Menu
▾
▴
rubycocoa-talk
|
From: Tim P. <he...@ti...> - 2007-08-27 16:05:17
|
Hey all Firstly, I apologize that in this post I ramble on a bit, but please bear with it :) I've been thinking about ruby latly, and how people cope with releasing live, production code, in a commercial manner that protects systems (and code) from abuse. We all are probally well aware that languages that can be compiled (java etc etc) can be un-compiled, so things like Ruby2C are still vulnerable to de-compilation techniques. Which then led me onto to think, well, if anything that can be compiled can be un-compiled, compilation as a method of protection of the code base is fairly pointless; as is obfuscation of code (as it can be tidied very simply). So then, a kind of licensing scheme would probably be the best method to protect commercial systems from abuse? Whilst no license key encryption is impregnable - as I write this i believe 512bit can be factored fairly easily, and the security of 768bit is questionable, leaving only 1024 bit with any kind of industrial strength - it would seriously hamper most would-be-attackers would it not? I just wondered how (if at all) anyone had dealt with managing there ruby systems licensing and how they had gone about it considering the code base is easily readable? In our RC apps all one need do is browse into Contents/Resources and the source files are free for all to see. I was just intrigued to see how people, if anyone, had either thought or implemented anything like this for an RC app, or even a rails app for that matter? I read this article with interest: http://macromates.com/sigpipe/2004/09/05/using-openssl-for-license-keys/ I totally understand that NO system would ever be safe, as there is always someone who has either (or both) the inclination and/or time to hack it. Apologies that this is slightly OT, but everyone on this forum seems to have a pretty wide ranging experience with ruby and was just wondering... Cheers Tim |
|
From: Jon B. <jo...@gm...> - 2007-08-27 22:46:22
|
I was subscribed to #macsb mailing list for a while and the conversation *always* seemed to come up (I think that is where the post by Allan generated from as well) and there were like a few dozen good ideas. You might have more luck subscribing + posting this question to their mailing list ... http://macsb.ironcoder.org/wiki/Main_Page http://macsb.ironcoder.org/wiki/WhoIsWho I have not thought about it yet but from what I have read your idea is pretty much like what the Aquatic Prime key generation does. http://www.aquaticmac.com/ - Jon On Aug 27, 2007, at 12:04 PM, Tim Perrett wrote: > Hey all > > Firstly, I apologize that in this post I ramble on a bit, but please > bear with it :) > > I've been thinking about ruby latly, and how people cope with > releasing live, production code, in a commercial manner that protects > systems (and code) from abuse. We all are probally well aware that > languages that can be compiled (java etc etc) can be un-compiled, so > things like Ruby2C are still vulnerable to de-compilation techniques. > Which then led me onto to think, well, if anything that can be > compiled can be un-compiled, compilation as a method of protection of > the code base is fairly pointless; as is obfuscation of code (as it > can be tidied very simply). > > So then, a kind of licensing scheme would probably be the best method > to protect commercial systems from abuse? Whilst no license key > encryption is impregnable - as I write this i believe 512bit can be > factored fairly easily, and the security of 768bit is questionable, > leaving only 1024 bit with any kind of industrial strength - it would > seriously hamper most would-be-attackers would it not? I just > wondered how (if at all) anyone had dealt with managing there ruby > systems licensing and how they had gone about it considering the code > base is easily readable? In our RC apps all one need do is browse > into Contents/Resources and the source files are free for all to see. > > I was just intrigued to see how people, if anyone, had either thought > or implemented anything like this for an RC app, or even a rails app > for that matter? I read this article with interest: > > http://macromates.com/sigpipe/2004/09/05/using-openssl-for-license- > keys/ > > I totally understand that NO system would ever be safe, as there is > always someone who has either (or both) the inclination and/or time > to hack it. > |
|
From: Tim P. <he...@ti...> - 2007-08-28 20:39:07
|
Hey all, Thanks for the replys - that is most interesting, I will take a good look at the aquaticmac system and see how I could potentially adapt to fit so I dont need to re-invent the wheel :) Cheers Tim On 27 Aug 2007, at 23:46, Jon Baer wrote: > I was subscribed to #macsb mailing list for a while and the > conversation *always* seemed to come up (I think that is where the > post by Allan generated from as well) and there were like a few > dozen good ideas. You might have more luck subscribing + posting > this question to their mailing list ... > > http://macsb.ironcoder.org/wiki/Main_Page > http://macsb.ironcoder.org/wiki/WhoIsWho > > I have not thought about it yet but from what I have read your idea > is pretty much like what the Aquatic Prime key generation does. > > http://www.aquaticmac.com/ > > - Jon |
|
From: Brian C. <bm...@sh...> - 2007-08-27 23:12:14
|
On Aug 27, 2007, at 12:04 PM, Tim Perrett wrote: > I've been thinking about ruby latly, and how people cope with > releasing live, production code, in a commercial manner that protects > systems (and code) from abuse. What abuses are you looking to protect? Redistribution? Cloning? Stealing of intellectual property? Before creating a solution, please define your problem a bit more. Most all software is "protected" by having appropriate licenses & EULAs. If you need something more than a simple tool to keep honest people honest, then I'm sorry... thats going to get hard ... fast. Brian |
|
From: Lon B. <lo...@sp...> - 2007-08-28 01:50:24
|
On Aug 27, 2007, at 12:04 PM, Tim Perrett wrote: > I've been thinking about ruby latly, and how people cope with > releasing live, production code, in a commercial manner that protects > systems (and code) from abuse. If your goal is to secure your application completely, I think that game is changing rapidly and honestly is becoming a losing battle. The market is becoming more attuned to free software and ad-driven products, so overly harsh licensing and code protection mechanisms will hinder adoption and sales. -- Lon |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X