A general doubt

If I am developing a Windows application in Ruby using FxRuby or WxRuby,
compile and create the executable, will i need ruby in another computer
in order to run the standalone application? Sorry if my question is so
silly.

Rock R. wrote:

If I am developing a Windows application in Ruby using FxRuby or WxRuby,
compile and create the executable, will i need ruby in another computer
in order to run the standalone application? Sorry if my question is so
silly.

It’s not silly, it’s a genuine concern. Having users install Ruby and a
handful of libraries just to run your program is a concern, especially
if they’re not computer savvy. Giving them a standalone exe will be
much better.

I’ve never done this on Ruby, but I have with a few Perl programs.
There were some programs like “perl to exe” that would bundle your Perl
programs, any required libraries, etc with a perl interpreter into a
self-extracting exe. You simply ran the exe to run the program. A
quick google tells me something like this exists for Ruby:

http://www.erikveen.dds.nl/rubyscript2exe/

But I’m sure someone here has done this and can give you some more
specific advice.

On 8/28/08, Michael M. [email protected] wrote:

something like this exists for Ruby:

http://www.erikveen.dds.nl/rubyscript2exe/

But I’m sure someone here has done this and can give you some more specific
advice.

I have used rubyscript2exe with FxRuby, and it works fine. (Startup
can be a little slow, as it unpacks a bunch of stuff to a temporary
directory, but after that it works great.)

-Adam

Adam S. wrote:

On 8/28/08, Michael M. [email protected] wrote:

something like this exists for Ruby:

http://www.erikveen.dds.nl/rubyscript2exe/

But I’m sure someone here has done this and can give you some more specific
advice.

I have used rubyscript2exe with FxRuby, and it works fine. (Startup
can be a little slow, as it unpacks a bunch of stuff to a temporary
directory, but after that it works great.)

-Adam

but,what if I don’t want the end-user to be able to see the source code
of the script ?

On Thu, Aug 28, 2008 at 8:03 PM, Lex W. [email protected] wrote:

but,what if I don’t want the end-user to be able to see the source code
of the script ?

You might try to obscure the code, but it will be still available in
the Application Data folder of the user. I don’t believe much in
obfuscation.
Another way would be to develop in JRuby and compile it. I am not sure
if there will be class files or rb files(Anyone else?)
I just got started with JRuby and Swing with Monkeybars[1] and Rawr.
You can find some great screencasts on their site.

[1] http://monkeybars.rubyforge.org/

Lex W. wrote:

Adam S. wrote:

On 8/28/08, Michael M. [email protected] wrote:

something like this exists for Ruby:

http://www.erikveen.dds.nl/rubyscript2exe/

But I’m sure someone here has done this and can give you some more specific
advice.

I have used rubyscript2exe with FxRuby, and it works fine. (Startup
can be a little slow, as it unpacks a bunch of stuff to a temporary
directory, but after that it works great.)

-Adam

but,what if I don’t want the end-user to be able to see the source code
of the script ?

Ya. I too have doubt in the expose of .rb files to the end user.

I installed Weft-Qda( www.pressure.to/qda/ ) which is s qualitative
analysis software application which is built using ruby. After
installation i saw the .rb files inside the installation directory. They
could be easily changed by the user or if any hacker gets access to the
user’s computer…

Rock R. wrote:

user’s computer…
Weft QDA’s an open-source product aimed at end-users so the fact that
the source is accessible in the installation directory of the source
isn’t a problem.

Even with a compiled product, if the user starts tinkering with the
program’s files in C:/Program Files/ they might expect trouble, and if a
hacker has access to their local file system, they’ve got more to worry
about in general …

It would be nice in some circumstances to properly obscure the ruby
source, but RubyScript2Exe definitely isn’t it. It solves other problems
quite well though, even though for Weft QDA I’ve moved away from using
it.

alex

Lex W. wrote:

can be a little slow, as it unpacks a bunch of stuff to a temporary
directory, but after that it works great.)

-Adam

but,what if I don’t want the end-user to be able to see the source code
of the script ?

