From: "John SJ Anderson" <geneh...@genehack.org>
On Tue, Feb 12, 2013 at 10:39 AM, jbiskofski <jbiskof...@gmail.com> wrote:
I understand that obfuscating code is not a real detriment to a seriously
motivated knowledgeable hacker. Yet I still think some security is
preferable to no security at all. Also I wish this problem could be
attacked somehow other than suggesting to switch to a different language.
Obfuscation is not security. Other people have explained why
obfuscation doesn't make any technical sense.
Yes, it doesn't make any technical sense. It should be used only for making
the others not like the idea of stealing your source code. So it has a kind
of social sense. :-)
Let me venture a little bit off topic and explain why it doesn't make any
business sense
either.
With your LMS, you're in, fundamentally, a service-oriented business.
I don't know what's LMS. I found with Google Learning Management System, or
LAN management system, but it is still not clear.
The source code that implements your LMS is a tool that helps you
deliver that service -- but it's not really the most important part of
that service, not by a long shot. (It's about as important as the
office copy machine, in fact.)
Do you really think that you if you gave that code to somebody outside
your line of business they would overnight turn into a competitor for
you? No, they wouldn't, because they won't have the assets that you
have that are _really_ important for your business -- like those 18
people that work for you, that have an intimate knowledge of the
problem domain, and of the needs of your customers, and the history of
your service. They also won't have another critical asset you have:
those 300K users, which simultaneously give you a selling point for
future customers and an available pool of people that I bet are happy
to suggest new features and test them out and provide you in-depth
feedback.
OK, but what if I don't have a team of 18 people, but I am the single team
player? And what if I don't have thousands of clients, but I have zero
clients and I try to create and sell a program?
And what if that competitor that might steal the source code is working for
a company, where he has many colleagues that may improve that program even
faster than I can?
The programmers that use other languages say that Perl is bad because its
flexibility and TIMTOWTDI, because it allows much easier to make the code
unmaintainable, and we say that well, this is what we like, that Perl
doesn't forces us to do only some things allowed by somebody else, that if
we want to shoot on our foot we can do it because it is our own business.
Well, maybe some of the Perl programmers would like to do that stupid thing
which is much easier to do in other languages... hide the source code.
Why don't we say anymore that Perl is flexible enough and that it can also
do that even easier than in other languages?
Just because it is not possible to do it in Perl as easy as in other
languages?
There are languages which are more popular than Perl now, and their
popularity increases, and they allow hiding/obfuscating the source code
easy. All of them are wrong, or the programmers that use those languages
don't know that their code is not 100% secured? I'd say that they also know,
but they don't even want 100% security, but to make their source as hard to
find as possible.
If somebody asks "please tell me how to do that in Perl", is not even polite
to say "oh, you can do it in PHP this way...".
If somebody asked if Perl can do something, if the answer is "no, Perl can't
do it" than this should be the correct answer, not that that person should
not do it just because Perl can't do it.
For example, it is not possible to do in Perl what you can do on Python on
Android. It is not possible to create in Perl an SSH client that
authenticate with a password if you want that program portable on Windows.
It is not possible to create in Perl a COM server unless you use a
proprietary application like ActiveState PDK... and so on.
Perl is good for some things. For other things, it is worse.
I don't think that the answers that "move from Windows to Linux" or "don't
do that because it is not a good idea" are helpful answers.
Octavian
--
To unsubscribe, e-mail: beginners-unsubscr...@perl.org
For additional commands, e-mail: beginners-h...@perl.org
http://learn.perl.org/
