Re: [Catalyst] creating binaries
[EMAIL PROTECTED] wrote: > Octavian, do what you want. No one is stopping you. You were > asking for advice about this and you have been given it. This is the most insightful comment so far. Octavian, you got advice on why source encryption isn't a great idea. If you want to do it anyway, then we told you how -- with PAR or with perlapp. We also suggested that you host the code yourself if you're worried about leaking it. Lastly, we suggested that you could always open-source the application; rendering "theft" impossible! Many experienced people have weighed in on the topic, and it's clear that source encryption doesn't work for them. They're using one of the other two alternatives, and they're mostly experiencing success. Learn from them; that's why you asked the list, right? Sometimes the idea that's stuck in your (anyone's) head is not the best. Regards, Jonathan Rockway -- package JAPH;use Catalyst qw/-Debug/;($;=JAPH)->config(name => do { $,.=reverse qw[Jonathan tsu rehton lre rekca Rockway][$_].[split //, ";$;"]->[$_].q; ;for 1..4;$,=~s;^.;;;$,});$;->setup; ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: Re: [Catalyst] creating binaries
"Octavian Rasnita" <[EMAIL PROTECTED]> wrote on 01/17/2007 04:53:08 AM: > From: "Kiki" <[EMAIL PROTECTED]> > > I would say that treating your customers as potential thieves won't get > > you very far in doing business with them. > > 1. In a country where the pyracy is over 90%, yes I can consider the > potential customers thieves. > 2. I am not selling the program directly to the customers, but to someone > that asks for some features, including hiding the source. > > Octavian My last post on this thread. It sounds like your reason for hiding the source is solely based on stopping piracy. I can not stress enough that any type of obfu you do to a perl program to hide its source is not going to stop piracy. All that needs to happen is for one person to take a look at the code and view your "key check", data base connection string, anti-piracy checks or whatever else and crack your program. Applications developed with C and ASM to enable these very same tactics and with a much^4 higher cost of entry for crackers are cracked the week (eh or even earlier) they are released. Look at software such as some of the 3d packages out there (lightwave, maya, 3ds) that in many forms cost > 10k per seat. These companies have spent thousands of man hours building in very well hidden checks for dongles or license hacking -- but at the end of the day, every single release gets cracked. Looking at return on your investment, considering the very low bar for getting into actual perl source vs jumping around machine language in C or ASM generated applications, any time spent on this task is much more likely to show returns you instead add new (or better) features to your product. Octavian, do what you want. No one is stopping you. You were asking for advice about this and you have been given it. -Wade ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] creating binaries
Bogdan Lucaciu wrote: On Wednesday 17 January 2007 10:49, Octavian Rasnita wrote: Bla bla. You are living in USA probably, where what you said is not bla [...] this is what some people refer to as "trolling". (High quality trolling even) Yup. Took me until I read that response from Octavian to realize it. My apologies to the list. I thought I was genuinely helping someone. Please end this thread, or at least try to keep legal/marketing/philosophy out of it. -- Joseph Landman, Ph.D Founder and CEO Scalable Informatics LLC, email: [EMAIL PROTECTED] web : http://www.scalableinformatics.com phone: +1 734 786 8423 fax : +1 734 786 8452 or +1 866 888 3112 cell : +1 734 612 4615 ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] creating binaries
From: "Matt S Trout" <[EMAIL PROTECTED]> I suspect it's more complaints about people expecting things for free from somebody who's got a hell of a lot of free advice on here without as yet contributing anything useful back are ... ironic at best. I haven't asked anything for free. I've just asked if Catalyst can do some things, and nobody showed that can do it. They try to convince me that what I want is not good. If it cannot do, then it is ok, they could at least tell me that, so I could use my time better and go and use another program for what I want. They would not lose their time either. I have asked that because I consider Catalyst the most complete framework, and I found it much easier to use than something else, but if it is not possible, then... that's it. Actually, it happily can and I know of people who have done so; unfortunately your entitlement attitude and repeated failure to read documentation or to listen when people point you at it has probably resulted in those who're knowledgeable about this not being willing to further help you for free - especially given any time you fail to understand something you accuse the tools of being incapable and broken, often when the authors of those tools are trying to help you learn. I haven't seen any recommendation about hiding the Catalyst source code in case the internet access is not available and web services cannot be used. If there was such a message, I might have missed it. So, Octavian, please moderate your attitude and try and stick to being on-topic and constructive in your comments in future. If I have asked something and that thing could be done, the list members helped very much with their answers. But, if I have asked something that cannot be done, the other tries to convince me that that way is not good, suggest me to use a better licence, and so on, even though sometimes I am asked to do a program in a certain way, and I cannot tell that that way is not good. And I have just explained them why in my case their way is not good. That's why this discussion appeared. And one more thing, if I don't like something, I use to tell it. I don't know why the others