A general doubt

[Michael Morin]

Another approach to the problem is to strictly separate code from data (and
store all variables and the like separate from the code), then put the code
into ROM or similar.

Randy Kramer

Even that's not effective. ROM dumps are not difficult to obtain, ROM
chips are not difficult to replace with flash chips or even an interface
to your PC. You also can't really do that with a Ruby program either.

The only semi-effective way I've seen to do this is with gaming
consoles. The Xbox will only run signed code. This is problematic
though, only people with the correct keys can produce code that will run
on the Xbox (which Microsoft charges large sums of money for) and it was
still cracked (at least the first Xbox was).

--
Michael Morin
Guide to Ruby
http://ruby.about.com/
Become an About.com Guide: beaguide.about.com
About.com is part of the New York Times Company

 

[Michael Morin]

It's a nonsensical scenario. WHY would some intruder do this, when he
can already do whatever he wants with the system? And if he has only
user-level access, he won't be able to change any correctly installed
program, no matter what language it's written in.

Even if the Ruby program could be encrypted or obfuscated, they could
just modify the Ruby interpreter itself to do whatever it is they want
to do. There just isn't a solution, even with compiled languages. Like
I said before, even using a compiled language or obfuscation, all you've
done is raise the bar a little.

--
Michael Morin
Guide to Ruby
http://ruby.about.com/
Become an About.com Guide: beaguide.about.com
About.com is part of the New York Times Company

 

[Gregory Brown]

You're not wrong. You're just approaching the problem the wrong
way. If a hacker has access to someone's computer, there is nothing an
application programmer can do about it - if an application *could* do
something about that, that would only create more problems (for
instance, your solution would basically mean that not even root would
be able to (un)install programs).

Can we stop using Hacker to describe computer criminals? The two
aren't (necessarily) related.
http://en.wikipedia.org/wiki/Hacker_(Free_and_Open_Source_Software)

-greg

 

[Michael Morin]

Can we stop using Hacker to describe computer criminals? The two
aren't (necessarily) related.
http://en.wikipedia.org/wiki/Hacker_(Free_and_Open_Source_Software)

-greg

Like it or not, that's what it means now. In fact, using its true
meaning only confuses 99% of the population and can lead to
misunderstandings. If this "debate" has been going on since the early
90's (or before?), it's just never going to end so there's no point in
even talking about it anymore. "Hacker" has two meanings, just be
conscious of that fact.

--
Michael Morin
Guide to Ruby
http://ruby.about.com/
Become an About.com Guide: beaguide.about.com
About.com is part of the New York Times Company

 

[Gregory Brown]

Like it or not, that's what it means now. In fact, using its true meaning
only confuses 99% of the population and can lead to misunderstandings. If
this "debate" has been going on since the early 90's (or before?), it's just
never going to end so there's no point in even talking about it anymore.
"Hacker" has two meanings, just be conscious of that fact.

Sure, if you're going on the daily news. I'm suggesting you do
exactly the same and be conscious of the fact that on a mailing list
full of free software hackers, the usage to refer to computer
criminals is somewhat offensive. It's all about context.

-greg

 

[David A. Black]

Hi --

Can we stop using Hacker to describe computer criminals? The two
aren't (necessarily) related.
http://en.wikipedia.org/wiki/Hacker_(Free_and_Open_Source_Software)

It really sucks that the word got hijacked, and I never use it that
way. This happens to a lot of technical and paratechnical (is that
word?) words. Lately I've been hearing "blog" used to mean something
vaguely like "email" or "feedback comment" ("Send us a blog...."). And
of course there's "logon" instead of "connect".

And etc., as my students used to put it.


David

--
Rails training from David A. Black and Ruby Power and Light:
Intro to Ruby on Rails January 12-15 Fort Lauderdale, FL
Advancing with Rails January 19-22 Fort Lauderdale, FL *
* Co-taught with Patrick Ewing!
See http://www.rubypal.com for details and updates!

 

[Randy Kramer]

Even that's not effective. ROM dumps are not difficult to obtain, ROM
chips are not difficult to replace with flash chips or even an interface
to your PC. You also can't really do that with a Ruby program either.

Well, you're write--I guess what I should have qualified it by saying
something about without physical access to your hardware, which I assume
would be the case for cases of online/remote cracking (to avoid use of the
word "hacking").

The only semi-effective way I've seen to do this is with gaming
consoles. The Xbox will only run signed code. This is problematic
though, only people with the correct keys can produce code that will run
on the Xbox (which Microsoft charges large sums of money for) and it was
still cracked (at least the first Xbox was).

I hadn't thought of that, but with good encryption, it sounds fairly effective
(ignoring the drawback you point out).

Randy Kramer

 

[Randy Kramer]

Well, you're write--I guess what I should have qualified it by saying

right---------------^

Darn, I hate it when I miss things like that.

Randy Kramer