invisible javascript

Re: invisible javascript

"Ira Baxter" <idbaxter@semde signs.com> wrote in message
news:3fc4d880$1 @giga.realtime. net...
<snip>[color=blue][color=green][color=darkred]
>>>You use a doctor, right?
>>>I know my doctor's solutions aren't perfect.
>>>But I'm a lot happier to use his partial solutions
>>>than to have no doctors at all.[/color]
>>
>>Being attended to by blood-letting butchers can be worse
>>than having no doctors at all.[/color]
>
>Using an amateur doctor when you have need and nothing else
>is available is smarter than not using a doctor at all.[/color]

You think? With a burst appendix visiting the local homeopathist would
do nothing to influence your subsequent painful death. When an action is
futile (and possibly expensive) it is smarter not to bother.

Richard.

Re: invisible javascript

"Richard Cornford" <Richard@litote s.demon.co.uk> writes:
[color=blue]
> You think? With a burst appendix visiting the local homeopathist would
> do nothing to influence your subsequent painful death. When an action is
> futile (and possibly expensive) it is smarter not to bother.[/color]

Hmm, that's not a very good example. Both visiting the homeopathist and
doing nothing will end you up dead. Might as well have compagny :)


/L 'the road of excess leads to the palace of wisdom ... not!'
--
Lasse Reichstein Nielsen - lrn@hotpop.com
DHTML Death Colors: <URL:http://www.infimum.dk/HTML/rasterTriangleD OM.html>
'Faith without judgement merely degrades the spirit divine.'

Re: invisible javascript

"Lasse Reichstein Nielsen" <lrn@hotpop.com > wrote in message
news:u14qy4ui.f sf@hotpop.com.. .[color=blue][color=green]
>>You think? With a burst appendix visiting the local homeopathist
>>would do nothing to influence your subsequent painful death. When
>>an action is futile (and possibly expensive) it is smarter not to
>>bother.[/color][/color]
[color=blue]
>Hmm, that's not a very good example. Both visiting the homeopathist
>and doing nothing will end you up dead.[/color]

But that was my point. When action and inaction predictably have the
same outcome then inaction is probably smarter (especially if action
incurs expense).
[color=blue]
>Might as well have compagny :)[/color]

In my (fortunately limited) experience of extreme pain company has never
been a consideration. If it were homeopathists would be towards the end
of a list of people I would choose to spend time with (Though there may
be some hollow amusement to be gained from expiring on their premises).

Richard.

Re: invisible javascript

Ira Baxter said:
[color=blue]
>However, when the cost of "undoing" obfuscation seems to exceed
>the cost of simply doing it from scratch, reasonable people
>won't bother doing the reverse engineering.
>Even *competent* people won't bother in this case.[/color]

If you're just trying to prevent somebody from using
your secret programming techniques, then, by all means,
amuse yourself with obfuscation, but don't recommend it in
public without making it clear to all that it must never
be used to protect anything really worth protecting, like
the method you use to retrieve my account information.

In that case, it doesn't matter that 99% of the people
won't bother with it. It only takes one.

Re: invisible javascript

JRS: In article <u14qy4ui.fsf@h otpop.com>, seen in
news:comp.lang. javascript, Lasse Reichstein Nielsen <lrn@hotpop.com >
posted at Thu, 27 Nov 2003 02:31:33 :-[color=blue]
>"Richard Cornford" <Richard@litote s.demon.co.uk> writes:
>[color=green]
>> You think? With a burst appendix visiting the local homeopathist would
>> do nothing to influence your subsequent painful death. When an action is
>> futile (and possibly expensive) it is smarter not to bother.[/color]
>
>Hmm, that's not a very good example. Both visiting the homeopathist and
>doing nothing will end you up dead. Might as well have compagny :)[/color]

If you are expecting to end up dead, it is good to arrange that your
heirs have someone to sue about it.


My view differs from some of those stated.

Accepted that code put on the Net cannot be protected from
misappropriatio n by the reasonably skilled.

But there is a much larger number of substantially unskilled, and one
might reasonably wish and hope to prevent them from making use of one's
code. This can be done with little effort, if one has obfuscation
software. One should not, however, obfuscate all copyright statements.

There is an analogy. It is well-nigh impossible to use a motor-car and
be completely safe against theft of or from it. But the precaution of
locking it and not leaving the keys accessible does protect against many
forms of casual theft, if only by encouraging would-be thieves to choose
easier targets.

