A general doubt

If I am developing a Windows application in Ruby using FxRuby or WxRuby,
compile and create the executable, will i need ruby in another computer
in order to run the standalone application? Sorry if my question is so
silly.

Rock Roll wrote:

If I am developing a Windows application in Ruby using FxRuby or WxRuby,
compile and create the executable, will i need ruby in another computer
in order to run the standalone application? Sorry if my question is so
silly.

It's not silly, it's a genuine concern. Having users install Ruby and a handful of libraries just to run your program is a concern, especially if they're not computer savvy. Giving them a standalone exe will be much better.

I've never done this on Ruby, but I have with a few Perl programs. There were some programs like "perl to exe" that would bundle your Perl programs, any required libraries, etc with a perl interpreter into a self-extracting exe. You simply ran the exe to run the program. A quick google tells me something like this exists for Ruby:

http://www.erikveen.dds.nl/rubyscript2exe/

But I'm sure someone here has done this and can give you some more specific advice.

Rock Roll <karoljouis@gmail.com> writes:

[ some question regarding ruby ]

1. A doubt is not the same as a question. You're probably not a native
speaker but this common mistake is getting on my nerves lately (and
you made it twice in the subject of some recent threads).

2. If you want more answers to your questions, please spent a little
more time describing the question in the subject of your post. For
this thread, something like "Do I need a ruby interpreter installed to
run a compiled ruby program?" would be very clear.

Cheers,
Joost.

Rock Roll wrote:

If I am developing a Windows application in Ruby using FxRuby or WxRuby,
compile and create the executable, will i need ruby in another computer
in order to run the standalone application? Sorry if my question is so
silly.

If you don't want people to see your source code, and you want your app
to run on any Windows PC, you'll have to use a fully compiled language
like C/C++ to produce .exe files.

Even .exe files can be reverse engineered, but it's a difficult job to
reconstruct sensible source code from them.

Dave

I have used rubyscript2exe with FxRuby, and it works fine. (Startup
can be a little slow, as it unpacks a bunch of stuff to a temporary
directory, but after that it works great.)

-Adam

Dave Bass wrote:

Rock Roll wrote:

If I am developing a Windows application in Ruby using FxRuby or WxRuby,
compile and create the executable, will i need ruby in another computer
in order to run the standalone application? Sorry if my question is so
silly.

If you don't want people to see your source code, and you want your app
to run on any Windows PC, you'll have to use a fully compiled language
like C/C++ to produce .exe files.

Even .exe files can be reverse engineered, but it's a difficult job to
reconstruct sensible source code from them.

Dave

100% I agree with you. It is true. But my points are
1. The hacker know about my application already and he had played with
it in his PC.
2. When he accesses another PC he founds that the user also uses the
same application.
3. Now he changes the code which is in .rb format.
4. I believe the hacker won't think of re-engineering the compiled code
or the .exe one for 99% of times.
5. If it is .rb it will be easier for him to do.
6. The java executable would be .class files which are compiled and
harder to read by human unless re-engineered.

So is there anything available in the case for .rb files?

Adam Shelly wrote:

Rock Roll <karoljouis@gmail.com> writes:

Dave Bass wrote:

Rock Roll wrote:

If I am developing a Windows application in Ruby using FxRuby or WxRuby,
compile and create the executable, will i need ruby in another computer
in order to run the standalone application? Sorry if my question is so
silly.

If you don't want people to see your source code, and you want your app
to run on any Windows PC, you'll have to use a fully compiled language
like C/C++ to produce .exe files.

Even .exe files can be reverse engineered, but it's a difficult job to
reconstruct sensible source code from them.

Dave

100% I agree with you. It is true. But my points are
1. The hacker know about my application already and he had played with
it in his PC.
2. When he accesses another PC he founds that the user also uses the
same application.
3. Now he changes the code which is in .rb format.

It's a nonsensical scenario. WHY would some intruder do this, when he
can already do whatever he wants with the system? And if he has only
user-level access, he won't be able to change any correctly installed
program, no matter what language it's written in.

