You are mistaken in your statment, that if a browser can understand you code, than a human can do too. It is false in both ways. Small spelling-differences can make the code "unintelligible" for the browser, but intelligible for humans.
Condensed (obfuscated) code can be understood by the browser, but not necessarily by human beings. Simple code may be, but code consisting of many thausends of statements with names like "a5D", "A5d" will give the would be reader such a headache, the he gives up and develops his own code. In the main thing I agree with you, you cannot protect your code absolutely. If someone steals it for private use, you have hardly any chance to get to know of it. Only if someone tries to market your code under his own name, that you may take steps. In such cases you may even succeed. As for having a look at non-obfuscated code for learning causes, I find that not only OK, but even a good thing. Often your code refuses to work, while the same thing works elsewhere. By looking at the working code, you can identify your error without stealing the code of other's. But please use only "open" (= not obfuscated/compressed) code. There is enough of that. On Jul 9, 11:43 pm, Bob Hassinger <[email protected]> wrote: > This famous quote comes to mind: > > "God grant me the serenity > to accept the things I cannot change; > courage to change the things I can; > and wisdom to know the difference." > > Rako, you are chasing a hopeless result. Even if you manage to get > Firebug to be less helpful, there will be another tool, and another, > and another. Firebug is only one of many tools even now. You can not > possibly plug up the holes as fast as they are developed. > > Security through obscurity can only give an allusion of protection > that diverts ones efforts that should go into measures that can really > ensure protection. > > Every end user has full and unlimited access to whatever you send to > their computer (including everything in referenced files like external > Javascript and CSS files), for as long as they want it. If a browser > can understand the code then a human can. Fundamentally there is > little difference between intentionally obfuscated code and just plain > old poorly written code. An interested person goes through the same > process to sort it out. In essence once you send it to them you have > given up any possible trade secret protection and your only real > option is copyright (or maybe patent). And still, enforcement of > those protections is only really feasible in major situations with a > lot of money involved. > > By its nature Javascript is just not the tool for you when you need to > hide your logic or coding, or provide security for your site/data. > You have to do it so that users never have access to it in any form - > say in host side processing for example. > > Consider the balance for this one: On one side we are looking at > widely beneficial capabilities many people will find very helpful. On > the other side you want those benefits denied to them so you can have > the illusion of restricting access to what can not really be > protected. I think the choice there is easy - one person's illusion > of gain, against the whole user communities's real gain. I suspect > that is a pretty easy call. > > On Jul 9, 2009, at 4:10 PM, Luke Maurer wrote: > > > > > You must be using a pretty wimpy obfuscator if a mere code formatter > > will undo it. If your IP is the big issue here, won't you be using > > something that does more than get rid of whitespace? Like renaming > > local and private variables to nonsense? That's not something that > > Firebug *could* undo, with or without DRM-style permission bits. > > > - Luke > > > On Jul 9, 11:56 am, Rako <[email protected]> wrote: > >> I agree with you, that there is no need for Firebug to "obfuscate" JS > >> code. > >> What I object, is the request to implement features that would > >> counteract the obfuscation created by the owner of the site. > >> What I suggested, is a method, through which owners of web-sites > >> could > >> allow/forbid the use of FB by strangers to "debug" their code. > >> I think FB should not try to display obfuscated code more legibly. > >> This would tantamount to try to decifer encripted data. > >> I have no objection to stand-alone programs to make obfuscated code > >> more legible, but as a feature of Firebug it would be criminal. > >> Would you like to have programs around that spy-out your passwords, > >> decript your private emails? I would not. > >> Please do not turn Firebug into Spyware. > > >> On Jul 8, 6:47 pm, Rob Campbell <[email protected]> wrote: > > >>> Rako, further obfuscation of JS code will never be a feature of > >>> Firebug. Most minimized JS is already quite obfuscated and, if > >>> anything, we'll produce a mechanism to display it more legibly, > >>> either > >>> by extension or with a feature. > > >>> As for the Off vs [X] button, I really feel this was a bit of a > >>> wasted > >>> effort and a discussion that blew the issue out of proportion. Now > >>> we've implemented this change to appease a noisy few. Most users > >>> will > >>> learn that the [X] button means "Close / Off" after they've used it. > >>> It behaves similarly to how you'd expect a close button to work in > >>> any > >>> other area of Firefox or the OS. I, for one, will be glad to see the > >>> "Off" label go away as soon as possible. > > >>> On Jul 7, 3:33 pm, Rako <[email protected]> wrote: > > >>>> I do not rant. > >>>> I simply explain why is this extension/modification to/of the > >>>> activation needed. > >>>> Perhaps my reasoning offends you (are you one of the reverse- > >>>> engineers?), but it is not going to change my reasoning. > > >>>> On Jul 7, 12:34 pm, alfonsoml <[email protected]> wrote: > > >>>>> On Jul 7, 8:32 am, Rako <[email protected]> wrote: > > >>>>>> I agree with all you say, but what annoys me, are the requests > >>>>>> for new > >>>>>> features in FB to enable reverse engineering. > > >>>>> Then place your rants in those threads. > >>>>> This is already too heated, please, don't mix unrelated things. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Firebug" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/firebug?hl=en -~----------~----~----~----~------~----~------~--~---
