About jobfuscate

[Arne Vajhøj]

Last I checked, zip at least can use several sorts of compression from
the LZ family, and even some from outside it. Perhaps jar doesn't tend
to use the full range, though.

The ZIP file format allows for multiple compression algorithms.

But in practice no compression and the zip deflate algorithm are
the ones used.

LZW is definitely used in GIF and LZSS in some other lossless-
compressed file formats (maybe PNG?);

PNG also uses zip deflate.

I doubt that any modern software or format uses LZSS.

GIFs may well occur *inside*
jars.

Yep. But that does not make jar use LZW.

Arne

 

[Arne Vajhøj]

True, but I have to wonder how effective that tends to be when
combined with "real" compression (e.g. LZW). What a binary stripper
removes tends to be text, such as function names, and tends to have
been duplicated all over the place. The "real" compression would
replace all of the copies with a single short symbol and perhaps, if
its occurrence was predictable, further reduced those. Text compresses
well, and what's left after obfuscation doesn't, and that remnant may
even compress worse than before after a true obfuscation (but not
after mere symbol-stripping).

Not so relevant.

If compression is needed then jar provides that.

The point is that the output from an obfuscator shrinking
is valid byte code.

Compressed data are not.

Two different purposes.

I find this surprising. Obfuscators usually don't just remove debug/
symbol information from binaries but also perform semantics-preserving
transformations of the actual code designed to make decompilation
produce very nasty and human-unreadable source code (deeply nested
crap, inlining out the wazoo, what-have-you). Many of these
transformations resemble those performed by optimizing compilers, but
may include "sideways" changes that don't improve run time (or even
slightly worsen it) in exchange for producing nastier decompiled code.
In the case of Java, I'd expect such obfuscatory transformations to
play hell with JIT compilation (these days with Hotspot one actually
gets better performance from unoptimized bytecode than optimized, or
so I've heard). I'd also expect obfuscation to reduce the
compressibility of the code relative to a straight symbol-stripping.
Then again, perhaps the Java obfuscators don't tend to perform those
additional, non-symbol-stripping transformations. Perhaps there's
little mileage in it due to the nature of the bytecode language or
something.

The main function of Java obfuscators is to mangle names. And that
has zero impact on runtime performance.

Arne

 

[Lew]

Far better to be obfuscated than encrypted.

I've maintained some code whose original authors must have subscribed to that
philosophy proactively. Running an obfuscator over their code would be redundant.

What's worse, this also holds true for wizard-generated JSF code I've seen
come out of the Rational Application Developer (RAD) IDE, whose maker shall
remain nameless lest they take not kindly to being mentioned by name.

I can see a competitive advantage to letting the opposition have some source
code unchanged.

 

[nebulous99]

[unprovoked attack post deleted]

You're wrong. None of the nasty things that you have implied about me
are at all true.

(All forms of encryption and obfuscation are "weak" in absolute terms,
though, because the untrusted party has all the information they need,
in principle, to defeat it.)

 

[nebulous99]

[much of unprovoked attack post posted in response to my own
perfectly civil and on-topic post deleted]

The ZIP file format allows for multiple compression algorithms.

I believe that is more or less what I said.

But in practice [snip]

That's not been my observation.

LZW is definitely used in GIF and LZSS in some other lossless-
compressed file formats (maybe PNG?);

PNG [snip]

That's also not been my observation. PNG supports several compression
types also, and pngcrush will try many of them to reencode your pngs
smaller, with no quality loss.

I doubt that any modern software or format uses LZSS.

That's not been my observation either.

[remainder deleted]

None of the nasty things that you have implied about me are at all
true.

 

[Joe Attardi]

[unprovoked attack post deleted]

What attack? What in Joshua's message was an attack? Unless now
disagreement can be seen as an attack?

You're wrong. None of the nasty things that you have implied about me
are at all true.

Isn't it you who goes off on people for saying flat out, "You're wrong"
- but apparently it's OK for you to say?

He didn't imply anything nasty about you. He didn't even commit the
cardinal sin, and say "you're wrong" - he simply gave his point of view
which differs from yours. How is this implying something nasty?

 

[nebulous99]

[snip much of unprovoked attack post posted in response to my
perfectly civil and on-topic post]

Two different purposes.

You're completely missing the point, of course, which is that you are
going to be stuffing your class files into a compressed jar either
way, and even large savings in class file size from symbol stripping
may translate into only small-to-modest shrinkage of said jar.

The main function of Java obfuscators is to mangle names. And that
has zero impact on runtime performance.

And approximately zero impact on file sizes, unless it actually makes
them larger by using really long and mangled names.

Flow obfuscation likewise doesn't improve anything file-size-wise.

Only debug data stripping might, and can be done without an
obfuscator.

Name mangling and flow obfuscation both harm compressibility as well,
by adding entropy in various places.

P.S. None of the nasty things that you have implied about me are at
all true.

 

[nebulous99]

[fragment of Joshua's unprovoked attack post deleted]

None of the nasty things that Joshua has implied about me are at all
true.

I've maintained some code whose original authors must have subscribed to that
philosophy proactively. Running an obfuscator over their code would be redundant.

I think it's likely that we all have.

What's worse, this also holds true for wizard-generated JSF code I've seen
come out of the Rational Application Developer (RAD) IDE, whose maker shall
remain nameless lest they take not kindly to being mentioned by name.

Code generated by such tools is more object code than source code; the
real source code is whatever the input is to the automatic code-
generator. Similarly with parser generators and the like. It's
expected that you maintain the code-generator's input, not its output,
the same as you'd maintain your .java files, not your .class files.

I can see a competitive advantage to letting the opposition have some source
code unchanged.

I can see a bigger advantage to not assuming an "us vs. them"
adversarial attitude in the first place. So can a lot of others, as
evidenced by the enormous success of sites like Sourceforge. Of
course, that first sentence can also be applied to certain people's
attitudes in this newsgroup, particularly those who cannot seem to
avoid responding with veiled insults and general nastiness even to a
civil and on-topic post my me. Such individuals as completely lack any
self-control in this area should obviously killfile me, but some of
them clearly have not.

 

[Owen Jacobson]

[unprovoked attack post deleted]

What attack? What in Joshua's message was an attack? Unless now
disagreement can be seen as an attack?

This is not a new state of affairs. Please do not feed the trolls.

 

[John W. Kennedy]

[unprovoked attack post deleted]

What attack? What in Joshua's message was an attack? Unless now
disagreement can be seen as an attack?

You're wrong. None of the nasty things that you have implied about me
are at all true.

Isn't it you who goes off on people for saying flat out, "You're wrong"
- but apparently it's OK for you to say?

He didn't imply anything nasty about you. He didn't even commit the
cardinal sin, and say "you're wrong" - he simply gave his point of view
which differs from yours. How is this implying something nasty?

"nebulous99" (he uses several aliases) is literally insane; this is his
standard response to anyone who points out that he's made a mistake --
any mistake. PLONK him and move on.

 

[Joe Attardi]

"nebulous99" (he uses several aliases) is literally insane; this is his
standard response to anyone who points out that he's made a mistake --
any mistake. PLONK him and move on.

Other aliases are twisted0n3, twerpinator, bbound, and probably some
others too - all aliases for Paul Derbyshire, a 31 year old Canadian*
who has nothing better to do than pick fights.

*Source:
http://tinyurl.com/yooc6w (MySpace search for one of his email addresses
he posts under, (e-mail address removed))

http://www.openoffice.org/servlets/ReadMsg?list=users&msgNo=117339&raw=true
(OpenOffice email archive showing his name, Paul Derbyshire, with a
Reply-To address of (e-mail address removed)


Why go through such trouble to identify this troll? Because Paul
Derbyshire has a history of going around usenet causing trouble. Here's
the hilarious but true Paul Derbyshire FAQ:
http://groups.google.com/group/carl...k=st&q=paul+derbyshire+cabal#27478594699fd22e

Don't worry though Paul, I'm not from the Cabal!

 

[bbound]

[unprovoked attack post deleted]

What attack? What in Joshua's message was an attack?

He implied a rather nasty accusation in his post. That accusation is
of course false.

Isn't it you who goes off on people for saying flat out, "You're wrong"
- but apparently it's OK for you to say?

I go off on people for saying "You're wrong" to me when I'm not. It's
quite OK for me to say "You're wrong" to someone else when they are.
And there is nothing inconsistent in this.

[remainder of unprovoked attack post deleted]

None of the nasty things that you have implied about me are at all
true.

 

[bbound]

[insult deleted]

None of the nasty things that you have said or implied about me are at
all true.

 

[bbound]

[multiple vicious insults deleted]

None of the nasty things that you have said or implied about me are at
all true.

 

[bbound]

[insult deleted]

Other aliases are twisted0n3, twerpinator, bbound
True.

all aliases for Paul Derbyshire
False.

[numerous nasty insults and other assorted BS deleted]

None of the nasty things that you have said or implied about me are at
all true.