none
Option on user interface for trial software RRS feed

  • Question

  • I'm writing a code sample which is responsible for all aspects of managing trial software. What I'm looking for is an opinion on the user interface for when a user wants to activate an application which is managed by the trial software library.

    The basics, the user is provided a registration/serial-number e.g.

    FF7B-5170-5833-4C93-AD82-F636-13B9

    They enter the serial-number into TextBox controls. As they enter the serial number as each segment is entered they are moved to the next TextBox along with continually validating against a valid serial-number. If they enter a valid serial-number the "Registration" button is enabled and has focus set to the "Registration" button.

    So with that, any opinions on the look-feel of the dialog? I kept it simple, nothing fancy on purpose.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.
    VB Forums - moderator
    profile for Karen Payne on Stack Exchange, a network of free, community-driven Q&A sites

    Sunday, October 22, 2017 12:11 AM
    Moderator

All replies

  • To me "Close" was confusing.  Perhaps it should be "Cancel"?

    What does it look like if invalid data is entered?

    • Edited by RLWA32 Sunday, October 22, 2017 3:07 AM added question
    Sunday, October 22, 2017 2:58 AM
  • Simple took most of the fun out.

    I did away with the close?

    The description can also show any other messages.

    :)

    Sunday, October 22, 2017 4:57 AM
  • To me "Close" was confusing.  Perhaps it should be "Cancel"?

    What does it look like if invalid data is entered?

    Yes it should be Cancel. In regards to what does it look like with invalid data, the Register button does not become enabled, similar to other software registratons I've seen.

    Please remember to mark the replies as answers if they help and unmark them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.
    VB Forums - moderator
    profile for Karen Payne on Stack Exchange, a network of free, community-driven Q&A sites

    Sunday, October 22, 2017 7:06 AM
    Moderator
  • Simple took most of the fun out.

    I did away with the close?

    The description can also show any other messages.

    :)

    Thanks Tommy

    Please remember to mark the replies as answers if they help and unmark them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.
    VB Forums - moderator
    profile for Karen Payne on Stack Exchange, a network of free, community-driven Q&A sites

    Sunday, October 22, 2017 7:07 AM
    Moderator
  • To me "Close" was confusing.  Perhaps it should be "Cancel"?

    What does it look like if invalid data is entered?

    Yes it should be Cancel. In regards to what does it look like with invalid data, the Register button does not become enabled, similar to other software registratons I've seen.

    In addition to leaving the Register button disabled is there any other feedback provided to the user for invalid data?  A red X instead of a green check check?  Text advising that the serial number is invalid or otherwise malformed?

    Merely leaving the Register button disabled may seem obvious to us as an indicator of bad input.  But without any other feedback I can imagine a frustrated user wondering why the Register button remained disabled when they thought they entered a perfectly good serial number.  Or maybe my imagination is overactive.  :)

    Sunday, October 22, 2017 11:00 AM
  • To me "Close" was confusing.  Perhaps it should be "Cancel"?

    What does it look like if invalid data is entered?

    Yes it should be Cancel. In regards to what does it look like with invalid data, the Register button does not become enabled, similar to other software registratons I've seen.

    In addition to leaving the Register button disabled is there any other feedback provided to the user for invalid data?  A red X instead of a green check check?  Text advising that the serial number is invalid or otherwise malformed?

    Merely leaving the Register button disabled may seem obvious to us as an indicator of bad input.  But without any other feedback I can imagine a frustrated user wondering why the Register button remained disabled when they thought they entered a perfectly good serial number.  Or maybe my imagination is overactive.  :)

    Whomever downloads this code sample may add this if they care too as I suspect some will do while others will not, it all a matter of who implements this library.

    Please remember to mark the replies as answers if they help and unmark them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.
    VB Forums - moderator
    profile for Karen Payne on Stack Exchange, a network of free, community-driven Q&A sites

    Sunday, October 22, 2017 11:30 AM
    Moderator
  • Something I forgot to say is that the level of protection used should be related to what one is protecting.

    So we really need several versions. One is "good enough" which will stop the average user from copying the software. That is something like what, 90 percent of the users? And this costs 1 percent of the sales to implement.

    Then there is "very good" takes it to 99 percent for 10 percent.

    And do we need a "best" lets call it? 99.99 percent for 50 percent of the profits?

    JUst examples I made up to make the point. One need to balance what is being protected.

    BTW, what I need is to have a web site that something can be implemented on. Such that the customer places a secure order, and an email is sent with the unique number or however. I can work out something to do that in vb but I am stopped with implementing it on a web site. Anything that requires programming a web site response is beyond my ability (possibly my hosted web sites ability) and I think most others ability.

