Seeing the source

dima wrote:

The only solution is open source.

One word: Microsoft.
Another word: Oracle.

Open source is a nice thing, but by no means an “only solution”. If it
were,
the commercial software market as we know it would’ve been blown away by
now.

For one, simple reasons: Customers don’t care about how you distribute
your
software. They care about whether or not it works for them, and fits
within
their budget.

The clever people will help you make a bright idea of yours great.

Ah, yes, much like GNU Hurd.
Every highly visible Open Source project is either backed by commercial
interests or was created by a company that couldn’t stand up against the
completion anymore (Linux, Mozilla (formerly Netscape), or OpenOffice
(formerly, StarOffice)).

Open Source can work, but it is no silver bullet. Especially not, if
your
business model isn’t centered on services or consulting.

From: “dima” [email protected]

You should think what is that you are selling.
I know it’s not a code. Perhaps its solution, service, idea, time,
creativity but is definitely not a code.

Nah. Having the idea and the creativity is the easy
part.

The code and data is where all the hard work is.

If you build something that gain some successes do not think that you
can live from the past glory.

Huh? In what way is this relevant? Please consider how
id Software releases games.

Let’s start with Quake (1996). id Software immediately
releases the GAME LOGIC and TOOLS as open source. But the
game ENGINE remains closed source.

Next, id Software release Quake II (end of 1997). Again,
the GAME LOGIC and TOOLS are released open source. But the
Quake II engine remains closed source.

BUT, now id Softare FULLY releases all of the original Quake
code open source. Now all of Quake I is open source.

Next, id Software releases Quake III (end of 1999.) Again,
the GAME LOGIC and TOOLS are released open source. But the
Quake III engine remains closed source.

BUT, now id Softare FULLY releases all of the Quake II
code open source. Now all of Quake II is open source.

Next, id Software release DOOM III (2005). Again,
the GAME LOGIC and TOOLS are released open source. But the
DOOM III engine remains closed source.

BUT, now id Software FULLY releases all of the Quake III
code open source. Now all of Quake III is open source.

And last month in Dallas at QuakeCon 2007, id Software
confirmed that eventually the DOOM III engine will be fully
released open source.

And they confirmed that even their newest technology,
id Tech 5, will eventually be released open source, too.

The current success is a history. You
should move to new challenges. Ones that try to mimic your solution
will always be one step behind.

This has NOTHING to do with open vs. closed source,
that I can see.

The only solution is open source.
The clever people will help you make a bright idea of yours great.

Open source is great. But it doesn’t sound like you have
much experience developing and trying to make a living off
of shrink-wrap game or application software?

There’s a reason id Software waits a few years before
releasing the engine open source.

Learning from their example, I plan to release my own
applications the same way. Initially, partly open source,
partly closed source. Then when I come out with V2.0,
I will open source ALL of V1.0. Etc.

To me, this is an excellent compromise, considering the
realities of software piracy.

Anyway, what do you think about the way id Software release
their games?

Regards,

Bill

John J. wrote:

a big, big no-no (well, you’d reiterate copyright laws, basically),
Consider crafty use of file permissions settings, and simply burying
things in modules with hard to read names.

Disassemble, sure. But it’s fairly easy to generate sequences of
assembly instructions or bytecodes that can’t be decompiled into any
reasonable language. JRuby’s compiler, for example, emits bytecode that
could never be reversed into .java files, largely because it uses the
operand stack much more heavily and forgoes the use of local variables.

• Charlie

Michel C. wrote:

Hello. I’m new to Ruby (and also to scripting languages).

I’d like to know if, since Ruby is a scripting language, there’s a way
to hide the code when deploying an application. I’d users to be unable
to see the source.

Is there a solution for that?

There’s a couple for JRuby that have been briefly mentioned:

• JRuby can load .rb files from within a .jar file. Since most people
  don’t know a .jar is just a zip file, many would never think to look in
  there.

• JRuby can also compile most .rb into Java .class files. From there
  it’s nearly impossible to get decompiled output that resembles either
  Java or Ruby.