4. I believe the hacker won't think of re-engineering the compiled code
or the .exe one for 99% of times.
5. If it is .rb it will be easier for him to do.
6. The java executable would be .class files which are compiled and
harder to read by human unless re-engineered.

java programs are actually pretty trivial to decompile.

So is there anything available in the case for .rb files?

file permissions.

You might try to obscure the code, but it will be still available in
the Application Data folder of the user. I don't believe much in
obfuscation.
Another way would be to develop in JRuby and compile it. I am not sure
if there will be class files or rb files(Anyone else?)
I just got started with JRuby and Swing with Monkeybars[1] and Rawr.
You can find some great screencasts on their site.

[1] http://monkeybars.rubyforge.org/

Lex Williams wrote:

Adam Shelly wrote:

something like this exists for Ruby:

http://www.erikveen.dds.nl/rubyscript2exe/

But I'm sure someone here has done this and can give you some more specific
advice.

I have used rubyscript2exe with FxRuby, and it works fine. (Startup
can be a little slow, as it unpacks a bunch of stuff to a temporary
directory, but after that it works great.)

Rubyscript2exe is an easy and pretty effective solution for both wxRuby and FxRuby. It's not perfect though, startup time being one of the problems as the whole package gets bigger.

For more complicated applications, you can instead package up ruby.exe, the compiled ruby runtime and all the needed .rb files (you can find this out by inspecting $LOADED_FEATURES) and then using something like NSIS to install this minimal environment on the end user's machine.

but,what if I don't want the end-user to be able to see the source code of the script ?

Neither rubyscript2exe nor the other method I describe provide any protection. Ruby remains an interpreted and highly dynamic language so it's difficult to find any very effective scheme to distribute without source.

Perhaps the nearest you can get at the moment with MRI is to use 1.9 and its RubyVM classes to distribute code as opcodes.

There may be more options available with JRuby, but of course FXRuby and WxRuby aren't available there; you'll need to use SWING etc for the GUI.

alex

Lex Williams wrote:

Adam Shelly wrote:

something like this exists for Ruby:

http://www.erikveen.dds.nl/rubyscript2exe/

But I'm sure someone here has done this and can give you some more specific
advice.

I have used rubyscript2exe with FxRuby, and it works fine. (Startup
can be a little slow, as it unpacks a bunch of stuff to a temporary
directory, but after that it works great.)

-Adam

but,what if I don't want the end-user to be able to see the source code of the script ?

You can't really do that, the best you can do is obfuscation. Even then, a skilled person can de-obfuscate the code or otherwise reverse engineer it. All you do is raise the bar a little bit, you don't prevent anyone from doing anything.

Strictly speaking, all software is open source. You cannot hide the source code to your application, only translate it into something less human readable. Also, in almost all cases, preventing someone from reading the code in the first place is a useless endeavor. Only where something like trade secrets and industrial espionage is a factor does hiding your source code make sense.

Joost Diepenmaat wrote:
  > It's a nonsensical scenario. WHY would some intruder do this, when he

can already do whatever he wants with the system? And if he has only
user-level access, he won't be able to change any correctly installed
program, no matter what language it's written in.

Even if the Ruby program could be encrypted or obfuscated, they could just modify the Ruby interpreter itself to do whatever it is they want to do. There just isn't a solution, even with compiled languages. Like I said before, even using a compiled language or obfuscation, all you've done is raise the bar a little.

Lex Williams wrote:

Adam Shelly wrote:

something like this exists for Ruby:

http://www.erikveen.dds.nl/rubyscript2exe/

But I'm sure someone here has done this and can give you some more specific
advice.

I have used rubyscript2exe with FxRuby, and it works fine. (Startup
can be a little slow, as it unpacks a bunch of stuff to a temporary
directory, but after that it works great.)

-Adam

but,what if I don't want the end-user to be able to see the source code
of the script ?

Ya. I too have doubt in the expose of .rb files to the end user.

