The Market Ticker ®
Commentary on The Capital Markets - Category [Small Business]
Login or register to improve your experience
Main Navigation
Sarah's Resources You Should See
Full-Text Search & Archives
Leverage, the book
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions. For investment, legal or other professional advice specific to your situation contact a licensed professional in your jurisdiction.

NO MATERIAL HERE CONSTITUTES "INVESTMENT ADVICE" NOR IS IT A RECOMMENDATION TO BUY OR SELL ANY FINANCIAL INSTRUMENT, INCLUDING BUT NOT LIMITED TO STOCKS, OPTIONS, BONDS OR FUTURES.

Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility; author(s) may have positions in securities or firms mentioned and have no duty to disclose same.

The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must be complete (NOT a "pitch"; those get you blocked as a spammer), include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.

Considering sending spam? Read this first.

2018-06-20 14:36 by Karl Denninger
in Small Business , 121 references
[Comments enabled]  

I got 99 problems but secure control of my house isn't one of them.

In no particular order:

  • Problem: Cameras are great. The let you see inside your home when you're not there, along with the periphery.  The problem is that they're inherently insecure, the most-common protocol to view them has no security on the video whatsoever, all of them "phone home", they have low-powered CPUs in them for cost reasons, and they are made and designed in China with who-knows-what sort of back doors in their software.  Solution: HomeDaemon-MCP secures your cameras, making it possible to completely detach them from outside access.  You can obtain the "latest" (last movement) still or real-time video from them over a completely secure connection on your phone at any moment you desire -- from anywhere in the world, and if desired grab an "on demand" video clip to your mobile device.  In addition unlike the simple "if I see movement or detect sound" upload to an insecure cloud some faceless company owns and may use for marketing or other purposes (or almost-as-bad, on-site SD card storage that is trivially stolen by a burglar) HomeDaemon-MCP can, on any set of conditions you define (no matter how complex) upload a fully-secure video clip of a length you determine to a site you, and only you, control using industry-standard and accepted secure communications for use by yourself or the authorities in prosecuting criminal acts.

  • Problem: Locks and other access control devices (e.g. garage door openers) have AES-encrypted (highly secure) options for control, but the "pairing" process is fraught with risk.  Existing controllers poorly handle this, having intentionally sacrificed security on the altar of "convenience", making possible theft of the network security key after which any and all "encrypted" traffic could be intercepted or modified from more than 100' away -- more than enough to tamper with your house from next door or in the street.  This, theoretically at least, could allow a thief to command your door or garage to open for him!  Solution: HomeDaemon-MCP refuses to answer "S0" keying (the risky event) at high power intentionally, preventing key interception at long range with 100% certainty even if you are tricked into attempting to re-install a device.  Instead for S0 secure Z-wave nodes you remove the stick from the controller and pair it at the device itself, which reduces the potential range of interception to inches from hundreds of feet. 

  • Problem: Existing systems all rely on the "cloud" in some fashion or form.  But "cloud" computing is inherently insecure due to computer design priorities that put performance before security, never mind being fraught with the risk that if a server goes down hundreds of thousands or even millions of consumers lose monitoring and control access at once!  Then there are the "microphones" that are supposedly only listening for specific commands yet have been shown to record and send conversations to others without being told to to do so.  Answer: HomeDaemon-MCP never uses voice commands because voice commands are inherently insecure as a microphone must be on and listening all the time in order to detect the alleged "trigger" word or phrase.  This means a programming error or intentional misconduct by a vendor can trivially record, steal and use the contents of your most-intimate conversations -- those in your home (or even bedroom!)  We all have our phones with us today; unlocking yours and touching a screen requires two actions confirming your intent to do something, while denying interception and exploitation by either error or malice.

