John J. wrote:

You get paid for your skills.

Not necessarily … you get paid for delivering value, not for how you
delivered it.

If you’re worried about job security, just
write code that works in a bad style (think really ugly style Perl)

That’s incredibly bad advice IMHO. The last thing you want to do is
write code you can’t instantly understand yourself after being in a coma
for six months.

Ryan D. has an excellent Ruby obfuscator for sale, which proves
there’s a market for something that will allow you to read your code
and prevent others from reading it easily.

On Oct 9, 2007, at 2:05 PM, Eric H. wrote:

with that in mind.

Still, I ask, why obfuscate at all? If it is for security reasons,
there are better solutions.
You get paid for your skills. If you’re worried about job security,
just write code that works in a bad style (think really ugly style Perl)

From: “John J.” [email protected]

Still, I ask, why obfuscate at all? If it is for security reasons,
there are better solutions.

Most commercial desktop software I’ve installed in the last
decade requires some sort of serial number or registration key
to be provided to activate the software.

Increasingly, such programs also seem to be requiring an internet
connection, before becoming fully registered, so that the key
provided may be verified to be authentic and not in promiscuous
use.

Of course, people who really want to crack the software, and
people who really want to use cracked versions of the software
will do so regardless.

I think the head of a company that develops both games and
application software summed it up well in this interview:

http://www.gamespot.com/pc/strategy/galacticcivilizations2/news.html?sid=6145864&cpage=1

“Any copy protection system, in my opinion, should be focused on
trying to increase sales–not stop piracy. The two aren’t the
same. Most people who pirate a software product would never have
purchased it. It’s pointless to waste time on those people. The
people to focus on are the ones who might have bought your product
or service but chose not to because it was easier to pirate it.”

Thus, their company opted not to include game-like copy protection
measures in their game (like requiring the CD in the drive), but
did use application-like registration key measures, and added
incentives like only allowing product updates to be downloaded to
registered versions.

Now…

What would happen if one released an un-obfuscated Ruby application,
and included typical application registration/activation logic in
the program, and added comments in the source code, like:

Check registration. PLEASE DON’T REMOVE THIS, THANKS.

WE ARE A SMALL COMPANY AND HOPE THAT YOU WILL BUY OUR

SOFTWARE IF YOU LIKE IT.

app.check_valid_registration

I’m not trying to be coy by suggesting the above; I’m actually
wondering if it might work out OK. Since most users aren’t
programmers, they likely wouldn’t think to check the source to
remove the registration box. And the ones who would go looking
for a warez version would have been able to do so regardless of
whether your source was obfuscated or not.

If I have the courage, I may try this someday.

Regards,

Bill

On Oct 9, 2007, at 13:08 , mortee wrote:

However, the argument still applies that (at least in its current
state)
it can’t handle some of the constructs that make it worthwile
coding in
Ruby, and which most probably appear at many places in any Ruby
code not
written directly in C coding style. So it still seems to be true
that if
one codes against your software’s requirements, she looses the main
advantages Ruby provides.

I can’t vouch for your code, but it took me less than 15 minutes to
convert our original client’s code over to a form that obfuscated
just fine. IMO, the readability of the code was not compromised. They
were able to maintain it in such a form and ship their IP as an
obfuscated binary. Maybe that doesn’t work for you. I dunno.

What if you were to make all classes, methods, and variables more or the
less the same name with only case variations? What if you were to write
it as if you were a lawyer in legalspeak?

Ryan D. wrote:

I can’t vouch for your code, but it took me less than 15 minutes to
convert our original client’s code over to a form that obfuscated just
fine. IMO, the readability of the code was not compromised. They were
able to maintain it in such a form and ship their IP as an obfuscated
binary. Maybe that doesn’t work for you. I dunno.

Well, OK. I haven’t tried the software myself, obviously, so I’m not
writing out of experience. And I may be misunderstanding something.

However, the website states, among other things:

“Exception handling and generic block closures currently don’t
translate.”

To me, this means that you can’t use code blocks passed to functions -
which makes any iterators unusable. I’m not sure however whether I
understand this right - that’s why I wrote in my first post to this
thread: “please correct me if I’m overly wrong”.

mortee

On 10/9/07, M. Edward (Ed) Borasky [email protected] wrote:

John J. wrote:

You get paid for your skills.

Not necessarily … you get paid for delivering value, not for how you
delivered it.

Some people think it’s all about how it’s delivered (which I happen to
be incredibly bad at).

If you’re worried about job security, just
write code that works in a bad style (think really ugly style Perl)

That’s incredibly bad advice IMHO. The last thing you want to do is
write code you can’t instantly understand yourself after being in a coma
for six months.

I agree, but then what about meta-programming?

Ryan D. has an excellent Ruby obfuscator for sale, which proves
there’s a market for something that will allow you to read your code
and prevent others from reading it easily.

I’m pretty much convinced that code obfuscation is not a good option
for anyone. But, it can – and will continue to – be done. I will
look at various tools and maybe change my mind. I think I still won’t
understand the “real” economic reason behind such a thing.