don't like this. Why should I like the same thing the others like? Why should we have the same needs or preferences? But this discussion wasn't about this, because I like Catalyst, and that's why I would like to use it in that project I've told you about. Or it is not ok to say that Catalyst cannot do some things? Can Catalyst do everything? I guess not, and I don't think that someone wants it to be able to do everything. So what's the big deal if it cannot be used for some things? Or maybe it can, but just like me, the other users don't know how to use it with perlapp for hiding its source completely. They could just tell me that they don't know, or not reply, because I have explained that I don't want an extremely good protection, and that the program might not have internet access, and that the licence is useless for me. But anyway, it doesn't matter. Octavian This is a community list and you're significantly reducing the utility of it for a substantial number of the other posters. I've had half a dozen complaints about your behaviour already. The next one will result in your subscription being terminated so the rest of the community isn't further disrupted. -- Matt S Trout, Technical Director, Shadowcat Systems Ltd. Offering custom development, consultancy and support contracts for Catalyst, DBIx::Class and BAST. Contact mst (at) shadowcatsystems.co.uk for details. + Help us build a better perl ORM: http://dbix- class.shadowcatsystems.co.uk/ + -- Matt S Trout, Technical Director, Shadowcat Systems Ltd. Offering custom development, consultancy and support contracts for Catalyst, DBIx::Class and BAST. Contact mst (at) shadowcatsystems.co.uk for details. + Help us build a better perl ORM: http://dbix- class.shadowcatsystems.co.uk/ + ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] creating binaries
On 17 Jan 2007, at 11:17, Octavian Rasnita wrote: But anyway, it doesn't matter. No, it doesn't. Because I didn't ask you to tell me why you thought I was wrong. I asked you to moderate your behaviour. If you feel people shouldn't have been offended by your arrogant whining, that's fine, just figure out which parts of it caused them to be offended and don't do those things anyway. I'm not brooking argument on this, we've wasted enough of other people's time as it is - but I wanted to say this in public so my policy and reasoning as a list admin is clear. That does *NOT* mean arguing with me will achieve anything. Now, please consider your behaviour and how you can avoid offending and infuriating the people trying to help you in future, bearing in mind that further complaints -will- result in your removal from this list. And at this stage, so will replying to this message since I do *not* want this conversation to become as big a waste of space as the rest of this thread has now become. Hope That Helps. Have A Nice Day. Do Not Reply If You Like Your Subscription. -- Matt S Trout, Technical Director, Shadowcat Systems Ltd. Offering custom development, consultancy and support contracts for Catalyst, DBIx::Class and BAST. Contact mst (at) shadowcatsystems.co.uk for details. + Help us build a better perl ORM: http://dbix- class.shadowcatsystems.co.uk/ + ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: Re: [Catalyst] creating binaries
From: "Chisel Wright" <[EMAIL PROTECTED]> If "hiding the source" was a requirement, why did you use perl? Because perl is the only language I know well enough to write a program that could work under Windows and Linux. Octavian ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] creating binaries
On 17 Jan 2007, at 10:53, Octavian Rasnita wrote: From: "Kiki" <[EMAIL PROTECTED]> I would say that treating your customers as potential thieves won't get you very far in doing business with them. 1. In a country where the pyracy is over 90%, yes I can consider the potential customers thieves. 2. I am not selling the program directly to the customers, but to someone that asks for some features, including hiding the source. Better. Now for god's sake can we let this subject drop and get back to Catalyst :) -- Matt S Trout, Technical Director, Shadowcat Systems Ltd. Offering custom development, consultancy and support contracts for Catalyst, DBIx::Class and BAST. Contact mst (at) shadowcatsystems.co.uk for details. + Help us build a better perl ORM: http://dbix- class.shadowcatsystems.co.uk/ + ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: Re: [Catalyst] creating binaries
On Wed, Jan 17, 2007 at 12:53:08PM +0200, Octavian Rasnita wrote: > 2. I am not selling the program directly to the customers, but to someone > that asks for some features, including hiding the source. If "hiding the source" was a requirement, why did you use perl? -- Chisel Wright e: [EMAIL PROTECTED] w: http://www.herlpacker.co.uk/ One in a million chances happen nine times out of ten. ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: Re: [Catalyst] creating binaries
From: "Kiki" <[EMAIL PROTECTED]> I would say that treating your customers as potential thieves won't get you very far in doing business with them. 1. In a country where the pyracy is over 90%, yes I can consider the potential customers thieves. 2. I am not selling the program directly to the customers, but to someone that asks for some features, including hiding the source. Octavian ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
OT: Re: [Catalyst] creating binaries
I know I shouldn't feed the trools, but what the heck. Octavian Rasnita wrote: > Yes I agree, but the customers would prefer to get the program from > another source, and don't pay anything for it. > I would say that treating your customers as potential thieves won't get you very far in doing business with them. ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] creating binaries