• Charlie

Pretty fra off topic, but I admire the way Id tries to release most
of their stuff as Mac/PC hybrid CD/DVD.
Smart.

As for the release and source release pattern… in the cutthroat
world of computer gaming, it makes perfect sense!
Attract the modders and gamers with the tools to mod the game,
eventually give it all away after the market is past that cutting
edge of technical sophistication.

They probably even have the sense to check out what the OSS
community’s changes/additions to the code

Charles Oliver N. wrote:

• JRuby can load .rb files from within a .jar file. Since most people
  don’t know a .jar is just a zip file, many would never think to look in
  there.\

Thus extending the cracking time by nearly 15 seconds. (-;

JRuby’s main problem: you still need to know Java to use Ruby!

JRuby’s main problem: you still need to know Java to use Ruby!

Oh, I’m just laying awake at night wondering when someone’s going to
invent
RJava…

(-;

John J. wrote:

JRuby’s main problem: you still need to know Java to use Ruby!

Well, we’re hoping to solve that too; jrubyc already provides a
mechanism for compiling to class files, and generally of the class files
are just in the “right places” in your load path they’ll load fine. For
example:

~/NetBeansProjects/jruby $ jrubyc test/foo.rb
Compiling file “test/foo.rb” as class “test.foo”
~/NetBeansProjects/jruby $ rm test/foo.rb
~/NetBeansProjects/jruby $ jruby -I. -e “require ‘test/foo’”
hello from compiled Ruby

So there’s no need for you to worry yourself about classpaths and jar
files and whatnot. Simply lay the compiled versions in the same
directory structure as the uncompiled versions, point load paths to the
appropriate roots, and you’re off.

We’ll also look into providing Ruby-friendly packaging logic, probably
through Java-specific Rake tasks, once the compiler is 100% complete.

• Charlie

On Sep 2, 2007, at 12:07 PM, Charles Oliver N. wrote:

~/NetBeansProjects/jruby $ rm test/foo.rb
100% complete.

• Charlie

That sounds very cool.
A real Ruby interface to Java!
I do want to learn Java at some point though, just because there is a
wealth of stuff there.

I have impression that the subject is about source hiding and
preserving it from the others eyes. Hold it as a kind of advantage
over competition.

I spend last 14 years developing various solutions almost exclusively
in financial domain, stock exchanges, inter-bank trading and financial
institutions integrations, market data visualizations, data feed for
various data vendors, order entry and order rooting, building trading
systems and market data analysis.
I start as a developer and now I am a head of development. Clients of
mine are mostly banks, national banks, ministry of finance, ministry
of treasure and other government institutions, stock exchanges and
brokerage houses and such.

I think that I have a good sense about issue addressed here. My
clients are as paranoid about security as military or even more.

Nevertheless, the most precious thing you can posses are idea,
creativity, customer trust and people. Source code is not in this area
and it’s changing all the times.

Creative developer that produces a solution is priceless in
correlation with code that he/she produce. If you loose the developer
you lose in a sense the code too.
I can elaborate on the subject but it’s pointless.
And for the end just one thought: There was a time where people think
that earth was a round plate carried by the giant turtles - some still
do.

From: “dima” [email protected]

I have impression that the subject is about source hiding and
preserving it from the others eyes. Hold it as a kind of advantage
over competition.

Thanks for clarifying. I was engaging from a different angle,
as I am focusing on maximum number of users who register their
software.

Closed source sucks. Copy protection software measures suck
worse!

However these are used to varying degrees in the small utility
application and game market.

For example: The archive / unzip software with the splash dialog
that says, “You have been using this software for 987 days,
please consider registering.”

Of course, one way to move the problem is to put key program
logic on a remote server; essentially, sell web-based app
services. But that option is out for both high performance
video games, and also for software that journalists carry
on their laptops where their internet connection is often
spotty, or nonexistent.

With the web-based software, one can provide enhanced
features only to registered users. With software like
high performance games or software which must be used
without a net connection, it is necessary to store the
full application logic on each client system.

Historically applications in this client side category
have met with difficulty distinguishing registered from
unregistered users.

