Beefy Boxes and Bandwidth Generously Provided by pair Networks Joe
Think about Loose Coupling
 
PerlMonks  

Closing Perl Source

by Coplan (Pilgrim)
on Apr 02, 2003 at 18:02 UTC ( #247543=perlquestion: print w/ replies, xml ) Need Help??
Coplan has asked for the wisdom of the Perl Monks concerning the following question:

I have a special bit of perl code that I created and modified over the years. I know it's against the traditions of the whole open source community, but I would like this particular bit of code to be closed.

Is there a way I can compile perl into an executable image much like the way we do with C++ or other languages? Or at least is there a way that I can hide the code from the end-user's eye?

--Coplan

Comment on Closing Perl Source
Re: Closing Perl Source
by Elian (Parson) on Apr 02, 2003 at 18:20 UTC
    Oh, good grief, not again.

    This comes up with some regularity here. Go super search and enlighten yourself. And, to forestall the inevitable cascade of replies, the answers generally are:

    1. Heretic!
    2. Use Acme::Bleach
    3. There's perl2exe
      perl2exe isn't secure you ignorant wanker!
      yes it is
      No it isn't
      Well, that's not what it's for anyway
    4. B::Deparse will defeat any attempt at hiding source!

    Short answer is no, it won't really work. Someone'll see the source, so throw a nasty license on it and hope for the best.

      Good list, but you missed a couple:

      • Write it in C. You deserve it for even asking.
      • PAR! PAR! PAR! (repeat perl2exe comments)
      • Wait for parrot, somebody will write a native compiler for that.
      • Perl sux0rs, Java r0x0rs.

      and Here's my One True Answer:

      If you had to ask this question, you're not going to make any money off it. Save yourself the trouble, release the code, and benefit from other's input.

        Hey! I like C! :-P
        I hope that nobody will claim PAR as "secure", or I'll be very embarassed.

        That said, for non-technical people the Zip format provided by PAR does construe as a way to 'hide' the source code -- at least from grep ;-).

        I'll admit that at some early point in time, I too had wanted to "close" a perl-oriented script/program. I did the foresight of reading other people's attempts and saw that it wasn't a really good idea and if I wanted anything "closed", to just write it in C, even though good usage of strings and decompilers can get most of it out. Since then, I've never hid/closed anything I've written and I have gotten much more positive responses on all things I've ever written from those in the open source community. I even provide the source for things written in C, documentation and all.

        Bottom line, just share it. You'll find that the responses you'll get are much more open and helpful than if you try to "hide" an interpreted-language-oriented script.

        It's like the guy that wanted to write all of his shell scripts in perl. Everything on the system that ran in /bin/sh was converted to /usr/bin/perl...which promptly failed because /usr isn't mounted at boot time and hence, no perl binary is available. Just because it sounds like a good idea, doesn't mean it's anywhere near a good idea.

        The best way to hide perl code is to GPG encrypt it.
        Of course, it won't function in that state. But what's more important: code that works, or proprietary code?

        Ha! This is on Best Nodes of the week! What's up with the moderation system?

Re: Closing Perl Source
by dragonchild (Archbishop) on Apr 02, 2003 at 18:21 UTC
    Another way is not to give it to anyone. The best secret is the one no-one knows about.

    ------
    We are the carpenters and bricklayers of the Information Age.

    Don't go borrowing trouble. For programmers, this means Worry only about what you need to implement.

    Please remember that I'm crufty and crochety. All opinions are purely mine and all code is untested, unless otherwise specified.

Re: Closing Perl Source
by diotalevi (Canon) on Apr 02, 2003 at 18:29 UTC

    You'll do better by doing some amazingly clever obfuscation though you'll note that most of the interesting obfus here get reversed anyway...

Re: Closing Perl Source
by Sifmole (Chaplain) on Apr 02, 2003 at 19:07 UTC
    I seriously doubt there is anything you have written that is worthy of needing such "closing". And if there truly is, then you should be writing a paper ( or even book ) about it, speaking on it and then getting massive contracts because somebody saw your brilliant piece of Perl code -- they can't do that if it is "closed".
      I second that opinion. I've worked with some pretty big systems in my work life so far...the better/more flexible ones provided source code and/or scripting facilities of some kind. Chris
Re: Closing Perl Source
by Mr_Person (Hermit) on Apr 02, 2003 at 19:16 UTC
    Take a look at the perl2exe - no more secrets discussion, lots of good information there. (Though, as expected the general feeling is that it's a bad thing to do)
Re: Closing Perl Source
by newrisedesigns (Curate) on Apr 02, 2003 at 19:18 UTC

    Why hide it?

    Let everyone read it, just put a nice big copyright header at the top.

    John J Reiser
    newrisedesigns.com

      No doubt. The poster should do some basic research on reverse engineering. Those who want your source can get it, period. Why drop the benefits of opening it when you gain nothing?

Re: Closing Perl Source
by Abigail-II (Bishop) on Apr 02, 2003 at 19:33 UTC
    Assuming your super secret code is in a file called secret.pl, I recommend one of
    rm secret.pl

    or

    chmod 000 secret.pl

    Abigail

Re: Closing Perl Source (ashamed?)
by Aristotle (Chancellor) on Apr 02, 2003 at 20:49 UTC
    Why? Are you ashamed of it?

    Makeshifts last the longest.

