Is there any good news on Version 4? [Out now]

We're working hard to get it out by the end of March. We're almost there. This is a big, atypical release (because of all the things we needed to do). Future releases won't take as long.

Hi Wyatt,

We have purchased WyBuild today. Did not know that version 4 is coming in 2-3 days time.

Would we get Version 4 OR do we need to pay extra because of this mistake of purchasing two days in advance?

Please consider.

Thanks,Rahul

Hey Rahul,

We're talking about TurboActivate here (because we're in the LimeLM, TurboActivate, TurboFloat subforum). TurboActivate 4.0 is coming at the end of March.

The next version of wyBuild is coming near the end of this year. And if it's a "major version", customers who bought the minor version withing a reasonable timeframe of the "major version" will get a free upgrade.

Thanks for the clarification Wyatt. Appreciate it.

I like LimeLM and I like Wyatt, but I am sure I will never again trust Wyatt when he predicts a release date.

Sorry, I should communicate *potential* release dates better. When I say "TurboActivate 4.0 is coming at the end of March." I mean "TurboActivate 4.0 is coming at the end of March *barring no unforeseen complications in the rollout*".

We had an unforeseen complication that set us a week behind schedule. I'll be writing a blog post about it after the 4.0 rollout because it's an interesting technical problem.

Any updates on this? Are you any closer to having version 4 released?

Yes, we're on the cusp of the release. No hard date. ASAP.

The wait for version 4 is like infinite sum 1/2 + 1/4 + 1/8 + 1/16 which converges to two 🤣

🙂

Is there any chance the release will happen this week?

Yes, there's a high chance it will be released this week *barring no unforeseen problems*.

> Yes, there's a high chance it will be released this week *barring no> unforeseen problems*.

In other words, "no".

Trust me, we want to get version 4 out more than you realize. It's holding up a lot of other really cool stuff. But we're not going to release a crappy product. Given the choice of releasing a great version 4 later than we (and our customers) want and releasing a crappy version 4 on time, we're always going to release later than we want. Always. It's just how I run the company.

Now, I would prefer to release a great product on time. And we're working on getting processes up to ensure accurate time estimates and reduce feature creep.

> Given the choice of releasing a great version 4 later than we (and our customers) want and releasing a crappy version 4 on time, we're always going to release later than we want. Always. It's just how I run the company.

Then I suggest that you stop giving date estimates altogether. You've been releasing "this week", "this month", and "in a few days" for the past three months. Best-possible release dates, i.e. "barring no unforeseen consequences", are useless to us. It might behoove you to release a buggy product now, call it an open alpha, and work with your users to improve it, instead of continually giving them dates they can't depend on.

> It might behoove you to release a buggy> product now, call it an open alpha, and work with your users to improve it, instead> of continually giving them dates they can't depend on.

I do not know what kind of product you are selling - but integrating a buggy software protection software into OUR software would be the kiss of death for us... So WHO would want to integrate an alpha into his software???

Wyatt communicates the states "as is" - and if you cannot stand the uncertainty that the date communicated might shift simply don't read the forum. It's a super complex thing and I honestly admire Wyatt not for giving up or sacrificing quality. For every single developer who complains here about the communication and delays, 10 developers are like "yeah, he is right. Don't push out something that's not ready and as crucial as the software protection".

> So WHO would want to integrate an alpha into his software???

Someone who needs the features that 4.0 provides and is willing to accept some bugs in order to prepare for the general 4.0 release.

> Wyatt communicates the states "as is" - and if you cannot stand the> uncertainty that the date communicated might shift simply don't read the forum.

If Wyatt had been communicating the states "as is", there would be no problem. In fact, the dates he communicates are NOT as is. It is better to not communicate dates at all, rather than to constantly say something is coming in a few days, and then repeatedly not deliver.

Without a doubt my estimation of our release dates has been pretty far off with regards to the TA 4.0 release. Probably about 6 months off from when I anticipated we'd release 4.0.

