one could ever type as fast on a virtual keyboard, like the IPod Touch’s, as a physical keyboard, though I haven’t spent near enough time practicing on it to confirm this. The Google phones (at least the G1) solves this problem with its flip-out keyboard interface.
  • No multitasking. Period. The IPod Touch can do a few things at the same time (mainly play music), but 2 applications cannot run at the same time, and trying is against their developer agreement. Apple did this to control the user experience, so that a user doesn’t try running too many things at once, creating a bad user experience on the product from lag, which they would blame on Apple. Granted, the IPod Touch isn’t that powerful and it would be easy to bog down the system if too many things were running, but some things need to continue running in the background, with minimal processor time, to create a good experience.
    One of many examples of this is AIM (AOL Instant Messenger). When you start the application, it signs you on, and it keeps you online AIM until you specifically sign off (or perhaps if you turn off the phone, but I doubt it). This means that if you exit the AIM application after signing on, it shows other people that you are still online and receiving messages, even if you aren’t getting them. When you open the application back up, it retrieves all of the queued messages that were sent to you while the application was not opened. How hard and taxing would it be on the system to pop up a message informing the user a new message has come in while they are in other applications? Apparently too much, as Apple has to be black and white about the multitasking issue instead of allowing developers to petition for the right. Further, this queued AIM message system also tips one off to the fact that ALL AIM messages are sent through their servers to get to your IPod Touch, instead of your system directly connecting to the AIM servers, which is essentially an invasion on your private conversations.
  • Crashing. The IPod Touch itself has crashed on me twice within the first 2 hours I used it. When this occurred, I could not even start most all of the applications, even after turning the IPod Touch on and off (all the way, not standby mode). The only way I found to fix this was installing a new application from the App Store, or updating an application that had a new version ready. Go figure.
  • The IPhone can only take pictures, and not video. While there are products that allow taking video on the IPhone, they can only be installed by unlocking the phone, as Apple will not allow them on the App Store (see the top bullet for more information).
  • No searching for text on the current page in the web browser (Safari). This really bugs me as it is an essential feature I need in my web browser :-(.
  • I don’t trust installing Apple applications on my computers. I actually ended up using VMWare to use ITunes for this reason >:-(. ITunes likes embedding itself in your system in lots of places it shouldn’t, much like AOL since version 5.0. I do not believe it uninstalls itself completely either if you try. Also, when I tried uninstalling bonjour (an Apple communication protocol, which the program that runs it is also named, It used to be called Rendezvous) it didn’t even TRY to uninstall itself from my system. It just took the program off of a few lists and left all the files there. Even worse, I noticed that Bonjour was hooking a bunch of other processes it shouldn’t have been *sighs*.
  • I’ve saved my biggest complaint for last. All music on the IPod Touches (all IPods actually, and Zunes and Zens too) organize music by the MP3’s ID3 tags into genre/album/artist/etc, and do not allow organizing the music in folder based structures. While for most people this is not a problem, it is a big one for me. This is not a problem for people “new” to the MP3 player scene that buy their music straight from the ITunes Store, as that music is already organized for them with proper tags how they want it. My, and many other peoples collections, that have been being built for well over a decade (from CDs myself or friends have ripped ourselves for the most part), are not all tagged very well, as it never mattered. While I could go through my whole directory and tag everything properly, this would take upwards of hundreds of hours to do, and would be a waste of my time. Even so, I feel being able to organize by directory can be easier to navigate and organize then straight up genre/album/artist listings. This is a very basic functionality of all MP3 players I have had up until this point.
  • The above problem is actually solvable by playlist folder structures. Unfortunately, these are only available on some of the IPod types (for example, the Classic and Nano, IIRC) but not on IPod Touches or IPhones :-(. Further, building these nested folder playlist structures is also a minor pain. I started writing a script to do it for my music collection until I realized it didn’t work on my IPod Touch. ITunes transfers each folder to the IPod Touch as a flat playlist of all the songs in the playlists under it, but again, this is not a problem on some of the other IPod Systems. Unfortunately, if I was to spend the money on an IPod, I would like it to be a PDA too with much more functionality, which the IPod Touch satisfies, and the others do not.