Re: Closing Perl Source
by jbeninger (Monk) on Apr 02, 2003 at 21:36 UTC
    I know I'm repeating some of what's been said by some of the other's here. But seriously - why do you want to close it up?

    If you're afraid people will copy it, they can still copy a binary. Just use a copyright notice as someone else mentioned.

    If you're afraid that people will steal your brilliant idea - if it's so brilliant that people will want to steal it, you'll need more than obfuscation, you'll need a patent, apply for one.

    What's your motivation?

      If you're afraid that people will steal your brilliant idea ...

      ... then sell your contracting services to them at $100+ per hour. Then, when you're bored with that, tell them I can support it for them and I'll even do it for $90 per hour. :-)

      ------
      We are the carpenters and bricklayers of the Information Age.

      Don't go borrowing trouble. For programmers, this means Worry only about what you need to implement.

      Please remember that I'm crufty and crochety. All opinions are purely mine and all code is untested, unless otherwise specified.

Re: Closing Perl Source
by Dr. Mu (Hermit) on Apr 03, 2003 at 05:25 UTC
    Didn't use strict, huh? Lotsa globals? Yeah, I've got a "special" one like that, too. But it works. So do I hide the source in shame, take the time to fix it, or just throw it out there and duck? ;-)

      I think you guys have all mostly been a little unfair. It is usually the commercial and legal people that want to protect the code. If you invest all that money in patenting some code to stop people copying it then they are gonna want to invest money in technically stopping people copying it.

      I have personally seen big companies reject systems because they were written in Perl for this reason.

      Programmers have to be paid for their work and companies have to protect theirs investments. Stopping people copying years of hard toil can sometimes be the only way to stop the unscrupulous

      licensing is often poitnless as I have also seen companies abuse and sell open source software as their own

      open source is not always the answer

        In a sense, you're right. But there's a big BUT.

        Apparently the poster wants to close his source to make money from it. That's his perfectly good right to do. The problem is that he's asking how to do that in a forum which thrives on openness. If you're stupid enough to do that, you deserve to get flamed. Especially if he doesn't even do some research on this site which would have learned him that asking questions about ways to close the source is a no-no.

        So, if he wants to close the source to make money off of that particular piece of code, he wouldn't mind shelling out some money to achieve that goal, right? Well, whaddayknow! Take a look at Stunnix Perl-obfus. Perfectly unreadable code for only $879! Seems like a bargain to me.

        Arjen

        I have personally seen big companies reject systems because they were written in Perl for this reason.

        And it's an extremely valid, if not the most valid, reason to do so. Companies exist to make money. If you want otherwise, go work for a charity. You simply aren't going to make as much (if any) by releasing the source and letting everyone do as they please with it. If you can't understand this basic concept, I recommend you stick to programming and never get into management (heaven, I know ;).

        I have personally seen big companies reject systems because they were written in Perl for this reason.

        True. On the other hand I have also seen companies reject systems because they do not have access to the source. Depends on the client. Depends on the job.

        Languages like Perl and Java running on a relatively high level VM are far easier to de-compile than something that compiles down to machine code. So, don't use them for projects when simple access to the source code is an issue. Any "compilers" or "obfu" generators that leave the VM code around are pretty trivial to get around.

        Personally, I do the vast majority of my commercial work in areas where access to the source isn't an issue - indeed it is usually required.

        How does protecting the source code of the program protect it from being copied? The protection comes through legal means like licenses and patents. Anyone that just wants the binaries, will just copy those. Anyone that wants the algorithm, can disassemble the machine code. Perl just makes it easier to figure what is going on. Anyone who isn't afraid of legal means won't be stopped by an obfuscator.

        In some ways, Perl source could be better from a legal standpoint because it is explicitly available. The competitor who looks at your product has a harder time proving they didn't look at the source code because it was sitting right there on their hard drive. With a binary C program, they can claim legitimate reverse engineering. It is also likely that their source will be written new using the algorithm and concepts. With Perl, they are more likely to get caught copying the source directly and producing a derived work. Then your attack laways take them to court and win the big bucks.

Re: Closing Perl Source
by mattr (Curate) on Apr 06, 2003 at 10:23 UTC
    I think I mentioned two or three times in response to similar posts the possibility of not giving the client the entire program, and running an ASP style service which would give them a key or the rest of the program over the net once they have paid.

    This guy may have something which a client is willing to buy but it is based on a really simple algorithm or even someone else's module which he cannot justify the hours on. Anyway it gets asked alot because:

    1) it is a difficult problem, regardless of the "why do you want to make it secret" crowd, and also because

    2) it must not be answered in an easy to find library on PM since everyone keeps responding to the darned question!

    Anyway I wouldn't mind seeing people's experience with perlcc/perl2exe tools to hear about those tools' limitations/abilities. In particular I'd like to see what they would do to a PerlWx type application and if it could be made into a single app without requiring a perl interpreter. Here my interest is not obfuscation, but quick gui-based product development.

Re: Closing Perl Source
by rdfield (Priest) on Sep 25, 2007 at 15:23 UTC
    Just distribute it. After all, Perl is a write-only language.

    /me ducks

    rdfield

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://247543]
Approved by Elian
Front-paged by VSarkiss
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (6)
As of 2014-04-17 02:14 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    April first is:







    Results (437 votes), past polls