[Newbies] Squeak in commercial projects

goran at krampe.se goran at krampe.se
Wed Mar 7 07:57:48 UTC 2007


Just a note - decompiling from bytecodes is very easy in Squeak. The
only thing missing is the original indentation and any comments. But
everything else is there. Just so you know.

Locking down the image is of course doable - so that you can't easily
get to the tools etc - but there are of course ways to go around that
too. For example, I guess you can use an image file analyzer (there is
at least one I think) or hack a VM to do stuff when the image is loaded.

Jens Pall <jens at axonspace.com> wrote:
> Brad Fuller wrote:
> > Jens Pall wrote:
> > 
> > This is a step inn the right direction but I'm a bit concerned
> >> about upgrades. How would I ship an upgrade without sending the whole 
> >> image again? Can I somehow export the new/changed bytecode and import 
> >> it at the customer's site?
> > 
> > Can you not employ a similar procedure as squeaksource? Make your own 
> > mini SqueakMap that points only to your repo?
> > 
> > Or put a friendly frontend to Monticello pointing to your repo only? 
> > Maybe you could also send update alerts if the person is online to 
> > remind them to update.
> But doesn't this imply that the source is downloaded, making it easy 
> (easier) to hack the system? I could make the private Monticello 
> connection secure, update the system and then delete the source... just 
> thinking out loud.

Yes - a Monticello package is just a zip file of source code. Sure, you
can make the transfer "secure" using SSL or whatever - and you can apply
it and throw it away (no need for the MC snapshot to ever touch the file
system) but the problem of decompilation/image analysis above remains.

But of course - it is all a matter of "ambition".

regards, Göran

More information about the Beginners mailing list