Monday, June 29, 2009

Want a Signed Driver?

Yeah, you know you want it... A signed driver... So you don't need to jump through any of the hoops necessary to get unsigned drivers (like what PeerBlock - and PeerGuardian 2 before it - require to run) to load under recent versions of Windows.

What does it take to get an official signed driver? One thing, really:

MONEY

Looks like there are only two places on the planet from which you can buy code-signing certificates that will instruct Windows that it's okay to load a driver. One of them costs $500/year, the other is $230/year. (Possibly plus taxes/VAT, I'm not yet sure.) To get to that point, we're going to need to all pitch in together!

After looking further into the matter, they will not sell code-signing certificates to individuals, only "registered organizations". This appears to mean that I'll need to setup an LLC or something before being "allowed" to purchase the code-signing certificate for us . . . at an additional cost of about $200 here in the state of New York in which I live. So our target goal is not the $230 I'd originally assumed, but more like $430. We're still over halfway to that larger value now, so will get there, it's just going to take a bit more time.

So to start things off, I've signed up at sourceforge.net to accept donations. All money we initially collect will be pooled up until we have enough for one of these driver-signing certificates; anything over and above that will be used for better hosting for the project, and/or some additional PeerBlock-related ideas I have. Depending on how the cash flow ends up looking, money will also be set aside for future years' code-signing certificates; the $230+ payment only allows you to sign that driver for one year from the date of purchase, although anything we sign within that time will remain signed even after the certificate expires.



So click that little "Donate" image above, and let's see what we can do to get that signed driver! Donate as much as you feel comfortable with: the cost of a beer, the cost of a pizza, the cost of a CD, or a movie, or a videogame . . . even a single dollar will help to aid The Cause.

Status: As of 9/23/09, we've raised enough money to purchase our code-signing certificate (and all the company-registration stuff required to get to that point), and have in fact released a version that includes a signed-driver: PeerBlock r162 Interim Release! While we've talked this all over the rest of our site(s), I just noticed that I hadn't updated this post with our current status for awhile - figured I should do that. We are still collecting donations in the hopes that we will be able to afford to rent a VPS server which would hopefully support a "real" online-updating system, and in less than 12 months we'll need to purchase another $230 code-signing certificate, so rest assured that your donation will still be used for a good cause.

Thanks for your support!

        ---  Mark  ---

---
Edited to try a new direct-to-PayPal Donate button, so as to not require you to have a sourceforge.net account to be able to donate. Here's the sourceforge.net one in case you'd rather do it that way:

Support This Project
---
Edited 7/24/09 to reflect the fact that it turns out we'll need to register as a company before being allowed to purchase a code-signing certificate.
---
Edited 8/5/09 to include a "Status" line, showing how much we have in our driver-signing fund.

18 comments:

  1. How about putting up a dial to show how much money has been donated so far in total? Can't wait for a signed driver!! Hope my donation helps :)

    ReplyDelete
  2. Thanks for the donation, Praeses! It is most certainly appreciated, and moves us that much closer to having an honest-to-God signed driver.

    Good idea of creating a dial or something to show how close we are to that signed driver. I'll look into that. For what it's worth, after SourceForge/PayPal have taken their fees, we're up to $41.31. We're getting there...!

    Thanks again,

    --- Mark ---

    ReplyDelete
  3. $41.31 ain't a bad start! Wonder if we could get phoenix labs to help? A signed driver is essential :)

    ReplyDelete
  4. Getting VERY close now... Up to $218.29!

    ...

    Unfortunately, as I was just looking into what additional taxes/fees we'd need to pay, I discovered that it looks as though they won't sell code-signing certificates to individuals, only to "registered organizations" - meaning I'm going to need to setup a company of some sort to get through the approval process . . . which will require an additional fee. Looks like that fee is around $200 in the state of New York, so we're not quite as close as I'd thought.

    Bummer.

    Soooo, keep those donations coming in. The goal's not out of reach, just a bit farther out than I'd originally anticipated. We'll get there...

    --- Mark ---

    ReplyDelete
  5. So register in another state or have someone else register for you. It's cheap in Michigan, for example. Recruit some help with that -- it's the easy part.

    ReplyDelete
  6. After consulting with my lawyer - who also just so happens to be my wife, so whose advice is very difficult to ignore - having someone else create the company for me really isn't a good idea.

