Discussion:
Contribution for Perlfaq3
(too old to reply)
David Ljung Madison
2010-10-26 20:18:52 UTC
Permalink
First of all, thank you for all the work for creating the perlfaq, it's
a great resource.

However, in perlfaq3 there is this question:

"How can I hide the source for my Perl program?"

The answer is very one-sided. Further discussion is up at perlmonks:

http://www.perlmonks.org/?node_id=867535

Regardless of whether a plug for my specific free (cost) solution
is added, I think it would be worth mentioning that there *are*
tools for accomplishing this with various costs and tradeoffs.

Taking the hard line that source code hiding is bad is one thing, but it
isn't the answer to the FAQ. Or at least it would be less disingenious
if the FAQ said something along the lines of:

"There isn't a perfect solution to hiding your source code,
and since we think it's wrong to hide your source code, we
won't discuss the imperfect solutions here"


And yes, I know there are ways to get around all of the solutions,
including my own. And I can also pick the lock to your house. :)

Dave++

---------------------------------------------------------------------------
Dave Ljung Madison http://GetDave.com/ 415.341.5555
--------- Rome did not create a great empire by having meetings, ----------
they did it by killing all those who opposed them.
brian d foy
2010-10-27 05:17:42 UTC
Permalink
Post by David Ljung Madison
First of all, thank you for all the work for creating the perlfaq, it's
a great resource.
"How can I hide the source for my Perl program?"
http://www.perlmonks.org/?node_id=867535
Regardless of whether a plug for my specific free (cost) solution
is added, I think it would be worth mentioning that there *are*
tools for accomplishing this with various costs and tradeoffs.
I think the perlfaq3 answer already says that there are tools and that
they have trade-offs. I don't see this as one-sided. It's not denying
the existence of other tools.

You write on http://marginalhacks.com/Hacks/perlc/ :

---
These answers are mostly true, and also a big copout. Ignoring the
practicality of hiding the code in most situations just because someone
can get the code is like deciding to not lock your house anymore, just
because locks can be picked.
---

The analogy misses the point.

If I lock my house and someone picks the lock, that one person (or
crew) has access to my house. The risk to that one person is immediate
death if they choose poorly. When my house is compromised, I can fix it
to once again restrict access to everyone. And, picking my lock only
gives someone access to my house, not all houses.

When someone hacks your encoding of your script, the entire internet
now has it. Indeed, one of the biggest problems is that only one person
has to do the work to make it available for everyone. The risk to that
one person is insignificant. That's one of the reasons that software
piracy is such a problem: for most people it's virtually no work at
all, and you can't reverse that. It doesn't matter that there are
potentially few people who can accomplish this because it only takes
one person.

Not only that, when someone compromises your tool, it not only affects
the thing that you're trying hide, but all the things that everyone is
trying to hide with your tool. People like to publish their exploits,
after all (there is even one in Mastering Perl).

So, the history of software anti-piracy has been an arms race. Anything
you do is obsolete shortly.

Loading...