23 Sep 2016

Licensing CLI

History / Edit / PDF / EPUB / BIB / 2 min read (~332 words)
php

  • Encapsulate the application within a .phar
  • Use obfuscation (can only obfuscate variables inside function/methods as anything else must remain with the same name in order to allow for dynamically called methods (or simply do not support such code))

  • Must not make it easy to extract the original source code
  • Must checksum itself for modification
  • Should prevent usage by sharing a single license (TBD?)
  • Should not be possible to reuse a trial forever in a VM

  • Relying on opcode (to act as a binary) probably implies you are dependent on the php version used. Furthermore, it also means that the extension must be available and enabled for the code to work
  • Given the current implementation of opcache, the cache cannot be reused on other machines as it contains the system ID as part of an opcache file header

  • OPCACHE
  • System ID

  • Timestamp

  • Checksum

-> zend_accel_load_script (persistent_script, from_memory)

  • Replace classes methods with (generated) traits that contain one or many of the classes method
  • Compression/optimization by creating variables

  • Even with obfuscation, PSR0/4 based code is too easy to distinguish (no reason to obfuscate libraries)

  • Find some way to transform the original source such that it is in symbiosis with a client identifier (and thus cannot be removed)

  • Replace variables within functions with obfuscated names
  • Concatenate all files into a single file (or bundle of files)
    • Pre-process require/include, or do not allow their use (as the files will not be available)
  • Randomize file order
  • Scramble method order
  • Inject junk code
    • Insert junk code with encrypted user identification
  • Generate a differently scrambled version per download/user

23 Sep 2016

Obfuscator

History / Edit / PDF / EPUB / BIB / 2 min read (~375 words)
php

  • Encapsulate the application within a .phar
  • Use obfuscation (can only obfuscate variables inside function/methods as anything else must remain with the same name in order to allow for dynamically called methods (or simply do not support such code))

  • Must not make it easy to extract the original source code
  • Must checksum itself for modification
  • Should prevent usage by sharing a single license (TBD?)
  • Should not be possible to reuse a trial forever in a VM

  • Relying on opcode (to act as a binary) probably implies you are dependent on the php version used. Furthermore, it also means that the extension must be available and enabled for the code to work
  • Given the current implementation of opcache, the cache cannot be reused on other machines as it contains the system ID as part of an opcache file header

  • OPCACHE
  • System ID

  • Timestamp

  • Checksum

-> zend_accel_load_script (persistent_script, from_memory)

  • Replace classes methods with (generated) traits that contain one or many of the classes method
  • Compression/optimization by creating variables

  • Even with obfuscation, PSR0/4 based code is too easy to distinguish (no reason to obfuscate libraries)

  • Find some way to transform the original source such that it is in symbiose with a client identifier (and thus cannot be removed)
  • Obfuscate php built-in functions
  • Zend Host ID limited deployment: It appears that Zend Guard allows the software to be limited to run on only specific "Zend Host" (what are those?)
    • Zend Guard Loader is a custom extension? for PHP which requires a licence_path to work

  • Replace variables within functions with obfuscated names
  • Concatenate all files into a single file (or bundle of files)
    • Pre-process require/include, or do not allow their use (as the files will not be available)
  • Randomize file order
  • Scramble method order
  • Inject junk code
    • Insert junk code with encrypted user identification
  • Generate a differently scrambled version per download/user

17 Aug 2016

Business

History / Edit / PDF / EPUB / BIB / 1 min read (~132 words)
  • Identified a problem
  • Determine if it is of importance (metrics)
  • Explain why your solution is better than existing ones
  • Define a clear pricing model
  • Define how your product will be marketed
  • Define how the product will scale from personal to large corporate use

  • Determine sale pricing
  • Evaluate various sale models
    • Packages
    • Monthly
    • Per action/item/amount
  • Determine various cash flows
    • Money paid to employees/self
    • Money paid for services required by the product
  • Evaluate tasks that have to be done globally and per client/project (if any)
  • Evaluate anything that has to be paid for every client/project and once/globally
  • Determine all factors that may vary
    • Number of customers
    • Number of days/months/years
    • Disk space usage, bandwidth usage, computer usage

  • Track users requests
  • Track users feedback
16 Jun 2016

Automated refactoring

History / Edit / PDF / EPUB / BIB / 1 min read (~179 words)
php

  • Component extraction (find all dependencies and attempt to create a self-contained library)
  • Convert function-based code into class-based code (static calls)
    • Copy all functions in a file into a new class where each function is static
    • Find all calls to the initial functions and replace them with calls to the class
    • Verify that all entry points load the autoloader (how to check that? search for the autoload.php string and require/include calls?)
  • Template/logic separation
  • Extraction of functions into a separate file
  • Extraction and replacement of inline style
  • Extraction of string resources
  • Extraction of inline JS
  • Extraction of inline CSS
  • Conversion of raw view logic to template logic
  • Removal of inline PHP code in js code
  • Convert raw SQL into builder queries
  • Move queries in controller into a service/repository
  • Convert <? to <?php
  • Convert echo calls to string concat + return
  • Update outdated phpdoc
  • Improve typing (parameters and return)

  • Lot of code is SQL queries

12 Feb 2016

Javascript datastores

History / Edit / PDF / EPUB / BIB / 1 min read (~183 words)
javascript database datastore

I am currently looking into javascript based libraries that will allow me to do in-browser queries, similar to how a server-side application would query a NoSQL database.

In order to pick the most appropriate database for my project, I first search for available solutions online. Then, I build a comparison table like the one below in order to determine the most popular database and its current health.

Repository Watch Stars Forks Last commit Open issues Open PR
pouchdb/pouchdb 245 5730 630 2016-02-12T17:23:21Z 128 8
google/lovefield 173 4143 195 2016-02-11T05:59:09Z 17 1
louischatriot/nedb 167 3680 237 2016-02-11T11:23:44Z 19 8
typicode/lowdb 87 2833 96 2016-02-09T21:16:31Z 9 3
techfort/LokiJS 102 1800 167 2016-02-08T19:18:40Z 64 0
coresmart/persistencejs 89 1586 226 2015-09-08T18:47:06Z 66 14
typicaljoe/taffydb 100 1309 215 2016-01-07T22:21:06Z 57 16
agershun/alasql 60 927 107 2016-02-09T15:35:07Z 250 0
Irrelon/ForerunnerDB 25 439 33 2016-02-12T16:20:29Z 17 0