[Newbies] Squeak in commercial projects

Bert Freudenberg bert at freudenbergs.de
Wed Mar 7 09:29:21 UTC 2007

On Mar 7, 2007, at 8:57 , goran at krampe.se wrote:

> Hi!
> Just a note - decompiling from bytecodes is very easy in Squeak. The
> only thing missing is the original indentation and any comments. But
> everything else is there. Just so you know.

Well, if you're really concerned about decompiling, just mangle the  
selectors. As long as you are not constructing Symbols at runtime  
(#asSymbol, #intern:) this works perfectly well. Same for class names  
and instance variable names.

> Locking down the image is of course doable - so that you can't easily
> get to the tools etc - but there are of course ways to go around that
> too. For example, I guess you can use an image file analyzer (there is
> at least one I think) or hack a VM to do stuff when the image is  
> loaded.

Sure. But if the names are mangled this is about as much fun as  
reverse engineering machine code. No wait, the tool support is still  
better ;)

>> But doesn't this imply that the source is downloaded, making it easy
>> (easier) to hack the system? I could make the private Monticello
>> connection secure, update the system and then delete the source...  
>> just
>> thinking out loud.
> Yes - a Monticello package is just a zip file of source code. Sure,  
> you
> can make the transfer "secure" using SSL or whatever - and you can  
> apply
> it and throw it away

Well, you certainly would want to encrypt and sign the patch. If you  
are *that* paranoid I'd not even use MC but just image segments.

It's all a question of cost/value. I for one would be more concerned  
about preventing malicious code injection than the possibility of  
reverse engineering. But you have to weigh that yourself.

- Bert -

More information about the Beginners mailing list