Re: Shroud+ Perl obfuscator....

2002-12-23 Thread Jean-Michel Hiver 
 I just want to go on the record to say that I consider your action
 personally offensive and ethically questionable.

I agree with the 'ethically questionable' part. Copyright laws should be
enough to protect your source. As far as I'm concerned if you encrypt
your source it's because you want to hide the fact that you've stolen
some code from somewhere else - but that's a personal point of view.

However I don't find his action very offensive. This guy is just making
a tool and sharing the source with us. You can't blame him for that.


 A lot of people have worked very hard to bring you an open source
 platform to stand on.
 
 And now you spit in their face, by trying to pretend YOUR work is
 worthy of more locking up than the source code you are using to create
 your work.

Those people chose to work under a license which allows this kind of
stuff to be done. To me it means that they have explicitly given their
permission to do so. If you are - quite understandably - unhappy with
this matter, make your own license for the software you write.


Best Regards,
-- 
Building a better web - http://www.mkdoc.com/
-
Jean-Michel Hiver
[EMAIL PROTECTED]  - +44 (0)114 255 8097
Homepage: http://www.webmatrix.net/

Re: Shroud+ Perl obfuscator....

2002-12-21 Thread Ged Haywood 
Hi all,

On Sat, 21 Dec 2002, kyle dawkins wrote:

 Are you for real?
 [snip]
 You may not know this, but...[snip]

Er, I think you'd better have a look at the Camel Book before you dig
yourself any deeper into that particular hole. :)

And I really don't think this discussion should go any further on the
mod_perl List than it already has.

73,
Ged.

Re: Shroud+ Perl obfuscator....

2002-12-21 Thread Les Mikesell 
From: Randal L. Schwartz [EMAIL PROTECTED]
 
 Andrzej I extended Robert Jones' Perl Obfuscator, Shroud into what I
 Andrzej am calling Shroud+. I needed it to protect some rather
 Andrzej extensive scripts I have developed for Inventory and Image
 Andrzej Gallery management on client web sites.
 
 I just want to go on the record to say that I consider your action
 personally offensive and ethically questionable.

Yep, if we could just make all those damn consultants, book authors,
and training professionals give away all their work for free whether
they choose to or not  But then we wouldn't need the Artistic license.

--
   Les Mikesell
   [EMAIL PROTECTED]

Re: Shroud+ Perl obfuscator....

2002-12-21 Thread Michael Robinton 
 And if they do have something to protect, they should put their
 thinking caps on and realize that this sort of security is called
 obfuscation for a reason: it does not accomplish anything except to
 make the results hard to read.  If you're giving away or selling the
 perl source, obfuscating it doesn't have any significant effect.

I beg to differ. Crypt::License turns the perl source into a non-text
file that appears to be pure binary when you try to open it. There is
less info readable than you would find in the average C object. That is
what is distributed to the target machines for execution. Only the decrypt
engine can decode the file in the presence of the necessary key ...
and then, it goes directly into the perl intrepreter. Sure, a clever
person could recover it at that point, but the point of most of these
exercises is to make it not convenient or cost effective to do so. It works
quiet nicely with mod_perl as well as autoloadable modules

Michael

Shroud+ Perl obfuscator....

2002-12-20 Thread Andrzej Jan Taramina 
I extended Robert Jones' Perl Obfuscator, Shroud into what I am calling Shroud+. I 
needed it to protect some rather extensive scripts I have developed for 
Inventory and Image Gallery management on client web sites.

It seems to work just fine with mp2 and my source code, so I thought I would 
let folks know about it here, in case they find it useful.

New stuff includes:

- Specification of input/output directories

- Writing of status info to STDOUT

- Replacement of internal subroutine names (those beginning with an   
  underscore _ character).  

- Optionally replace public subroutine names if the input
  is a perl Module (.pm file) AND if you specify that an externalmap should be   
  created. 

- For scripts (not .pm modules ) it will optionally take an externalmap file and 
  use this to rename subroutine calls to be consistent with the Perl Module that 
  was used to create the externalmap file.

- Replacement of  'use constants' definitions with capitalized shrouded 
  identifiers

- Replace object-oriented attributes that take the form
  '$self-{ _attr } = something;' and that are found inside a constructor (sub 
  new).

- removal of tabs and condensing of multiple spaces

- removal of newlines

- POD updated to reflect the above and more bugs/features/caveats noted.


It's posted on http://www.chaeron.com

Regards,


Andrzej Jan Taramina
Chaeron Corporation: Enterprise System Solutions
http://www.chaeron.com

Re: Shroud+ Perl obfuscator....

2002-12-20 Thread Randal L. Schwartz 
 Andrzej == Andrzej Jan Taramina [EMAIL PROTECTED] writes:

Andrzej I extended Robert Jones' Perl Obfuscator, Shroud into what I
Andrzej am calling Shroud+. I needed it to protect some rather
Andrzej extensive scripts I have developed for Inventory and Image
Andrzej Gallery management on client web sites.