You can’t really do that, the best you can do is obfuscation. Even
then, a skilled person can de-obfuscate the code or otherwise reverse
engineer it. All you do is raise the bar a little bit, you don’t
prevent anyone from doing anything.

Strictly speaking, all software is open source. You cannot hide the
source code to your application, only translate it into something less
human readable. Also, in almost all cases, preventing someone from
reading the code in the first place is a useless endeavor. Only where
something like trade secrets and industrial espionage is a factor does
hiding your source code make sense.

Lex W. wrote:

can be a little slow, as it unpacks a bunch of stuff to a temporary
directory, but after that it works great.)

Rubyscript2exe is an easy and pretty effective solution for both wxRuby
and FxRuby. It’s not perfect though, startup time being one of the
problems as the whole package gets bigger.

For more complicated applications, you can instead package up ruby.exe,
the compiled ruby runtime and all the needed .rb files (you can find
this out by inspecting $LOADED_FEATURES) and then using something like
NSIS to install this minimal environment on the end user’s machine.

but,what if I don’t want the end-user to be able to see the source code
of the script ?

Neither rubyscript2exe nor the other method I describe provide any
protection. Ruby remains an interpreted and highly dynamic language so
it’s difficult to find any very effective scheme to distribute without
source.

Perhaps the nearest you can get at the moment with MRI is to use 1.9 and
its RubyVM classes to distribute code as opcodes.

There may be more options available with JRuby, but of course FXRuby and
WxRuby aren’t available there; you’ll need to use SWING etc for the GUI.

alex

Michael M. wrote:

You can’t really do that, the best you can do is obfuscation. Even
then, a skilled person can de-obfuscate the code or otherwise reverse
engineer it. All you do is raise the bar a little bit, you don’t
prevent anyone from doing anything.

Strictly speaking, all software is open source. You cannot hide the
source code to your application, only translate it into something less
human readable. Also, in almost all cases, preventing someone from
reading the code in the first place is a useless endeavor. Only where
something like trade secrets and industrial espionage is a factor does
hiding your source code make sense.

Thank you. But when a hacker who knows the internals of the software
gets access to the software in an End user’s computer, and if he changes
the code after getting root access wont that harm the user’s computer
and when he knows that the software is damaged or causing some trouble
wont he blame the makers

Rock R. [email protected] writes:

[ some question regarding ruby ]

  1. A doubt is not the same as a question. You’re probably not a native
    speaker but this common mistake is getting on my nerves lately (and
    you made it twice in the subject of some recent threads).

  2. If you want more answers to your questions, please spent a little
    more time describing the question in the subject of your post. For
    this thread, something like “Do I need a ruby interpreter installed to
    run a compiled ruby program?” would be very clear.

Cheers,
Joost.

Rock R. wrote:

reading the code in the first place is a useless endeavor. Only where
something like trade secrets and industrial espionage is a factor does
hiding your source code make sense.

Thank you. But when a hacker who knows the internals of the software
gets access to the software in an End user’s computer, and if he changes
the code after getting root access wont that harm the user’s computer
and when he knows that the software is damaged or causing some trouble
wont he blame the makers

If a “hacker” has write access to your end user’s files (including the
program you gave them), they can change it however they want. There’s
nothing you can do there. There are some methods involving
cryptographically signed binaries and such, but there are always way
around it.

Like I said before, there isn’t much you can do about things like this.
This is also not a problem unique to Ruby, all computer code suffers
from this “problem.”

Thomas W. wrote:

On Thu, Aug 28, 2008 at 8:03 PM, Lex W. [email protected] wrote:

but,what if I don’t want the end-user to be able to see the source code
of the script ?

You might try to obscure the code, but it will be still available in
the Application Data folder of the user. I don’t believe much in
obfuscation.
Another way would be to develop in JRuby and compile it. I am not sure
if there will be class files or rb files(Anyone else?)

I’ve a fork of rawr while I work on adding .rb-to-.class → jar behavior
so that you can pre-compile the ruby files as .class files, all bundled
into a jar.

http://gitorious.org/projects/rawr/repos/jamesbritts-clone

When it’s working and tested it will get rolled in rawr proper.


