Hi, I hope somebody on the list could help me out here. Some great apps have appeared over the past year written in RubyOnRails (Basecamp, Backpack to name a couple) and it seems the trend is very much towards hosted services. However, our company are in the process of producing an off-the-shelf, modular intranet system, written in RoR, and I''ve been wondering how we can protect our source code? Is there any form of equivalent of the PHP Zend/IonCube encoders for Ruby? How are other people approaching this problem? Bespoke work for clients and hosted services is one thing, but there must be other people thinking about or in the process of writing packaged RoR apps wondering how they are going to protect their intellectual property. Cheers Luke _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
On 8/9/05, Luke Redpath <luke-lJ1peEkt3K8wCQPON/xxHQmknBWnwzYrtUK59QYPAWc@public.gmane.org> wrote:> Bespoke work for clients and > hosted services is one thing, but there must be other people thinking about > or in the process of writing packaged RoR apps wondering how they are going > to protect their intellectual property.They''re not. :-( Unfortunately, due to the way Ruby is interpreted, there is no way to "compile" your source at this time. Then again, just take a look at any warez site out there and think about whether hiding your source in a binary format is really worth it. If people want to use your product without paying for it, it''s not going to matter whether it''s coded in Ruby, Python, Java or C -- they can all be reverse-engineered. Compilation and/or obfuscation may make it slightly _harder_ to do so, but the nature of the Internet means that only one or two people have to actually do the cracking, and everyone else gets it for free. -- Regards, John Wilger ----------- Alice came to a fork in the road. "Which road do I take?" she asked. "Where do you want to go?" responded the Cheshire cat. "I don''t know," Alice answered. "Then," said the cat, "it doesn''t matter." - Lewis Carrol, Alice in Wonderland
On Aug 9, 2005, at 9:23 PM, John Wilger wrote:> On 8/9/05, Luke Redpath <luke-lJ1peEkt3K8wCQPON/xxHQmknBWnwzYrtUK59QYPAWc@public.gmane.org> wrote: >> Bespoke work for clients and >> hosted services is one thing, but there must be other people thinking >> about >> or in the process of writing packaged RoR apps wondering how they are >> going >> to protect their intellectual property. > > They''re not. :-( > > Unfortunately, due to the way Ruby is interpreted, there is no way to > "compile" your source at this time. > > Then again, just take a look at any warez site out there and think > about whether hiding your source in a binary format is really worth > it. If people want to use your product without paying for it, it''s not > going to matter whether it''s coded in Ruby, Python, Java or C -- they > can all be reverse-engineered. Compilation and/or obfuscation may make > it slightly _harder_ to do so, but the nature of the Internet means > that only one or two people have to actually do the cracking, and > everyone else gets it for free. > > -- > Regards, > John Wilger >Definitely. What you need are licenses, lawyers, and spies. Litigation, not obfuscation! -Scott
Use a centralized authorization check against your know paid customer list. I have a product that expires within 30 days if for some reason it does not successfully authenicate with the server I maintain. Some people hate this, but it makes business sense and has worked for my product. Ken On 8/9/05, John Wilger <johnwilger-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: <snip>> Compilation and/or obfuscation may make > it slightly _harder_ to do so, but the nature of the Internet means > that only one or two people have to actually do the cracking, and > everyone else gets it for free.<snip>
Hi,> However, our company are in the process of producing an off-the-shelf, > modular intranet system, written in RoR, and I''ve been wondering how we > can protect our source code? Is there any form of equivalent of the PHP > Zend/IonCube encoders for Ruby?As I know, there are some approaches to create a virtual machine for Ruby, that can run bytecode applications, too (like Java does). I think, it can be a good way to protect your source code (I know, I know, that reengineering is quite easy). What I don''t know, the current state of these virtual machines. Bye, Andras
On Aug 10, 2005, at 2:06 AM, BÁRTHÁZI András wrote:> Hi, > > >> However, our company are in the process of producing an off-the- >> shelf, modular intranet system, written in RoR, and I''ve been >> wondering how we can protect our source code? Is there any form of >> equivalent of the PHP Zend/IonCube encoders for Ruby? >> > > As I know, there are some approaches to create a virtual machine > for Ruby, that can run bytecode applications, too (like Java does). > I think, it can be a good way to protect your source code (I know, > I know, that reengineering is quite easy). > > What I don''t know, the current state of these virtual machinesI believe the original poster was referring to source code obfuscation or other techniques for preventing customers from viewing the source code of the system. I am not familiar with any such tools. Regards, Ed -- Transmogrify, LLC * <http://xmog.com/>
On Aug 10, 2005, at 7:11 AM, Ed Watkeys wrote:> > On Aug 10, 2005, at 2:06 AM, BÁRTHÁZI András wrote: > > >> Hi, >> >> >> >>> However, our company are in the process of producing an off-the- >>> shelf, modular intranet system, written in RoR, and I''ve been >>> wondering how we can protect our source code? Is there any form >>> of equivalent of the PHP Zend/IonCube encoders for Ruby? >>> >>> >> >> As I know, there are some approaches to create a virtual machine >> for Ruby, that can run bytecode applications, too (like Java >> does). I think, it can be a good way to protect your source code >> (I know, I know, that reengineering is quite easy). >> >> What I don''t know, the current state of these virtual machines >> > > I believe the original poster was referring to source code > obfuscation or other techniques for preventing customers from > viewing the source code of the system. I am not familiar with any > such tools.D''oh! I didn''t absorb your second sentence. Sorry. Regards, Ed -- Transmogrify, LLC * <http://xmog.com/>
On Wed, 2005-08-10 at 00:39 +0100, Luke Redpath wrote:> However, our company are in the process of producing an off-the-shelf, > modular intranet system, written in RoR, and I''ve been wondering how > we can protect our source code? Is there any form of equivalent of the > PHP Zend/IonCube encoders for Ruby?There''s Erik Veenstra''s fine utility RubyScript2Exe: http://www.erikveen.dds.nl/rubyscript2exe/index.html That might be a place to start... Yours, Tom