I just want to go on the record to say that I consider your action
personally offensive and ethically questionable.

A lot of people have worked very hard to bring you an open source
platform to stand on.

And now you spit in their face, by trying to pretend YOUR work is
worthy of more locking up than the source code you are using to create
your work.

Sir, on their behalf, and my own as a contributor to the open source
movement, and Perl in particular, you offend me.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
[EMAIL PROTECTED] URL:http://www.stonehenge.com/merlyn/
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

RE: Shroud+ Perl obfuscator....

2002-12-20 Thread Beau E. Cox 
Even thought I am new to the Open Source Community
I agree with Randal Schwartz. I find the idea of
creating AND sharing much more enriching than the
way things are done in the MS world where I have spent the
bulk of my career.

Maybe we should come up with UnShroud+.

Beau E. Cox

-Original Message-
From: Randal L. Schwartz [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 20, 2002 5:45 PM
To: Andrzej Jan Taramina
Cc: [EMAIL PROTECTED]
Subject: Re: Shroud+ Perl obfuscator


 Andrzej == Andrzej Jan Taramina [EMAIL PROTECTED] writes:

Andrzej I extended Robert Jones' Perl Obfuscator, Shroud into what I
Andrzej am calling Shroud+. I needed it to protect some rather
Andrzej extensive scripts I have developed for Inventory and Image
Andrzej Gallery management on client web sites.

I just want to go on the record to say that I consider your action
personally offensive and ethically questionable.

A lot of people have worked very hard to bring you an open source
platform to stand on.

And now you spit in their face, by trying to pretend YOUR work is
worthy of more locking up than the source code you are using to create
your work.

Sir, on their behalf, and my own as a contributor to the open source
movement, and Perl in particular, you offend me.

--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
[EMAIL PROTECTED] URL:http://www.stonehenge.com/merlyn/
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl
training!

Re: Shroud+ Perl obfuscator....

2002-12-20 Thread kyle dawkins 
Are you for real?

Or is this some lame attempt at sarcasm?

Andrzej posts to the list, SHARING some code he's written in case some 
people actually might use it, and he gets bitchslapped with some 
holier-than-thou rhetoric?  Puh-leaze.  Take your total bullshit 
somewhere else because you're about as constructive as 
Richard-f**king-Stallman.

You may not know this, but people actually use perl for things other 
than one-liners.  Commercial projects actually use perl, and oftentimes 
these commercial projects are sensitive and copyrighted.  And 
occasionally, just occasionally, these projects actually want to have 
some level of security, for numerous reasons that I'm sure Andrzej 
could explain quite easily to us if he were asked.

Andrzej: thanks for sharing your code with us.

Kyle Dawkins
Central Park Software


On Friday, Dec 20, 2002, at 22:44 US/Eastern, Randal L. Schwartz wrote:

Andrzej == Andrzej Jan Taramina [EMAIL PROTECTED] writes:


Andrzej I extended Robert Jones' Perl Obfuscator, Shroud into what I
Andrzej am calling Shroud+. I needed it to protect some rather
Andrzej extensive scripts I have developed for Inventory and Image
Andrzej Gallery management on client web sites.

I just want to go on the record to say that I consider your action
personally offensive and ethically questionable.

A lot of people have worked very hard to bring you an open source
platform to stand on.

And now you spit in their face, by trying to pretend YOUR work is
worthy of more locking up than the source code you are using to create
your work.

Sir, on their behalf, and my own as a contributor to the open source
movement, and Perl in particular, you offend me.

--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 
0095
[EMAIL PROTECTED] URL:http://www.stonehenge.com/merlyn/
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl 
training!

Re: Shroud+ Perl obfuscator....

2002-12-20 Thread Daniel Jacobowitz 
On Sat, Dec 21, 2002 at 12:53:34AM -0500, kyle dawkins wrote:
 Are you for real?
 
 Or is this some lame attempt at sarcasm?
 
 Andrzej posts to the list, SHARING some code he's written in case some 
 people actually might use it, and he gets bitchslapped with some 
 holier-than-thou rhetoric?  Puh-leaze.  Take your total bullshit 
 somewhere else because you're about as constructive as 
 Richard-f**king-Stallman.
 
 You may not know this, but people actually use perl for things other 
 than one-liners.  Commercial projects actually use perl, and oftentimes 
 these commercial projects are sensitive and copyrighted.  And 
 occasionally, just occasionally, these projects actually want to have 
 some level of security, for numerous reasons that I'm sure Andrzej 
 could explain quite easily to us if he were asked.

And if they do have something to protect, they should put their
thinking caps on and realize that this sort of security is called
obfuscation for a reason: it does not accomplish anything except to
make the results hard to read.  If you're giving away or selling the
perl source, obfuscating it doesn't have any significant effect.

-- 
Daniel Jacobowitz
MontaVista Software Debian GNU/Linux Developer