It’s a nonsensical scenario. WHY would some intruder do this, when
he
can already do whatever he wants with the system? And if he has only
user-level access, he won’t be able to change any correctly installed
program, no matter what language it’s written in.
Even if the Ruby program could be encrypted or obfuscated, they could
just modify the Ruby interpreter itself to do whatever it is they want
to do. There just isn’t a solution, even with compiled languages. Like
I said before, even using a compiled language or obfuscation, all you’ve
done is raise the bar a little.
Even that’s not effective. ROM dumps are not difficult to obtain, ROM
chips are not difficult to replace with flash chips or even an interface
to your PC. You also can’t really do that with a Ruby program either.
The only semi-effective way I’ve seen to do this is with gaming
consoles. The Xbox will only run signed code. This is problematic
though, only people with the correct keys can produce code that will run
on the Xbox (which Microsoft charges large sums of money for) and it was
still cracked (at least the first Xbox was).
and changes some function in the code which is exposed in the
distributed application and not in the source code which is open.
Complaints may be in the form of bugs. In this case the user will
complain for some other reason. Pardon me if i am wrong in sense
You’re not wrong. You’re just approaching the problem the wrong
way. If a hacker has access to someone’s computer, there is nothing an
application programmer can do about it - if an application could do
something about that, that would only create more problems (for
instance, your solution would basically mean that not even root would
be able to (un)install programs).
Can we stop using Hacker to describe computer criminals? The two
aren’t (necessarily) related.
On Fri, Aug 29, 2008 at 9:38 AM, Michael M. [email protected]
wrote:
this “debate” has been going on since the early 90’s (or before?), it’s just
never going to end so there’s no point in even talking about it anymore.
“Hacker” has two meanings, just be conscious of that fact.
Sure, if you’re going on the daily news. I’m suggesting you do
exactly the same and be conscious of the fact that on a mailing list
full of free software hackers, the usage to refer to computer
criminals is somewhat offensive. It’s all about context.
Can we stop using Hacker to describe computer criminals? The two
aren’t (necessarily) related. Hacker culture - Wikipedia
-greg
Like it or not, that’s what it means now. In fact, using its true
meaning only confuses 99% of the population and can lead to
misunderstandings. If this “debate” has been going on since the early
90’s (or before?), it’s just never going to end so there’s no point in
even talking about it anymore. “Hacker” has two meanings, just be
conscious of that fact.
Thank you for your reply. What i am telling is if if a hacker accesses
be able to (un)install programs).
Can we stop using Hacker to describe computer criminals? The two
aren’t (necessarily) related. Hacker culture - Wikipedia
It really sucks that the word got hijacked, and I never use it that
way. This happens to a lot of technical and paratechnical (is that
word?) words. Lately I’ve been hearing “blog” used to mean something
vaguely like “email” or “feedback comment” (“Send us a blog…”). And
of course there’s “logon” instead of “connect”.
On Friday 29 August 2008 08:59 am, Michael M. wrote:
Another approach to the problem is to strictly separate code from data
(and
store all variables and the like separate from the code), then put the
code
into ROM or similar.
Randy K.
Even that’s not effective. ROM dumps are not difficult to obtain, ROM
chips are not difficult to replace with flash chips or even an interface
to your PC. You also can’t really do that with a Ruby program either.
Well, you’re write–I guess what I should have qualified it by saying
something about without physical access to your hardware, which I assume
would be the case for cases of online/remote cracking (to avoid use of
the
word “hacking”).
The only semi-effective way I’ve seen to do this is with gaming
consoles. The Xbox will only run signed code. This is problematic
though, only people with the correct keys can produce code that will run
on the Xbox (which Microsoft charges large sums of money for) and it was
still cracked (at least the first Xbox was).
I hadn’t thought of that, but with good encryption, it sounds fairly
effective
(ignoring the drawback you point out).