
Protecting your Firefox OS App code - fharper
https://hacks.mozilla.org/2013/12/protecting-your-firefox-os-app-code/
======
MichaelGG
Obfuscation at this level is such a dead-end. People already reverse engineer
optimized native binaries. Microsoft faced the same "problem" with .NET and
even went so far as to put a "no not disassemble" bit that their ildasm tool
honoured. (That flag was removed because it's such a stupid idea.)

This kind of lightweight obfuscation only works if your product is of very low
value. At that point, you're better of spending the few minutes of obfuscating
on making your product more valuable.

The only real useful obfuscation is on malware (which always has a negative
value to the user), and on games to gain a couple of non-pirated days after
launch.

The only real prevention is to not run code on the user's device (like Diablo
III).

Most developers complaining about this are just surprised to learn that
reversing is relatively easy and it reflects more on their lack of knowledge
than an actual problem.

Disclaimer: In 2004 I actually wrote a decent IL obfuscator, etc. I never
shipped it because as I got better at writing it, I got better at reversing,
until I realised it was a stupid, pointless battle. I guess that makes me less
of a business person.

~~~
digitarald
That is true for most code protections other than moving the code away from
the client. Developers definetely need to understand they they are only making
it harder but not preventing access.

------
fidotron
The Emscripten recommendation is hilarious. How long before people are writing
JS and bundling it with a JS interpreter which is compiled with Emscripten
merely as an obfuscation measure to satisfy a very confused manager?

For a group supposedly keen on JS that's a really stupid recommendation.

~~~
digitarald
It is true that the way from JS to C to JS is an awkward recommendation. The
common use case for Emscripten is the cross compilation when you already have
native libraries that you want to share with your web app; which makes the web
just another build target. And I concluded in the article that the obfuscation
is really just a benefitial side effect.

------
fiskkastanj
A guide from mozilla on how to close the web. Great :)

~~~
ethanhunt_
It would be nice to see Mozilla's app-store have more first-class support for
open-source projects. The notion of Free software (apps, particularly) seems
to have died with mobile, but I think Mozilla is in a position to bring it
back.

------
AsymetricCom
Step 1: compile to local binaries.

There is no step 2

~~~
Groxx
Because decompiling isn't a thing?

~~~
AsymetricCom
Because decompiling is a lot easier when your "executable" is a high level
language built on top of a well known and heavily targeted VM.