Todd

Todd B. wrote:

I’m pretty much convinced that code obfuscation is not a good option
for anyone. But, it can – and will continue to – be done. I will
look at various tools and maybe change my mind. I think I still won’t
understand the “real” economic reason behind such a thing.

It’s pretty simple, as has already been mentioned: to raise the bar. If
you provide the source, then it’ll require anyone with some basic
programming skills to circumvent product protection. If you employ
various methods to make it unreadable, it’ll require much more skills to
do it.

The whole point is to make cracking more inconvenient than having to pay
for it. It doesn’t have to be actually bulletproof (as it won’t ever
be): good enough is good enough.

mortee

On 10/10/07, mortee [email protected] wrote:

do it.

The whole point is to make cracking more inconvenient than having to pay
for it. It doesn’t have to be actually bulletproof (as it won’t ever
be): good enough is good enough.

mortee

I’m not sure. I just care about self-interest getting out of control.
That’s about it.

You say it’s pretty simple. I think it’s pretty complicated. But,
we’re talking about things that are unrelated to the ruby-talk forum,
so we may be booted?!

Cracking is always going to happen, and it sucks. But I guess I hold
on to the idea (recently) that economically it doesn’t help someone to
be scared. It hurts more than hinders.

Todd

On Oct 9, 2007, at 11:51 PM, Bill K. wrote:

Increasingly, such programs also seem to be requiring an internet

Thus, their company opted not to include game-like copy protection

Check registration. PLEASE DON’T REMOVE THIS, THANKS.

If I have the courage, I may try this someday.

Regards,

Bill

bingo!

Todd B. wrote:

If you’re worried about job security, just
write code that works in a bad style (think really ugly style Perl)
That’s incredibly bad advice IMHO. The last thing you want to do is
write code you can’t instantly understand yourself after being in a coma
for six months.

I agree, but then what about meta-programming?

Personally I think meta-programming and DSLs are over-rated. As frequent
denizens of this list know, I’ve been programming a long time. Neither
meta-programming nor DSLs are new with Ruby; I haven’t found them in the
writings of Von Neumann but that’s because I haven’t looked very hard.

We programmers have always wanted to meta-program and design
domain-specific languages, and our managers have always had to pay us
not to do so.

Then again, our managers have always wanted to have a machine they could
instruct in English, eliminating the need for programmers.

I’m pretty much convinced that code obfuscation is not a good option
for anyone. But, it can – and will continue to – be done. I will
look at various tools and maybe change my mind. I think I still won’t
understand the “real” economic reason behind such a thing.

There doesn’t have to be a “real” economic reason in the sense of a
“global optimum”. As Herbert Simon pointed out, we don’t optimize, we
satisfice.

On 10/9/07, Charles Oliver N. [email protected] wrote:

The JRuby compiler can compile to Java bytecode and still run as normal;

You don’t make it sound as cool as it is… or as scary as it is,
depends on one’s perspective…

So, guys, Charles here is talking about the entire Ruby standard
library (that is, every .rb file under /usr/lib/ruby/1.8) turned into
a bunch of completely unreadable .class files. All the C-like Ruby,
Perl-like Ruby, LISP-like Ruby and other good stuff in that directory.
And it works. Wow!

I don’t know. It’s no more reasonable than people who are freaked out
the first time they learn that their html and css is unprotected.
Their designs can be stolen?! gasp! Javascript is occasionally
obfuscated, too. (haha)

If you’re really worried, just put some phone-home code in there (in
multiple places) that contains a crippler, one of your key functions
or methods defined (in entirely the wrong place) . Then in the end,
alter those method names to something completely inane, but keep your
own docs telling you what is what and where it is. Then if your code
doesn’t phone home once in a while, you know.

Alexey V. wrote:

And it works. Wow!

Well thanks for that It is pretty cool…hopefully people will start
to realize it once we get 1.1 out the door.

• Charlie

The million dollar question is who are we satisfying?

42

On 10/10/07, M. Edward (Ed) Borasky [email protected] wrote:

Todd B. wrote:

I agree, but then what about meta-programming?

Personally I think meta-programming and DSLs are over-rated

Not sure yet myself, but I pretty much agree.

I’ve been programming a long time

I have great respect for you!

Neither
meta-programming nor DSLs are new with Ruby; I haven’t found them in the
writings of Von Neumann but that’s because I haven’t looked very hard.

I only brought the point up for other readers. That being, “If you
start treading waters where changeable objects on the fly are the
fish, you better be careful :)” (Hmm, that sounds a bit flowery, but
I’m classically trained.)

We programmers have always wanted to meta-program and design
domain-specific languages, and our managers have always had to pay us
not to do so.

Makes sense.

Then again, our managers have always wanted to have a machine they could
instruct in English, eliminating the need for programmers.

Yes, dictate and have it happen immediately

I’m pretty much convinced that code obfuscation is not a good option
for anyone. But, it can – and will continue to – be done. I will
look at various tools and maybe change my mind. I think I still won’t
understand the “real” economic reason behind such a thing.

There doesn’t have to be a “real” economic reason in the sense of a
“global optimum”. As Herbert Simon pointed out, we don’t optimize, we
satisfice.

The million dollar question is who are we satisfying?

Todd