Beefy Boxes and Bandwidth Generously Provided by pair Networks Cowboy Neal with Hat
We don't bite newbies here... much
 
PerlMonks  

Re: perl2exe - no more secrets

by Jenda (Abbot)
on Feb 24, 2003 at 15:24 UTC ( #238141=note: print w/ replies, xml ) Need Help??


in reply to perl2exe - no more secrets

I wonder whether the ++s were given to the node or to the name. IMO Randal is completely missing the point.

1. From perlcc docs in Perl 5.8:

The code generated in this way is not guaranteed to work. The whole codegen suite ("perlcc" included) should be considered very experimental. Use for production purposes is strongly discouraged.

2. Could you tell me what do you think is the difference between what perl2exe does and what PAR does? So perl2exe uses XOR "encryption" so that the code is not plainly visible in the EXEcutable, how's that different from PAR's zipping of the data? Normal BFU doesn't see what he/she should not but anyone who knows what he's doing gets to the script&modules.

The only difference between perl2exe and PAR is that PAR is free and you can see the source. I don't think this is a valid enough reason for this bashing.

Jenda

P.S.: Yes, it might be good if perl2exe's docs contained a remark explaining that it's possible to get the source code out of the EXE. If it was in big red letters then maybe even Randal would be happy.


Comment on Re: perl2exe - no more secrets
•Re: Re: perl2exe - no more secrets
by merlyn (Sage) on Feb 24, 2003 at 15:41 UTC
    My problem with perl2exe (which you would see if you had super search'ed back) is that it gets tossed around as a solution to three problems:
    • code hiding
    • "speeding up" by "compilation"
    • bundling for single-file installation and sharing
    Well, the first two are bogus claims (especially since the exploits for the code hiding are now readily available). And the third was a nice feature, but is now completely satisfied by PAR.

    But instead of making it clear that the first two were bogus claims, they continued to take $99 from unsuspecting souls. This borders on outright lack of ethics, as far I am concerned.

    So, mostly on principle, I must continue to urge people to please stop recommending perl2exe. Use PAR.

    -- Randal L. Schwartz, Perl hacker
    Be sure to read my standard disclaimer if this is a reply.

      Yeah. If you put it like this I agree completely. The whole problem I have with your post is that you blame Indigostar for the first two. They did not make it clear enough that the 1st is not real (but they never claimed it is), and they do say the result will "run at about the same speed".

      You should not hold them responsible for someone elses faults. IMO of course.

      You are right that with PAR being available there is no real reason to use Perl2exe anymore. It was a valuable tool (though I did not use it myself. I use PerlApp and PerlCtrl) but now there is an opensource replacement.

      Anyway ... if someone asks me how to "covert a Perl script into an executable" I will mention PAR, PerlApp and perl2exe. It's his duty to choose, not mine. All I can do for him is to tell him that these three do the same thing just a little bit differently.

      Jenda

      Anyone who reads the docs of can see that perl2exe does not claim the first 2. It doesn't say it's hiding the code nor it claims it's speeding up the things.

      It DOES claim that you won't provide source code with the exe-distribution. This is not true as we all have read. Which is a lack of ethics, i agree.

      But i still don't understand why anyone couldn't recommend perl2exe for the functionality it DOES provide.

      Please, don't fight the windmills sir Don Quixote :-)

Re: Re: perl2exe - no more secrets
by herveus (Parson) on Feb 24, 2003 at 16:07 UTC
    Howdy!

    Regarding your second point: PAR's zipping of files is not presented as anything other than packing several files together in a single file for convenience in delivery. It is not held out as meant for hiding anything. Using XOR (so-called) encryption only serves to obscure the source. It is a weak attempt at source code encryption, having nothing at all to do with bundling files together into a single distribution file.

    I think that that distinction is central to the "problem".

    yours,
    Michael

      Neither "XOR" nor "encryption" may be found in the perl2exe docs. It's just something you may find out while trying to break into the EXE. You are right that PAR is more clear about what is it doing, perl2exe doesn't say pretty much anything about what it does.

      IndigoStar says: "Perl2Exe is a command line utility for converting Perl scripts to executable files.
      This allows you to create stand alone programs in perl that do not require the perl interpreter. You can also ship the executable file without having to ship your perl source code." They do not even mention "compilation" on the page. (They do use the word a few times in the docs though.)

      IMO they did not mean the XOR as a means of real encryption, but just to prevent the text to be seen in the EXE and found by normal "Find in Files". Just a means to prevent the code from people that would have no use for it anyway.

      Jenda

        But when they say "You can also ship the executable file without having to ship your perl source code.", doesn't that sound a lot like "Hey, no one will be able to get at your source!"? It sure seems as if they're trying, at least, to imply that your source will be safe.

        kelan


        Perl6 Grammar Student

        Howdy!

        All the same, for better or worse, whether deliberate or not, PAR is quite a bit more transparent in what and how it is doing what it does. IndigoStar is not being as clear as they could be in exactly what they are and are not claiming perl2exe actually does.

        I'll grant that this particular horse may well be dead by now. The twitch just seen may have been a simple response of an object to being kicked.

        yours,
        Michael

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://238141]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (4)
As of 2014-04-19 18:23 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    April first is:







    Results (483 votes), past polls