As I've said before:

1. We're working on better processes to get better estimates. This is a work in progress.

2. This is not a typical "bug fix" or "minor feature addition" release. The addition of non-product key verified trials required a massive amount of work in TurboActivate and in our server infrastructure. And all of these things had to happen without downtime (because we're serving millions of devices worldwide, and even a few minutes of downtime is a huge pain in the ass).

3. Plus we significantly re-worked our fingerprinting algorithm to easily be the best in the industry.

So what is the *exact* date it will be released? I don't know. Soon. When it's done.

Will asking when it will be released every few weeks be helpful? No, not really. Not until we improve our time estimation processes. It's appreciated, truly, but at this point it's just a waste of time.

In the meantime, use TA 3.x. It's great. And when TA 4.x comes out you'll have an even better product with even stronger licensing.

Wyatt - don't feed the trolls, especially the gutless anonymous ones who obviously haven't availed themselves of the history of this conversation nor seem to understand the process of producing good software.

It's your company and I, for one, respect that you want to do things properly.

Carry on, I'll wait.

Is abuse necessary? Are you even aware of the irony of calling someone gutless on an online forum, something I rather doubt you'd do face to face?

Returning to the real issue. I understand the Guest's frustration, and don't see why his inability to register or login makes a difference to the discussion. I signed up for LimeLM near the end of last year, on the understanding that the new trial feature was just around the corner, in fact I had the distinct impression that it would be ready before I really needed it. That didn't happen and my software is now shipping without that feature. The continually missed (and blatantly unrealistic) time estimates are not encouraging.

And no, I am not "Guest".

CADbloke wrote:> Wyatt - don't feed the trolls, especially the gutless anonymous ones who> obviously haven't availed themselves of the history of this conversation> nor seem to understand the process of producing good software.

My name is John Byrd and I wrote the anonymously labelled post you are criticizing.

I'm sure you can dig up my rumand find out how many millions of copies of software have my code in them.

Wyatt, thank you for not predicting release dates until you can stand by them.

Ewen, if you have any opinions that you wish to express about me, you may call my desk directly at +1 (949) 892-3526.

Kudos John for not being the anonymous troll you appeared to be.

I understand your frustration at the the lateness of this new version but as one who has shipped to millions, you ought to know that "stuff happens", more-so when you aim high and at complex problems, particularly when you're not backed by a megacorporation quantity of project managers. You are entitled to your opinion as much as anyone (perhaps even more-so) but neither of us are entitled to the conduct we have both displayed. I apologise for my conduct and it will cease.

Returning to the real issue: Wyatt, good luck with that release, I hope it goes smoothly for you.

Because of the unverified trials, I'm still delaying the launch of a new product until V4 is released.

With V4, will anything change with the Fastspring integration? Can I set that up already or better wait?

Nope, the web API is unchanged. The FastSpring integration will work perfectly.

MarcoTC wrote:> Because of the unverified trials, I'm still delaying the launch of a new> product until V4 is released.> > With V4, will anything change with the Fastspring integration? Can I set> that up already or better wait?

I recommend you to launch it immediately. think the current version of limelm is good enough for the new launching program, but these guys 1 second is 1 month to their customers. You would wait for V4 forever. 👽

I'd love to but I cannot use unverified trials with the current version. :/

Any news about new version?

It's coming. We're wrapping up documentation writing and final testing. In the meantime use TA 3.x. When TA 4.x you'll be ready to go with no code modifications, or if you want new features, then minimal code modifications.

I guess the web api will stay the same right? My app relies on it.

The web API is not changing. New functions are being added, and additional paramters are being added to existing functions, but function calls that work now will continue to work when we make changes.

We always maintain backwards compatibility unless (a) there's a bug that people are using as a feature or (b) we need to break compatibility for security reasons.

Also, you should never use the web API directly from your application. Why? Because the API key is like a password to your account. And if you compile your app with the API key then everyone that downloads your app has access to the API key, and thus has direct access to your account.

Always use the web API only from servers and back-office systems over which you have full, absolute, control.

Hey Wyatt....You know a lot of us base our websites and careers on your software. Thanks for providing this.

Please be honest and let us know if Version 4 is REALLY coming. I don't want to stake more products on this, if you don't plan on continuing development. It's been promised a long, long time ago....

Please be honest.

I'd really hoped for the release this week. (Actually since november but ok)

I understand everything about developing, delays and 'it's done when it's done' but I don't understand why a hard date cannot be given when the last thing on the list is 'wrapping up the documentation'. And that remark was a week ago so it would be fair to assume that the release was this week right?

>> "Please be honest and let us know if Version 4 is REALLY coming."

Yes, it's really coming. We put a huge amount of time an money into the 4.0 release. It's great, and you're going to love it when we release it soon.

>> "but I don't understand why a hard date cannot be given when the last thing on the list is 'wrapping up the documentation'."

Because I also said final testing. That's not a small thing. Especially when we find edge cases that don't behave as expected.

>> "And that remark was a week ago so it would be fair to assume that the release was this week right?"

No, but it's very close to release. I'm not going to say which week. It will be released when it's done with blog post, updated documentation, and new code samples for all languages.

In the meantime use TA 3.x. There will be a 0-new lines of code upgrade options from TA 3.x to 4.x (to gain all the bug fixes of TA 4.x). And if you also want to use the new features of TA 4.x, there will be minimal code changes.

Short answer: use 3.x right now, it's pretty awesome. TA 4.0 will be out soon, and when it is you can use all of the great new features.

Would a safe bet be January 2017? It's hard to plan projects around something with no date. If not I'll have to move to iLok.

Any dates?

It's coming soon. We're doing tests, fixing last minute bugs, writing documentation.

In the meantime, use TA 3.x. It's great. When TA 4.0 is released, like I said above, there's a 0-new-lines-of-code upgrade option. And if you want to take advantage of the new features, then there are minimal changes needed.

I'm not going to commit to a date. Soon. Trust me, I want to get it out more than any of our customers. The delays have set back other projects.

Is there a reason you're not using TA 3.x?

> Is there a reason you're not using TA 3.x?

In my case, I cannot use TA 3.x because the dynamic-link version of TA can be trivially cracked by replacing the DLL, and a static-link version of TA 3.x does not exist for Visual Studio 2015.

johnwbyrd wrote:> In my case, I cannot use TA 3.x because the dynamic-link version of TA can be trivially> cracked by replacing the DLL, and a static-link version of TA 3.x does not exist> for Visual Studio 2015.

It is really not so much my business and I am not a LimeLM fanboy (maybe a little bit). But Wyatt explains (and after several years of consumer software we can really confirm that): every software can be cracked. And every software will be. Even if its free. It is probably easier for crackers to search the machine code of your applications for calls of the verification and replace them in machine code than to "fake" the LimeLM DLLs. You can link the libraries dynamically and check the Hash of the DLLs. But we linked them statically - and after 1.5 days cracks were available for our App...

To our experience you can stop "casual" privacy with LimeLM - and that is what Wyatt and his team promises. That means in essence: LimeLM helps you to make sure that every LEGIT license just gets used the LEGIT number of times. So you make sure that people who PAID for your application don't use it BEYOND what they paid for.

Every software protection invented by humans can be cracked by humans - I was once told by a chief software engineer of a corporation selling software that cost approximately a family home per installation...

