[Mono-list] Re: Mono-list digest, Vol 1 #1730 - 12 msgs

Josť Alexandre Antunes Faria jose.faria@vianw.pt
Tue, 25 May 2004 16:49:34 +0100

Two things:
1st -  not all companies can make their products open-source, I wish mine
2nd - how long does it take for anyone to crack Xheo protection?
Guess: Few seconds to disassemble, quick search for the moment the file is
read, and the comment all the way...

Hummm, wow, I think its to good to be true.

I know that the real solution is for the vm engines to allow the code to
deployed pre-compiled. But they do not allow that because of safety reasons.
Besides its a war against closed source, but I personally wouldn't mind my
company makes everything opensource.

The question, is how would it make money? We would have to develop for free?
How could we compete with companys that download our own code for free?
Besides that would make us very vulnerable to software pattents.

Its very fun to talk about opensource when you have lots of money to develop
and then make the same prices as your competition. If you do that, of course
the clients will want you because you did it, but if you can't you are
simply doomed.

I know that I'm going to get very unpopular in the open source comunity for
this, but leaving the hate asside, you know that open source gets their
money from somewere as does comercial software, you might have your enemies
but, they aren't all the companies who produce comercial software, as some
of they also help open source.

If you get me the money, I'll give you some very nice open source things
that we are developing, but the thing is you don't.

The solution for the moment is to have critical code on our servers only.

Besides Obfuscation only works when you are up against a SME, even if you
are up agains a hacker, he will reverse it, he will start from the
dependecies and eat the code all the way with a simple dependecy graph,
everybody knows it, but the companies believes obfuscation protects them.

I know the evil company is planning on a secure execution enverionment that
would protected software and company, yup that would be just a another
DVD/IPod contest. As nothing can stop a guy with to much time on their

I guess that the only real solution is to pre-compile the code, for every
plataform you plan on deploying, but neither mono or ms allow that. You
still have to feed the assembly.

I know assembly code isn't safer too, yes its true, but the cost of
disassembling it is most of the times more, than the cost of buying or
redoing it.

Josť Faria

>There is of course commercial .NET and Java software to consider. For
>commercial software to be viable, there must be some restriction on use
>a paper license agreement. In these cases, the Xheo option (for Windows) or
>FlexLM work quite well. While in the end they really just keep honest
>honest, it is solid piece of mind that your commercial product isn't going
>be distributed ad hoc all over the world.