Re: [Qgis-developer] Qgis custom buil to read obfuscated data
On Thu, Sep 15, 2011 at 08:53:50PM -0400, John Patterson wrote: I'd say that encryption is the answer here - hang the security on the key rather than the code. I think that this is not the case depicted by Giovanni; if I understand well he wants to prevent the letitimate user (which receives the datasets) from using them freely. This is a sort of tivoization [1] on software + data. Encryption prevents the use of data only from the non-legitimate users. [1] http://en.wikipedia.org/wiki/Tivoization -- Niccolo Rigacci Firenze - Italy Tel. ufficio: 055-0118525 ___ Qgis-developer mailing list Qgis-developer@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/qgis-developer
Re: [Qgis-developer] Qgis custom buil to read obfuscated data
On Fri, Sep 16, 2011 at 2:53 AM, John Patterson j...@henrygis.com wrote: I'd say that encryption is the answer here - hang the security on the key rather than the code. If the requirement is explicitly should be only visible and usable through the customized qgis and not by any other tool., then use GPG[1] or something[2] and add a File Load Encrypted Dataset dialog or some such. I would imagine this to be a reasonable solution. Even when the data is encrypted on disk, they are freely accessible within QGIS. The user has many opportunities how to access raw data: - save the layer to another format - copy all features to another layer - save the data in python console - save the data in a plugin Martin ___ Qgis-developer mailing list Qgis-developer@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/qgis-developer
Re: [Qgis-developer] Qgis custom buil to read obfuscated data
Thanks for the brainstorming. I will bring the various usefull considerations to my collegues. I'll let you know about the policies that will be chosen, and consequently the road to achieve them. giovanni 2011/9/16 Martin Dobias wonder...@gmail.com On Fri, Sep 16, 2011 at 2:53 AM, John Patterson j...@henrygis.com wrote: I'd say that encryption is the answer here - hang the security on the key rather than the code. If the requirement is explicitly should be only visible and usable through the customized qgis and not by any other tool., then use GPG[1] or something[2] and add a File Load Encrypted Dataset dialog or some such. I would imagine this to be a reasonable solution. Even when the data is encrypted on disk, they are freely accessible within QGIS. The user has many opportunities how to access raw data: - save the layer to another format - copy all features to another layer - save the data in python console - save the data in a plugin Martin ___ Qgis-developer mailing list Qgis-developer@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/qgis-developer
Re: [Qgis-developer] Qgis custom buil to read obfuscated data
On Thu, Sep 15, 2011 at 8:56 PM, Marco Hugentobler marco.hugentob...@sourcepole.ch wrote: Hi Giovanni The simplest solution might be to encrypt the data and send the key to your clients. Simplest, but if you send the key in plaintext then you might as well send the data in plaintext - either could be intercepted! Better is for them to send you a public key, you encrypt the data with that and send it to them, then they decrypt it with their private half of the key. The data is always sent encrypted, and the decryption key never travels. Barry ___ Qgis-developer mailing list Qgis-developer@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/qgis-developer
Re: [Qgis-developer] Qgis custom buil to read obfuscated data
On Thu, Sep 15, 2011 at 11:14 AM, G. Allegri gioha...@gmail.com wrote: I've been asked to create a custom qgis, to be distributed via CD/DVD along with some data (vector and raster) that should be only visible and usable thorugh the customized qgis and not by any other tool. Has somebody in this list ever had to manage this kind of obfuscation? giovanni The keyphrase you are missing here is DRM - Digital Rights Management - although I agree it essentially obfuscation. Its security depends upon two things: the code having the cryptographic key to decrypt the data, and the key not being accessible outside the code. The first part is easy - the second is impossible. I think every DRM scheme has been cracked. The effort required varies. If you wrote a Python plugin to do this, the user could look at your Python code and see the decryption key (difficulty level: easy). If you wrote it in C++, the user could disassemble the executable code and get the encryption key (difficulty level: medium). If you put the code on a circuit board, stuck it on a USB dongle, and made QGIS do calls to the USB device to do the decryption, the user could take the USB device apart, scrape off any epoxy covering your chips, stick digital logic probes onto the chips, and get the keys out that way (difficulty level: God-mode). The latter procedure, of digging into the hardware, has been done by dedicated people working on cracking the DRM on games consoles, primarily so they can run their own programs and operating systems on them. You have to realise that an effective DRM scheme has to be harder to crack than the gain obtained from cracking it. The guys who crack games console DRM get the gains of massive respect from the games community :) +1 for calling it obfuscation and not encryption though. The British Library didn't get that right. http://geospaced.blogspot.com/2010/02/great-british-library-drm-flip-flop.html Barry ___ Qgis-developer mailing list Qgis-developer@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/qgis-developer