I installed Weft-Qda( www.pressure.to/qda/ ) which is s qualitative
analysis software application which is built using ruby. After
installation i saw the .rb files inside the installation directory. They
could be easily changed by the user or if any hacker gets access to the
user's computer..

Michael Morin wrote:

You can't really do that, the best you can do is obfuscation. Even
then, a skilled person can de-obfuscate the code or otherwise reverse
engineer it. All you do is raise the bar a little bit, you don't
prevent anyone from doing anything.

Strictly speaking, all software is open source. You cannot hide the
source code to your application, only translate it into something less
human readable. Also, in almost all cases, preventing someone from
reading the code in the first place is a useless endeavor. Only where
something like trade secrets and industrial espionage is a factor does
hiding your source code make sense.

Thank you. But when a hacker who knows the internals of the software
gets access to the software in an End user's computer, and if he changes
the code after getting root access wont that harm the user's computer
and when he knows that the software is damaged or causing some trouble
wont he blame the makers

Thomas Wieczorek wrote:

Rock Roll wrote:

Lex Williams wrote:

but,what if I don't want the end-user to be able to see the source code of the script ?

Ya. I too have doubt in the expose of .rb files to the end user.

I installed Weft-Qda( www.pressure.to/qda/ ) which is s qualitative analysis software application which is built using ruby. After installation i saw the .rb files inside the installation directory. They could be easily changed by the user or if any hacker gets access to the user's computer..

Weft QDA's an open-source product aimed at end-users so the fact that the source is accessible in the installation directory of the source isn't a problem.

Even with a compiled product, if the user starts tinkering with the program's files in C:/Program Files/ they might expect trouble, and if a hacker has access to their local file system, they've got more to worry about in general ...

It would be nice in some circumstances to properly obscure the ruby source, but RubyScript2Exe definitely isn't it. It solves other problems quite well though, even though for Weft QDA I've moved away from using it.

alex

Rock Roll wrote:

Michael Morin wrote:

You can't really do that, the best you can do is obfuscation. Even
then, a skilled person can de-obfuscate the code or otherwise reverse
engineer it. All you do is raise the bar a little bit, you don't
prevent anyone from doing anything.

Strictly speaking, all software is open source. You cannot hide the
source code to your application, only translate it into something less
human readable. Also, in almost all cases, preventing someone from
reading the code in the first place is a useless endeavor. Only where
something like trade secrets and industrial espionage is a factor does
hiding your source code make sense.

Thank you. But when a hacker who knows the internals of the software gets access to the software in an End user's computer, and if he changes the code after getting root access wont that harm the user's computer and when he knows that the software is damaged or causing some trouble wont he blame the makers

If a "hacker" has write access to your end user's files (including the program you gave them), they can change it however they want. There's nothing you can do there. There are some methods involving cryptographically signed binaries and such, but there are always way around it.

Like I said before, there isn't much you can do about things like this. This is also not a problem unique to Ruby, all computer code suffers from this "problem."

Rock Roll <karoljouis@gmail.com> writes:

Thank you. But when a hacker who knows the internals of the software
gets access to the software in an End user's computer, and if he changes
the code after getting root access wont that harm the user's computer
and when he knows that the software is damaged or causing some trouble
wont he blame the makers

Are you seriously suggesting that generic application software should
be able to withstand someone with root (and probably physical) access
to the machine it's running on for the purposes of keeping the
original author free from user complaints?

Joost Diepenmaat wrote:

Are you seriously suggesting that generic application software should
be able to withstand someone with root (and probably physical) access
to the machine it's running on for the purposes of keeping the
original author free from user complaints?

Thank you for your reply. What i am telling is if if a hacker accesses
and changes some function in the code which is exposed in the
distributed application and not in the source code which is open.
Complaints may be in the form of bugs. In this case the user will
complain for some other reason. Pardon me if i am wrong in sense

Another approach to the problem is to strictly separate code from data (and
store all variables and the like separate from the code), then put the code
into ROM or similar.

Randy Kramer