On 17 Jan 2007, at 10:04, Octavian Rasnita wrote: I wasn't the person that started talking about the legality on this thread. I haven't started talking about licences or things like that. Why didn't you reply to the message that first started talking about that? Have you something against me? I suspect it's more complaints about people expecting things for free from somebody who's got a hell of a lot of free advice on here without as yet contributing anything useful back are ... ironic at best. But it is ok, I understand that Catalyst cannot be used for that. Actually, it happily can and I know of people who have done so; unfortunately your entitlement attitude and repeated failure to read documentation or to listen when people point you at it has probably resulted in those who're knowledgeable about this not being willing to further help you for free - especially given any time you fail to understand something you accuse the tools of being incapable and broken, often when the authors of those tools are trying to help you learn. So, Octavian, please moderate your attitude and try and stick to being on-topic and constructive in your comments in future. This is a community list and you're significantly reducing the utility of it for a substantial number of the other posters. I've had half a dozen complaints about your behaviour already. The next one will result in your subscription being terminated so the rest of the community isn't further disrupted. -- Matt S Trout, Technical Director, Shadowcat Systems Ltd. Offering custom development, consultancy and support contracts for Catalyst, DBIx::Class and BAST. Contact mst (at) shadowcatsystems.co.uk for details. + Help us build a better perl ORM: http://dbix- class.shadowcatsystems.co.uk/ + -- Matt S Trout, Technical Director, Shadowcat Systems Ltd. Offering custom development, consultancy and support contracts for Catalyst, DBIx::Class and BAST. Contact mst (at) shadowcatsystems.co.uk for details. + Help us build a better perl ORM: http://dbix- class.shadowcatsystems.co.uk/ + ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] creating binaries
On 17/01/07, Joe Landman <[EMAIL PROTECTED]> wrote: That is unless you have your in-memory image also encrypted with on the fly decryption/execution. I am not aware of any one doing this for any language. Though I could be wrong. I've heard of this being used in pc/console games, but even this can still be cracked, as it has to be unencrypted at some point during runtime. ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] creating binaries
From: "Bogdan Lucaciu" <[EMAIL PROTECTED]> this is what some people refer to as "trolling". (High quality trolling even) Please end this thread, or at least try to keep legal/marketing/philosophy out of it. I wasn't the person that started talking about the legality on this thread. I haven't started talking about licences or things like that. Why didn't you reply to the message that first started talking about that? Have you something against me? I've just wanted to inform the others why some solutions are not always working and why it would be wonderful if Catalyst applications could be included entirely in a perlapp application. I have started this thread asking if I can do something to do that, but noone answered that "Catalyst applications could not be entirely included in a binary executable that hides the source code in memory" like other simple apps can. But it is ok, I understand that Catalyst cannot be used for that. Octavian ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] creating binaries
On Wednesday 17 January 2007 10:49, Octavian Rasnita wrote: > > Bla bla. You are living in USA probably, where what you said is not bla > bla, but I am living in Romania, Central Europe where even stronger laws > than those regarding the piracy are not always respected. In my country > there are no many people that care for what you said. Most of the users use > pirated programs... more than 90% of the private persons, and over 50% of > the companies, or even more. > > > So? They will get the source code and give the program to other persons, > that won't need to pay for it anymore. > Who stops them doing that? Do you think there is an institution in my > country that visits the private persons and check to see if they have > licences? Not even the companies care about that. Business Software > Alliance of MS, Oracle, Corel, SAP and a few other companies visit from > time to time the companies, and then they negociate with them for selling > them some more licences, because they are found that they have illegal > software. That's all. > > Of course Linux works just fine, but for very few people comparing with > Windows, and I don't care what the users use, but sell my program. I have > also noticed that most Linux users are users that know more about > computers, that like only open/free source programs, and it is almost > impossible to sell them something, because they think that all the programs > should be free. > > When talking for the public, they say that it is not important to have the > programs for free, but have the source code, in order to see what it does, > and beeing able to modify it for their own use, however, in fact they'll > never like to buy software and always try to use free software, even > pretending the the extra features provided by commercial software are not > important. > > I have heard for many times that PostgreSQL is same as good as Oracle, and > that the extra features Oracle has are not very important, and the > disadvantages of proprietary software are always presented by those who > like Linux. I haven't heard a single person that says that he like Linux, > but that he also agrees buying commercial programs. > I am constraint to work under Windows, but this is not the only reason I am > interested about this OS. I am interested because most of the users use it > and if I'll target only the Linux users, I won't be able to sell anything, > or much less. > > With ActivePerl, perlapp, and Null Soft installer and other tools provided > by Active State I can develop programs for Windows just