Re: [Qgis-developer] Qgis custom buil to read obfuscated data
That's a great point - I was envisioning a scenario in which end users are to be (mostly) trusted not to take efforts to re-distribute the data. John On Fri, Sep 16, 2011 at 2:42 AM, Niccolo Rigacci nicc...@rigacci.orgwrote: On Thu, Sep 15, 2011 at 08:53:50PM -0400, John Patterson wrote: I'd say that encryption is the answer here - hang the security on the key rather than the code. I think that this is not the case depicted by Giovanni; if I understand well he wants to prevent the letitimate user (which receives the datasets) from using them freely. This is a sort of tivoization [1] on software + data. Encryption prevents the use of data only from the non-legitimate users. [1] http://en.wikipedia.org/wiki/Tivoization -- Niccolo Rigacci Firenze - Italy Tel. ufficio: 055-0118525 ___ Qgis-developer mailing list Qgis-developer@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/qgis-developer
Re: [Qgis-developer] Qgis custom buil to read obfuscated data
On Thu, Sep 15, 2011 at 12:14:37PM +0200, G. Allegri wrote: I've been asked to create a custom qgis, to be distributed via CD/DVD along with some data (vector and raster) that should be only visible and usable thorugh the customized qgis and not by any other tool. Has somebody in this list ever had to manage this kind of obfuscation? Is it worth it ? How much ? --strk; () Free GIS Flash consultant/developer /\ http://strk.keybit.net/services.html ___ Qgis-developer mailing list Qgis-developer@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/qgis-developer
Re: [Qgis-developer] Qgis custom buil to read obfuscated data
On Thu, Sep 15, 2011 at 12:50:28PM +0200, Sandro Santilli wrote: On Thu, Sep 15, 2011 at 12:14:37PM +0200, G. Allegri wrote: I've been asked to create a custom qgis, to be distributed via CD/DVD along with some data (vector and raster) that should be only visible and usable thorugh the customized qgis and not by any other tool. Has somebody in this list ever had to manage this kind of obfuscation? Is it worth it ? How much ? I'd ask Microsoft or Apple or any other company with years of history about obfuscating formats... But seriously I'm curious about the use case, can you share it ? --strk; () Free GIS Flash consultant/developer /\ http://strk.keybit.net/services.html ___ Qgis-developer mailing list Qgis-developer@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/qgis-developer
Re: [Qgis-developer] Qgis custom buil to read obfuscated data
@Sandro: it's a requirement I'm asked to implement, not an hypothesis to discuss. We can debate on the choice, but that's not my problem at now ;) @Niccolò: good point. Howevere one could write a non GPL piece of code (the minimum to keep the data undisclosable) and link qgis to it. Is it forbidden by GPL license? I don't think... 2011/9/15 Niccolo Rigacci nicc...@rigacci.org On Thu, Sep 15, 2011 at 12:14:37PM +0200, G. Allegri wrote: I've been asked to create a custom qgis, to be distributed via CD/DVD along with some data (vector and raster) that should be only visible and usable thorugh the customized qgis and not by any other tool. It will be an ineffective protection schema, by any means. Who will receive the custom QGIS has the right to get the sources too, and then the obfuscation schema on geodata is easly expolitable. -- Niccolo Rigacci Firenze - Italy Tel. ufficio: 055-0118525 ___ Qgis-developer mailing list Qgis-developer@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/qgis-developer
Re: [Qgis-developer] Qgis custom buil to read obfuscated data
On Thu, Sep 15, 2011 at 12:14:37PM +0200, G. Allegri wrote: I've been asked to create a custom qgis, to be distributed via CD/DVD along with some data (vector and raster) that should be only visible and usable thorugh the customized qgis and not by any other tool. It will be an ineffective protection schema, by any means. Who will receive the custom QGIS has the right to get the sources too, and then the obfuscation schema on geodata is easly expolitable. -- Niccolo Rigacci Firenze - Italy Tel. ufficio: 055-0118525 ___ Qgis-developer mailing list Qgis-developer@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/qgis-developer
Re: [Qgis-developer] Qgis custom buil to read obfuscated data
