I don't think a source-code hiding program deserves our assistance.

We've got this great programming language precisely because Larry gave the damn thing away.

Not that I am a big fan of proprietary software, especially from a user's point of view, but I believe the world has more shades of gray than one would be tempted to see.

This is getting off the topic, but:

I personally think this is a technically fascinating field and would enjoy learning more about it.

Learning is always good, but please don't make this into anything other than an educational experiance. Code obfuscators can always be reversed if the user(s) are determined enough to de-obfuscate.

And on that note, I suggest looking at Acme::Bleach, Acme::Buckaroo, and many other modules in the Acme:: namespace.

. . . not everybody can afford the same level of "programming purity".

People are often surprised to learn just how much of the software ever written actually goes to a store shelf. About of all software either never leaves the company it was written in, or it was done on a contractual basis for a specific company and is never sold elsewhere. I'm not talking about failed projects--this is code that is used internally and is often specific to the way a certain company operates.

If it's never going to leave the company, why would you care what it is licensed under? And why would you want to obfuscate the code? That would just make things harder for a future maintenance programmer.

----
Reinvent a rounder wheel.

Note: All code is untested, unless otherwise stated

Code obfuscators can always be reversed if the user(s) are determined enough to de-obfuscate

This is as true of obfuscated code as it is of compiled programs. While you make it more difficult to reverse-engineer the program, the information is still all there. This might only be changed if some cryptographic techniques become available, allowing to run an application in an untrusted environment without leaking information on the algorithm (I am not able to find relevant links at the moment, but it's an active field of research).

Since you mention Acme::Bleach and Acme::Buckaroo, I'd like to point out that they have no use as obfuscators for commercial source-hiding purposes, since during execution the program is reverted to its original form (comments and all) and then evaluated.

Cheers

Antonio

The stupider the astronaut, the easier it is to win the trip to Vega - A. Tucket

I don't think a source-code hiding program deserves our assistance. 
We've got this great programming language precisely 
because Larry gave the damn thing away.
[download]

E) I'm a contributer to Apache, XMMS, and Mozilla. You have contributed code to what exactly?

Now, now - please, no personal attacking, mmkay? Let's keep it civilized at least...

--
mowgli

[Added I figured I'd also note that I do like obfuscated perl. Why else create Allen Ginsberg - Is About?]

I was referring to the programs you are delivering as obfuscated source code to paying customers when I made the comparison to free software. I'm wearing two hats here - free software user user/developer in the evenings and corporate application programmer developer during the day time.

Of the times when I've had bugs in the commercial software I use (during the day, obviously) I don't know how many times I could have fixed the thing myself if the vendor had provided it with source code. Months have gone down the drain trying to work around bugs and trying to document the bugs so product support can duplicate them (and hopefully fix them as well). Of all the things I really hate, its trying to deal with bugs in closed source software. You could just continue the trend and not provide the source but that's making someone else's life harder. In fact, with obfuscated perl that's all it does since the skill level required to debug a compiled program versus an obfuscated perl program is an order of magnitude apart (having done both I think I can comment).

I recently had to fix a bug where HitBox JavaScript code was breaking part of an intranet web application (interactions via the onLoad handler). In this case the HitBox software is delivered as a text file containing obfuscated JavaScript code and some user documentation describing some global variables (among other things). This had me swearing the entire time because I just couldn't (and still can't) believe the gall of HitBox to provide obfuscated source code. In this case it is merely time consuming (it took me an hour or so) to get a readable source back. HitBox took our money for a product that didn't work in our environment and then I spent my time undoing their obfuscation just so I could fix the damn thing. At least they could have respected me and my employer enough to just give us the source outright.

So perhaps I see it as a respect issue. You disrespect your customer when you deliberately make life hard for them. But then I don't sell software so perhaps you've found that providing the source just means your work is ripped off. So perhaps it puts a smallish obstacle in front of your dishonest customers and actively disrespects your honest customers. I choose to disagree with you on whether this makes business sense or not.

As an open source programmer I don't think I need to prove my credentials to you or anyone. I spend almost every evening and weekends with my time split between activism and the coding to support that activism. If you really want to know what I'm spending my time coding I'll elaborate but I don't think that's relevant here.

---

Seeking Green geeks in Minnesota

Your latest post seems to me far more appropriate to the very intelligent person 
that you are.  Seeing that you develop closed apps 9-5, you must therefore understand
that is sometimes necesary in order to feed your family.
As someone else noted, not all of us can mak a living from the royalties of on book,
like Larry has managed to do.
Myself, I write open source code 40 hours per week and make my living doing installation
and configuration of my software.  In the 13 years I've been coding, I've 
written precisely 3 proprietary apps.
The other hundereds of programs have been open source, even little utility programs
like this obfuscater that I write for my own use - as soon as I wrote it I
found a place to post the source for others to use.
I was then criticized for making my obfuscater available to you and others.

2 of the 3 programs that I have kept proprietary have been implementations of
new security methodologies that I have developed.  Given the precise nature 
of these two specific programs their utility is greatly enhanced by making
their operation non-obvious.  (That may not apply to a lot of security schemes, 
but in these two specific cases it's true.)
Both have also been methodologies that I have spent months developing and must
be paid for if I'm to pay my rent.  Specically, this script I'm obfuscating now
has taken me close to a year to develop. During that time my rent has gotten 3 
months past due.  If I'm to be around to develop anything, I have to have
users of this software pay for it.  That's reality.
These scripts are designed to let a company protect their confidential data.
If they want to save thousands or millions by using my software, I think 
it's reasonable to expect them to pony up $50 to help cover the cost of development.
It's also a fact that other companies have attempted to steal both of my
security technologies while my products were still in beta.
That's not a theory - that's hard reality for me.
My family is about to be homeless while some jerk is making big money stealing
my technology that I spent a year developing.
I don't intend to make that any easier than necesary.
It would be nice if everyone were trustworthy, but that's not reality.

So while you are taking a break from your full time job developing proprietary
software please don't spend that precious time criticizing me for giving away
my obfuscater.  I would perhaps be more receptive to your ideas of you actually
helped someone else by suggesting ways to obfuscate that one line, but if 
you are only here to stroke your own ego and show off then please share
your thoughts with your fellow full time proprietary coders around the office 
and not bother those of us who eek out a living giving our work away.

Ray