like those made > with Visual Basic, so it is possible to create Windows programs with perl. > Probably very few people will find that the program was created using perl. > If I can hide the source code I can put a software protection, a key or > something like this, but if the source code is free, any user could just > edit the source code and disable that protection, even if the user doesn't > know perl. > > And I might need to create the program for a software company that requires > to hide the source code. I cannot tell them that they are stupid because > the source code can be found anyway. That's what they are asking, and I > need to give them this if it is possible. > No software company will agree to make open source programs for them, > because they won't be able to sell them. > I think what I want could be done, and in that case Catalyst would be used > in more other fields than the standard web pages. this is what some people refer to as "trolling". (High quality trolling even) Please end this thread, or at least try to keep legal/marketing/philosophy out of it. -- Bogdan Lucaciu ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] creating binaries
From: "Peter Edwards" <[EMAIL PROTECTED]> >Can you tell me how to find the source code from a perlapp program? Everyone says that it is very simple, but nobody was able to do it. The answer is in the manual http://perldoc.perl.org/perlfaq3.html#How-can-I-hide-the-source-for-my-Perl- program%3f I have read: Security through obscurity, the name for hiding your bugs instead of fixing them, is little security indeed. This is what I need. I already said that I don't want an absolute security. I'm still not really sure what you're trying to achieve as you haven't really said what your app will do. There are several approaches to consider: For the moment I want to create 2 versions of an application, one that can run under Windows, and the other one that can run under Linux. The program will have a server that listens to the com port and store the data in a database. (I will also need to find a database that can be protected, but without installing a server, but this is another discussion). And the other part of the program could be made in Catalyst. It will get the data from the database and show it in a browser from the intranet of the client, to authorised users. I want to hide the database connection string, and the code needed to connect, to authorize the users, and so on. I don't want that the system admin of the client to be able to modify the data in the database, and he will never know the password to it. The database will get information from a phone exchange. 1) Use a remote server to host part of the application and talk to it from a front end via SOAP and XML-RPC. That's a lot easier than it sounds provided your users have net access http://search.cpan.org/~rjray/RPC-XML-0.59/. In this case, it is not possible because that application might not have access to the internet, and the client wouldn't want someone from outside to know about their information anyway. 2) Write part of your app in VB or C# and supply a DLL wrapped in copy-protection. It will still be possible to crack but a lot more difficult than trying to hide perl. Bear in mind if your software is popular enough it only takes one person to crack it and list it on astalavista I don't know VB at all, and C# not very well, but the program should also run under Linux, so this is not an option anyway. 3) Go the Open Source route. My customers have started going this way. Why? A lot cheaper. Cost of developing software is 50% testing and if you use popular Open Source or sponsor its development you get a lot of free testing and quicker time to stable software. Yes I agree, but the customers would prefer to get the program from another source, and don't pay anything for it. Octavian ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] creating binaries
From: "Joe Landman" <[EMAIL PROTECTED]> Technological measures can be defeated. Assume they provide speed bumps at most to determined hackers. We have found that people are (sometimes) willing to pay for programs when they add significant value to what it is they are doing. That said, much of the reason we see our customers interested in open source has very little to do with libre' and a great deal to do with acquisition cost. The often higher quality is an added benefit. Bla bla. You are living in USA probably, where what you said is not bla bla, but I am living in Romania, Central Europe where even stronger laws than those regarding the piracy are not always respected. In my country there are no many people that care for what you said. Most of the users use pirated programs... more than 90% of the private persons, and over 50% of the companies, or even more. What stops them from doing un-intended things with it are good licenses that grant them the rights they require without granting them the rights they do not require. You are not granting ownership rights, you grant usage rights. So? They will get the source code and give the program to other persons, that won't need to pay for it anymore. Who stops them doing that? Do you think there is an institution in my country that visits the private persons and check to see if they have licences? Not even the companies care about that. Business Software Alliance of MS, Oracle, Corel, SAP and a few other companies visit from time to time the companies, and then they negociate with them for selling them some more licences, because they are found that they have illegal software. That's all. You may chose to restrict these rights, or not grant them at all. In this case, you may need to review which elements of OSS you may yourself use in your program. I cannot do this all the time, because for example I need to create a program that won't even probably have access to the internet. It is a program that should work with a phone exchange for showing statistics about the number of