On Thu, Sep 15, 2011 at 01:10:55PM +0200, G. Allegri wrote: @Sandro: it's a requirement I'm asked to implement, not an hypothesis to discuss. We can debate on the choice, but that's not my problem at now ;) Oh, I tought you was a free citizen, not a military. But wait, even the military can desert ! @Niccolò: good point. Howevere one could write a non GPL piece of code (the minimum to keep the data undisclosable) and link qgis to it. Is it forbidden by GPL license? I don't think... I think it is. --strk; () Free GIS Flash consultant/developer /\ http://strk.keybit.net/services.html ___ Qgis-developer mailing list Qgis-developer@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/qgis-developer
Re: [Qgis-developer] Qgis custom buil to read obfuscated data
2011/9/15 Sandro Santilli s...@keybit.net On Thu, Sep 15, 2011 at 01:10:55PM +0200, G. Allegri wrote: @Sandro: it's a requirement I'm asked to implement, not an hypothesis to discuss. We can debate on the choice, but that's not my problem at now ;) Oh, I tought you was a free citizen, not a military. But wait, even the military can desert ! I'm a free citizen and I can refuse a contract, but this is not the point of my question Sandro. I've asked a technical opinion, not ethical. @Niccolò: good point. Howevere one could write a non GPL piece of code (the minimum to keep the data undisclosable) and link qgis to it. Is it forbidden by GPL license? I don't think... I think it is. Probably you're right. http://blog.milkingthegnu.org/2008/04/gpl-for-dummies.html --strk; () Free GIS Flash consultant/developer /\ http://strk.keybit.net/services.html ___ Qgis-developer mailing list Qgis-developer@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/qgis-developer
Re: [Qgis-developer] Qgis custom buil to read obfuscated data
Hi Giovanni The simplest solution might be to encrypt the data and send the key to your clients. Regards, Marco Am Donnerstag, 15. September 2011, 12.14:37 schrieb G. Allegri: I've been asked to create a custom qgis, to be distributed via CD/DVD along with some data (vector and raster) that should be only visible and usable thorugh the customized qgis and not by any other tool. Has somebody in this list ever had to manage this kind of obfuscation? giovanni ___ Qgis-developer mailing list Qgis-developer@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/qgis-developer
Re: [Qgis-developer] Qgis custom buil to read obfuscated data
@Niccolò: good point. Howevere one could write a non GPL piece of code (the minimum to keep the data undisclosable) and link qgis to it. Is it forbidden by GPL license? I don't think... I think it is. I also believe it might be forbidden by the GPL. I think there might be a way to reconcile ethics, respect for the GPL and the client needs. You would need to obfuscate the source code. For example, you rename fonctions, classes, filenames etc according to an encryption mechanism. The encryption is based on a key chosen by the client. You need to take care of many things, e.g. if: qgsapplication.cpp becomes qslghtygvr15ni189t.cpp then: qgsapplication.h becomes qslghtygvr15ni189t.h Naming conventions which are understood by the framework should be respected as well (I do not know qgis's architecture well enough to be precise here). In one part of the code, you put your mechanism decoding the data. You then release the whole thing as GPL. Obviously, you work on the non-obfuscated code. You need to use or build a software to obfuscate the code (http://en.wikipedia.org/wiki/Obfuscated_code says there are open-source software to do so). Then, for the ethic part: you also share any improvement you do in non-obfuscated format (except maybe the data-decoding part). I wonder though if the major part of the data-decoding part could be generic enough to be shared as (non-obfuscated) GPL code. Then other sensitive projects may reuse it. Is the whole approach ethical? I really don't know. Still, it would be funny to receive a dataset with a notice: to read this geotiff, you must use our version of QuantumGIS, not ArcGIS or Mapinfo! EDIT: not sure the approach above is OK, see http://stackoverflow.com/questions/1086445/obfuscation-and-gpl However GPL encryption software do exist. Maybe the data provider could give the data with a key. Of course it makes the system much weaker. However, the client should be aware that an external compiled piece of code is not much less easy to crack than it is to change an open source software. A final note: I believe in free software and in free geo data. I contribute to QGIS and to OpenStreetMap. I've produced some of OSM icons and released them in public domain. However, piracy exists and I condemn it; some organizations may rightfully search ways to protect themselves against unauthorized used of their data. I prefer companies that share their data, but as long as you contribute yourself to QGIS in other domains, then you would learn something from this work and I would say it's better than if they pay ESRI developers to do the same. Still, if you can find another client/boss which is more open source minded, then I would encourage you to refuse this task. Otherwise, I'll pray for you soul! Hope this helps, Mayeul Probably you're right. http://blog.milkingthegnu.org/2008/04/gpl-for-dummies.html --strk; () Free GIS Flash consultant/developer /\ http://strk.keybit.net/services.html ___ Qgis-developer mailing list Qgis-developer@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/qgis-developer ___ Qgis-developer mailing list Qgis-developer@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/qgis-developer
