Hello
I am making progress porting some vb6 classes to Gambas and I feel positive my plan is going to work. I made a quick parse converter that changes some of the differences between vb6 and gambas quickly like the array () to [] etc making my port much quicker
I plan on creating a embedded sbc appliance.
Has anyone thought about how to secure such a device being sold in public. As gambas uses an interpreter does that mean it can easily be de-compiled? Are there ways to secure a linux SBC so oversees devs cannot steal source code?
In my industry making copies of devices by stealing source code is very prevalent, so basically they steal the software and sell the device for 1/6 of my price. The pattern is prevalent in companies who use .net as the oversees devs just de-compile the code, make the branding changes and recompile and sell a copied device for much less than here.
Code Security
- BruceSteers
- Posts: 1574
- Joined: Thursday 23rd July 2020 5:20pm
- Location: Isle of Wight
- Contact:
Re: Code Security
Hmm, but when you say it like this....
I plan to use a free open source operating system with a free open source development environment and it's free open source interpreter to make a closed source program for money...
hehe
We hear this sort of thing all the time. Especially with those moving from the world of MS/VB/.NET to linux.
I personally think it's just a different world, a free world
The response to a question "but how can you make money with linux software then?" is usually, well most people don't. It's mostly an open source free world.
Money is to be made in the building/selling/maintenance of these devices or further software development.
I think it's not super simple to decompile a gambas application but then you can get decompilers for most languages so how secure is anything?
I believe a compiled gambas application exe contains the contents of the projects .gambas folder (the compiled binaries) but not the .src code folder so it's more complicated than just decrompessing the file.
I plan to use a free open source operating system with a free open source development environment and it's free open source interpreter to make a closed source program for money...
hehe
We hear this sort of thing all the time. Especially with those moving from the world of MS/VB/.NET to linux.
I personally think it's just a different world, a free world
The response to a question "but how can you make money with linux software then?" is usually, well most people don't. It's mostly an open source free world.
Money is to be made in the building/selling/maintenance of these devices or further software development.
I think it's not super simple to decompile a gambas application but then you can get decompilers for most languages so how secure is anything?
I believe a compiled gambas application exe contains the contents of the projects .gambas folder (the compiled binaries) but not the .src code folder so it's more complicated than just decrompessing the file.
If at first you don't succeed , try doing something differently.
BruceS
BruceS
Re: Code Security
I am willing to pay for Gambas to use it to develop my products... Creating software products is how I make a living
Linux makes money because of scale.
I am actually come from the vb6 world where we compile natively making much harder to 'steal' products
Linux makes money because of scale.
I am actually come from the vb6 world where we compile natively making much harder to 'steal' products
- BruceSteers
- Posts: 1574
- Joined: Thursday 23rd July 2020 5:20pm
- Location: Isle of Wight
- Contact:
Re: Code Security
It is completely acceptable to make propriety software with gambas you do not have to pay, it is "free" for you to use as you please.axisdj wrote: ↑Sunday 16th April 2023 5:36pm I am willing to pay for Gambas to use it to develop my products... Creating software products is how I make a living
Linux makes money because of scale.
I am actually come from the vb6 world where we compile natively making much harder to 'steal' products
see here http://gambaswiki.org/wiki/doc/faq#t11
As for security I asked on the forum what exactly is included in the .gambas executable and Benoit said this...
Hope that helps.Benoit Minisini wrote: If you run `gba3 -l xxxx.gambas`, you will get a list of all files
included in the `xxxx.gambas` file.
If at first you don't succeed , try doing something differently.
BruceS
BruceS
- BruceSteers
- Posts: 1574
- Joined: Thursday 23rd July 2020 5:20pm
- Location: Isle of Wight
- Contact:
Re: Code Security
hehe, I don't think there's such a thing as "stealing" in Linux, unless your software goes commercial (Proprietary) or uses propriety stuff. There are different Licenses to be aware of, GPL etc.
For example my OS of choice is Linux Mint ,
LinuxMint is a copy of Ubuntu but modified.
Ubuntu is a copy of Debian, but modified ,
the whole linux world is like a code sharing/modifying conglomeration that over time has produced lots of awesome free software.