spoken minutes for each line, and other things like that. I need to create a Windows version and a Linux version also. It will be accessible in a web page, in the local intranet of the company, and it would be nice if it could be done with Catalyst, but of course, without showing the source code. I have not seen many users, who have a day job that requires that the get specific work done, try to crack program source code, or reverse engineer their apps. It all comes down to the value you offer, and what you are willing to enable. No, of course they are not paid for this, but the system admin of some companies could try to get the source code, and give it to his friends from other companies. Protection has its purposes, though compiling programs is not what I would call protection. If you want to protect you need to mix encryption with some sort of preventative execution measure, a DRM of sorts. This provides something akin to a higher speedbump, but it is only a speedbump. It is not absolute protection. The only way to get better protection is to never ship the application, only the side effects. Google doesn't ship its applications, though they are some of the most widely used in the world. I am willing to be that the critical internal bits are not OSS. I didn't say I want an absolute protection. I said what I need, but you try to convince me that what I want is bad, just because Catalyst cannot do it. The protection perlapp offers is very good for what I need. It is a very bad marketing to tell the client that the program he paid for is open source, because most of the users might think that in that case the program has no value, or that it could be very simple and that everyone else could get it for free, but he is forced to pay for it. And of course, he will get it and give to other friends that might need it. Hmmm So you think they should spend at least $90US of time to get the program from the internal representation? So do you know about B::Deparse? Oh yes, it would be very well if the program could be cracked only using B::Deparse. In that case I can consider the source code secure enough. The cracker must get the compiled version of the program from the memory, then use B::Deparse, and hope it will give good results... this is not a problem for me. I would suggest reflecting upon which goals you have in preventing access to source. Is it prevention of modification, protection of IP, restriction of redistribution ... It is restriction to redistribution what I want, and the laws don't help me at all. Even to try putting the law work for me, and find the crackers, would cost me more than I can earn. But I don't know if I understood correctly... from this discussion I think that it is not possible to do what I want using Catalyst. This has nothing to do with Catalyst. This is (not
Re: [Catalyst] creating binaries
Octavian Rasnita wrote: From: "Joe Landman" <[EMAIL PROTECTED]> perlapp doesn't drop the source code in /tmp. It puts there only some .dll files, and nothing more than that. (I am using perl Dev Kit 6.02, but now PDK 7 was just released). The "source" needs to be obtained somehow and in some state for the Perl program to handle it. Oh yes I know that, but if it would be too hard to get that code, most users would prefer to pay for the program instead of cracking it. Technological measures can be defeated. Assume they provide speed bumps at most to determined hackers. We have found that people are (sometimes) willing to pay for programs when they add significant value to what it is they are doing. That said, much of the reason we see our customers interested in open source has very little to do with libre' and a great deal to do with acquisition cost. The often higher quality is an added benefit. What stops them from doing un-intended things with it are good licenses that grant them the rights they require without granting them the rights they do not require. You are not granting ownership rights, you grant usage rights. You may chose to restrict these rights, or not grant them at all. In this case, you may need to review which elements of OSS you may yourself use in your program. Can the source code be got easily from those dll files? If it cannot be found easily, then I think it would be nice if the Catalyst applications could be deployed using perlapp. Once your program is loaded, and compiled into object/internal representation form in memory, the memory could be forced to disk somehow, and a creative hacker can reasonably reassemble your code. That is unless you have your in-memory image also encrypted with on the fly decryption/execution. I am not aware of any one doing this for any language. Though I could be wrong. As far as I know in the latest versions of perlapp, the source code is kept in memory and it is also crypted. That decryption might be done, but it would be much harder, and again, most users will prefer paying for the program instead of fighting with it for breaking the protection. I have not seen many users, who have a day job that requires that the get specific work done, try to crack program source code, or reverse engineer their apps. It all comes down to the value you offer, and what you are willing to enable. Protection has its purposes, though compiling programs is not what I would call protection. If you want to protect you need to mix encryption with some sort of preventative execution measure, a DRM of sorts. This provides something akin to a higher speedbump, but it is only a speedbump. It is not absolute protection. The only way to get better protection is to never ship the application, only the side effects. Google doesn't ship its applications, though they are some of the most widely used in the world. I am willing to be that the critical internal bits are not OSS. If a language is interpreted, this doesn't mean that the programs that were made with it cannot be protected in any way. Define protection. Do you mean "not copied/looked