How to protect your code? Obfuscater?

I just made a rails application that I plan to sell and dsitribute. I
want to distribute it without having to worry about someone stealing the
code and selling their own version. How do I do this? Is there a ruby
obfuscator or anything that can keep someone from seeing the code?

Thanks for your help.

I don’t think anybody but script kiddies bother with such stuff. And
AFAIK obfuscation isn’t much of a hurdle. Now a lawyer and the law
OTOH…
And is Rails code really that hard to figure out anyway?

Joe

Only way I know how at the moment is to take vital parts of the
software and write in C and use it to extend ruby. It’s nasty but
works.

On 8/3/06, Ben J. [email protected] wrote:

Rails mailing list
[email protected]
http://lists.rubyonrails.org/mailman/listinfo/rails

Joe wrote:

I don’t think anybody but script kiddies bother with such stuff. And
AFAIK obfuscation isn’t much of a hurdle. Now a lawyer and the law
OTOH…
And is Rails code really that hard to figure out anyway?

Joe

I don’t really understand what you are saying here. I’m about to sell a
piece of software to multiple companies and gross 6 figures a month. I
do not want people to steal it. I can’t afford to be naive and assume
people won’t steal the code.

Does anyone have any idea besides rewriting some of the code in c?

On Fri, Aug 04, 2006 at 12:05:17AM +0200, Ben J. wrote:

I just made a rails application that I plan to sell and dsitribute. I
want to distribute it without having to worry about someone stealing the
code and selling their own version. How do I do this? Is there a ruby
obfuscator or anything that can keep someone from seeing the code?

It’s been discussed a bunch of times before; search the list archives.

  • Matt

Matthew P. wrote:

On Fri, Aug 04, 2006 at 12:05:17AM +0200, Ben J. wrote:

I just made a rails application that I plan to sell and dsitribute. I
want to distribute it without having to worry about someone stealing the
code and selling their own version. How do I do this? Is there a ruby
obfuscator or anything that can keep someone from seeing the code?

It’s been discussed a bunch of times before; search the list archives.

  • Matt

Where? The search is disabled on the forums.

On Aug 3, 2006, at 6:05 PM, Ben J. wrote:

I just made a rails application that I plan to sell and dsitribute. I
want to distribute it without having to worry about someone
stealing the
code and selling their own version. How do I do this? Is there a ruby
obfuscator or anything that can keep someone from seeing the code?

Thanks for your help.

You may want to investigate ZenObfuscate: http://blog.zenspider.com/
archives/2006/07/zenobfuscate_no.html
But last I heard it doesn’t work with rails. But as Joe said, you’re
best recourse is probably licensing and threat of legal action.
-Mat

On 8/3/06, Ben J. [email protected] wrote:

Does anyone have any idea besides rewriting some of the code in c?

Change the business model so you sell it as hosted service.


Austin G.
Thinking & Making: IA, UX, and IxD
http://thinkingandmaking.com
[email protected]

On Fri, Aug 04, 2006 at 04:18:22AM +0200, Ben J. wrote:

do not want people to steal it. I can’t afford to be naive and assume
people won’t steal the code.

Charging rent on your secret bits is a terrible business model. No
matter
how you protect the code, someone can just reimplement the functionality
and
you’re toast.

Does anyone have any idea besides rewriting some of the code in c?

A strong licence, and something to catch out the terminally stupid, like
some code that e-mails you every time it gets installed on a machine
that
doesn’t have some file somewhere. That way you can at least see if
someone
lets it out into the wild. If you know where it’s gone, you can round
it up
and sue the person to solve the problem.

Don’t try going all interesting in the protection scheme – anyone
clueful
enough to get through your basic protection is going to be equally good
at
chomping through whatever else you might dream up. Technical solutions
to
social problems never work, and copyright infringement is a social
problem.

Also, don’t stop the user from using the software. If you do that,
you’ll
encourage people to “fix” the problem. Just get the software to let you
know and then bring down the legal LARTs of doom.

  • Matt

Interpreted languages are a poor choice to use for software you plan to
sell.

The fact is that I can decompile Java or .Net code just as easily with
Reflector or JavaDecompiler.

http://members.fortunecity.com/neshkov/dj.html (Java)

and

http://www.aisto.com/roeder/dotnet/ (.Net)

I’d be more worried about people stealing your idea and implementing
that… there’s more of that going on than anything else.

In my opinion, you need to either host it yourself, or have a nice
license
contract that you and your client sign… not just something they
accept…
and YOU go and install it yourself at their location.

On Fri, Aug 04, 2006, Ben J. wrote:

Where? The search is disabled on the forums.