  • Problem: "Skills" loaded to a device from some third party inherently rely on trust you place in someone else to not misuse your data or worse, spy on you intentionally.  The incentives to violate your trust or spy on you are great and the penalties for firms caught misusing your data have never resulted in a single criminal prosecution of anyone, ever, in the history of these devices and companies.  There is no incentive for a firm not to do this sort of thing because any "penalty" is always limited to a fine (and then only rarely), which is simply passed on to you in the form of higher prices.  Solution: HomeDaemon-MCP is configured and controlled entirely by you or your chosen installer on a local basis in your home, with its configuration stored on a local SD card.  It relies on no external "skills" or code, ever.  You can always, as an administrator and the owner of your home, look at and verify what it is looking at and what actions it takes because unlike an opaque "skill" the configuration is all in an English-like language that is easily understood.

  • Problem: "Cloud" solutions to notifications and events are touted as "more friendly" yet sacrifice security and privacy on the altar of someone else's convenience, particularly when it comes to your mobile phone.  Answer: HomeDaemon-MCP's Android app has zero reliance on a "cloud" for anything, including real-time monitoring.  It provides notification of events as they occur within 90 seconds, even when your phone is asleep and in "low power" mode, and within one second when it's awake, frequently beating the delivery of a text message when sleeping and always beating it when the device is awake, and yet the app consumes only about 1% of your phone's battery power overnight to do so.

  • Problem: Storing passwords on a mobile device is fraught with risk for all the obvious reasons, yet most apps do exactly that, again for your convenience.  Answer: HomeDaemon-MCP's Android app never stores a password.  It instead obtains an authentication token of which you control the length of validity.  Further, a second, one-time use token is returned to the device which is valid for only one command after which it expires, preventing "injection" attacks launched from malicious web sites you may accidentally visit from working.  With no password stored by the app it's impossible to steal it since it's never stored, but only presented when necessary to obtain the authentication token.  Should you lose your mobile device logging out from any device (e.g. a web browser) instantly invalidates the access (and one-time-use) tokens, rendering the connection immediately secure from further access.

Got a desire to make a lot of money?  Then pay me a reasonable amount, own this wholesale (including source) and make a fortune. 

Email karl@denninger.net for more info, or look here.

View this entry with comments (opens new window)
 

2018-05-14 14:28 by Karl Denninger
in Small Business , 141 references
[Comments enabled]  

Well, that wasn't all that hard.

I've never previously written a single line of Java, nor developed for Android.  Ported Android itself, yes, but not written apps -- nor used "Android Studio", Google's IDE for it.

A few weeks ago I bought the "Big Nerd Ranch" book on it, and read it.  It's a solid couple inches thick and, if you've never done programming, you'll be lost in the first half-dozen pages.  Figuring out Java at the same time was quite a trick (and one the authors warn against), but being a guy I don't read instructions anyway.

 

But now Beastie (yes, phk, the beer is on me if we are co-resident somewhere) peeks out the window, and the App lives.

 

I find some of the admonitions from Google rather amusing.  They really want you to use their cloud message management system rather than exempt your app from their battery sleep/doze stuff, for example.  I understand why, in many cases, but, in this specific case.... nope, nope and nope.  The impact on power consumption?  Nearly unmeasurable over a full night's sleep with the phone unplugged; according to GSAM consumption is about 1% over 8 hours.

A couple of weeks post-sitting down with this monstrosity and there's an app, complete with power management, background networking, preferences and all that.

HomeDaemon-MCP itself (the server/operational piece) has been taught how to do persistent notifications to mobiles as well, which is very nice.  What that means is that if you "miss one" because you're out of range (for example) as soon as you come back into range you'll get the notification.  Ditto if your phone reboots.  This also means that the complexity of said notifications can be infinite, and is subject to user permissions.

Speaking of which that's one of the big deals.  Multiple users with different permission bit masks are fully supported down to an individual device level for both read and write access flags.

I don't know if I prefer the app over the web interface for HomeDaemon-MCP, to be honest.  The app has its advantages on a phone, not the least of which is its persistence and notification capabilities.  That's real nice; what I used to do for notifications was to have the base system send a text message.  That works of course but this is nicer, easier to customize (choose your tone, do you want vibration or just sound, etc) more-granular, and has less risk of getting lost (yes, carriers do lose text messages on a somewhat-regular basis.)

The "about" page can be read here for the app... I think you'll like it.