As previously mentioned, I might not be keeping the IPod Touch, as I cannot justify the cost of it mainly as an MP3 player while I’ve already had other solutions that are almost as good for a number of years. I was one of the first adopters of MP3 players (of the MP3s on CD variety) back in 1998, I believe, and they still work great. However, I would probably get an IPhone were I able to use it on the Verizon network because it combines all the features I like on the IPod Touch with a phone. I would love to be able to use its excellent web browser (as far as cell phone browsers go) anywhere, not just when an accessible WiFi network was handy. The cost of an IPhone is more proportionate to what I’d like to spend since I’d be getting a phone and a music player out of it. Unfortunately, when unlocked, IPhones (and G1s) cannot work on Verizon, like it can the other networks, because Verizon uses a different kind of technology for its carrier signals (CDMA instead of GSM). Alas :-\.


Oh, yes, one more thing I wanted to mention. Apple was originally turning a blind eye to the unlocking IPhone market because most of them were going oversees to markets untapped by Apple, which is good for business for them. However, when Apple started expanding into other countries and this practice no longer served their needs, they added on a section to the AT&T contract you are forced to sign up for when buying the phone. It basically stipulates that if you cancel the AT&T contract (which incurs a fee after the first 30 days anyways) that you have to return the IPhone too. This way Apple is guaranteeing people can’t use the phone outside of AT&T.

Client Side Security Fallacies
Never rely solely on information you receive from untrusted sources

One of the most laughable aspects of client/server* systems is client side based security access restrictions. What I mean by this is when credentials and actions are not checked and restricted on the server side of the equation, only on the client side, which can ALWAYS be bypassed.


To briefly explain why it is basically insane to trust a client computer; ANY multimedia, software, data, etc that has touched a person’s computer is essentially now their property. Once something has been on or through a person’s computer, the user can make copies, modify it, and do whatever the heck they want with it. This is how the digital world works. There are ways to help stop copying and modification, like hashes and encryption, but most of the ways in which things are implemented nowadays are quite fallible. There may be, for example, safeguards in place to only allow a user to use a piece of software on one certain computer or for a certain amount of time (DRM [Digital Rights Management]), but these methods are ALWAYS bypassable. The only true security comes by not letting information which people aren’t supposed to have access to cross through their computer, and keeping track of all verifiable factual information on secure servers. A long time ago at an IGDA [International Game Developers Association] meeting (I only ever went to the one unfortunately :-\), I learned an interesting truth that hadn’t occurred to me before from the lecturer. That is, that companies that make games and other software [usually] know it will sooner or later be pirated/cracked**. The true intention of software DRM is to make it hard enough to crack to discourage the crackers into giving up, and to make it take long enough so that hopefully people stop waiting for a free copy and go ahead and buy it. By the time a piece of software is cracked (if it takes as long as they hope), the companies know the majority of the remainder of the people usually wouldn’t have bought it anyways. Now I’m done with the basic explanation of client side insecurities, back to the real reason for this post.


While it is actually proper to program safeguards into client side software, you can never rely on it for true security. Security measures should always be duplicated in both client and server software. There are two reasons off the top of my head for implementing security access restrictions into the client side of software. The first is to help remove strain on servers. There is no point in asking a server if something is valid when the client can immediately confirm that it isn’t. The second reason is for speed. It’s MUCH quicker if a client can detect a problem and instantly inform the user than having to wait for a server to answer, though this time is usually imperceptible to the user, it can really add up.

So I thought I’d give a couple of examples of this to help you understand more where I’m coming from. This is a very big problem in the software industry. I find exploitable instances of this kind of thing on a very regular basis. However, I generally don’t take advantage of such holes, and try to inform the companies/programmers if they’ll listen. The term for this is white hat hacking, as opposed to black hat.