    One of the important parts of registering a company is that you need to have a registered address in that state for legal filings to be delivered to. I wouldn't expect to receive much as far as that goes, but the scary thing is that my receiving those notices would be completely beyond my control. What happens if the person moves and forgets to tell me so I can update the company's registration? Or, God forbid, gets hit by a bus or something? And with my name on the paperwork, I would be legally liable for all of that stuff, regardless of whether or not I actually received anything. That's a LOT of trust to place on someone else, and is not something I'm willing to do.

    There are companies who will handle this stuff for you, but you need to pay them a yearly fee . . . which would render this whole "cheaper way to do it" thing pointless, unless you're a "real" company with a huge revenue stream and there are significant tax advantages to incorporating in whatever state. Which means not for us.

    So, I think it's better to just wait a little extra time until we can get the extra money together. We're getting close, it won't be too long now...

    ReplyDelete
  7. hrmm...I guess I still have a blogspot account after all. Keep up good work!

    ReplyDelete
  8. Update? :)
    And how much do we need exactly?

    ReplyDelete
  9. I've been keeping the main peerblock.com site up-to-date with the current totals, but you're right - it would be a good idea to keep this post updated as well. Just added a "Status" paragraph which I'll update as new donations come in.

    Still not entirely sure as to exactly how much this will all cost, will be better prepared to answer that question once the "company registration" paperwork goes through. I'm in the process of handling that right now, should theoretically receive notice that we're all legal 'n' stuff in a week or so.

    ReplyDelete
  10. Is Peer Block endorsed by the developers of Peerguardian? Whats the relationship?

    Also, why is phoenixlabs.org down?

    Thanks,

    Des.

    ReplyDelete
  11. No, PeerBlock has no affiliation with the original PeerGuardian developers. To be honest with you, after trying to get PG2 working with Windows 7 I just became immensely frustrated, noticed that the code was open-source and since no code changes had been made in nearly two years decided to fix it myself. A couple other people started helping out, and we find ourselves now at a point where our code is actually pretty stable. And that's our story, to-date. =;)

    Don't know why phoenixlabs.org was down for much of this weekend, though it appears to be back up now. We (PeerBlock) experienced a fairly significant (for us) surge of traffic this weekend after being featured on e.g. lifehacker.com, it's possible that the additional strain of 10,000 new downloads of lists from their servers (and/or related traffic from people wanting to check up on the status of PG2 after reading about PeerBlock) broke them - I would think that's a drop in the bucket compared to the number of PG2 users updating on a daily basis, but obviously don't know for sure. Either way we're switching to iblocklist.com-hosted lists for the next release of PeerBlock, so their downtime shouldn't adversely affect us as much in the future.

    ReplyDelete
  12. Great news about the donations! :)

    ReplyDelete
  13. Hi there,

    why not using StartCom SSL as CA?

    They offer cheap SSL certificates, even for code signing!

    For details look here: http://www.startssl.com and here: http://adblockplus.org/blog/adblockplusorg-now-with-ssl-protection

    regards,

    iNsuRRecTiON

    ReplyDelete
  14. The problem with these "cheap code-signing certificates" is that they don't work for kernel-mode drivers. Microsoft in their infinite wisdom only accepted a limited number of companies as these "Trusted Root Certificates". Originally there were 6 companies on the list, but as of now only two of them are still selling code-signing certificates. For more details, see (http://www.microsoft.com/whdc/winlogo/drvsign/crosscert.mspx).

    The only way to make use of one of these cheaper certs to sign kernel-mode drivers is apparently to get the user to install that root certificate on their machine as a Trusted Root Certificate. This is actually a quite major security risk - I personally would not trust software that asked me to do this in order to run it. And especially since PeerBlock's whole point of existence is security, I don't think this would be a good fit for us.

    We are in the middle of getting that driver-signing certificate, it should only be a matter of time now. It does look like it's going to end up costing us significantly more than I thought, especially to finish our "company registration" process, but people have been continuing to contribute donations so hopefully I won't end up needing to pay for too much out-of-pocket.

    ReplyDelete
  15. Hi,

    too bad. Sorry to hear this. -.-

    But thanks for your explanation.

    regards,

    iNsuRRecTiON

    ReplyDelete
  16. I donated! Update on total?

    ReplyDelete
  17. HI Guys, Just downloading the Signed Version now, find my donation any second through paypal, thanks again. There is $5 extra in there for a couple of beers :D

    ReplyDelete