If you do, and want to pick up the whole package -- including the App -- for marketing and sale of course, the email link is on the right.  No cloud used, security is completely under the owner's control and licensing is done with privately-CA-issued certificates -- which are damn near bomb-proof and enable both buy-once-use-forever models as well as annual or even monthly subscription-type licenses.  You choose.  And yes, the price for the whole shooting match is reasonable.

View this entry with comments (opens new window)
 

2018-04-07 12:26 by Karl Denninger
in Small Business , 127 references
[Comments enabled]  

You might have read this article when I published it originally.

Or, maybe not.

If not, then please do.  It lays out a pretty decent case, I think.

What I've now completed is the majority of the back-end work to make implementing a mobile app a rather trivial piece of coding -- instead of a lot of work.

Let me lay out the how and why for you on this.

The "hard way" to do a mobile app is to have it do all the work.  The easy way, every time, is for the mobile app to be little more than a terminal into something.

But this is a problem in the general sense even when there's a web server included because you then have to parse the web output.  That's somewhat of a pain in the ass.  So what you need to make mobile app development easy is a trivially-parsable reply format, preferably one that updates in real time for you.

HTML5 makes "dynamic updates" pretty easy, which is nice.  You send down a little javascript "listener" and then make a call to a resource that comes back with the MIME type "text/event-stream", and then sends updates.  Each has a tag, which matches that tag in your HTML document.  This connection can be (and should be!) persistent, in that this reduces overhead greatly.

Well, that's nice, but the persistence can be a problem from a resource consumption and management standpoint.  If you're not particularly persistent then the "retry" stanza will reconnect, so many pages and servers do exactly that -- they send the data but then allow the connection to close, relying on the connection cache ("Connection: keep-alive")  to cut down the overhead to something reasonable.  This will give you "every 3-5 seconds" updates -- good enough for most implementations such as social media and messaging.

What you want with an app, however, is an actual dynamic stream that stays open for minutes at a time because otherwise the overhead is a five-alarm pain in the butt.  Implementing true persistence on the server end gives you the ability to push updates as fast as you're willing to burn the CPU to handle.  You can get single-digit millisecond latencies (or better) if you are willing to burn the CPU for it, but getting latencies down into the couple hundred millisecond range, or ten to twenty times faster is an utterly-trivial exercise and actually cuts load since connection renegotiation frequency goes down enormously.

HomeDaemon did the first, until now.  It now has had the web code refactored to implement the second, which means that it is now very easy to add to the web backend a specific calling sequence that will output a table of units with locations, names, types and similar parameters followed by a stream of updates of status with one call that is nothing more than a glorified "GET" instance, and key it all off a given security level to match the user's privilege set.  Since SSL is in play the call (with authentication) and reply, plus the data stream that comes is secure.  And since the lifetime of a connection is now minutes where after the initial burst updates of status take just a few tens of bytes the overhead becomes extremely small -- which is fabulous both for data and power consumption on a handheld.

So there's no app for Android -- yet.  But the predicate for the back-end support for one is now 80% complete with the other 20% in process.  Yeah, implementing that was a five-alarm pain in the ass -- but now it's done.

After the back end is complete, along with the calling sequence, I'm going to teach myself how to write Android apps.

And yeah, somewhere between now and the endpoint of that the asking price is going to go way up for all the obvious reasons, so if you believe in the "MAGA" stuff and want to prove me wrong then get rich at the same time -- read this article again, then contact me.

View this entry with comments (opens new window)
 

2018-01-12 11:35 by Karl Denninger
in Small Business , 117 references
[Comments enabled]  

So what sort of practical applications does a HomeDaemon-MCP installation have -- and why would you, if you're a small business (perhaps in the homebuilder, HVAC, security or renovation space) want to buy the package and monetize it?

For the math on a plausible basis look here.

I want to focus right now, however, on the practical side of it -- the user experience side.

These are all things I'm doing right now in one way or another in my home.  If you've got a serious interest in acquiring the package I'll be more than happy to meet with you and show you -- from afar -- exactly what I'm talking about and how easy it really is.