at/altered" ? Ok, thanks for asking this, because each one of us understand something different. By protection I understand that if someone would like to get the source code of the program, that person should be a pretty good programmer, and he should spend a long time trying to get it. How much time? Well, a time that doesn't cost more than $90. Hmmm So you think they should spend at least $90US of time to get the program from the internal representation? So do you know about B::Deparse? I would suggest reflecting upon which goals you have in preventing access to source. Is it prevention of modification, protection of IP, restriction of redistribution ... But I don't know if I understood correctly... from this discussion I think that it is not possible to do what I want using Catalyst. This has nothing to do with Catalyst. This is (not really) a language issue, and more correctly a basic computing issue. Unless your code is always encrypted, in memory, on disk, etc. there is little possibility to prevent a determined hacker from getting it. So if you take this off the plate, that is, you make it so that getting at the source is not hard at all, you effectively remove that attack vector against your code. Now focus upon what it is you do. Heck, you can even hide your IP back behind a nice XML-RPC/SOAP stack on a remote system or three, and distribute the rest as OSS. I have also tried an HTTP server module from cpan that works with CGI::Application, but that module cannot be installed under Windows. Ok, the issue sounds like windows. I don't want to comment on its support as I don't use it for this. We use Linux for our work, all of this works just fine. FWIW: I have tried recent Catalyst under Cygwin (www.cygwin.com
Re: [Catalyst] creating binaries
From: "Joe Landman" <[EMAIL PROTECTED]> perlapp doesn't drop the source code in /tmp. It puts there only some .dll files, and nothing more than that. (I am using perl Dev Kit 6.02, but now PDK 7 was just released). The "source" needs to be obtained somehow and in some state for the Perl program to handle it. Oh yes I know that, but if it would be too hard to get that code, most users would prefer to pay for the program instead of cracking it. Can the source code be got easily from those dll files? If it cannot be found easily, then I think it would be nice if the Catalyst applications could be deployed using perlapp. Once your program is loaded, and compiled into object/internal representation form in memory, the memory could be forced to disk somehow, and a creative hacker can reasonably reassemble your code. That is unless you have your in-memory image also encrypted with on the fly decryption/execution. I am not aware of any one doing this for any language. Though I could be wrong. As far as I know in the latest versions of perlapp, the source code is kept in memory and it is also crypted. That decryption might be done, but it would be much harder, and again, most users will prefer paying for the program instead of fighting with it for breaking the protection. If a language is interpreted, this doesn't mean that the programs that were made with it cannot be protected in any way. Define protection. Do you mean "not copied/looked at/altered" ? Ok, thanks for asking this, because each one of us understand something different. By protection I understand that if someone would like to get the source code of the program, that person should be a pretty good programmer, and he should spend a long time trying to get it. How much time? Well, a time that doesn't cost more than $90. But I don't know if I understood correctly... from this discussion I think that it is not possible to do what I want using Catalyst. I have also tried an HTTP server module from cpan that works with CGI::Application, but that module cannot be installed under Windows. So I think I will use HTTP::Server::Simple::CGI It would have been much better and easier if I could have done it using Catalyst however, but it is too bad that's not possible. I am wondering why it is not possible. Perlapp includes in the package all the necessary modules that are required by the application. I thought that if I create a binary executable from myapp_server.pl, it would do that, and the application it will work. Does anyone have any idea why it doesn't work? Thank you. Octavian ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] creating binaries
From: "Peter Edwards" <[EMAIL PROTECTED]> >If a language is interpreted, this doesn't mean that the programs that >were made with it cannot be protected in any way. It will be fairly easy to crack installed Perl software. Can you tell me how to find the source code from a perlapp program? Everyone says that it is very simple, but nobody was able to do it. Octavian ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] creating binaries
On Tuesday 16 January 2007 18:00, Joe Landman wrote: > Yes. Never deliver the application. Host the critical bits. Have them > make SOAP/XML-RPC calls back to your machine. > > Note: this is not exclusive to Catalyst. This is true with every/any > MVC framework, and pretty much every language, compiled or otherwise. This varies. Six Apart has done well with hosted solutions, Best Practical has done well with open source applications. -- package JAPH;use Catalyst qw/-Debug/;($;=JAPH)->config(name => do { $,.=reverse qw[Jonathan tsu rehton lre rekca Rockway][$_].[split //, ";$;"]->[$_].q; ;for 1..4;$,=~s;^.;;;$,});$;->setup; ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] creating binaries