First, a very basic example. Let’s say you have a folder on your website “/PersonalPictures” that you wanted to restrict access to with a password. The proper way to do it would be to restrict access to the whole folder and all files in it on the server side, requiring a password be sent to the server to view the contents of each file. This is normally done through Apache httpd (the most utilized web server software) with an “.htaccess” file and the mod_auth (authentication) module. The improper way to do it would be a page that forwarded to the “hidden” section with a JavaScript script like the following.

if(prompt('Please enter the password')=='SecretPassword')
	document.location.href='/PersonalPictures';

The problem with this code is two fold (besides the fact it pops up a request window :-) ). First, the password is exposed in plain text to the user. Fortunately, passwords are usually not as easy to find as this, but I have found passwords in web pages and Flash code before with some digging (yes, Flash files (and Java!) are 100% decompilable to their original source code, sans comments). The second problem is that once the person goes to the URL “/PersonalPictures”, they can get back there and to all files inside it without the password, and also give it freely to others (no need to mention the fact that the URL is written in plain text here, as it’s the same as with the password). This specific problem with JavaScript was much more prevalent in the old day when people ran their web pages through free hosting sites like Geocities (now owned and operated by Yahoo) which didn’t allow for proper password protection.

This kind of problem is still around on the web, though it morphed with the times into a new form. Many server side scripts I have found across the Internet assume their client side web pages can take care of security and ignore the necessary checks in the server scripts. For example, very recently I was on a website that only allowed me to add a few items to a list. The way it was done is that there was a form with a textbox that you submitted every time you wanted to add an entry to the list. After submitting, the page was reloaded with the updated list. After you added the maximum allowed number of items to the list, when the page refreshed, the form to add more was gone. This is incredibly easy to bypass however. The normal way to do this would be to just send the modified packets directly to the server with whatever information you want in it. The easier method would be to make your own form submission page and just submit to the proper URL all you want. The Firebug extension for Firefox however makes this kind of thing INCREDIBLY easy. All that needs to be done is to add an attribute to the form to send the requests to a new window “<form action=... method=... target=_blank>”, so the form is never erased/overwritten and you can keep sending requests all you want. Using Firebug, you can also edit the values of hidden input boxes for this kind of thing.

AJAX (Asynchronous JavaScript and XML - A tool used in web programming to send and receive data from a server without having to refresh a page) has often been lampooned as insecure for this kind of reason. In reality, the medium itself is not insecure at all; it’s just how people use it.


As a matter of fact, the majority of my best and most fun Ragnarok hacking was done with these methods. I just monitored the packets that came in and out of the system, reverse engineered how they were all structured, then made modifications and resent them myself to see what I could do. With this, I was able to do things like (These should be most of the exploits; listed in descending order of usefulness & severity):

  • Duplicate items
  • Crash the server (It was never fixed AFAIK, but I stopped playing 5+ years ago. I just put that it was fixed on my site so people wouldn’t look for it ^_^; )
  • Warp to any map from any warp location (warp locations are only supposed to link to 1 other map)
  • Spoof your name during chats (so you could pretend someone else was saying something - Ender’s game, anyone? ^_^)
  • Use certain skills of other classes (I have up pictures of my swordsman using merchant skills to house a selling shop)
  • Add skills points to an item on your skill tree that is not yet available (and use it immediately)
  • Warp back to save point without dying
  • Talk to NPCs on a map from any location on that map, and sometimes from other maps (great for selling items when in a dungeon)
  • Attack with weapons much quicker than was supposed to be allowed
  • Use certain skills on creatures from any location on a map no matter how far they are
  • Equip any item in any spot (so you could equip body armor on your head slot and get much more free armor defense points)
  • Run commands on your party/guild and in chat rooms as if you were the leader/admin
  • Rollback a characters stat’s to when you logged on that session (part of the dupe hack)
  • Bypass text repetition, length, and curse filters
  • Find out user account names

The original list is here; it should contain most of what I found. I took it down very soon after putting it up (replacement here) because I didn’t want to explicitly screw the game over with people finding out about these hacks (I had a lot of bad encounters with the company that ran the game, they refused to acknowledge or fix existing bugs when I reported them). There were so many things the server didn’t check just because the client wasn’t allowed to do them naturally.


