develooper Front page | perl.perl5.porters | Postings from March 2023

Re: "piracy" misinformation

Thread Previous | Thread Next
From:
Dan Book
Date:
March 1, 2023 05:56
Subject:
Re: "piracy" misinformation
Message ID:
CABMkAVWS8U4CnvquyW50xz4z8o8iwFJARvuRQ=exUj8-iXOKAA@mail.gmail.com
On Tue, Feb 28, 2023 at 10:51 PM zefram via perl5-porters <
perl5-porters@perl.org> wrote:

>
> This is a bug report for perl from zefram@fysh.org,
> generated with the help of perlbug 1.43 running under perl 5.37.9.
>
>
> -----------------------------------------------------------------
> <!--[Please describe your issue here]-->
>
> The pod/perlfilter.pod document says "The original purpose of source
> filters was to let you encrypt your program source to prevent casual
> piracy.".  The likening of copyright infringement to nautical hijacking is
> wildly hyperbolic.  Perl should not be spreading this line of tendentious
> misinformation.  Even without the hyperbole, it's misleading to say
> that program encryption is aimed at preventing copyright infringement:
> it doesn't actually impede copying of the whole file.  The things it
> really impedes are the understanding and editing of the program, which are
> actions that are at most only loosely connected to copyright infringement.
>
> I suggest that the word "piracy" should be replaced with "reading",
> which is both a more neutral term and a more accurate description of what
> program encryption impedes.  There's also a similar problem with the word
> "cracker" later in the document.
>
> The document also understates how fundamental it is that program
> encryption can't fully prevent access to the real source code.
>
> The patch below fixes all of these problems.  I see that the bug report
> template has acquired some unfamiliar character sequences, which I
> suspect is meant to make the bug report a document in some kind of markup
> language.  But since there's nothing (in the template or in perlbug(1)'s
> output) specifying what language that might be, I'm not attempting to
> engage with it.  It's entirely likely that the patch would cause mayhem,
> or at least render in a very broken way, if interpreted as markup.
> This bug report, in the form in which I'm sending it, is nothing more
> than plain ASCII text.
>
> PATCH_START
> --- a/pod/perlfilter.pod        2023-03-01 02:58:11.023713244 +0000
> +++ b/pod/perlfilter.pod        2023-03-01 03:40:31.954487800 +0000
> @@ -12,7 +12,7 @@
>  own.
>
>  The original purpose of source filters was to let you encrypt your
> -program source to prevent casual piracy. This isn't all they can do, as
> +program source to prevent casual reading. This isn't all they can do, as
>  you'll soon learn. But first, the basics.
>
>  =head1 CONCEPTS
> @@ -205,18 +205,17 @@
>  All decryption filters work on the principle of "security through
>  obscurity." Regardless of how well you write a decryption filter and
>  how strong your encryption algorithm is, anyone determined enough can
> -retrieve the original source code. The reason is quite simple - once
> -the decryption filter has decrypted the source back to its original
> -form, fragments of it will be stored in the computer's memory as Perl
> -parses it. The source might only be in memory for a short period of
> -time, but anyone possessing a debugger, skill, and lots of patience can
> -eventually reconstruct your program.
> +retrieve the original source code. The reason is quite simple:
> +in order to execute your program Perl must parse its source code.
> +This means that Perl must have all the information needed to decrypt
> +your program, and that means that that information is also available to
> +anyone able to run the program.
>
>  That said, there are a number of steps that can be taken to make life
> -difficult for the potential cracker. The most important: Write your
> +difficult for the potential reader. The most important: Write your
>  decryption filter in C and statically link the decryption module into
>  the Perl binary. For further tips to make life difficult for the
