[nycphp-talk] Getin' paranoid with php code protection
louie
louie at zibi.co.il
Thu Jun 20 17:24:24 EDT 2002
greetings !
see the big picture !!!
well, lets clear things,
napster user i believe know that they doing something wrong !
but they are not stealing! they are price adjusters, music disk's should be
way cheaper
than what it is right now, and thanks to napster price did drop down.
the only people who makes the big bucks are not and never will be the
artists.
the only person with the fat bank account are the manager/record companies.
i also believe that each of you can pick at least one computer Application
that should be cheaper to the public for using and license.
As for coding/programs I believe that as employee in the tech world
you make less money than what you should make only cuz a lot of programs
are not free or open source.
i can give an example: the team that develop win XP
they got money for there coding time and maybe some bonus.
but microsoft is the company that makes the money of there hard work.
think, is out there was a program that is free to the public
and can help you with your web application, you still need the knowledge,
to implant the program in to your source, and if you NOT a programmer,
probably you will need to hire one to do so.
witch give money to the php community, if you still feel like its stealing,
pay pal to the program owner to show your gratitude.
look what heppen to SEGA with the dream case,
since #dcisos and the UTOPIA.
chap chap
louie.
-"Never trust a program unless you have the source."
----- Original Message -----
From: <charles at softwareprototypes.com>
To: "NYPHP Talk" <talk at nyphp.org>
Sent: Thursday, June 20, 2002 10:24 AM
Subject: [nycphp-talk] Getin' paranoid with php code protection
> Who's paying who for what, when and where seems to be something
> nobody has touched on in this code obfuscation discussion.
>
> 1) Who paid for the development?
>
> Somebody else or yourself? If you did code-for-hire, its not your
> call and not your problem. If its your code, read on.
>
> 2) How much did it cost? How much is it worth, now in a week, in a
> year?
>
> If it cost a lot (>$10k,) to develop its probably tied into some
> domain specific experience and would cost that much again to
> integrate it into another site. If its less, if not worth stealing,
> or protecting by making the maintainance of it more difficult.
>
> Specially since its machine code (even VM code) so its trivial to
> disassemble, map variable and function names onto and if you've got a
> DDE/OLE type convention, its dishearteningly easy to recover
> everything but stack/frame temp var names.
>
> 3) Why was it developed?
>
> 4) Why would anyone want steal it?
>
> How is whoever owns the code making money off of this code? Are you
> selling your code or could/should you use any code that escapes as
> free advertising for your coding skills.
>
> 5) How vulnerable is it anyway?
>
> You haven't told me how is the thief supposed to steal these php
> pages since php runs on the server and those pages should be spewing
> html out to the client.
>
> 5a) Having php code on anything but the server-side is, uh, silly,
> because it won't get executed and therefore I certainly wouldn't want
> to steal a page which was written to have some php code making its
> way out of the server because the writer obviously didn't know what
> he was doing.
>
> 5b) If you're worried about somebody FTPing into your box, remember,
> you can password protect subdirectories, make them belong to another
> user, make the files non-world visible but group accessible. If
> someone does steal your pages (that a stupid concept since your
> publishing them on your web site for everyone to access,) he'd have
> to also duplicate your database schema and your database content.
> That gets a bit harder to pull off and is prosecutable.
>
> Complusion:
>
> Stealing code is not that easy and not that simple. Stealing code and
> getting it to work is orders of magnitude more complicated.
>
> Unless your php code could be turned outright into a shrink-wrappable
> solution for a broad class of problems, I wouldn't worry about it
> getting loose.
>
> Why would you be writing a "shirk"-ware app in php? C++ would give
> you that kind of control while saddling you with the responsability
> for maintainance, updates, correctness, training and support.
>
> You're right, " We live in a world where the majority of Napster
> users honestly think they're not doing anything wrong."
>
> And you know what? They're right.
>
> As galling as it might seem to you to hear this, since you're NOT
> living in a perfect world, using a business model which requires that
> everybody play by rules that can't be enforced is stupid, leads to
> oppression, coercion, supression, censorship. All the things we hate
> and chafe at the very suggestion of.
>
> Find some other, more reality-based, way to make a buck.
>
> Rent out your skills and your ability to learn adapt and code. You
> have nothing else thats truly your own.
>
> The distance between past and future is a user-illusion, a dream-thin
> shock-wave. Be a shock-wave rider or wipe out. Those are the choices.
>
> -Ch-A.
>
>
>
>
More information about the talk
mailing list