It’s a mailing list; ruby-forum is just a gateway to it. Try Gmane
(http://news.gmane.org/gmane.comp.lang.ruby.rails) or any of a number of
other online archives of the list.

Ben

Ben J. wrote:

Joe wrote:

I don’t think anybody but script kiddies bother with such stuff. And
AFAIK obfuscation isn’t much of a hurdle. Now a lawyer and the law
OTOH…
And is Rails code really that hard to figure out anyway?

Joe

I don’t really understand what you are saying here. I’m about to sell a
piece of software to multiple companies and gross 6 figures a month. I
do not want people to steal it. I can’t afford to be naive and assume
people won’t steal the code.

Does anyone have any idea besides rewriting some of the code in c?

Six figures a month?!? Wow, what’s the software?!?

People will figure out how to steal your software/code, but nobody but a
fool would try to sell it as their own or use stolen software in their
business. For those that do, it’s important to establish your precedent

  • shareware developers used to mail themselves a disk containing their
    software. And unless your software has amazing new algorithms that do
    something revolutionary, no software is impossible to figure out and
    reimplement from scratch.

Joe

Thanks a lot for everyone’s help. I just wanted something more than a
license to stand between my code and a programmer that wants to steal
it, but I guess you are all right, there’s not much I can do except
decide to host it myself. Although our company does have a very good
lawyer so it wouldn’t be too hard enforcing the license.

I have never tried it, and it looks like (from the title) its for
windows, but this type of thing seems more promising to me than an
obfuscator.

http://www.erikveen.dds.nl/rubyscript2exe/index.html

On a side note, a VC funded company recently released there downloadable
ruby/rails based software. Most of the code is just sitting there for
you to see, they protect it with a pretty aggresive license. They did a
speedbump style protection for their controller code by base64 encoding
the files and then zipping them. Like I said, a speedbump.

Ben J. wrote:

Thanks a lot for everyone’s help. I just wanted something more than a
license to stand between my code and a programmer that wants to steal
it, but I guess you are all right, there’s not much I can do except
decide to host it myself. Although our company does have a very good
lawyer so it wouldn’t be too hard enforcing the license.

So what’s your software dude?

Joe

Joe wrote:

Ben J. wrote:

Thanks a lot for everyone’s help. I just wanted something more than a
license to stand between my code and a programmer that wants to steal
it, but I guess you are all right, there’s not much I can do except
decide to host it myself. Although our company does have a very good
lawyer so it wouldn’t be too hard enforcing the license.

So what’s your software dude?

Joe

Ha ha. I’m sorry but that is not something I can share, but I must say
that I’d still be programming if I hadn’t of programmed it in rails.
Rails kicks some major ass and this program really proves that rails can
handle just about anything, basically any type of program that plans on
having a web based interface.

I would be interested in some type of obfuscator also, although for a
different reason. If you are trying to keep people from stealing your
code, obfuscating is not the answer.

I have a situation where I’m implementing a proprietary protocol.
It’s not exactly difficult to get ahold of, but contractual terms keep
me from distributing unobfuscated source. I personally don’t care if
someone gets access to the source, because it would be easier to get
the protocol specs from the owner ($100 + sign the same contract I
did). Being able to obfuscate the source would let me write the code
in ruby instead of say Python, Java, or C.

On Thu, Aug 03, 2006 at 09:43:23PM -0700, snacktime wrote:

I have a situation where I’m implementing a proprietary protocol.
It’s not exactly difficult to get ahold of, but contractual terms keep
me from distributing unobfuscated source. I personally don’t care if
someone gets access to the source, because it would be easier to get
the protocol specs from the owner ($100 + sign the same contract I
did). Being able to obfuscate the source would let me write the code
in ruby instead of say Python, Java, or C.

Obviously the definition of “obfuscate” for this contract is pretty
poor,
because at least Python and Java are pretty trivial to reverse engineer.

  • Matt

Ben J. wrote:

I don’t really understand what you are saying here. I’m about to sell a
piece of software to multiple companies and gross 6 figures a month. I
do not want people to steal it. I can’t afford to be naive and assume
people won’t steal the code.

Uh, didn’t you look into this before you even started?

On 8/3/06, Matthew P. [email protected] wrote:

because at least Python and Java are pretty trivial to reverse engineer.
It’s the protocol for Vital, one of the larger card processing
networks. All of them are like this. It’s more about control then
anything, and it’s not the people who could decipher the source that
they are worried about anyways. It’s the hundreds of
merchants/developers that could easily change the source and introduce
bugs if the source was easy to get at.
But the no source clause is just an extra thing that pales in
comparison to the NDA:)

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs