Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Content Theft

5 views
Skip to first unread message

Hell Hound a.o.d. [AGQ2]

unread,
Jul 21, 1998, 3:00:00 AM7/21/98
to
looks like it didn't work. Well, now we know what we've been suspecting all along.

Art Sackett wrote:

> x-no-archive: yes
>
> Greetings, All:
>
> I received a personal reply to a posting I made in reply to another who
> was (yet another) hoping to hide his HTML script from browsers and
> potential thieves. The author of this email was Kalev Leetaru who claims
> to represent something called "Gamacles Software".
>
> With a name like that, this moron would do well to read the story of
> Damocles and his sword.
>
> Kalev Leetaru and Gamacles Software are frauds. There is no way to hide
> HTML from a browser that you wish to display it in. I am taking the
> liberty of posting the lengthy HTML source of a "protected" page to
> debunk this crap and maybe save someone a few bucks. I'm not really
> interested in going after his "protected images" this evening, but if
> I'm looking for a way to kill a few minutes in the next few days, I'll
> go after that, too.
>
> I went to his demonstration page at http://www.gamacles.com/Protected/
> (where the source is so expertly protected that he'll sell us his
> _javascript_ (!) for $100) and here's what I found (note the comment
> that reads "The Hypertext Markup Language code in this document utilizes
> Document Protection Technology from Gamacles Software"):

[snip]

--
Hell Hound -aod- (E.G. Dodds)
BSBH...@aol.com
ICQ UIN: 8878412
http://www.geocities.com/timessquare/castle/2231/
just sitting there ->http://members.aol.com/bsbhhound/
"Though my eyes could see I still was a blind man
Though my mind could think I still was a mad man"
-Carry On Wayward Son; Kansas

William G. Schlake

unread,
Jul 22, 1998, 3:00:00 AM7/22/98
to
On Wed, 22 Jul 1998 02:13:07 +0000, Art Sackett <inv...@see.sig>
wrote:

>x-no-archive: yes
>
>Greetings, All:
>
>I received a personal reply to a posting I made in reply to another who
>was (yet another) hoping to hide his HTML script from browsers and
>potential thieves. The author of this email was Kalev Leetaru who claims
>to represent something called "Gamacles Software".

<huge snip of meaningless nonsense deleted>


Three words for you Art: GET A LIFE!

Earl W. Phillips, Jr.

unread,
Jul 22, 1998, 3:00:00 AM7/22/98
to
IMHO, this flame is uncalled for . . . all the guy was doing was
demonstrating a point for the uninitiated. Bill - take your own advice!

--
Earl W. Phillips, Jr.
Phillips Design

Specializing in AFFORDABLE Internet-based business solutions!

www.pdesign.net
ICQ # = 14796946

Kevin Dickover

unread,
Jul 22, 1998, 3:00:00 AM7/22/98
to
On Wed, 22 Jul 1998 02:18:17 GMT, comm...@hobsonsquare.com (William
G. Schlake) wrote:

>On Wed, 22 Jul 1998 02:13:07 +0000, Art Sackett <inv...@see.sig>
>wrote:
>
>>x-no-archive: yes
>>
>>Greetings, All:
>>
>>I received a personal reply to a posting I made in reply to another who
>>was (yet another) hoping to hide his HTML script from browsers and
>>potential thieves. The author of this email was Kalev Leetaru who claims
>>to represent something called "Gamacles Software".
>
><huge snip of meaningless nonsense deleted>
>
>
>Three words for you Art: GET A LIFE!
>

Three different words for Art...


Hip Hip Horay!!!

I was waiting to see that post -does anyone think it will stop the
fellow from posting his ad's on a near daily basis? I, for one,
certainly hope so.

Solo Deo Favente,
Kevin Dickover


bartman

unread,
Jul 22, 1998, 3:00:00 AM7/22/98
to

He had the balls to threaten me by email ...hey K..what ever
dude.
==============================================
The Bartman
I will not show off *100
http://www.seanet.com/~bartman/
==============================================


Jo Meder

unread,
Jul 22, 1998, 3:00:00 AM7/22/98
to

Art Sackett <inv...@see.sig> writes:
> I went to his demonstration page at http://www.gamacles.com/Protected/
> (where the source is so expertly protected that he'll sell us his
> _javascript_ (!) for $100) and here's what I found (note the comment
> that reads "The Hypertext Markup Language code in this document utilizes
> Document Protection Technology from Gamacles Software"):


Not only that, the algorithm used to "protect" the content is
ridiculous. (This is the function "decoding" the "protected" content,
variable names substituted to enhance readability):


function a1(thecontent){
var result='';
for (var pos_in_code=thecontent.length;
pos_in_code>=0;
pos_in_code=pos_in_code-2)
{
result=result+thecontent.charAt(pos_in_code)
}
for (var pos_in_code2=thecontent.length-1;
pos_in_code2>=0;
pos_in_code2=pos_in_code2-2)
{
result=result+thecontent.charAt(pos_in_code2)
}
document.write(result);}


So what it essentially does is reading the content backwards, skipping
every other char on the first loop, then reading it backwards a second
time to fetch the remaining chars.

Position 0 1 2
0123456789012345678901234
Char <h1>It'll never work</h1>

will be "encoded" to


original Position 2 1 0 2 1 0
4208642086420319753197531
Char >h<rwrvnl'I201/ko ee lt>h


Writing a decoding filter should take .... 5 minutes :-))


Have fun,

Jo


--
j...@delorges.in-berlin.de --- Berlin, Germany
http://delorges.in-berlin.de/

Matthias Schmidt

unread,
Jul 22, 1998, 3:00:00 AM7/22/98
to
Hi,

At first, I don't think it's necessary to encode a HP, but I'm interrested in that
topic.
What if you use a much more powerfull algorithm?
Then it would be much much much harder to get the Source, wouldn't it??

CU
Matthias


Jo Meder

unread,
Jul 22, 1998, 3:00:00 AM7/22/98
to

Matthias Schmidt <Matthias...@iname.com> writes:
> What if you use a much more powerfull algorithm?
> Then it would be much much much harder to get the Source, wouldn't it??

Definitely not. Since all information required to decode the content
has to be retrieved to the browser by definition (the information has
to be there in order to render the page), there's no way to stop
anyone from storing the decoded result. On the other hand more
sophisticated encoding such as powerful encryption would slow down the
browser considerably.

Not to mention the fact that whatever technique you use to decode the
thing, your visitor has to use a browser capable of running the code
and has to be willing to activate that "feature".

Darin McGrew

unread,
Jul 22, 1998, 3:00:00 AM7/22/98
to
Jo Meder <j...@delorges.in-berlin.de> wrote:
> Not only that, the algorithm used to "protect" the content is
> ridiculous.[...]

> So what it essentially does is reading the content backwards, skipping
> every other char on the first loop, then reading it backwards a second
> time to fetch the remaining chars.

Hey, I remember being *very* impressed with this kind of cypher when I
first read about codes and cyphers (back in 4th or 5th grade :-).
--
Darin McGrew, mcg...@alumni.stanford.org, http://www.rahul.net/mcgrew/

"A little neglect may breed great mischief." -- Benjamin Franklin

Arunas Salkauskas

unread,
Jul 22, 1998, 3:00:00 AM7/22/98
to
I have to admit, though, that his 'encryption' will certainly stop my
neighbour down the street from learning HTML.

If you already understand HTML and javascript, then sure, you can decipher
his page in a few minutes. At this point, you don't really need to, since
you already know all the intricacies of HTML that anybody's going to employ!
If you're Joe six-pack trying to setup a web page, then you're never going
to figure it out.

But, much like if you understand the intricacies of pretty much any computer
system, you can break in and see and modify whatever you want to.

Basically: -- Nothing -- is 100% secure, except a windows NT system that is
unplugged from the network and has no floppy disk...during a power outage
(assuming no UPS).

So technically, he's no more misleading than M$ claiming to have a secure
OS, in claiming that he's offering a product to make it impossible for
someone to read your mark up. Before you start into a rant about Microsoft,
no UNIX system is 100% secure either.

His product certainly does make it more difficult to learn from others,
which is perhaps the more disturbing thing. Most people who know anything
about HTML learned a large portion of what they know from looking at other
people's work. This is sort of the spirit of the internet, unless I'm
completely mistaken. We wouldn't be reading these newsgroups if we weren't
interested in either learning from others or helping others.

That's the most disturbing thing I find about his 'software'. That the
attempts to hide information will only hide it from the casual viewer who
will be making their own little home page. Any real professional would have
no problem breaking in, but already knows how any effects in the page can be
achieved. This is also misleading to his customers, who probably be more
inclined to do the opposite, that is, help out the little guys but keep the
big fish away. Of course this may be a complete misinterpretation of
corporate North America....

Just my 2 cents.

- Arunas Salkauskas
High Point Designs
http://www.highpointdesigns.com/


Art Sackett wrote in message <35B681B2...@see.sig>...
>x-no-archive: yes
>
>It would have to be "much much much" harder, because I used nothing more
>than:
>
> 1. Netscape Navigator 4.05
> 2. A file browser
> 3. A text editor
>
>There are a few simple facts that, so long as they remain true, prove
>that anyone trying to sell HTML "hiding" tools is a snake-oil salesman:
>
>1. Web browsers interpret plain old ASCII text;
>2. Once the file is served, your absolute control over it is lost;
>3. The internet is inherently insecure, and anything you don't want
>stolen should not be on, or accessible to, an HTTP server connected to
>the internet.
>
>Even passing your HTML through the cryptographically strong
>Diffie-Hellman algorithm will not alter the fact that it must be
>decrypted to ASCII text for the web browser to interpret it. Anyone with
>simple programming skills can perform an HTTP GET to request the service
>of a file, and it need not be a web browser doing it. All you need is a
>valid file name and the permission to retrieve it.
>
>It might not be long before the folks at M$ see this as a marketing tool
>and come up with additions to the FrontPage Extensions and Internet
>Exploder, but even then, their history in regards to security is so full
>of holes that I'd be looking for a crack to arrive on the net in less
>than a week. (Their implementation of PPTP and VPN is already wide open
>to attack!)
>
>-- Art


>
>Matthias Schmidt wrote:
>>
>> Hi,
>>
>> At first, I don't think it's necessary to encode a HP, but I'm
interrested in that
>> topic.

>> What if you use a much more powerfull algorithm?
>> Then it would be much much much harder to get the Source, wouldn't it??
>>

>> CU
>> Matthias
>
>--
>-----
>"When a stupid man does something he is ashamed of,
>he always declares that it is his duty."
>George Bernard Shaw

Hell Hound a.o.d. [AGQ2]

unread,
Jul 22, 1998, 3:00:00 AM7/22/98
to
You know what's even worse about his thing? save the 'encrypted' page, and it shows up perfectly fine.
It doesn't do ANYTHING. I mean, it does less than I thought it would!

Art Sackett wrote:

> x-no-archive: yes


>
> Hell Hound a.o.d. [AGQ2] wrote:
> >
> > looks like it didn't work. Well, now we know what we've been suspecting all along.
> >
>

> Have you ever known me to let one of these pukes steal from newbies? He
> might have gotten away with it, had he not emailed me personally. He
> invited the bear into the house, so he has no right to whine when the
> bear empties the fridge and shits on the carpet.
>
> Or crossposts for maximum exposure! (If you know of any newsgroups
> related to web design that I haven't hit, feel free to forward my
> original. That Kalev Leetaru clown needs to be shut down.)
>
> -- Art


> -----
> "When a stupid man does something he is ashamed of,
> he always declares that it is his duty."
> George Bernard Shaw

--

Hell Hound a.o.d. [AGQ2]

unread,
Jul 22, 1998, 3:00:00 AM7/22/98
to
BTW, anobody know how to get this guy shut down? He needs to be.

Arunas Salkauskas

unread,
Jul 22, 1998, 3:00:00 AM7/22/98
to
Um... Golly which browser are you using? If you just go to
http://www.gamacles.com/, that file is not 'encrypted'.
http://www.gamacles.com/Protected is apparently munged.

By just choosing save or save as, I have so far been unable to get this
thing to appear as expected! In neither Internet Explorer 4 nor NN 4.05!

View source in either browser also gives me mangled HTML.

In order to deobfuscate his code, I'd have to actually write some code to
change it back to normal. What are you guys using that you make it sound so
trivial?

It certainly will _not_ be compatible with any browser that doesn't have
JavaScript enabled...which would really suck for any company.

- Arunas Salkauskas
High Point Designs
http://www.highpointdesigns.com/

Hell Hound a.o.d. [AGQ2] wrote in message
<35B6AA9F...@geocities.com>...

Hell Hound a.o.d. [AGQ2]

unread,
Jul 23, 1998, 3:00:00 AM7/23/98
to

Arunas Salkauskas wrote:

> Um... Golly which browser are you using? If you just go to
> http://www.gamacles.com/, that file is not 'encrypted'.
> http://www.gamacles.com/Protected is apparently munged.
>
> By just choosing save or save as, I have so far been unable to get this
> thing to appear as expected! In neither Internet Explorer 4 nor NN 4.05!

Works in NN4.05 fine. save the page, and the saved page isn't encrypted at all. maybe that's because the encryption is being
done client-side?

>
>
> View source in either browser also gives me mangled HTML.

But saving it should do fine.

Joshua Pruitt

unread,
Jul 23, 1998, 3:00:00 AM7/23/98
to
"Save as" didn't work for me either, but something else did: Try
browsing your cache. You'll find a fully decrypted version there.

I used Netscape 4.05 and Netscape 4.5 Beta, BTW.

-Josh

> Um... Golly which browser are you using? If you just go to
> http://www.gamacles.com/, that file is not 'encrypted'.
> http://www.gamacles.com/Protected is apparently munged.
>
> By just choosing save or save as, I have so far been unable to get this
> thing to appear as expected! In neither Internet Explorer 4 nor NN 4.05!
>

> View source in either browser also gives me mangled HTML.
>

Arunas Salkauskas

unread,
Jul 23, 1998, 3:00:00 AM7/23/98
to
>Works in NN4.05 fine. save the page, and the saved page isn't encrypted at
all. maybe that's because the encryption is being
>done client-side?
>

Still no such luck. Are you using some special version of the browser? I
just downloaded and installed NN 4.05, browser only. If I view

http://www.damachles.com/Protected/

I cannot, either by saving or by viewing the page source in Netscape, get an
unmagled version of the page. The fact that the decryption happens on the
client is fine, you still have to do the decryption - I still can't get it
to happen automagically.

Greg Berigan

unread,
Jul 23, 1998, 3:00:00 AM7/23/98
to
arunas@a!nm.org (Arunas Salkauskas) wrote:

>> Works in NN4.05 fine. save the page, and the saved page isn't encrypted at
>> all. maybe that's because the encryption is being done client-side?

> Still no such luck. Are you using some special version of the browser?

I haven't looked at the site yet, but I do know that document.write has
different side-effects depending on platform. Where on Windows 95 an
inlined Javascript employing document.write will disappear from source
viewing, replaced by what was written, on the Mac it is clearly visible.

So there are differences in platform implementations.

--
,=<#)-=# <http://incolor.inetnebr.com/wotw/> (The War of the Worlds)
,_--//--_,
_-~_-(####)-_~-_ Please pardon any typos. Bandwidth is often at a premium,
(#>_--'~--~`--_<#) with connection too sluggish to support post-editing.

Hell Hound a.o.d. [AGQ2]

unread,
Jul 23, 1998, 3:00:00 AM7/23/98
to
try browsing your cache, see if you can get it there. but the thing is that anybody who would really want the code wouldn't have
much trouble.

Arunas Salkauskas wrote:

> >Works in NN4.05 fine. save the page, and the saved page isn't encrypted at
> all. maybe that's because the encryption is being
> >done client-side?
> >
>
> Still no such luck. Are you using some special version of the browser? I

> just downloaded and installed NN 4.05, browser only. If I view
>
> http://www.damachles.com/Protected/
>
> I cannot, either by saving or by viewing the page source in Netscape, get an
> unmagled version of the page. The fact that the decryption happens on the
> client is fine, you still have to do the decryption - I still can't get it
> to happen automagically.
>
> - Arunas Salkauskas
> High Point Designs
> http://www.highpointdesigns.com/

--

Arunas Salkauskas

unread,
Jul 23, 1998, 3:00:00 AM7/23/98
to
The key here is, after all, that it's only clearly viewable in non-MS
systems. Interesting.

If I look in my cache (the file is only there in the NN cache while NN is
running, since the file 'expired' in 1982!) I still get only a mangled
version. Cool.

- Arunas Salkauskas
High Point Designs
http://www.highpointdesigns.com/

Hell Hound a.o.d. [AGQ2] wrote in message

<35B781A2...@geocities.com>...

Hell Hound a.o.d. [AGQ2]

unread,
Jul 23, 1998, 3:00:00 AM7/23/98
to

Art Sackett wrote:

> x-no-archive: yes


>
> Joshua Pruitt wrote:
> >
> > "Save as" didn't work for me either, but something else did: Try
> > browsing your cache. You'll find a fully decrypted version there.
> >
> > I used Netscape 4.05 and Netscape 4.5 Beta, BTW.
>

> There you go. Netscape 4.05 on Debian Linux 2.0, browsed the cache using
> TkDesk, opened the file in XEMacs... posted to usenet from Netscape Mail
> & Discussions. Nothing to it. Two minutes from page load to usenet post.

Interesting way to do it. I did a file find in the dir for files less than the saved one's size. I looked at them (IE3), and
after about 30 seconds, I found it. Of course I'm using Win95 (sux; need to put on NT), and am still a newbie to Linux (redhat
5.1 is on a machine here), but due to the speed increase, I think I need to start using it a little...

>
>
> Quoting that Kalev Leetaru bonehead again: "But, while a page protected
> with Page Protect may be decrypted by a determined hacker, doing so
> requires a fair amount of programming
> skill, and a working knowledge of JavaScript."
>
> Ignorance or fraud?

YES.

> Caveat Emptor!


>
> -- Art
> -----
> "When a stupid man does something he is ashamed of,
> he always declares that it is his duty."
> George Bernard Shaw

--

Hell Hound a.o.d. [AGQ2]

unread,
Jul 23, 1998, 3:00:00 AM7/23/98
to
OK, good.
;)

Art Sackett wrote:

> x-no-archive: yes


>
> Hell Hound a.o.d. [AGQ2] wrote:
> >
> > BTW, anobody know how to get this guy shut down? He needs to be.
>

> I sent the following email to lee...@gamacles.com a moment ago:
>
> -----
> Greetings:
>
> As you might already be aware, there has been discussion in various
> usenet newsgroups regarding both the promotion of Page Protect and the
> serious shortcomings of the product itself. I initiated this discussion
> after receiving an unsolicited email from you.
> [snipped the stuff; read the previous post]

Hell Hound a.o.d. [AGQ2]

unread,
Jul 23, 1998, 3:00:00 AM7/23/98
to
Interesting. I get a totally perfect version. If I view the source it's messed up, but if I save it it's fine. (NC 4.05)

Arunas Salkauskas wrote:

--

Tor Iver Wilhelmsen

unread,
Jul 24, 1998, 3:00:00 AM7/24/98
to
On Wed, 22 Jul 1998 20:56:54 -0600, "Arunas Salkauskas"
<arunas@a!nm.org> uttered:

>I have to admit, though, that his 'encryption' will certainly stop my
>neighbour down the street from learning HTML.

