NYCPHP Meetup

[Oktay Altunergil]

my 2 cents on this..

At work I cannot code some apps in PHP because the code will be copied by customers/competitors and used on other servers.  I personally could not care less and would love to have all of my code open sourced. However this is a business, and any kind of distinct features you have make the difference between you and your competitors. Granted, they can reverse engineer or just get your idea and design an even better system than you could ever do myself. But that is not the point. In the business world, open source fans are not the people who make decisions. It's the management who decides what you can and cannot do. For this reason I am actually interested in the product mentioned. 

Now I'm not an expert at this but the product seems to do key based encyrption. This is a few steps ahead of mangling the code to make it unreadable by humans. On the other hand, for PHP to parse to code it has to be decrypted and if PHP can decrypt it so can you. I would like more information about this in the FAQ if the developers are tuned in.

Oktay Altunergil

On Wed, 19 Jun 2002 23:42:34 -0400
charles at softwareprototypes.com wrote:

> Kyle, at the risk of lacking subtility,
> 
> if I loosed some extremely sophisticated search engines (and I've
> written AI code and articles for AI Expert) on the intenet on a
> hundred PCs and let those search enines run for a year, do you thing
> I could find a SINGLE fuckin' competitor of yours who'd even want to
> see your fuckin' code? Really now.
> 
> You're just fuckin' your clients over and fooling yourself. Try it
> with a free-ware, GPLed release of the previous version of your
> product and you'll be disgusted at the complete and utter lack of
> interest EXCEPT by your existing client base, maybe, if you're lucky.
> 
> Code obfuscation is pointless and you'd be surprised how it HURTS you
> and HELPS your competitors since they have to reverse engineer with a
> clever way of doing what they see your code doing without your own
> prejudices. 
> 
> They probably come up with shit you never thought of. Much more
> clever than anything you came up with in the first place. (I made a
> MISTAKE reverse engineering an expert system inference engine and
> ended up with a complete enterprise modeling engine which then went
> nowhere because the managers of the firm were great real-estate sales
> men but couldn't manage an MIS project at gun point. Utter
> dick-heads.)
> 
> Obfuscation is a mechanical process and if YOU can obfuscate it, it
> can be UN-obfuscated almost as fast as you can muddy the waters.
> (there were viri written for M$ XL BEFORE XL was even available on
> CD-ROM.) And by ditching the variable and function names, (unless the
> DDE/OLE maps are available,) the un-obfuscation gets rid of your own
> internal slants and just shows things as they really are.
> 
> Stop with the code obfuscation BS.
> 
> The business and the money is NOT in the product but in the process
> of building the product. HOW your company got the product spec in the
> first place is much more important than the product to because life
> is a moving target and whatever you deliver TODAY is obsolete before
> you even deliver it.
> 
> Obfuscation is for long-term losers. phpguardian is a sham, a waste
> of time and money and utterly counter-productive. AND NOBODY needs it.
> 
> -Ch-A.
> 
> > From: "Kyle Tuskey" <ktuskey at exostream.com>
> > Organization: New York PHP
> > Reply-To: talk at nyphp.org
> > Date: Wed, 19 Jun 2002 19:55:06 -0400
> > To: NYPHP Talk <talk at nyphp.org>
> > Subject: RE: [nycphp-talk] testers wanted - phpguardian.com
> > 
> > I don't necessarily think this product is amazing, but I think
> saying
> > that code obfuscation isn't needed because "it isn't open source
> > friendly" is a bold statement.  Some of us develop commercial
> > redistributable software that needs obfuscation to protect the
> code.  It
> > is also a valuable tool for certain contracting circumstances.  I do
> > feel that the zend encoder is the best obfuscator on the market, but
> > then again I'm jaded since I know zeev and support his company.
> > 
> > 
> > -- Kyle
> > 
> > 
> > 
> > -----Original Message-----
> > From: charles at softwareprototypes.com
> > [mailto:charles at softwareprototypes.com] 
> > Sent: Wednesday, June 19, 2002 2:00 PM
> > To: NYPHP Talk
> > Subject: Re: [nycphp-talk] testers wanted - phpguardian.com
> > 
> > uh, php runs on the server side. It never gets off of the server
> > because that's pointless.
> > 
> > Just who are we shielding the code from exactly? 
> > 
> > - Ourselves? Get real.
> > - The "competition"? It entirely defeats the purpose and spirit of
> > open source. 
> > - "Crackers?" They just stress test your back-up and recovery
> > procedures. 
> > 
> > Use CVS or SourceSafe or some other file versioning system and put
> > checked-out copies of the the files in a tree under a shared
> > directory or under the various home directories.
> > 
> > This abomination entirely defeats the purpose and spirit of open
> > source. I say ignore it. If you're really in a snit, boycott it.
> > 
> > Its a __bad__ idea. ON par with charging for your OS.
> > 
> > -Ch-A.
> > 
> >> From: Hans Zaunere <zaunere at yahoo.com>
> >> Organization: New York PHP
> >> Reply-To: talk at nyphp.org
> >> Date: Wed, 19 Jun 2002 10:29:14 -0400
> >> To: NYPHP Talk <talk at nyphp.org>
> >> Subject: [nycphp-talk] testers wanted - phpguardian.com
> >> 
> >> 
> >> There's been some talk lately of source protection.  This package
> > looks
> >> very nice after a quick glance.
> >> 
> >>> From: "ade_inovica" <mrwowza at hotmail.com>
> >>> 
> >>> Hi there
> >>> 
> >>> We're just about ready to release an application called
> > phpguardian -
> >>> an application which will protect php source code.  We are really 
> >>> keen to get some people to try it, so if anyone is interested, 
> >>> please visit http://www.phpguardian.com and go to the download
> link
> >>> 
> >>> All the best to everyone!
> >>> 
> >>> Ade
> >> 
> >> 
> >> __________________________________________________
> >> Do You Yahoo!?
> >> Yahoo! - Official partner of 2002 FIFA World Cup
> >> http://fifaworldcup.yahoo.com
> >> 
> > 
> > 
> > 
> > 
> > 
> 
> 
>