  • You're at the bar, a half-hour from the house.  You'd like to use the hottub when you get home.  So you open the page (on your phone) and hit "Hottub On." You can see the current temperature of the water and a few minutes later you get a text message that the heater has been confirmed to be working; when you get home you pop right in.  Behind the scenes the system has reset the valves on your combined pool/hottub system, put your VFD-driven pool pump (which you have saved several hundred dollars a year in power by installing) on "high" for the hottub, and monitored the heater's temperature rise to make sure it ignited.

  • You get out of the hottub, having enjoyed several adult beverages, and forget to push the button to shut it off.  30 minutes later, sensing no movement in your Lanai, the system does it for you saving your a scadload of energy you would have otherwise wasted heating the water all through the overnight hours with nobody in it.

  • You have your laundry machines in the utility room.  You stick a load of laundry in the washer.  When the washer finishes the cycle the system notifies you that the load is complete via both announcement on the house's speakers (over which it can also play music) and via text message, just in case you happen to be out working in the yard or relaxing by your pool.  Contrast this with the washing machine down in the basement or in the utility room and it's "weak sauce" end-of-cycle buzzer you cannot hear.  Ever leave a wet load in the washer by accident overnight this way?  Yeah, that's disgusting..... 

  • You leave the house, getting in your car.  An hour later the house automatically adjusts down the A/C, saving your money, it texts you so that you know it went into the "secure" mode and in addition it starts monitoring the occupancy sensors to indicate not that someone is in a room but that someone may have broken in!  If it detects same it takes a picture through your webcams and sends it to your phone via email, and texts you immediately.  Instead of having a contract with a security company and getting fined by your local PD for false alarms if the sensors trigger you get to check it out and, if there really is a problem you can call the sheriff's department directly.  No more false alarm charges and a higher-level of security, plus good photographic evidence to use in prosecuting any actual burglar, is the result.  Oh, did I mention no "monthly fee" games from the security company either?

  • You get home later, and the system detects you coming in through the garage door; it shuts off the security and returns the A/C to its former setting.  The occupancy sensors go back to turning your lights on and off for you automatically, without any user intervention.  Just to make sure it really was you the system also sends you a brief text message so you know the house has turned off it's "secure" mode.

  • You aren't around for a weekend.  The system, being in "away" mode automatically, runs a reasonable simulation of an occupied dwelling, with a pattern of lighting suggesting someone is there -- during the evening hours only, of course.  When someone unexpectedly comes into the driveway the floodlights all around the home come on, perhaps providing a deterrent value should that be a burglar.

  • You have a room with two lighting switches but when one is on you really would like the other to be on or off at the same time -- and at the same brightness.  You declare these as "grouped" in the system; pressing the paddle on one (whether on, off or to change the dim level) causes the other(s) to automatically follow.  You can also "group" a switch (e.g. when you have a light on you want the ceiling fan to be on, and if you shut off the light then the fan should be shut off as well) with a dimmer circuit.

  • You go to bed, and push a button on your nightstand.  All the lights in the house go out and the HVAC system is adjusted to your preference for a more-comfortable sleep.  The outside perimeter motion sensors, should they be triggered during that overnight, will turn on the respective floodlights and, if motion is detected in your lanai, not only will all the lights be turned up fully there but a chime and announcement will sound inside.  Home invaders who think they'll catch you sleeping beware!

  • You wake up a couple of hours earlier than normal and decide you're going to get up, which is unusual for you.  You like to sleep in a cool house, so when you went to bed you had the system turn down the heat -- and it's February.  You reach over to the nightstand and press button "3" briefly (of 4 on the wireless remote you have velcro'd to the side of your nightstand.)  The thermostat on the other side of the house is immediately set to it's normal daytime level plus two degrees and your two-stage furnace comes on, quickly warming up the house.  In a few minutes, instead of getting out of bed in a 65 degree house and walking out to the thermostat to turn it up, you have a nice toasty room in which to work your way to the bathroom and your morning shower.  An hour later the thermostat resets back to the normal daytime temperature setting all on its own; no point in wasting energy keeping the house extra-warm for the rest of the day.