Re: [Qgis-developer] Qgis custom buil to read obfuscated data
I agree that obfuscated source code is against the spirit of the GPL- 'The “source code” for a work means the preferred form of the work for making modifications to it'. There's also the remote possibility of a motivated party working to de-obfuscate if the dataset is juicy enough. I'd say that encryption is the answer here - hang the security on the key rather than the code. If the requirement is explicitly should be only visible and usable through the customized qgis and not by any other tool., then use GPG[1] or something[2] and add a File Load Encrypted Dataset dialog or some such. I would imagine this to be a reasonable solution. 1. http://www.gnupg.org/related_software/libraries.en.html 2. http://www.gnupg.org/related_software/gpgme/index.en.html John On Thu, Sep 15, 2011 at 4:41 PM, Mayeul Kauffmann mayeul.kauffm...@free.frwrote: ** @Niccolò: good point. Howevere one could write a non GPL piece of code (the minimum to keep the data undisclosable) and link qgis to it. Is it forbidden by GPL license? I don't think... I think it is. I also believe it might be forbidden by the GPL. I think there might be a way to reconcile ethics, respect for the GPL and the client needs. You would need to obfuscate the source code. For example, you rename fonctions, classes, filenames etc according to an encryption mechanism. The encryption is based on a key chosen by the client. You need to take care of many things, e.g. if: qgsapplication.cpp becomes qslghtygvr15ni189t.cpp then: qgsapplication.h becomes qslghtygvr15ni189t.h Naming conventions which are understood by the framework should be respected as well (I do not know qgis's architecture well enough to be precise here). In one part of the code, you put your mechanism decoding the data. You then release the whole thing as GPL. Obviously, you work on the non-obfuscated code. You need to use or build a software to obfuscate the code ( http://en.wikipedia.org/wiki/Obfuscated_code says there are open-source software to do so). Then, for the ethic part: you also share any improvement you do in non-obfuscated format (except maybe the data-decoding part). I wonder though if the major part of the data-decoding part could be generic enough to be shared as (non-obfuscated) GPL code. Then other sensitive projects may reuse it. Is the whole approach ethical? I really don't know. Still, it would be funny to receive a dataset with a notice: to read this geotiff, you must use our version of QuantumGIS, not ArcGIS or Mapinfo! EDIT: not sure the approach above is OK, see http://stackoverflow.com/questions/1086445/obfuscation-and-gpl However GPL encryption software do exist. Maybe the data provider could give the data with a key. Of course it makes the system much weaker. However, the client should be aware that an external compiled piece of code is not much less easy to crack than it is to change an open source software. A final note: I believe in free software and in free geo data. I contribute to QGIS and to OpenStreetMap. I've produced some of OSM icons and released them in public domain. However, piracy exists and I condemn it; some organizations may rightfully search ways to protect themselves against unauthorized used of their data. I prefer companies that share their data, but *as long as you contribute yourself to QGIS in other domains*, then you would learn something from this work and I would say it's better than if they pay ESRI developers to do the same. Still, if you can find another client/boss which is more open source minded, then I would encourage you to refuse this task. Otherwise, I'll pray for you soul! Hope this helps, Mayeul Probably you're right. http://blog.milkingthegnu.org/2008/04/gpl-for-dummies.html --strk; () Free GIS Flash consultant/developer /\ http://strk.keybit.net/services.html ___ Qgis-developer mailing list Qgis-developer@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/qgis-developer ___ Qgis-developer mailing list Qgis-developer@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/qgis-developer ___ Qgis-developer mailing list Qgis-developer@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/qgis-developer