Not only that, it will also make Mr. Corporate "We Don't Trust
Javascript" User not see the page... :-)

("For $100, we will reduce your audience while providing a false cover
of security through obscurity.")

--
WAR IS PEACE. to...@online.no
FREEDOM IS SLAVERY. http://www.pvv.org/%7etoriver/
IGNORANCE IS STRENGTH.
HTML IS LAYOUT. - With excuses to George Orwell (RIP)

Ian Davey

unread,
Jul 24, 1998, 3:00:00 AM7/24/98
to
In article <35bfdc64...@news1.telia.com>, to...@online.no (Tor Iver Wilhelmsen) wrote:
>On Wed, 22 Jul 1998 20:56:54 -0600, "Arunas Salkauskas"
><arunas@a!nm.org> uttered:
>
>>I have to admit, though, that his 'encryption' will certainly stop my
>>neighbour down the street from learning HTML.
>
>Not only that, it will also make Mr. Corporate "We Don't Trust
>Javascript" User not see the page... :-)
>
>("For $100, we will reduce your audience while providing a false cover
>of security through obscurity.")

And not only that, it offers a perfect way to hide your page from those pesky
search engines. So it's thumbs up all round.

ian.

Tor Iver Wilhelmsen

unread,
Jul 24, 1998, 3:00:00 AM7/24/98
to
On Fri, 24 Jul 1998 09:27:15 GMT, unape...@hotmail.com (Ian Davey)
uttered:

>And not only that, it offers a perfect way to hide your page from those pesky
>search engines. So it's thumbs up all round.

They should implement it in Javascript 1.2, thus limiting it to NSC
4.x - that would buy them monopoly. No other 'source hiding tool'
restricts the audience that much. :-)

Jo Meder

unread,
Jul 24, 1998, 3:00:00 AM7/24/98
to


unape...@hotmail.com (Ian Davey) writes:
> And not only that, it offers a perfect way to hide your page from
> those pesky search engines. So it's thumbs up all round.

Why's that? Wouldn't you like your page to be found by the keyword
"gnafrq<y21wgrms"? ;-)))

Kalev Leetaru

unread,
Jul 24, 1998, 3:00:00 AM7/24/98
to
Dear Mr. Sackett:

Our software performs exactly as we stated. It is a DETERRENT to online theft.
We have tested our software on the following systems:

Windows NT 4.0 with Netscape Navigator 4.04
Windows 95 with Netscape Navigator 3.01
Windows 95 with Netscape Navigator 4.02
Windows 95 with Netscape Navigator 4.03
Windows 95 with Netscape Navigator 4.04
Windows 95 with Netscape Navigator 4.05 preview 1 (alpha)
Windows 95 with Netscape Navigator 4.05 beta
Windows 95 with Netscape Navigator 4.05 final
Windows 95 with Explorer 3.0
Windows 95 with Explorer 3.1
Windows 95 with Explorer 3.2
Windows 95 with Explorer 4.0
Windows 95 with AOL 3.0
PowerPC with Netscape Navigator 3.01
PowerPC with Netscape Navigator 4.03
PowerPC with with Netscape Navigator 4.04
PowerPC with Netscape Navigator 4.05 final
PowerPC with Explorer 3.2
Macintosh with Netscape Navigator 3.01
Solaris with Netscape Navigator 4.04
Solaris with Netscape Navigator 4.05
Solaris with Microsoft Internet Explorer 4.0

We have not been able to duplicate your cache read on any of these systems. We
were not aware that Internet browsers on Lynux operating systems have that
loophole because we do not have access to that operating system. We designed
our software for Windows NT and 95 which combined have 95% of the new computer
market.

A creative unique design of a page can take days to weeks. Our software makes
it more difficult and in many cases should prevent beginners from directly
copying a page. Much of the copyright infringement on the web is done by new
web users who do not know that designed pages are not supposed to be copied.

We also did not send you a an unscolicited email. You responded to a request
for more information by a fellow Usenet member which was directly related to
our product. Your response to this member was that there was absolutely no
software which could prevent content theft. Do to this response, we felt that
you would find knowledge of our software directly benefitial.


Tero Paananen

unread,
Jul 24, 1998, 3:00:00 AM7/24/98
to

>Dear Mr. Sackett:

Uh, you forgot something:

Solaris with telnet
Win95 with telnet
NT 4.0 with telnet
NT 3.0 with telnet
Win 3.1 with telnet
Linux with telnet
PowerPC with telnet

And *ANY* platform with JavaScript disabled.

> A creative unique design of a page can take days to weeks.

Really? I'm sure if you say so.

> Our software makes
>it more difficult and in many cases should prevent beginners from directly
>copying a page.

*ANYTHING* makes it more difficult for newbies to do shit.

Newbies are not the ones posing as a threat for online copyright
violations. Who cares if a Joe Six-Pack from AOL copies a site,
even a commercial one.

-TPP

Greg Berigan

unread,
Jul 24, 1998, 3:00:00 AM7/24/98
to
lee...@gamacles.com (Kalev Leetaru) wrote:

> Dear Mr. Sackett:
>
> Our software performs exactly as we stated. It is a DETERRENT to
> online theft.

:


> Your response to this member was that there was absolutely no
> software which could prevent content theft. Do to this response, we
> felt that you would find knowledge of our software directly benefitial.

So your "DETERRENT" was put up by you as an example of software that
"could prevent content theft".

If it couldn't prevent it, it shouldn't have been put forth as a
preventer.

Hell Hound a.o.d. [AGQ2]

unread,
Jul 24, 1998, 3:00:00 AM7/24/98
to

Tero Paananen wrote:

> In <6pac3j$5nt$1...@news13.ispnews.com> lee...@gamacles.com (Kalev Leetaru) writes:
>

> >Dear Mr. Sackett:
>
> >Our software performs exactly as we stated. It is a DETERRENT to online theft.

I think he's speaking of using paint for the images, and some clunky conversion program...amd maybe a WYSIWYG that crashes every
ten minutes too.once you get the design you like, It _may_ take a few days, but a week?! I'd agree that that's pushing it a
little

>
>
> > Our software makes
> >it more difficult and in many cases should prevent beginners from directly
> >copying a page.
>
> *ANYTHING* makes it more difficult for newbies to do shit.
>
> Newbies are not the ones posing as a threat for online copyright
> violations. Who cares if a Joe Six-Pack from AOL copies a site,
> even a commercial one.
>
> -TPP

--

Hell Hound a.o.d. [AGQ2]

unread,
Jul 24, 1998, 3:00:00 AM7/24/98
to
I bet you never tested a single one of those pages w/ JS off tho did you? No...

Kalev Leetaru wrote:

> We have not been able to duplicate your cache read on any of these systems. We
> were not aware that Internet browsers on Lynux operating systems have that
> loophole because we do not have access to that operating system. We designed
> our software for Windows NT and 95 which combined have 95% of the new computer
> market.
>

> A creative unique design of a page can take days to weeks. Our software makes


> it more difficult and in many cases should prevent beginners from directly

> copying a page. Much of the copyright infringement on the web is done by new
> web users who do not know that designed pages are not supposed to be copied.
>
> We also did not send you a an unscolicited email. You responded to a request
> for more information by a fellow Usenet member which was directly related to

> our product. Your response to this member was that there was absolutely no


> software which could prevent content theft. Do to this response, we felt that
> you would find knowledge of our software directly benefitial.

--

Art Sackett

unread,
Jul 24, 1998, 3:00:00 AM7/24/98
to
Just so we're all on the same page in this continuing saga, here is my
reply as it was emailed to Kalev Leetaru earlier today:

-----
Greetings:

Your website plainly states "you can prevent visitors to your site
from being able to view the HTML source of your web pages, and stop
them from stealing your copyrighted site."

This is an untrue statement, as I have demonstrated by posting the
HTML source of your demonstration page into usenet newsgroups.

I was able to view your HTML using the following steps in Debian Linux
2.0:

1. View "protected" page in Netscape 4.05;
2. Browse the directories located in /home/user/.netscape/cache/* to
locate the appropriate timestamp and approximate file size;
3. Open this file using XEmacs.

No other actions were taken.

I suspect that this same sequence would work in Solaris. Other users
have reported success doing the analogue of this in other OSes,
including Windows95. Again, see usenet in the alt.html.* hierarchy.

I remain firm in my committment to notify the appropriate legal
authorities if this product is still offered for sale on August 3, 1998.

-- Art Sackett
-----


Kalev Leetaru wrote:
>
> Dear Mr. Sackett:
>
> Our software performs exactly as we stated. It is a DETERRENT to online theft.
> We have tested our software on the following systems:

<snip to end>

Art Sackett

unread,
Jul 24, 1998, 3:00:00 AM7/24/98
to
Hell Hound a.o.d. [AGQ2] wrote:

> Interesting way to do it. I did a file find in the dir for files less than the saved one's size. I looked at them (IE3), and
> after about 30 seconds, I found it. Of course I'm using Win95 (sux; need to put on NT), and am still a newbie to Linux (redhat
> 5.1 is on a machine here), but due to the speed increase, I think I need to start using it a little...

