I would like also to be able to deploy a pharo app as a dll juts time and money.
S. > On 7 Sep 2020, at 17:28, Esteban Maringolo <emaring...@gmail.com> wrote: > > Hi Davide, > > Thanks for the thorough response, but I think you're over > dimensioning, and to some extent missing, my initial purpose and > intention. > > I don't want to protect from somebody attempting to reverse engineer > my application, that's impossible (more so given your references). > I simply want to disable the option to open the IDE, even with all > tool menus disabled. > > In Java if I deliver a .jar or .war anybody could reverse engineer it, > but launching it won't open the development environment. > > For comparison with other Smalltalks I've used: > * VisualWorks enables the distribution of a "headless" IMAGE (and > parcels) without sources, if you revert that image to be headful all > source code will be decompiled using meaningless variables. > * Dolphin has the concept of SessionManager that is the entry point to > the image startup, if you save your image with a Headless Session > manager, then no GUI loop will start, same thing if you deploy as a > COM component. > * VAST produces its own ICX file where you can choose what to include > in it, it's not simply saving the image but building a new one from > within the development image, it's one step further. > * VSE had the SLL (similar to DLLs), if you don't bind the IDE's SLLs > then there is no way to start the IDE (I never built a headless VSE > app though). > > So what I'd like is an always Pharo headless image or Pharo headless > vm, instead of being controlled by a parameter in the VM. > > Regards, > > Esteban A. Maringolo > > On Mon, Sep 7, 2020 at 12:04 PM Davide Grandi <davide.gra...@email.it> wrote: >> >> Ok, I'll give you a result, meanwhile fixing some imprecisions. >> >> The "class" is CogVmSimulator but it's use is very far from my knowlegde, >> I recalled having seen a picture of Pharo-in-Pharo (or Squeak-in-Squeak) >> running under this simulator. >> It lives near the Cog side (or the OpenVM side) of Squeak/Pharo >> (If I'm not wrong Squeak ran into an emulator, before walking on his >> legs-his VM). >> >> There are many of these simulator, for other Smalltalk : >> - Hobbes and others for Xerox (thanks to files of Mario Molczko and/or >> Bitsavers >> - Dan Ingalls Apda Smalltalk + old Smalltalk -72 /-76 >> and maybe others I don't yet know about >> >> The reason is quite simple : the object memory is written to disk >> and the spec of executing Smalltalk are known either from the books >> or by the source. >> >> The root is Xerox's SystemTracer, a class that wrote a running image >> to disk, optionally changing object format (see the Green Book). >> >> So : >> - if you can read the image >> - you can run into a simulator >> - or decode it without to much effort (5 emulators for Xerox V2 image, >> so far). >> (try to open an image with a text editor : intriguing !) >> >> I don't know how Cincom or Instantiations protect the released st code, >> but for Pharo and Squeak this is not a point : they are all open. >> >> So, as if you wanna "protect" names and methods of a running image ... >> ... you have to (IMHO) : >> - encrypt executable and image (and modify the VM) >> - or obfuscate your classes and methods renaming it to >> C1, C2, ..., m1:p1:p2: and so on (keeping a map for debugging) >> >> Sorry to be imprecise about names and locations >> apart from suggest to see 4 emulators 4 running in a squeak image >> running ... in javascript in your browser (so total is 5) at : >> https://smalltalkzoo.thechm.org/HOPL-Squeak.html?earlyst80 >> (thanks to Vanessa Freudemberg & Dan Ingalls). >> >> Sorry again & best regards, >> >> Davide Grandi >> >> On 06/09/2020 23:51, Esteban Maringolo wrote: >>> If somebody gets to open the image and loads it with an Smalltalk >>> Emulator to execute it I'll ask him/her to start working together, and >>> even teach me how to do it. >>> >>> I don't want to shield the image from being accessed, just want to >>> make it harder than simply removing the '--headless' parameter to the >>> VM executable. >>> Of course removing sources is a plus (I do for a VW deployed image), >>> but even for this particular piece of software that I'm asking for, I >>> don't need it. >>> >>> If I wanted to make the source public, I'll publish it in >>> Github/Gitlab, otherwise I'd rather keep the code private. >>> >>> Regards, >>> >>> Esteban A. Maringolo >>> >>> On Sun, Sep 6, 2020 at 6:29 PM Davide Grandi <davide.gra...@email.it> wrote: >>>> I mean that with SmalltalkEmulator, the Smalltalk interpreter >>>> written in Smalltalk, one can execute an image looking at >>>> classes, methods and maybe executing code at will. >>>> >>>> And the only practical form of protection I see in Squeak/Pharo >>>> is to obfuscate code. >>>> >>>> Maybe I'm wrong. >>>> >>>> Davide Grandi >>>> >>>> On 06/09/2020 22:27, Esteban Maringolo wrote: >>>>> On Sun, Sep 6, 2020 at 12:52 PM Davide Grandi <davide.gra...@email.it> >>>>> wrote: >>>>>> Does "competition" has SmalltalkEmulator ? >>>>>> A Smalltalk-written VM will defeat any simple obfuscation scheme. >>>>> Sorry, but I don't understand what you mean. >>>>> >>>>> Best regards, >>>> -- >>>> Ing. Davide Grandi >>>> email : davide.gra...@email.it >>>> mobile : +39 339 7468 778 >>>> linkedin : http://linkedin.com/in/davidegrandi >> >> -- >> Ing. Davide Grandi >> email : davide.gra...@email.it >> mobile : +39 339 7468 778 >> linkedin : http://linkedin.com/in/davidegrandi >> >> > -------------------------------------------- Stéphane Ducasse http://stephane.ducasse.free.fr / http://www.pharo.org 03 59 35 87 52 Assistant: Aurore Dalle FAX 03 59 57 78 50 TEL 03 59 35 86 16 S. Ducasse - Inria 40, avenue Halley, Parc Scientifique de la Haute Borne, Bât.A, Park Plaza Villeneuve d'Ascq 59650 France