    Sunday, October 22, 2017 12:35 PM
  •  Being that you would usually send the key to someone in an email,  i really like the option of copy/paste for the key.  That could be done by overriding the paste message sent to the textboxes but,  that would require checking if they are pasting a 4 digit part of the key or if they are trying to paste the whole key.  So,  for me, i would just leave that alone or just disable the copy/paste of the textboxes and just use a button as shown below.

     The user could then have the ease of just copying the key from their email and pressing the button on the registration dialog to enter the key in.

     You can just parse the text in the clipboard to make sure it is in a valid format and that it has the correct amount of parts with the correct length in each part of the key.

     

     I would not warn the user of a valid/invalid key as they are typing each character or 4 digit part.  That would only assist a hacker in testing each letter/number to see if it is valid or not as they enter it/them.  It would be pretty quick and easy to crack the key then.  8)

     


    If you say it can`t be done then i`ll try it

    • Edited by IronRazerz Sunday, October 22, 2017 1:11 PM
    Sunday, October 22, 2017 12:48 PM
  •  I would not warn the user of a valid/invalid key as they are typing each character or 4 digit part.  That would only assist a hacker in testing each letter/number to see if it is valid or not as they enter it/them.  It would be pretty quick and easy to crack the key then.  8)

    Yes I was thinking that too.

    Then I just thought about how to secure the email? The security code is unprotected like sending a credit card in email? Is that a problem?

    Never stops...



    PS Another thing one can do is impair the function of the demo. My application saves a data file and in the demo the code will only save up to 60 new data points and then stop. That is the motive to purchase. So the demo is fully functional except for the limit. The customer can still use it to test but not to use.

    With coding a demo limit into the demo application code the hacker needs to modify the .exe which most users cant do. Then add obfussification etc. May not even need a time limit for the demo.

    Of course this requires a demo version of the app and a real version.

    And on and on...


    Sunday, October 22, 2017 1:05 PM
  • Yes I was thinking that too.

    Then I just thought about how to secure the email? The security code is unprotected like sending a credit card in email? Is that a problem?

    Never stops...


     Any software i ever had to register,  including VS itself,  they send the key in an email so,  i'm not sure what security that would require.  I would say that a credit card number is a little bit different of a ballgame.  As we all know though,  if your software is actually good enough that people want to hack it,  they will,  with or without a key.   8)

    If you say it can`t be done then i`ll try it

    Sunday, October 22, 2017 1:21 PM
  • Thanks for your thoughts. Okay, regarding varying levels of protection, that is beyond the scope of this thread but will say that what I have is unbreakable against the average to slightly advance computer user while it was not designed to protect against a determined hacker. When people visit the code sample page this will be listed up front along with me advocating to them, if you expected to make a decent income off their software then purchase third party protection.

    Side note:  Years ago I knew a hacker who traversed an application which has coded in assembler. They spent hours reading binary code until they hit a pattern which strayed from the other code. They (and I can’t tell you how they knew) edited the binary code, inserted an NOOP to jump the code (which he figured was a third-party protection library) which completely bypassed the protection and opened up the software as registered.

    In regards to implementing a web base implementation, our team only develop for the web (and have a very good flow of dollars to implement things) where Azure and B2C form the base for login and to secure operations. Our agency hires professional hackers that perform deep penetration test against all of our software and firewalls (and all that go with them). Using professional hackers is the best way to find issues with protection and intrusions. If my trial software went against these hackers it would fail and I know that when first thinking about writing the code samples.

    Bottom line is I wrote stories and task before even writing one line of code. Once the coding started things changed and evolved using agile programming but still know that it’s crack able.

    The entire point of the code sample is two-fold, to give developers “something” with the understanding that it’s not perfect and secondly to convince some to seek out professional grade libraries.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.
    VB Forums - moderator
    profile for Karen Payne on Stack Exchange, a network of free, community-driven Q&A sites

    Sunday, October 22, 2017 1:24 PM
    Moderator
  • The entire point of the code sample is two-fold, to give developers “something” with the understanding that it’s not perfect and secondly to convince some to seek out professional grade libraries.

    Sure.

    Just talking for those that have not thought about all the possibilities... and why there are limits to what one can and should do depending on the software and etc.

    That is part of what is needed IMHO, the instructions.

    Sunday, October 22, 2017 1:31 PM
  • Hi Iron,

    • I agree not to warn the user of invalid keys which is how I implemented this other than enabling the register button.
    • In regards to the clipboard, there is no paste from clipboard button but the instructions tell them if they copy the serial number provided to them and paste it into the first TextBox my code has logic to break up the segments, insert them into each TextBox and validate. If the validation fails (and this is my choice) the registration button is not enabled. Sure I could be more friendly yet at the same time one thing about the library is to give developers the freedom to modify the code to fit into their flow of code logic.

