"Wyatt Says..." is a collection of articles by Wyatt O'Day talking about wyDay products and the things we've learned along the way.
We’ve just released TurboActivate 4.0 and TurboFloat 4.0. With these new releases comes some huge improvements and features. Read on for details, or if you want to jump right in, get them on your API page; it’s free for all LimeLM customers (whether you’re on the free plan or one of our paying plans).
Probably the biggest visible feature of this release is the new verified trials functionality in TurboActivate. This means you can offer trials to your users that are verified with our servers, cryptographically-signed, and locked to that machine, all without having to give your customers a product key ahead of time.
What this means is that a potential customer can download your trial software from your website, and begin using the trial immediately. All of the “magic” of starting the trial for the machine, and making sure customer changes to the machine don’t “reset” the trial, are handled by TurboActivate and our proprietary computer-fingerprinting algorithm.
With our new no-click verified trials in TurboActivate 4.0, there’s no need to collect email addresses of customers. They can just start your app and TurboActivate & LimeLM will work behind the scenes to start (or resume) the trial of your app.
Another feature about our new no-click verified trials is the fact that the customer can’t reset them. Even if the customer completely wiped their hard drive, re-installed their operating system, and re-installed your app, the proprietary hardware-fingerprint algorithm in TurboActivate & LimeLM knows that the computer has already started the trial, and the user will continue exactly where they left off.
There are no limits to how many times you can extend the trials for potential customers.
One of the benefits of this new no-click verified trial system is the ability to track in real-time who is trying your app, how long they used the trial, and how many people are trying it.
All of the plans now have a verified trial limit based on the assumption that about 5% of trial users convert to be paying users. For example, the “Solo plan” (the $11/month plan) has a 300 activation limit, and a new 6,000 verified trial limit (meaning 6,000 different computers or devices can use the verified trial of your app).
Our hardware fingerprinting technology has gone through 4 major iterations (and countless minor iterations) over the past decade. This latest iteration is our best by far (and is a major leap over our last iteration). We’ve eliminated all known real-computer fingerprint false-positives and false-negatives on Windows, Mac OS X, and Linux.
We’ve put a lot of work and testing in this latest iteration to make sure your customers have a great experience using your app.
In previous versions of TurboActivate only a single thread in your app could use the library functions. Now any thread in your app can use the TurboActivate functions and TurboActivate internally handles the access controls.
All of our products now completely support IPv6, all while maintaining full compatibility with IPv4. This means you can use TurboActivate, TurboFloat, and LimeLM in any environment and know it “just works”.
TurboActivate and TurboFloat work with any programming language or scripting language. But we like to write example apps and help articles to speed along our customers’ development. The two newest examples added to the list are for TurboFloat: Delphi (7 and newer) and VBA (Visual Basic for Applications) for Windows and Mac OS X.
We dedicate a lot of time making online activation as fast as possible for the end-user. This means if we can trim off a millisecond here or a millisecond there we will. And we’ve been doing that steadily over the past year, making the speed of the activation about twice as fast as it was this time last year.
Also, we’ve significantly improved our throughput capability (meaning we can handle many, many more activations and verified trials per-second).
This is by no means the end of the line. We have a ton of speedups coming over the next year. The faster we make the activation and verified trials processes the happier your customers will be.
In addition to all of the new cool features, we’ve been chipping away at bugs. See the following links for a full list of features and fixes:
This year we’re making a whole slew of improvements to every one of our products. And we’ll be rolling them steadily. The next big update is coming to the LimeLM web interface. It’s old, it’s ugly, and it desperately needs some love. So that’s what we’re going to focus 100% of our concentration on over the coming months. And instead of rolling it out in one “big update”, we’ll roll it out gradually.
On Windows, if a customer disabled a network adapter it would force them to re-activate. Now it just acts as a “fuzzy change”. In the upcoming TurboActivate 4.0, the fingerprinting algorithm has been vastly improved to reduce all known false-positives and false-negatives. This is not that improvement.
On Windows (and some unconfirmed Mac OS X reports) in some regions of the world TurboActivate failed to contact the activation servers even if there was nothing locally (on the computer or LAN) blocking the connection. This has been fixed by back-porting the vast amount of networking improvements back from TurboActivate 4.0.
This bug was a result of an ISP-level configuration error that effected a chunk of customers in Australia and New Zealand.
All communication with the activation servers now happens over HTTPS on port 443. This prevents system administrators or any middle-men from inserting junk into reponses to/from the servers. Previously sensitive information was encrypted, but the data was transmitted over HTTP under most circumstances.
Included XCode project for the C example (1 project for dynamic linkage, another for static linkage)
The past 24 hours have been pretty eventful. We’ve undergone 2 pretty nasty DDoS attacks (and another half-hearted DDoS attack) on our servers. And as a result we had about 2 hours of downtime.
And for this I’m truly sorry.
The good news is we’re back up and running now. If you’re having trouble accessing your LimeLM accounts (or even just accessing wyDay.com in general) then make sure you do the following:
Make sure your network is not caching old DNS entries. Our IP addresses have been swapped out and we’re now behind CloudFlare. If you try to access wyday.com using an old IP address nothing will happen.
Make sure you’re not hard-coding IP addresses to a whitelist. Never do this. Always use the DNS servers. Our IP addresses have changed in the past, they’ll change again in the future. I guarantee it.
A DDoS is an acronym for “distributed denial of service”. Or, in plain English, it means someone with a grudge wanted to throw a whole bunch of traffic at our servers so that no one else could access our servers.
A DDoS is not a hack. No data was accessed; our servers remain secure.
The long and short of it is that DDoS attacks are a blunt, ultimately harmless, weapon used by small-minded people.
The 2 big things we’ve done is:
Swap out our old IP addresses.
Put our servers behind CloudFlare.
This means that the brunt of future attacks will be handled by CloudFlare. Meaning more uptime for us (and less angry customers calling you).
In addition to everything we’ve done to successfully stop this DDoS attack, we’re also going to further improve our backend so that there is never any 1 “point of failure”. Before these latest attacks there was 1 “point-of-failure” in that all traffic was being routed through a single IP address.
So, even though we have several servers spread across the United States doing the hard work of processing activations, verified trials, API requests, and everything else that LimeLM does, all traffic had a common “entry point” in our systems. This was a mistake and didn’t account for the cynical nature of the Internet.
In the coming weeks we’re going to add several new entry-points world-wide so that if a subsequent DDoS attack effects us at all it will last minutes rather than an hour (because all we’ll have to do is “flip a switch” and legitimate traffic will be routed through new entry points, while the attacked entry-point will be shutdown).
TurboActivate and TurboFloat 4.0 are almost out. We’re just finishing 2 last-minute bug fixes, and then going through one last round of testing. These are significant releases that we’re very proud of. I’ll post a long detailed blog post when they’re released.
The announcement blog post will also talk about the infrastructure improvements we’ve already done.
– Wyatt O’Day
Founder & CEO of wyDay