  • You have installed a "push button" deadbolt so your kid can come home from school without having to carry a key.  When you go to bed and everyone is home the keypad on the deadbolt is automatically disabled, so even if your kid is foolish enough to tell someone what the code is it's worthless to use in invading your home in the middle of the night.  In the morning the keypad is automatically re-enabled.

  • Your cleaning lady uses the code to get into the house.  You're reasonably ok with this because you can connect to your security cameras and see what's going on at any point in time, plus motion triggers them to take pictures.  The cleaning lady only comes on Wednesdays between 10:00 and Noon; the system sets that code at 9:45 AM on Wednesday and revokes it at 2:00 PM.  The rest of the time your kid can use his code to get into the house after school, but the cleaning lady's code is worthless.  Being in secure mode when she shows up you get a text, and another when she keys the code to lock the door on the way out.  If she doesn't use the code the second time to lock the door (she forgets when she's leaving) an hour after she leaves you get a text telling you the house has "re-armed" itself automatically and the door is locked -- on its own.

  • Your kid, like most, refuses to shut the lights off when he leaves a room.  The system automatically turns them on and off for him.

  • You want to watch a movie and would like the living room lights on, but at a very low level.  You push a button on your phone and they all change to "nightlight" level illumination, along with modifying the light level in the nearby hallway and kitchen on motion detected in the area so your movie doesn't get interrupted with bright lighting when your kid decides to come into the adjacent kitchen and get a soda from the fridge.
  • You want a very low level for the lights in your bathroom at 2:00 AM if you need to get up to pee, but in the evening you'd like a moderately higher level of lighting - and your wife wants to be able to crank it up when doing her makeup.  All automatic; if you get up to pee at 2:00 AM you get a "nightlight" level of illumination sufficient to make sure you don't try to sit down on an up toilet seat, but during the day and evening hours the level of illumination is altered appropriately.

None of this requires "programming" as you think of it.  The list of what to do and when to do them is controlled by a simple English-like language, similar to this:

[z Front Door Motion] triggered on
[v Night]
execute
cmd zset 50 Front Door Lights

Which says "if the front door motion detector just changed state to on and it's nighttime then set the front door lights to 50% brightness."

The system can handle, and will process, a nearly-unlimited number of conditions like this.

The best part of it is that other than for licensing restrictions (if whoever winds up owning this wishes to sell a time-limited right to use, much like Adobe does with their "Creative Suite") there is no connection required to any sort of "cloud resource" of any kind.  The system runs entirely independently, on the local device and yet maintains a security model that allows you, and only you and those you authorize, to access it via any web browser-capable device from anywhere.  Your phone, your tablet, the computer at your office, your laptop -- literally anywhere, all securely and under your exclusive control.  You can also define a number of access levels for that information so some people (e.g. your kid) can control things in his room but he can't screw with the light levels in your room.

Oh, and it all runs on a $35 computer without even getting it to breathe hard and boots off an SD-card, making it entirely power-fail safe.  Power consumption is roughly 5 (yes, five) watts.  Yank the cord and when you plug it back in it comes right back up as if nothing had happened.

Look to the right if the opportunity sounds juicy to you!

View this entry with comments (opens new window)
 

2018-01-08 12:49 by Karl Denninger
in Small Business , 123 references
[Comments enabled]  

Here's some more on the license server that was recently added to HomeDaemon-MCP.

One of the biggest issues that faces any software publisher today is piracy and security.  The two are intertwined; not only do you lose sales (maybe a lot of them) to piracy, but what's worse is that stolen copies of the code frequently have "special features" (viruses and similar nasties) added to them, and since most software installers run with privileges this is a huge problem since the user grants permission for the code to install.

If that happens to include a trojan, cryptolocker or other nasty the user is screwed.

HomeDaemon-MCP of courses faces the same challenge, were I to start distributing it or if someone buys it and starts distributing it.  The code also inherently uses cryptography via the OpenSSL library, which it must to (among other things) provide a SSL-protected web server so you can control and monitor your home without other people breaking in.

