Has Zend Source Encryption Been Rendered Useless? 60
tinkertim asks: "Recently I happened upon this freelance job posting and was intrigued by the domain name suggesting Zend decoding. After looking around a bit and finding the sandbox testing, I realized this is not a gimmick. Reverse engineering used to be a service one had to look for at length, and now there's companies offering it hoping to get on the Google top 10. Obviously - they aren't afraid of lawsuits or police action. If Zend and Source Guardian are so easily broken, are PHP developers wasting their time? Should companies selling scripts just open source them now so they have some control over what seems to be the inevitable release of their code? And what happens when vulnerabilities in popular PHP based billing applications that rely on security via obscurity are found from released decoded source?"
Patent side effects are important here. (Score:2, Interesting)
Copyright in fact originally presumed that you gave the copyright office a clear copy of what was copyrighted, so it would become public domain after a few years. The current distortion that effectively makes copyright last VERY long and that does not require deposit of whole works would tend to guarantee they would eventually disappear, rather than contributing to future utility. In computer software, ever stop to think how many clever programs no longer are available and have sources which were copyrighted but probably exist no more in complete form anywhere? How many wheels have been re-invented (and these days possibly even patented) long after the initial invention?
Technology that makes it impossible to hide sources may not affect the time of copyright, but it would help ensure that such material in some far distant future may become available. Also and more usefully it will provide evidence of inventions which may inhibit slightly the tendency of Johnny come latelies to patent things that have been invented by others long before. Registering something for copyright really ought to do that now but that is another of the areas various governments have conveniently forgotten.
SEO? (Score:4, Interesting)
100% spam (Score:5, Interesting)
Re:DRM (Score:5, Interesting)
I actually got a response from one company, who called themselves "American Computer Systems". I followed a link from a spam, and they were actually relatively advanced -- they use JavaScript to construct your source from a very long string of alphanumeric characters. At the end, they document.write it. They show this effect off on their homepage. So, I made a textarea in the original page, swapped "document.write(foo)" for "document.(the.text.area).value = foo", then sent it all back to them. Here's the first email I sent them:
To my astonishment, I actually got a response. A response somehow defending the position of "encrypting" websites.
Funny, I could swear I saw the WMA bit commented out? Ah, well, I'll give him that one, but this is too fun to stop now...
Re:Lame (Score:3, Interesting)
Except the difference here is, there are theives who would break in and steal your stuff without also knowing how to pick a deadbolt. Most people who want to steal this source code could do it easily.
What's more, automatic lockpicks don't work yet (as far as I know), nor can you easily build a robot to pick locks, run in, steal stuff, and bring it straight to the pawnshop. This kind of thing is easily possible with this kind of "encryption" (sorry, "protection") -- I can certainly automate the process of Googling for code that looks like it was "protected" this way, "decrypt" it, and email the results to me, figuring that anyone using this probably has something to hide in their PHP -- maybe a vulnerability, even.
In any case, would you feel as confident about this if someone really was selling paper-mache deadbolts? If it really is just a question of magnitude, remember, someone still might be able to decompile code fairly quickly (and crack it to do things it tries to prevent, like making a game run without the CD). Compiling, even just to bytecode (and you can do that with some variants of PHP), is more like a real deadbolt. "Encrypting" is paper-mache, and I don't see how it's even "good enough for most".
Ah, well, at least this is better than the HTML "encryption", which seriously damages the usability of your site, without even slowing down a "hacker" wanting to "steal" your code -- not that you should care about this in HTML, anyway.