Your software's gotta rock.
I'm trying to think of a parable and i thought...
It's like going to a free cake festival and there's free cake absolutely everywhere. a million different types.
Then some folks come in with some cake for sale. the secret recipes are mostly a mix of other people's recipes and some personal tweaks but it's a "secret" so nobody knows
I wonder how unique and wonderful their cake has to be to sell any? I wonder how much they'll sell?
I've probably gone off topic here as i am saying this from only a "software" point of view. I do not know your "industry" or your product so i cannot probably say fully what you need to know.
If at first you don't succeed , try doing something differently.
BruceS
BruceS
Re: Code Security
So.. the software will not be the only thing they will copy.
They will order the hardware, duplicate electronics, and recompile software with their brand.
Not a huge concern as this will be an appliance. I was just trying to see what a person can see if they can get to the executable
I tried 'gba3 -l myApp.gambas' (my first test app) and i recieved message gba3: Invalid Option -- 'l'
They will order the hardware, duplicate electronics, and recompile software with their brand.
Not a huge concern as this will be an appliance. I was just trying to see what a person can see if they can get to the executable
I tried 'gba3 -l myApp.gambas' (my first test app) and i recieved message gba3: Invalid Option -- 'l'
Re: Code Security
That CLI option is lower case 'L' in case you mistyped it.
If you really want to see how hard it is to reverse engineer a compressed Gambas executable, which is what a .gambas file is, try the following.
1) Extract and view one of the gambas byte code files from the .gambas "subdirectory" by gba3 -x MyApp.gambas <the class name> | less
That should give you some idea of what is visible.
2) Run your project in debug mode, gbr3 -g -t MyApp.gambas (from within the project directory. Use "s" to step through a few instructions. If anyone can disemble that into reverse engineered code then I'll give a dollar to the church of my choice. This avenue exists generally so Benoit can find errors in the gambas runtime, not to find errors in the target program.
I am unaware that anyone has ever disassembled the byte code back to "source code" of any type. Remember, Gambas is interpreted byte code not pure binary ("assembler") code. This actually makes it harder to reverse engineer than executable binary code!
If you really want to see how hard it is to reverse engineer a compressed Gambas executable, which is what a .gambas file is, try the following.
1) Extract and view one of the gambas byte code files from the .gambas "subdirectory" by gba3 -x MyApp.gambas <the class name> | less
That should give you some idea of what is visible.
2) Run your project in debug mode, gbr3 -g -t MyApp.gambas (from within the project directory. Use "s" to step through a few instructions. If anyone can disemble that into reverse engineered code then I'll give a dollar to the church of my choice. This avenue exists generally so Benoit can find errors in the gambas runtime, not to find errors in the target program.
I am unaware that anyone has ever disassembled the byte code back to "source code" of any type. Remember, Gambas is interpreted byte code not pure binary ("assembler") code. This actually makes it harder to reverse engineer than executable binary code!
Have you ever noticed that software is never advertised using the adjective "spreadable".
- BruceSteers
- Posts: 1574
- Joined: Thursday 23rd July 2020 5:20pm
- Location: Isle of Wight
- Contact:
Re: Code Security
Odd, it works fine for me here...axisdj wrote: ↑Monday 17th April 2023 12:33am So.. the software will not be the only thing they will copy.
They will order the hardware, duplicate electronics, and recompile software with their brand.
Not a huge concern as this will be an appliance. I was just trying to see what a person can see if they can get to the executable
I tried 'gba3 -l myApp.gambas' (my first test app) and i recieved message gba3: Invalid Option -- 'l'
Make sure only one '-' char and like other bruce says lowercase letter L ,
gba3 -l '/media/bonus/SSDiskspace/git/Buttonframe/Buttonframe.gambas'
.startup
.project
.action
.component
.gambas
.info
.lang
.list
README.md
.gambas/BUTTONFRAME
.gambas/FMAIN
If at first you don't succeed , try doing something differently.
BruceS
BruceS
Re: Code Security
Thanks everyone...
There is enough information for me to continue.
There is enough information for me to continue.