I'd like to make sure that I understand you correctly. You were, in
fact, able to view the HTML source using a text editor such as Notepad?

If so, Kalev Leetaru's problems are even greater than I suspected. If
you can perform just those steps to retrieve decyphered (I won't call
his simple little alogorithm encryption) source on the platform upon
which the script was developed, then the competence of the vendor in all
other areas is suspect, as well.

I'll bet you already know my thoughts on the Linux OS. One day, the
computing world will be ruled by a penguin, and we'll look back on M$ as
just a phase in the process of the technology's maturation. "Remember
when computers were mostly just cool toys?", we'll say :D

Joshua Pruitt

unread,
Jul 25, 1998, 3:00:00 AM7/25/98
to
> Our software performs exactly as we stated. It is a DETERRENT to online theft.
> We have tested our software on the following systems:

<RANT>

That *sounds* reasonable enough. A lock isn't unbreakable, it's just
more hassle than most people wanna mess with. The thing is, though, this
Javascript is SO much easier to crack than a physical lock, that anyone
who half knows what they're doing and has the inclination to do so can
crack it. It gives clients a false sense of security (against a merely
perceived "threat", I might add.) It's capitalizing on fear caused by
ignorance. (not to be confused with "stupidity"...)

> Windows NT 4.0 with Netscape Navigator 4.04
> Windows 95 with Netscape Navigator 3.01
> Windows 95 with Netscape Navigator 4.02
> Windows 95 with Netscape Navigator 4.03
> Windows 95 with Netscape Navigator 4.04
> Windows 95 with Netscape Navigator 4.05 preview 1 (alpha)
> Windows 95 with Netscape Navigator 4.05 beta
> Windows 95 with Netscape Navigator 4.05 final
> Windows 95 with Explorer 3.0
> Windows 95 with Explorer 3.1
> Windows 95 with Explorer 3.2
> Windows 95 with Explorer 4.0
> Windows 95 with AOL 3.0
> PowerPC with Netscape Navigator 3.01
> PowerPC with Netscape Navigator 4.03
> PowerPC with with Netscape Navigator 4.04
> PowerPC with Netscape Navigator 4.05 final
> PowerPC with Explorer 3.2
> Macintosh with Netscape Navigator 3.01
> Solaris with Netscape Navigator 4.04
> Solaris with Netscape Navigator 4.05
> Solaris with Microsoft Internet Explorer 4.0

You actually got IE to run on Slowaris?... First of all, "Wow"! Second
of all, "Why"?

> We have not been able to duplicate your cache read on any of these systems. We
> were not aware that Internet browsers on Lynux operating systems have that
> loophole because we do not have access to that operating system.

Right. That darned "Lynux cache loophole"! Ha. Damn those hippie
hackers! They should take their commie pinko software back to Finland
and let good honest hardworking Americans like Gates and co. make a
living in software the good ol' fashioned way dammit! hehehe.

The cache-read trick works on my borg box as well as in Linux
(pronounced "lih-nuks" and spelled with an "i"). Easily reproducible.
Either MS NotePad or GNU Emacs work just fine.

> A creative unique design of a page can take days to weeks. Our software makes
> it more difficult and in many cases should prevent beginners from directly
> copying a page.

Yeah man! It took me a MONTH to do a good framed site! And now that I
finally learned that trade secret, I'll never share it with ANYBODY!

You see, HTML is very limited and easily reproducible. Fact is, there is
not *one* HTML **trick** out there that I can't find a tuturial or
example for somewhere, either online or in a book. So go ahead and
"protect" your site with your petty little "technique". Now that it took
you a month to figger out your Javascript mouseover trick and you now
"guard" that secret, I can just go to somewhere like ProjectCool and do
the same thing myself. And does me having mouseovers too make your site
less valuable? Heck no. Mouseovers, for example, can look **totally
different** on every page, although the technique is the same.

And besides, if I do happen to see something abnormally cool, yeah, I'll
take a look at the source and learn from it. This is a far cry from
"copywrite infringement". You cannot copywrite technique, I don't care
what anyone says. Same thing as this: I might emulate another's "writing
style" and augment my own with it in my own book. But they're still my
words; no ideas are "stolen".

> Much of the copyright infringement on the web is done by new web users who do
> not know that designed pages are not supposed to be copied.

It is NOT copyright infringement (nor morally wrong) for a newbie to
copy a page's source, look at it, change things, change all graphics and
all words and style to their liking and publish it online. This is
similar to painting in the "Van Gogh style". While it may be wrong to
*repaint* his painting or photocopy it and put your name on it, it is in
no way wrong for a painting newbie with an as-of-yet undeveloped style
who admires Van Gogh to study his painting, and then inspired paint a
brand new unique picture with Van Gogh style colors and brush strokes.
This is how any craft is learned, then built upon by every successive
generation. While a blacksmith's product is his, his style can be
reproduced and embellished upon. Embellishing previous styles is how art
evolves and refines. "Endeavor to surpass your master" as the Japanese
would say. Each generation gets better.