Octavian Rasnita wrote: From: <[EMAIL PROTECTED]> Take a look at /tmp/pdk/ perlapp exes dump the plaintext while running. This is not a "problem" with Catalyst, perl is an interpreted language not a compiled one. perlapp is there to make distributing self contained perl applications easier, not to protect your source. perlapp doesn't drop the source code in /tmp. It puts there only some .dll files, and nothing more than that. (I am using perl Dev Kit 6.02, but now PDK 7 was just released). The "source" needs to be obtained somehow and in some state for the Perl program to handle it. Can the source code be got easily from those dll files? If it cannot be found easily, then I think it would be nice if the Catalyst applications could be deployed using perlapp. Once your program is loaded, and compiled into object/internal representation form in memory, the memory could be forced to disk somehow, and a creative hacker can reasonably reassemble your code. That is unless you have your in-memory image also encrypted with on the fly decryption/execution. I am not aware of any one doing this for any language. Though I could be wrong. If a language is interpreted, this doesn't mean that the programs that were made with it cannot be protected in any way. Define protection. Do you mean "not copied/looked at/altered" ? Or, is there another way of protecting the code from a Catalyst app? Yes. Never deliver the application. Host the critical bits. Have them make SOAP/XML-RPC calls back to your machine. Note: this is not exclusive to Catalyst. This is true with every/any MVC framework, and pretty much every language, compiled or otherwise. Thanks. Octavian ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/ -- Joseph Landman, Ph.D Founder and CEO Scalable Informatics LLC, email: [EMAIL PROTECTED] web : http://www.scalableinformatics.com phone: +1 734 786 8423 fax : +1 734 786 8452 or +1 866 888 3112 cell : +1 734 612 4615 ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] creating binaries
From: <[EMAIL PROTECTED]> Take a look at /tmp/pdk/ perlapp exes dump the plaintext while running. This is not a "problem" with Catalyst, perl is an interpreted language not a compiled one. perlapp is there to make distributing self contained perl applications easier, not to protect your source. perlapp doesn't drop the source code in /tmp. It puts there only some .dll files, and nothing more than that. (I am using perl Dev Kit 6.02, but now PDK 7 was just released). Can the source code be got easily from those dll files? If it cannot be found easily, then I think it would be nice if the Catalyst applications could be deployed using perlapp. If a language is interpreted, this doesn't mean that the programs that were made with it cannot be protected in any way. Or, is there another way of protecting the code from a Catalyst app? Thanks. Octavian ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] creating binaries
"Octavian Rasnita" <[EMAIL PROTECTED]> wrote on 01/16/2007 01:20:00 PM: > From: <[EMAIL PROTECTED]> > > No. There is really no way to distribute a perl application in a way to > > hide its source. Any attempt you make will be met with false security and > > failure. Maybe Perl 6, but that is still unanswered at this point. > > Have you found a way of cracking the protection of the programs made with > perlapp? > Many people say that "it is not a real protection" but nobody was able to > crack it. > Well, I need that kind of protection that can be cracked, but which nobody > cracked it because it might be too hard. > > I just hope it is possible to create programs with Catalyst protected that > way. > > Octavian Take a look at /tmp/pdk/ perlapp exes dump the plaintext while running. This is not a "problem" with Catalyst, perl is an interpreted language not a compiled one. perlapp is there to make distributing self contained perl applications easier, not to protect your source. ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] creating binaries
Jonathan Rockway <[EMAIL PROTECTED]> wrote on 01/16/2007 12:57:39 PM: > [EMAIL PROTECTED] wrote: > > > > I prefer you send me the one packaged with par:crypto -- I like to be able > > to read comments and see the original var names when I edit your hidden > > code. =) > > DMCA violation. > =) But I need it to work with my homemade_gizmo_app, which for some reason it fails to do out of the box. 2. Reverse engineering (section 1201(f)). This exception permits circumvention, and the development of technological means for such circumvention, by a person who has lawfully obtained a right to use a copy of a computer program for the sole purpose of identifying and analyzing elements of the program necessary to achieve interoperability with other programs, to the extent that such acts are permitted under copyright law. Anyway, your license agreement and copyright are what protect you, not the obfu of the application. ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] creating binaries
From: <[EMAIL PROTECTED]> No. There is really no way to distribute a perl application in a way to hide its source. Any attempt you make will be met with false security and failure. Maybe Perl 6, but that is still unanswered at this point. Have you found a way of cracking the protection of the programs made with perlapp? Many people say that "it is not a real protection" but nobody was able to crack it. Well, I need that kind of protection that can be cracked, but which nobody cracked it because it might be too hard. I just hope it is possible to create programs with Catalyst protected that way. Octavian ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] creating binaries