Here are some very old news stories I saved up for when I wrote about this subject:


Just because you don’t give someone a way to do something doesn’t mean they won’t find a way.



*A server is a computer you connect to and a client is the connecting computer. So all you people connecting to this website are clients connecting to my web server.
**“Cracked” usually means to make a piece of software usable when it is not supposed to be, bypassing the DRM
Video Game Nostalgia
And Metal Gear Solid Problems

So a comic [Gunnerkrigg Court] that I enjoy and read daily [updates MWF] recently referenced Metal Gear Solid, which finally made me decide to play through the series.

For reference, whenever I bring up games from here on out, it’s usually to talk about encountered problems, which I will usually provide fixes for, or technical aspects of the game. I’m not qualified, or funny enough, to want to review games; and that is not the purpose of my postings here.


The first thing I wanted to mention is a fix for a graphical problem. As the game is rather “old” (released in 2000 for Windows), it can be incompatible with modern systems. One of the options it uses in hardware mode is 8-bit textures, which is no longer supported, though for the life of me I can’t see why a hack could be made in the video card drivers for this problem. Because of this, the game only allows you to run in software mode. After a lot of digging and searching, in which every place said the same thing (it’s not fixable), I finally found a hacked executable [Metal Gear Solid v1.0 [ENGLISH] No-CD/WinXP+Vista+GeForce+ATi Fixed EXE] made by a kind sole to fix the problem.

Another problem which really frustrated me was a “puzzle” in the game referring to looking for information on the “back of the CD case”. I had just received an “optical disk” in the game, however, it appeared to be a floppy disk and no matter what I did I couldn’t find the required information with the item. I figured it must have been a bug and finally gave in and looked it up online. It turns out they meant the actual CD case the game came in had a number [radio frequency] written on the back of it - “140.15”. I can only assume they did this as a means of “copy protection” to frustrate anyone who didn’t actually buy the game. Unfortunately, I acquired the game without a CD case so I was frustrated by this myself.


This kind of system reminded me of the very old days of gaming in which some games asked you to input a certain word from a certain paragraph on a certain page of the manual to enter the game, or asked questions with answers found in the manual. One of the games I had that did the former was Teenage Mutant Ninja Turtles [1989] for DOS. I have fond memories of playing this and a (monochrome? [green and black :-) ] IIRC?) version of Muppet Adventure: Chaos at the Carnival [1989] (Dear Thor! heh) [also a DOS game] as they were, IIRC, two of my first video games, though I got many others around that time. Both games had later released NES ports too.

My real favorite childhood games however, which are still both cult classics, were Doom, which got me into the design aspect of making games, and most importantly, ZZT, which is what really got me started on programming in 1991 at the age of 5. I still have the original floppy disks for ZZT too :-). ZZT was more scripting than programming though, and I didn’t start real programming until I got into QBasic in 1993. I might release some of my creations for these games one of these days for nostalgic sake ^_^;. I also remember thoroughly enjoying Star Trek: 25th Anniversary for DOS in 1992 :-). I was a nerd even as a kid! ^_^; This game also had copy protection I had forgotten about. As Wikipedia tells:

The game had a copy-protection system in that the player was forced to consult the game’s manual in order to find out which star system they were supposed to warp to on the navigation map. Warping to the wrong system would send them into either the Klingon or Romulan neutral zones, and initiate an extremely difficult battle that often ends with the destruction of the Enterprise.


[Edit 8/16/2008 @ 10:05pm] Pictures of some of this stuff can be found in tomorrow’s post, “Ancient Software”.