Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris

Re^7: Perl 6 ... dead? (no, just convalescing)

by Ven'Tatsu (Deacon)
on Sep 01, 2004 at 20:01 UTC ( #387683=note: print w/replies, xml ) Need Help??

in reply to Re^6: Perl 6 ... dead? (no, just convalescing)
in thread Perl 6 ... dead?

You can convert your Perl 5 scripts to bytecode, and any one can -MO=Deparse them back to something (reasonably) close to the original code.

In Perl 6 you will (I assume) be able to convert your scripts to byte code tartgeting Parrot, and some one will eventualy make a Deparser for Parrot/Perl 6. Perl 6 will probably not be that much friendlier to source hiding than Perl 5 is.

You could always try B::C if your willing to give up some portability.

  • Comment on Re^7: Perl 6 ... dead? (no, just convalescing)

Replies are listed 'Best First'.
Re^8: Perl 6 ... dead? (no, just convalescing)
by osfameron (Hermit) on Sep 02, 2004 at 08:33 UTC
    Even, say, Java bytecode can be deparsed. OK, there are code obfuscators, which do various clever tricks (for example producing valid bytecode which works in the JVM but which could never be produced from valid Java code) and garbling variable/sub/class names to prevent them from being understood. You can easily obfuscate (Acme::Bleach anyone?) Perl code, and garble the names for good measure. I guess the fact that Perl 6 will compile to bytecode will make other forms of source protection easier to implement than for Perl 5 though.
Re^8: Perl 6 ... dead? (no, just convalescing)
by Wassercrats on Sep 01, 2004 at 20:23 UTC
    Diotalevi explained to me that you can't convert Perl to real bytecode. There's some compiler that does a bad job, then there's the not-real bytecode that could be converted back without knowing machine language.

    It really pisses me off that people are being misled into thinking Perl is as safe as any other language when it comes to concealing the source code. The inability to do that well also makes copy protection less safe.

      Just out of curiosity, what language(s) do you consider safe from deparsing, decompiling, and general reverse engineering?

      I'm not well versed in this area, but it seems that the quote along the lines of "Whatever man can hide through obfuscation, another man can uncover with sufficient intelligence, knowledge, sweat, research, time, and a good beer."

      (OK, I don't have the quote handy, but that was the gist of it.)

      I can't think of any absolutely secure way of distributing code that can't be reverse engineered. Sure, if the author could come around and type in a password to decrypt it, and the machine was in a known state so that keystroke grabbers and image snatchers were known not to be present, that would be PDS [Pretty Damn Secure]. Short of that (and I'm sure someone will argue with even that concession), we're all just fooling ourselves, maybe occasionally buying time through indifference, the limited resources of interested folks, and the huge number of interesting projects for those interested folks to attack.

      So what do you consider secure?

      Quantum Mechanics: The dreams stuff is made of

        Actually, you can quite trivially secure software against reverse engineering: if you have control over the hardware it runs on.

        Of course, that's not much help in practice. Particularly because you cannot, by any means, do so if the hardware is not under your control.

        Hence efforts like the TPM chip.

        Makeshifts last the longest.

        I don't know where "secure" begins. If secure software isn't practical, I won't be impractical just to make it secure. I just want a language that allows for state of the art, commercially viable, practical concealment of the source code, and copy protection. Perl's lack of a byte code compiler (if I'm not using the correct term, let me know--I mean Perl to machine language) makes Perl the wrong choice for closed source software that isn't freeware.

        Perl is an even worse choice for my software, which I invested alot of time in and won't be freeware or shareware. I was misled about security, and now I'm forced to keep my software a web application.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://387683]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others avoiding work at the Monastery: (5)
As of 2018-05-20 10:58 GMT
Find Nodes?
    Voting Booth?