Posted By Mike Ash on October 16th, 2007
One of the professional hazards of being a programmer is the cold sweat which comes when you suddenly realize that some code you’ve written has a terrible bug. It’s worse when you realize that the bug has already been there for months.
A few months ago I set out to redo our license key system. The old system (RASN) generated a single unique license key based on the name of the purchaser. This had the potential to cause problems when two (or more) people with the same name purchased our software, as they would each receive the same license key.
For the new system (RASN2), we decided to add a unique number to each code to make it different from others generated for the same name. However we didn’t want to make our codes any longer, so I had to cram more information into the same space. RASN used hexadecimal, a 16-digit number system using the digits 0-9 and the letters A-F. By adding in the rest of the alphabet, then eliminating letters and numbers which are easily confused, such as 0 (zero) and O (oh), RASN2 was able to have 27 different digits. This opened up enough room to squeeze in a short unique number next to the rest of the license data. We started using the new system a few months ago and it has worked well for us, well enough that nothing user-facing changed.
A sample license key
The cold-sweat moment came the other day as I was entering a license key into a copy of Fission. The way some of the letters lined up almost looked like a word, how funny. Hey, you could even get a whole license code made up of four-letter words. Four. letter. words. Oh. S—!
Then I thought, this can’t be that bad. After all, the chances of generating some bad word at random must be really low. But I ran the numbers anyway just to be sure. It turns out that the chances of a random license containing the word F— is actually one in 65,000. That’s pretty common, and it’s even worse if you count instances split between two groups with a dash in the middle. And of course there are several bad words we can generate, and these odds apply to each one separately.
It turns out that one day in the not-too-distant future, our random number generator gets filthy. On that day, one out of every 128 licenses generated will start with the F-bomb.
Once I recognized the problem, the solution was easy. We built a list of inappropriate words (a list Paul referred to as “my favorite list ever”) and now check the code portion of each key against the list before sending it out. If there’s a match, we generate a new code automatically. This was quickly put in place and new purchasers can be assured that their license code will never tell them to F***-THIS-S***. Problem solved.
This could also be a marketing opportunity for us as well. Would you pay an extra $2.99 for a vanity code, containing your favorite four-letter word? We think there are enough depraved individuals out there that this could be the latest in upselling innovation! Some day, perhaps. Some day.