For those who haven't run a web server with a certificate before in order to have the little padlock show up on user's displays you must have both a certificate and key.  The certificate is public and anyone can retrieve it but the key must remain private.  In addition someone has to "vouch" for that certificate and key belonging to you as being actually yours, which is why there are companies that sell said certificate certification services (e.g. Comodo, Verisign, etc.)  The idea behind "public" certification authorities is that they allegedly actually vet who someone is (at some level, which depends on the service bought and paid for) and supposed are trustworthy (that is, they won't allow anyone to impersonate them and, for example, issue a bogus certificate.)  There's plenty of reason to believe the latter is definitely not true if the person doing the insisting on impersonation is a government agency, by the way (since a government can insist rather loudly including by locking people up or even shooting them if they refuse), but for ordinary brigands and thieves it's probably secure against such games.

In the realm of a private device there's no reason to pay for a public certificate though; you're not a business taking money from the random public. In that case the company that sells you the "thing" is, if trustworthy (and if not why did you give them money?) probably good enough.  However, the requirement for a certificate that is vouched for by someone you trust still exists or anyone can stick a random certificate that claims to identify your site "in the middle" and by doing so decode all the traffic and steal it -- including your password, at which point breaking in becomes pretty darn easy!

HomeDaemon-MCP has always allowed you to specify who is the "root" of that trust in the certificates it uses.  This is now part of what the license server provides.

In addition the certificate and key are also provided by the license server.  That is, formerly if someone stole (or "borrowed") your SD card they could trivially read the key file since it's physically there and virtually any computer can read an SD card -- suddenly your system is not secure any more.  That's because if the key file has a password on it (which would prevent its use, at least without a lot of resource to crack it, as it's encrypted) the software can't start on its own after a power failure because there's nobody present to put in the password.  This by the way is true for most web servers as well, which is why most of them in "ordinary" commerce rely on the physical security of the device rather than a password on the private key for the certificate in question.  This is mitigated by the fact that if your certificate is compromised (e.g. you learn someone may have stolen the key file) you can ask whoever issued it to revoke it and reissue a new certificate, which of course you'd do after generating a new key (and fixing however the old one got stolen.)  As a result the utility of stealing a key on a webserver is somewhat limited since the certificate it is linked to is easily marked compromised (in other words explicitly "do not trust this") and replaced.

What's been coded into HomeDaemon-MCP to effect the "boot up" is a pair of certificates -- that is, CA certificates to validate the connection to the license server.  There is both a root certificate (for which the key is stored on an offline piece of media in a safe and an "intermediate" certificate (which has its key available to sign regular certificates.)  This particular intermediate certificate signs only one server certificate -- for the license server.  Rather than read them from a file the system instead has them coded in the executable.  If these keys are stolen from the server side, that is, if whoever is running the license server itself has a security problem then you'd have to reissue all the keys anyway since you must assume they've all -- including the server's certificate and issuer certificate -- have been compromised.  As a result there's little downside to this approach; if such a breach occurs then the binaries would have to be recompiled and re-issued and until they are, the old ones would refuse to talk to the fixed license server with its new certificate chain.

In addition the server and client sides are both coded to insist on extremely high security connections; if a client tries to connect using something that can be replayed or is not sufficiently safe the server will refuse.

Now when the HomeDaemon-MCP code starts up it asynchronously starts to not only run as usual but also tries to acquire a license set.  It does so by sending a unique hardware ID, a user-specified password and cryptographic hashes of both the executable being run and the operating system kernel.

The server then validates all of this against its data, specifically:

  • Is the hardware ID known to the license server?  That is, did the user steal the software and is trying to use it on multiple (or an unauthorized) piece(s) of hardware?

  • Is the password correct?  That is, is the user's assertion of being the owner of the hardware in question reasonably "good"?

  • Is the executable's hash good?  That is, not only has it not been tampered with (essential) but is it an authorized revision (useful)?  This allows the license granter to, for example, only allow "free" updates for a certain period of time.

  • Is the kernel's hash good?  This is one the license granter may not care about, but on the other hand they may.  It provides the ability to gate support and operation to a list of known-good operating system kernels.  Since a tampered-with operating system is even more dangerous than a tampered executable this is arguably quite a good thing.  However, it is somewhat limited in that the overhead cost of real-time cryptographically checking every operating system component is extremely high, and thus that's not attempted.