From: "Jonathan Rockway" <[EMAIL PROTECTED]> nmake catalyst_par ... Writing PAR "tranzactiibursiere.par" NMAKE : fatal error U1077: 'D:\WINDOWS\system32\cmd.exe' : return code '0x2' Stop. What versions of: App::Packer PAR::Packer PAR do you have? E:\web\TranzactiiBursiere>perl -M"App::Packer 999" -e1 App::Packer version 999 required--this is only version 0.12. BEGIN failed--compilation aborted. E:\web\TranzactiiBursiere>perl -M"PAR::Packer 999" -e1 PAR::Packer version 999 required--this is only version 0.970. BEGIN failed--compilation aborted. E:\web\TranzactiiBursiere>perl -M"PAR 999" -e1 PAR version 999 required--this is only version 0.971. BEGIN failed--compilation aborted. When I have tried for the first time, I didn't have App::Packer, although it should be included in PAR, and PAR was installed. I couldn't find App::Packer using the cpan shell, but only the ppm program. But after installing it, running nmake catalyst_par gives the same error as before. Am I doing something wrong, or it doesn't work under Windows? Try these: http://search.cpan.org/~shay/Filter-Crypto-1.18/lib/PAR/Filter/Crypto.pm http://search.cpan.org/~smueller/PAR-Packer-0.970/lib/PAR/Filter/Obfuscate.pm Keep in mind that the code has to be executed at some point, so anyone with half a brain can get the code even if it's "encrypted". The same holds for C, Java, .NET, PHP, etc. Oh yes, but it depends how hard is to do that. I didn't hear that someone broke the protection of a perlapp program and got the source code, or the Zend Encoder for php... although of course it is possible. I don't want to sell my program to CIA but to some companies that might have a network admin who might not be the smartest perl programmer. Thank you for those links. I will check them, but I hope I will be able to make a PAR archive first. Octavian A contract that reads "expect a lawsuit if you modify the source" should be much more effective. -- package JAPH;use Catalyst qw/-Debug/;($;=JAPH)->config(name => do { $,.=reverse qw[Jonathan tsu rehton lre rekca Rockway][$_].[split //, ";$;"]->[$_].q; ;for 1..4;$,=~s;^.;;;$,});$;->setup; ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] creating binaries
[EMAIL PROTECTED] wrote: > > I prefer you send me the one packaged with par:crypto -- I like to be able > to read comments and see the original var names when I edit your hidden > code. =) DMCA violation. -- package JAPH;use Catalyst qw/-Debug/;($;=JAPH)->config(name => do { $,.=reverse qw[Jonathan tsu rehton lre rekca Rockway][$_].[split //, ";$;"]->[$_].q; ;for 1..4;$,=~s;^.;;;$,});$;->setup; ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] creating binaries
Jonathan Rockway <[EMAIL PROTECTED]> wrote on 01/16/2007 12:22:24 PM: > > > nmake catalyst_par > > ... > > Writing PAR "tranzactiibursiere.par" > > NMAKE : fatal error U1077: 'D:\WINDOWS\system32\cmd.exe' : return code > > '0x2' > > Stop. > > What versions of: > > App::Packer > PAR::Packer > PAR > > do you have? > > > But anyway, does this method hide the source code of the application? > > Try these: > > http://search.cpan.org/~shay/Filter-Crypto-1.18/lib/PAR/Filter/Crypto.pm > http://search.cpan.org/~smueller/PAR-Packer-0.970 /lib/PAR/Filter/Obfuscate.pm > > Keep in mind that the code has to be executed at some point, so anyone > with half a brain can get the code even if it's "encrypted". The same > holds for C, Java, .NET, PHP, etc. > > A contract that reads "expect a lawsuit if you modify the source" should > be much more effective. I prefer you send me the one packaged with par:crypto -- I like to be able to read comments and see the original var names when I edit your hidden code. =) ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] creating binaries
"Octavian Rasnita" <[EMAIL PROTECTED]> wrote on 01/16/2007 12:08:13 PM: > From: "Chisel Wright" <[EMAIL PROTECTED]> > > > On Tue, Jan 16, 2007 at 05:12:05PM +0200, Octavian Rasnita wrote: > >> Is it possible to do what I want, using perlapp? If not, is it possible > >> with PAR? > > > > Is this any help? > > > > http://www.catalystframework.org/calendar/2005/6 > > I have tried to do that, but it returned an error on: > > nmake catalyst_par > ... > Writing PAR "tranzactiibursiere.par" > NMAKE : fatal error U1077: 'D:\WINDOWS\system32\cmd.exe' : return code '0x2' > Stop. > > But anyway, does this method hide the source code of the application? No. There is really no way to distribute a perl application in a way to hide its source. Any attempt you make will be met with false security and failure. Maybe Perl 6, but that is still unanswered at this point. http://www.perlmonks.org/?node_id=108254 > > Thank you. > > Octavian ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] creating binaries
> nmake catalyst_par > ... > Writing PAR "tranzactiibursiere.par" > NMAKE : fatal error U1077: 'D:\WINDOWS\system32\cmd.exe' : return code > '0x2' > Stop. What versions of: App::Packer PAR::Packer PAR do you have? > But anyway, does this method hide the source code of the application? Try these: http://search.cpan.org/~shay/Filter-Crypto-1.18/lib/PAR/Filter/Crypto.pm http://search.cpan.org/~smueller/PAR-Packer-0.970/lib/PAR/Filter/Obfuscate.pm Keep in mind that the code has to be executed at some point, so anyone with half a brain can get the code even if it's "encrypted". The same holds for C, Java, .NET, PHP, etc. A contract that reads "expect a lawsuit if you modify the source" should be much more effective. -- package JAPH;use Catalyst qw/-Debug/;($;=JAPH)->config(name => do { $,.=reverse qw[Jonathan tsu rehton lre rekca Rockway][$_].[split //, ";$;"]->[$_].q; ;for 1..4;$,=~s;^.;;;$,});$;->setup; ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] creating binaries
From: "Chisel Wright" <[EMAIL PROTECTED]> On Tue, Jan 16, 2007 at 05:12:05PM +0200, Octavian Rasnita wrote: Is it possible to do what I want, using perlapp? If not, is it possible with PAR? Is this any help? http://www.catalystframework.org/calendar/2005/6 I have tried to do that, but it returned an error on: nmake catalyst_par ... Writing PAR "tranzactiibursiere.par" NMAKE : fatal error U1077: 'D:\WINDOWS\system32\cmd.exe' : return code '0x2' Stop. But anyway, does this method hide the source code of the application? Thank you. Octavian ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] creating binaries
On Tue, Jan 16, 2007 at 05:12:05PM +0200, Octavian Rasnita wrote: > Is it possible to do what I want, using perlapp? If not, is it possible > with PAR? Is this any help? http://www.catalystframework.org/calendar/2005/6 -- Chisel Wright e: [EMAIL PROTECTED] w: http://www.herlpacker.co.uk/ One in a million chances happen nine times out of ten. ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/