> -potential cracker, see the file I<decrypt.pm> in the source filters
> +potential reader, see the file I<decrypt.pm> in the source filters
>  distribution.
>
>  =back
> PATCH_END
>
> <!--[Please do not change anything below this line]-->
> <!------------------------------------------------------------------- -->
>
>
> ---
> **Flags**
> - category=docs
> - severity=low
> ---
> **Perl configuration**
> ```
> Site configuration information for perl 5.37.9:
>
> Configured by zefram at Wed Mar  1 02:31:43 GMT 2023.
>
> Summary of my perl5 (revision 5 version 37 subversion 9) configuration:
>
>   Platform:
>     osname=linux
>     osvers=5.10.0-21-amd64
>     archname=x86_64-linux-thread-multi
>     uname='linux barba.rous.org 5.10.0-21-amd64 #1 smp debian 5.10.162-1
> (2023-01-21) x86_64 gnulinux '
>     config_args='-des
> -Dprefix=/home/zefram/usr/perl/perl_install/perl-5.37.9-i64-f52
> -Duselargefiles -Dusethreads -Uafs -Ud_csh -Uusesfio -Uusenm -Duseshrplib
> -Dusedevel -Uversiononly -Ui_db'
>     hint=recommended
>     useposix=true
>     d_sigaction=define
>     useithreads=define
>     usemultiplicity=define
>     use64bitint=define
>     use64bitall=define
>     uselongdouble=undef
>     usemymalloc=n
>     default_inc_excludes_dot=define
>   Compiler:
>     cc='cc'
>     ccflags ='-D_REENTRANT -D_GNU_SOURCE -fwrapv -fno-strict-aliasing
> -pipe -fstack-protector-strong -I/usr/local/include -D_LARGEFILE_SOURCE
> -D_FILE_OFFSET_BITS=64 -D_FORTIFY_SOURCE=2'
>     optimize='-O2'
>     cppflags='-D_REENTRANT -D_GNU_SOURCE -fwrapv -fno-strict-aliasing
> -pipe -fstack-protector-strong -I/usr/local/include'
>     ccversion=''
>     gccversion='10.2.1 20210110'
>     gccosandvers=''
>     intsize=4
>     longsize=8
>     ptrsize=8
>     doublesize=8
>     byteorder=12345678
>     doublekind=3
>     d_longlong=define
>     longlongsize=8
>     d_longdbl=define
>     longdblsize=16
>     longdblkind=3
>     ivtype='long'
>     ivsize=8
>     nvtype='double'
>     nvsize=8
>     Off_t='off_t'
>     lseeksize=8
>     alignbytes=8
>     prototype=define
>   Linker and Libraries:
>     ld='cc'
>     ldflags =' -fstack-protector-strong -L/usr/local/lib'
>     libpth=/usr/local/lib /usr/lib/x86_64-linux-gnu /usr/lib
> /lib/x86_64-linux-gnu /lib
>     libs=-lpthread -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc
>     perllibs=-lpthread -ldl -lm -lcrypt -lutil -lc
>     libc=libc-2.31.so
>     so=so
>     useshrplib=true
>     libperl=libperl.so
>     gnulibc_version='2.31'
>   Dynamic Linking:
>     dlsrc=dl_dlopen.xs
>     dlext=so
>     d_dlsymun=undef
>     ccdlflags='-Wl,-E
> -Wl,-rpath,/home/zefram/usr/perl/perl_install/perl-5.37.9-i64-f52/lib/5.37.9/x86_64-linux-thread-multi/CORE'
>     cccdlflags='-fPIC'
>     lddlflags='-shared -O2 -L/usr/local/lib -fstack-protector-strong'
>
>
> ---
> @INC for perl 5.37.9:
>
> /home/zefram/usr/perl/perl_install/perl-5.37.9-i64-f52/lib/site_perl/5.37.9/x86_64-linux-thread-multi
>
> /home/zefram/usr/perl/perl_install/perl-5.37.9-i64-f52/lib/site_perl/5.37.9
>
> /home/zefram/usr/perl/perl_install/perl-5.37.9-i64-f52/lib/5.37.9/x86_64-linux-thread-multi
>     /home/zefram/usr/perl/perl_install/perl-5.37.9-i64-f52/lib/5.37.9
>
> ---
> Environment for perl 5.37.9:
>     HOME=/home/zefram
>     LANG (unset)
>     LANGUAGE (unset)
>     LD_LIBRARY_PATH (unset)
>     LOGDIR (unset)
>
> PATH=/home/zefram/usr/perl/perl_install/perl-5.37.9-i64-f52/bin:/home/zefram/usr/perl/util:/home/zefram/pub/x86_64-unknown-linux-gnu/bin:/home/zefram/pub/common/bin:/usr/bin:/bin:/usr/local/bin:/usr/games
>     PERL_BADLANG (unset)
>     SHELL=/usr/bin/zsh
> ```
>

It's not generally an issue, as the bug tracker only presents bug reports
in rendered form, and pull requests are normally used instead of patch
files. But thank you, this change looks reasonable and accurate to modern
understanding. Would you like me to submit it as a PR or shall someone
commit it directly?

-Dan
Thread Previous | Thread Next

nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About