  • Is the place the connection is coming from ok?  The current code doesn't check IP addresses against a white or black list, but there's no reason it can't since every connection has an endpoint and TCP connections will not work unless they are valid in both directions.  This doesn't stop someone from "bouncing" off another address but it can prevent someone from using a license in an area that the granter considers "prohibited" (e.g. Iran, China, etc.) without the user taking extraordinary steps.

If the server doesn't like any of the parameters passed to it then it simply shuts down the connection and goes away with no response at all.  The client code will keep trying a couple of times a minute.

If and only if it likes all of the parameters provided then it responds with an operational CA chain for the web and master server, the certificate and key for same, and, if the client is authorized to run as a slave node, the certificate and key for that (which is distinct from that used for the web server.)  All of this is sent over a PFS-encrypted channel and thus is useless if the raw data is captured and replayed even if you somehow manage to later steal the license server's private key.

The HomeDaemon-MCP code installs those credentials and as a result encrypted mode operation, including web access, immediately becomes functional.  A couple of times a day, or if the code is restarted (e.g. after a power failure) the same scenario repeats so if updates are made to the license data the new certificate(s) and key(s) will be loaded.

Since access to the web server functionality is pointless if there's no web access at all (e.g. no access to the Internet) the short delay during startup means nothing since you, as the user, can't get to the service until internet access is restored.  Because license acquisition takes place asynchronously event processing starts immediately and operates normally even if the server is unavailable for some period of time -- but you can't get into the system to manually control or monitor it as the web server (and master capability) is effectively non-functional, immediately closing any connection attempted as the system knows the security credentials are missing.

At no time is any of the returned data stored locally, and there's also no buffer space in which to stash it in the code; instead it is dynamically allocated as required and then immediately cleared when no longer needed.  Therefore if you were to force an attachment and RAM dump of the executable you might be able to recover the credentials, but the the amount of code-hacking you'd have to do to make that information usable in the binary would be quite severe.  The other alternative would be to hack the binary to disable secure-mode operation entirely.  However, if you managed to pull off not only killing the checks but also enabling the access without the credentials you would basically destroy any pretense of security in the application itself and thus render it not only worthless to the user but potentially quite dangerous since random people on the Internet could quite-trivially break in and/or steal your login and password!  In addition if the legitimate licensee figures out you did any of this with his certificate and key he can sign into the license sever's client side and request that the server revoke it.

As such this appears to be pretty good as a security model.  Nothing is perfect; all commercial applications suffer from some risk of hackery and this is no exception, but as applications go since access to the outside world is basically required and secure access to same is also required in order to make it safe hacking out the protection scheme, if violated through hacking on the binary, leaves you with a highly-compromised piece of code that nobody in their right mind would use to control anything.

The License Server code as it sits right now runs against a flat directory structure and doesn't check kernel and executable hashes, or against a Postgres database -- with the query process entirely configurable.  The latter is also multi-threaded making possible very high levels of performance.    What won't be included is the customer-facing front end that handles people setting up their accounts and paying, since that's highly specific to whatever sort of payment model and collection system (e.g. credit cards, PayPal, etc) you wish to use.  I can of course code something along those lines up for a price -- or you can, if there's not already an appropriate "cart-style" web application that fits your needs or that you already have.

As a reminder HomeDaemon-MCP is for sale "lock, stock and barrel" and in source form; my previous article on the potential market is here, and the page on some of the capabilities can be found here.  Finally, there's a not-yet filed provisional patent related to the code that, for obvious reasons, I won't be going into any sort of detail on but will file same before turning over anything that could lead you to figure it out.  Who knows what that's worth, and the acquiring party will be free to file the permanent application and pursue its perfection and issue, should they so choose.  It's entirely possible that patent is more than worth the asking price on its own, incidentally..... but of course as with all things of this sort nobody knows until it's filed and marketed.

Look to the right for contact information.

View this entry with comments (opens new window)