James B.

www.happycamperstudios.com - Wicked Cool Coding
www.jamesbritt.com - Playing with Better Toys
www.ruby-doc.org - Ruby Help & Documentation
www.rubystuff.com - The Ruby Store for Ruby Stuff

Rock R. [email protected] writes:

Thank you. But when a hacker who knows the internals of the software
gets access to the software in an End user’s computer, and if he changes
the code after getting root access wont that harm the user’s computer
and when he knows that the software is damaged or causing some trouble
wont he blame the makers

Are you seriously suggesting that generic application software should
be able to withstand someone with root (and probably physical) access
to the machine it’s running on for the purposes of keeping the
original author free from user complaints?

Joost D. wrote:

Are you seriously suggesting that generic application software should
be able to withstand someone with root (and probably physical) access
to the machine it’s running on for the purposes of keeping the
original author free from user complaints?

Thank you for your reply. What i am telling is if if a hacker accesses
and changes some function in the code which is exposed in the
distributed application and not in the source code which is open.
Complaints may be in the form of bugs. In this case the user will
complain for some other reason. Pardon me if i am wrong in sense

Rock R. wrote:

If I am developing a Windows application in Ruby using FxRuby or WxRuby,
compile and create the executable, will i need ruby in another computer
in order to run the standalone application? Sorry if my question is so
silly.

If you don’t want people to see your source code, and you want your app
to run on any Windows PC, you’ll have to use a fully compiled language
like C/C++ to produce .exe files.

Even .exe files can be reverse engineered, but it’s a difficult job to
reconstruct sensible source code from them.

Dave

Rock R. [email protected] writes:

Complaints may be in the form of bugs. In this case the user will
complain for some other reason. Pardon me if i am wrong in sense

You’re not wrong. You’re just approaching the problem the wrong
way. If a hacker has access to someone’s computer, there is nothing an
application programmer can do about it - if an application could do
something about that, that would only create more problems (for
instance, your solution would basically mean that not even root would
be able to (un)install programs).

And the user will have a lot more problems on his hands anyway if some
uninvited person has access to his machine.

Dave B. wrote:

Rock R. wrote:

If I am developing a Windows application in Ruby using FxRuby or WxRuby,
compile and create the executable, will i need ruby in another computer
in order to run the standalone application? Sorry if my question is so
silly.

If you don’t want people to see your source code, and you want your app
to run on any Windows PC, you’ll have to use a fully compiled language
like C/C++ to produce .exe files.

Even .exe files can be reverse engineered, but it’s a difficult job to
reconstruct sensible source code from them.

Dave

100% I agree with you. It is true. But my points are

  1. The hacker know about my application already and he had played with
    it in his PC.
  2. When he accesses another PC he founds that the user also uses the
    same application.
  3. Now he changes the code which is in .rb format.
  4. I believe the hacker won’t think of re-engineering the compiled code
    or the .exe one for 99% of times.
  5. If it is .rb it will be easier for him to do.
  6. The java executable would be .class files which are compiled and
    harder to read by human unless re-engineered.

So is there anything available in the case for .rb files?

Rock R. [email protected] writes:

  1. When he accesses another PC he founds that the user also uses the
    same application.
  2. Now he changes the code which is in .rb format.

It’s a nonsensical scenario. WHY would some intruder do this, when he
can already do whatever he wants with the system? And if he has only
user-level access, he won’t be able to change any correctly installed
program, no matter what language it’s written in.

  1. I believe the hacker won’t think of re-engineering the compiled code
    or the .exe one for 99% of times.
  2. If it is .rb it will be easier for him to do.
  3. The java executable would be .class files which are compiled and
    harder to read by human unless re-engineered.

java programs are actually pretty trivial to decompile.

So is there anything available in the case for .rb files?

file permissions.

On Friday 29 August 2008 06:41 am, Michael M. wrote:

If a “hacker” has write access to your end user’s files (including the
program you gave them), they can change it however they want. There’s
nothing you can do there. There are some methods involving
cryptographically signed binaries and such, but there are always way
around it.

Another approach to the problem is to strictly separate code from data
(and
store all variables and the like separate from the code), then put the
code
into ROM or similar.

Randy K.