--
© John Stockton, Surrey, UK. ?@merlyn.demon. co.uk Turnpike v4.00 IE 4 ©
<URL:http://jibbering.com/faq/> Jim Ley's FAQ for news:comp.lang. javascript
<URL:http://www.merlyn.demo n.co.uk/js-index.htm> JS maths, dates, sources.
<URL:http://www.merlyn.demo n.co.uk/> TP/BP/Delphi/JS/&c., FAQ topics, links.

Re: invisible javascript

Dr John Stockton <spam@merlyn.de mon.co.uk> writes:
[color=blue]
> Accepted that code put on the Net cannot be protected from
> misappropriatio n by the reasonably skilled.
>
> But there is a much larger number of substantially unskilled, and one
> might reasonably wish and hope to prevent them from making use of one's
> code.[/color]

This is where my imagination fails me. What can these unskilled people
use your code for that will in any way hurt you? If the worst they can
do is use it without permission, then I don't think it's worth going
through any trouble for.

If you have specific competitors that should not be able to use your
code, watch their pages and hit them with the copyright law if they do.
[color=blue]
> There is an analogy. It is well-nigh impossible to use a motor-car and
> be completely safe against theft of or from it. But the precaution of
> locking it and not leaving the keys accessible does protect against many
> forms of casual theft, if only by encouraging would-be thieves to choose
> easier targets.[/color]

The problem with this analogy [1] is that theft of a car leaves you
without a car. That makes theft easy to spot. It also requires close
proximity to your car at a time where not too many people are watching.
This lowers the number of potential thieves quite a lot, and makes a
lock a usable precaution (breaking the window or using a crowbar is
hard to do unnoticed).

Compare this to using someone else's code. It can be done in complete
privacy by anybody, anywhere, and you have no way of finding out (also
meaning that you suffer no loss). How much is it *really* worth to
make it a little harder to use your code?

Copyright infringement is not theft! Comparing the two is like comparing
apples and anvils.

/L
[1] It seems to be the rule that all car analogies used on Usenet are flawed.
--
Lasse Reichstein Nielsen - lrn@hotpop.com
DHTML Death Colors: <URL:http://www.infimum.dk/HTML/rasterTriangleD OM.html>
'Faith without judgement merely degrades the spirit divine.'

Re: invisible javascript

On Wed, 26 Nov 2003 23:54:26 +0100, Lasse Reichstein Nielsen
<lrn@hotpop.com > wrote:[color=blue]
> That's a choice too, and it will probably
>even discourage some people (although "the dog bits" is probably better).[/color]

Pinning up a picture of your dogs testicles will discourage people?
Cheers I'll have to try that, normally I just warn about them biting.
:-)
[color=blue][color=green]
>> They are shipping code they wrote at some cost to the public.
>> They'd prefer not to have that code used by a competitor easily.[/color]
>
>The keyword here is probably "easily". How easy the obfuscation is to
>counter depende *entirely* on the competitor. If the competition is
>people like me, "not easily" is quite hard.[/color]

The thing is, we are the only people that matter, muppets couldn't put
a non-obfuscated script modified to their needs in place, and anyone
else, we can change an obfuscated one almost as easily as a
non-obfuscated one - remember we only need to change the things that
matter to our theft.

Jim.
--
comp.lang.javas cript FAQ - http://jibbering.com/faq/

Re: invisible javascript

On Thu, 27 Nov 2003 00:13:26 -0000, "Richard Cornford"
<Richard@litote s.demon.co.uk> wrote:[color=blue]
>And there should
>be no argument that having acquired the source text there is software
>that will re-format it into normally formatted JavaScript source
>(indented blocks, statements on separate lines and so on) and reversing
>the escape encoding of string literals is also easily automated
>(possibly available as part of the same process).[/color]

Recently I just took on some javascript hacking, there was a 200k
javascript source file, uncommented, poorly styled, not actively
obfuscated, but it might aswell have been, I needed to get this into a
state I could do something with it.

astyle and xemacs got it reflowed in seconds, a nice little lint
script from someone not too far away got it integrated into the build
process and now the other guys shouldn't go screwing anything else up
in future.

The tools are free, they were already on my desktop anyway, and they
do a great job of code formatting.