Since I am used to thinking of this issue from a client
registration standpoint I actually assumed this was why
the OP was asking… Sorry if I was off-topic.

And for the end just one thought: There was a time where people think
that earth was a round plate carried by the giant turtles - some still
do.

“You’re very clever, young man, very clever,” said the old lady. “But
it’s turtles all the way down!”

Regards,

Bill

Thanks for so many thoughts.

I’m guessing my next step in Ruby will be to try that RubyGems and see
how it works.

I like the idea where an application implements its most valuable part
(security) as closed source and the rest is left open. If the
application gets expected users then hopefully their contribution will
help developping more solutions for the clients or just increase the
application consistency.

Thanks again

On Sep 2, 2007, at 1:35 PM, dima wrote:

Nevertheless, the most precious thing you can posses are idea,
creativity, customer trust and people. Source code is not in this area
and it’s changing all the times.

Creative developer that produces a solution is priceless in
correlation with code that he/she produce. If you loose the developer
you lose in a sense the code too.

There is great truth in this. Code can be very much like poetry. Not
everyone will like it or have a real handle on somebody else’s style.

I like the idea where an application implements its most valuable part
(security) as closed source and the rest is left open.

Closed source security is a really, really bad idea. Security should
never be closed source. Two terms;
peer review
security by obscurity?

http://www.schneier.com/crypto-gram-0205.html#1

I haven’t even read this article, but I’m trusting it to be agreeable,
since it’s coming from Schneier. Please take a close look at it.
Security is important stuff.

Cheers,
Arlen.

Arlen Christian Mart C. wrote:

I like the idea where an application implements its most valuable part
(security) as closed source and the rest is left open.

Closed source security is a really, really bad idea. Security should
never be closed source.

Alice and Bob are talking past each other here. (-;

The mechanisms to secure wires must be open source, at the forefront of
computer science research. And don’t forget those compromising
radiations!
When I was a kid the popularizations of science used to discuss masers
frequently, but for some reason we don’t hear very much about them any
more…

The actual keys and codes, and the locations where a given program
bypasses
them, might be closed source.

Alice and Bob are talking past each other here. (-;

Seems that way. Watch out for Eve/your-variant-here!

The mechanisms to secure wires must be open source, at the forefront of
computer science research. And don’t forget those compromising radiations!
When I was a kid the popularizations of science used to discuss masers
frequently, but for some reason we don’t hear very much about them any
more…

I have no idea about masers? But I still am a kid, so…

The actual keys and codes, and the locations where a given program bypasses
them, might be closed source.

I agree completely - but then I tend to lump the keys/code as
implementation/site-specific details, rather than as a part of the code
itself.

Even when developing an application for a single site, I tend to view
the project very strongly in terms of separating the base software and
implementation aspects, as strongly as your RoR programmer will try to
keep MVC separated. It’s easier to maintain, and helps semantics like
this remain clear.

I think I digressed. My $0.02.

• Arlen.

Phlip wrote:

Arlen Christian Mart C. wrote:

I have no idea about masers? But I still am a kid, so…

The data bus on your 'puter generally works in cleartext. Its clock
turns it into a tiny little oscillating antenna, with a faint signature.
A maser is a focused radar that can read this signature.
Erm… no. A maser is a low-frequency laser; see
Maser - Wikipedia. You’re thinking of TEMPEST. Again,
refer to the Tempest (codename) - Wikipedia for details. You
don’t need much focussing to do it - certainly not radar-level synthetic
aperture, although I’m sure you’d want to do it that way if bulk data
capture (or particularly long-range operation) was the goal…

Arlen Christian Mart C. wrote:

I have no idea about masers? But I still am a kid, so…

The data bus on your 'puter generally works in cleartext. Its clock
turns it
into a tiny little oscillating antenna, with a faint signature. A maser
is a
focused radar that can read this signature. So a file going over a DMA
channel can leak a complete copy. Your monitor can leak its images, and
your
keyboard leaks all your gestures.

Much of the fun and games we hear about in the news derive from spooks
playing mind games with each other, exploiting these toys.

Hi,