Re: Reverse-Engineering Bytecode: A Possible Commercial Objection To O'Caml

From: Julian Assange (proff@iq.org)
Date: Fri Jun 09 2000 - 17:44:19 MET DST

  • Next message: Thorsten Ohl: "Signatures (was: Reverse-Engineering Bytecode)"

    Daniel Ortmann <ortmann@vnet.ibm.com> writes:

    > 1) The idea occurs to me that O'Caml might support various standard encryption
    > modules using different types of encryption techniques (DES, PGP, etc).
    > 2) Perhaps user encryption could also be supported.
    > 3) Perhaps the encryption modules should be composeable, multiple modules
    > being used to derive another module.
    > 4) What about using public/private keys and key management?
    > 5) Should this be integrated with licensing? What licensing techniques are
    > available on Windows? Mac? Unix? Other? (O'Caml WILL get big
    > commercially, and WILL need to address this eventually.)
    > 6) What things should be visible non-encrypted in cmi/cmo/other files?
    > 7) Should such encryption be available via marshalling? If not, might some
    > needs be common?

    My god, this is awful.

    (a) encryption will not help you if it is standardised. If it is not standardised,
    then all it will do is delay understanding. If it can be decrypted by the vm,
    it can be decrypted by the analyst.

    (b) Time to market penalties are so incredibly brutal now, I question
        whether obfuscating byte-code is at all necessary, simply because most people
        don't have time to analyse source code, let alone byte code.

    (c) Ocaml applications are so rare (compared to C/++), you can consider not only
        Ocaml byte code, but the Ocaml source code an excellent obfuscater.

    (d) Commercial programs rarely implement unpublished, hard to discover ideas.
        Patents are so easy to acquire you are far better off using patent protection.

    (e) Those who are willing to rip you off by reverse engineering are probably
        willing to do it by sheer piracy. e.g 2nd and 3rd world markets.

    > Philosophically speaking, earning money and protecting the rewards of hard
    > work are not bad a priori. There *will* be an exchange of value; that
    > exchange may be either with or without "concern for your fellow man". In
    > fact, one way of looking at a dollar bill is as a type of "certificate of
    > service to your fellow man".

    The problem is there is a lot of value exchange that isn't represented by
    the face of the bill. Ocaml itself is a case in point.

    Cheers,
    Julian.



    This archive was generated by hypermail 2b29 : Fri Jun 09 2000 - 19:52:32 MET DST