Cheers.

Jim.
--
comp.lang.javas cript FAQ - http://jibbering.com/faq/

Re: invisible javascript

Dr John Stockton <spam@merlyn.de mon.co.uk> writes:
[color=blue]
> They can, while leaving in the code a statement that I wrote it, make
> unsound changes and release the code, after which I may receive the
> complaints.[/color]

That is a problem. Not one I would solve with obfuscation, though.
More likely by adding a line next to the attribution saying either
"May not be republished without author's permission" or (more likely)
"don't trust this code if not downloaded from myhomepage.exam ple.com".
[color=blue]
> One of the much-advertised Javascript sites has in fact taken my code
> without permission and published it, but incompletely so that it is not
> workable while still evidently originated by me; had it been obfuscated,
> they might not have bothered with it.[/color]

Correct me if I'm wrong, but it seems that you are publishing your code
so that people can read it and learn from it. That makes obfuscation
unsuited.
[color=blue]
> (I almost never give permission for my material [text and/or code]
> to be republished, although I allow it to be used, because I want
> updating to have immediate effect on all legitimate public copies.)[/color]

Very reasonable.
[color=blue]
> Assuming a reliable and rapid obfuscator, one might wish to obfuscate
> partially-developed code that was being made publicly visible for test.[/color]

That is more reasonable. It is code that is not intended for reading
or reuse. I would still add a line saying so ("use after October 2001
considered harmfull")
[color=blue]
> Remember, that which is a reasonable reason for an average scripter to
> obfuscate may not be a good reason for you to do so.[/color]

True. But I haven't met an average scripter with a well thought out
argument for obfuscation. They might have one, but they sure don't
present it here :)

/L
--
Lasse Reichstein Nielsen - lrn@hotpop.com
DHTML Death Colors: <URL:http://www.infimum.dk/HTML/rasterTriangleD OM.html>
'Faith without judgement merely degrades the spirit divine.'

Re: invisible javascript

JRS: In article <ekvs5ejh.fsf@h otpop.com>, seen in
news:comp.lang. javascript, Lasse Reichstein Nielsen <lrn@hotpop.com >
posted at Fri, 28 Nov 2003 23:11:46 :-[color=blue]
>Dr John Stockton <spam@merlyn.de mon.co.uk> writes:
>[color=green]
>> They can, while leaving in the code a statement that I wrote it, make
>> unsound changes and release the code, after which I may receive the
>> complaints.[/color]
>
>That is a problem. Not one I would solve with obfuscation, though.
>More likely by adding a line next to the attribution saying either
>"May not be republished without author's permission" or (more likely)
>"don't trust this code if not downloaded from myhomepage.exam ple.com".[/color]

But anyone can remove that; legal methods of recourse are often
impractical, and appeals to the morals of potential copiers are not
necessarily effective.
[color=blue][color=green]
>> One of the much-advertised Javascript sites has in fact taken my code
>> without permission and published it, but incompletely so that it is not
>> workable while still evidently originated by me; had it been obfuscated,
>> they might not have bothered with it.[/color]
>
>Correct me if I'm wrong, but it seems that you are publishing your code
>so that people can read it and learn from it. That makes obfuscation
>unsuited.[/color]

You are right; but it would be possible for my code to be written
without that intention, but still with the wish that it not be
republished.

--
© John Stockton, Surrey, UK. ?@merlyn.demon. co.uk Turnpike v4.00 IE 4 ©
<URL:http://jibbering.com/faq/> Jim Ley's FAQ for news:comp.lang. javascript
<URL:http://www.merlyn.demo n.co.uk/js-index.htm> JS maths, dates, sources.
<URL:http://www.merlyn.demo n.co.uk/> TP/BP/Delphi/JS/&c., FAQ topics, links.

Re: invisible javascript

To "obfuscate" your JS code, try this little utility:



It may help to confuse novices...

Re: invisible javascript

Google hu kiteb:
[color=blue]
> To "obfuscate" your JS code, try this little utility:
>
> http://utenti.lycos.it/ascii2hex/
>
> It may help to confuse novices...[/color]

Anyone so green that this would deter them is also too green to adjust
an unobfuscated script to meet their specific needs.

For me, I'd just c+p into sc unipad, then it is a single right mouse
click away from converting into more human-readable text.

--
--
Fabian
Visit my website often and for long periods!