However, what WE have been ignoring in the past (and what we are fixing right now) is how to deal with cracked software. I wrote my comments here:https://wyday.com/forum/t/2910/best-way-to-go-about-dealing-with-cracked-software/

Using a solution like LimeLM is the first pillar of a copyright protection strategy. Getting after the cracks and sending DMCA takedowns is the second one. I would say: if you get the first wrong, you lose 90-95% of revenue, if you get the second wrong you lose 20-30% of revenue. We are enforcing our copyright with Crack Tracker (http://cracktracker.net/) , Muso (www.muso.com) and Copyright Hero (http://copyrighthero.com/) and have been taking down hundreds of illegal pages and hundreds of file sharer links. We can see an increase in revenue - and there is less variance in our revenues as well. We also do some manual takedowns (which is tedious, but still). I would recommend you to get a dmca@yourdomain email. You will get plenty of emails in the process - and generally don't want those mails in your "regular" inbox.

LimeLM is an honest licensing solution - they don't promise you nonsense. But it is not enough to protect your IP only. You need to "track the crack" and take the crackers down. I would rather spend additional time on that (it is tedious) than making your implementation of LimeLM "overly sophisticated". I wish I had known earlier. But I cannot blame Wyatt - and there really is very little you find about this topic.

CheersJan.

Good informative post Jan.Thanks!

Good post Jan, thanks for sharing.

My software is B2B. I code-sign all the DLLs I build. I tell them if it isn't code-signed by me (or Wyatt or Microsoft) then it is definitely cracked and any viruses it inevitably has are their problem, so make sure you check the signatures and don't come whining to me if a cracked version hijacks your livelihood (I say it nicer than that...sometimes). Ditto - and especially - the MSI installer. I make a point of telling them to check things like the turboactivate.dll etc. as well.

I also offer 1:1 support for paying users. It's all about demonstrating the advantage of paying for the genuine article. Anyone who doesn't give a damn about cryptolocker was never going to pay for your software anyway, consider it free advertising / marketing.

You need code in your app to check that that DLL is authentic: Signature certainly, but you can also check date, size, CRC etc. Then you could be reasonably sure it hasn't been replaced.

That said, as soon as the thought occurred that you could replace the DLL, curiosity overcame me viz whether another app I have access to had remembered to do this check (Simplify3D, which I now recognize as using LimeLM activation). Generating a new DLL with all the same API is not hard, in fact it was trivial: popped the new DLL in the Simplify3D folder, ran it and got "one or more software components have been corrupted" - damn, I guess they remembered to check. 😀

Jan wrote:> LimeLM is an honest licensing solution - they don't promise you nonsense. But it is> not enough to protect your IP only. You need to "track the crack" and take> the crackers down. I would rather spend additional time on that (it is tedious) than> making your implementation of LimeLM "overly sophisticated".

Cryptographically checking the integrity of a DLL is not "overly sophisticated." It should be built into the functionality of any copy protection system. PACE does this. WIBU does this. Even Mac and PC operating systems do this.

Well ok, but this check can't be integrated into the DLL if that is what you were suggesting. Asking the DLL to verify itself would of course be worthless.

We released TurboActivate 4.0 last week. You can get it here: https://wyday.com/limelm/api/#turboactivate

Here's the blog post about it: https://wyday.com/blog/2016/turboactivate-turbofloat-4-0-released-no-click-verified-trials-improved-fingerprinting-and-much-more/

Hello,

4.0 looks great, especially the new verified trial system.

I had a question though - how does the fingerprinting work with virtual machines? What if somebody uses a VM, activate the trial, and then disconnects the VM from internet ? I know this is an unlikely scenario but i'd like to know if there is something in place that prevents that to some extent (i.e., can we exclude all VMs from verified trial activation?)

Thank you!

Well, the problem with VMs is not that they can be disconnected from the internet (every device can be disconnected from the internet: real or virtual). The problem with VMs is that they can be cloned bit-for-bit: https://wyday.com/limelm/help/vm-hypervisor-licensing/

So, as always, you have the choice of whether you want activations and trials to happen in virtual machines. This is controlled through both the interface in LimeLM (check or uncheck "Allow VM activations"), and in your app you can use TA_DISALLOW_VM flag with TA_UseTrial().

Let me know if that helps.

It did, thank you very much 🙂