      What gave me the idea for the clipboard was that Symantec remoted into my computer several years ago when I could not get a serial number to validate. The person who remoted in (I did ask them "how did you do that?) and pasted my serial number into the first TextBox and it auto-populated the other TextBox segments. I have also seen applications which accepted serial numbers from the command line. So there are so many ways to implement things and will reiterate that this is open to permit a developer to tweak code to suit their needs.

    Please remember to mark the replies as answers if they help and unmark them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.
    VB Forums - moderator
    profile for Karen Payne on Stack Exchange, a network of free, community-driven Q&A sites

    Sunday, October 22, 2017 1:34 PM
    Moderator
  • Karen,

     Yes,  i understand that this is just for a good example or class that you are working on (as usual).  I just figured i would mention my thoughts on showing the user of valid/invalid parts of the key as the user enters them.  It would just make it too easy for a low level hacker by doing that.  Maybe that is not what you are doing though,  it was not clear if the green check appears after the full key was entered or if it appears as it validates valid characters.  8)


    If you say it can`t be done then i`ll try it

    Sunday, October 22, 2017 1:43 PM
  • In regards to Visual Studio keys via email, they have changed things up yet when I installed VS 2015 I did not do this as instructed below (yet another changed) but instead got the key online.

    yes the image below is small but if you open it in a new tab as Chrome offers you can see the full size image.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.
    VB Forums - moderator
    profile for Karen Payne on Stack Exchange, a network of free, community-driven Q&A sites


    Sunday, October 22, 2017 1:45 PM
    Moderator
  • Iron,

    The green check only appears once the keys are entered with valid keys. Personally I would forego the checkbox but did this so a developer could use it or not use it (if not using it simply remove it form the form).

    From my experience of writing code samples, 109 at this point in time on many of these code samples users will thank me for providing "options" on how to implement something rather than give a code sample that is rigid.

    Again, thanks for your thoughts :-)  


    Please remember to mark the replies as answers if they help and unmark them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.
    VB Forums - moderator
    profile for Karen Payne on Stack Exchange, a network of free, community-driven Q&A sites

    Sunday, October 22, 2017 1:51 PM
    Moderator
  • As far as protecting against hacking attempts goes I don't believe that there is a significant difference between overtly warning that an entered key is invalid (after all components have been input) and just leaving the Register button disabled.  The hacker will realize that another attempt is necessary. 

    Forgive me for belaboring the point, but an ordinary user without malicious intent might still benefit from more feedback.

    Sunday, October 22, 2017 1:54 PM
  • The entire point of the code sample is two-fold, to give developers “something” with the understanding that it’s not perfect and secondly to convince some to seek out professional grade libraries.

    Sure.

    Just talking for those that have not thought about all the possibilities... and why there are limits to what one can and should do depending on the software and etc.

    That is part of what is needed IMHO, the instructions.

    I'm providing a step-by-step document with instructions along with sample implementation of using the library. Documentation indicates up front (and this of course will be an issue with some) that the minimum Framework is 4.6.1 but with changes to several parts of the library it will work with say 4.5 while lower versions of the Framework will be harder to implement. Very similar to an Excel code sample and a SQL-Server code sample I wrote this year. I always get this out up front so a developer does not waste time only to find out that their available Framework will not cut it.

    The majority of my code samples are usually done in hours or a day while this one I'm looking at a week's worth of time to complete it. Currently half way through it.  Outside of the validation there are so many parts and as I move forward each completed part is fully tested.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.
    VB Forums - moderator
    profile for Karen Payne on Stack Exchange, a network of free, community-driven Q&A sites

    Sunday, October 22, 2017 2:00 PM
    Moderator
  • Hi Kareninstructor,

    Anything update? Can you share the results for us to learn?

    Best Regards,

    Cherry


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, October 31, 2017 8:40 AM
    Moderator
  • Hi Kareninstructor,

    Anything update? Can you share the results for us to learn?

    Best Regards,

    Cherry


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Best thing I can say is, I will share the link to the MSDN code sample when the code sample has been published. Currently I'm at about 95% done, just need to find time to complete it as I easily get side track to other things like driving my sports car with a local club.

    Please remember to mark the replies as answers if they help and unmark them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.
    VB Forums - moderator
    profile for Karen Payne on Stack Exchange, a network of free, community-driven Q&A sites

    Tuesday, October 31, 2017 10:46 AM
    Moderator