"Emulation, but not duplication." You learn from watching others in any
craft-like endeavor.

And finally, not that I really want to be the insulting type and get
into this, but for guys who sell "HTML protection"... thier page is
nothing to write home about.

"But those guys copied what I did!!! It looks so similar!!!" Cry babies.
Deal. That's the price of doing something real cool and being a **trend
setter**. Emulating trends and technique, and plagiarism are totally
unrelated. (And plagiarism can happen with *no* HTML source visible
anyway. It's called "Copy-Paste then put my name on it".)

The rampant emulation of CNET's former "side bars" style did not lessen
the value of that site one bit. The **content** made that site. Now
someone reposting their stories and putting themselves down as the
author... That would be wrong as well as true copywrite infringement.

"He infringed on my copywrite!"
:: "Did he misrepresent himself as the author of your material? Did he
take what you said and distort it to use against you?" ::
"No... but he used the English language in a way similar to me. He used
some of my expressions and idioms. He had the same accent. He spelled
'color' with a 'u' like I do. Newbies to English should NOT be allowed
to blatantly copy the linguistic techniques of others!"

</RANT>

*whew*

-Josh

Joshua Pruitt

unread,
Jul 25, 1998, 3:00:00 AM7/25/98
to
One more thought on this...

HTML is NOT A PRODUCT. If I design a site for a fee I am not selling the
HTML nor the ascii text file in which it resides. You cannot sell it or
copyright it. It's just a language. A way to transport information. HTML
is instead a MEANS TO AN END. It is what HTML helps us *do* that is
important. The services it helps us provide, the things it helps us
sell, and the service of wielding the HTML tool itself ARE sellable
products. To protect HTML source itself is just plain silly. Not to
mention a waste of time and resources. HTML source is NOT content.
Content is content. Source is method.

As long as peeking at HTML source helps people to learn how to better
understand and use HTML effectively, I endorse it. It's better than that
made with FrontPage mangled garbage so rampant on the web today.
Learning to better speak a language by listening to others is not
plaigerism. It is not the (alone - meaningless) words themselves, but
the ideas those words transport and they're precise aestheic arrangement
that are important and can be plaigerized. I hate to see people do that.

Can you honestly call an impessionist who is *not* Monet a "plagerist"?
Should Monet have copyrighted his special shade of "Ochre Gold" and his
highlighted and smudged wide-brushed sidestrokes so that noone else
could ever use and expand upon them in their own paintings? Am I not
allowed to look **real close** at his canvas so I can gain more insight
into how exactly he did it? Or should those subtler details be hidden?

-Josh

Martyn Humphreys

unread,
Jul 25, 1998, 3:00:00 AM7/25/98
to
I have only jsut visited it -(saturday 25th 6.00pm) but they claim it willl
deter - not protect! Is this an update? Also, when viewing it form offline,
it says it is not valid domain, and closes the browser. Is tihs new too?

==============
Martyn Humphreys
____________________________________________________
Martyn Humphreys: martyn.h...@virgin.net
Home Page: http://freespace.virgin.net/david.humphreys2/martyn
Remove NOSPAM to reply.


Martyn Humphreys.vcf

Hell Hound a.o.d. [AGQ2]

unread,
Jul 25, 1998, 3:00:00 AM7/25/98
to
The page saved (in the cache of IE3.02; and either the cache, OR the right-click|save from NN4.05) was just fine in Notepad.
And I can see the second part of your message happenning, BTW. All we need are more ppl who are comp-literate, and Linux needs a
little more publicity. those two things would help that part along quite nicely (The only reason everybody use windoze XX now is
that everything is made for it, really).

Art Sackett wrote:

--

Hell Hound a.o.d. [AGQ2]

unread,
Jul 25, 1998, 3:00:00 AM7/25/98
to
it seems it has been updated. the timestamp is today for me, according to the properties, it was last updated in january of
1601!
Abyway, it's still faudulent since it has features of:

Protect page layouts from theft
^^^^^^^
Protect JavaScript programs from theft
Protect HTML and DHTML code from theft

Layouts cannot be copyrighted. Layouts can also only be kept from theft by not putting the page on the web.
Now though, it seems to be better as far as the encrypting part goes. I can't see it from a NN save anymore,and it was never
saved into my IE cache.

Martyn Humphreys wrote:

> Martyn Humphreys <martyn.h...@virgin.net>
>
> Martyn Humphreys
> <martyn.h...@virgin.net>
> Southampton
> Hampshire
> So16 3PQ
> UK
> Additional Information:
> Version 2.1
> Last Name Humphreys
> First NameMartyn
> Label HomeSouthampton, Hampshire So16 3PQ UK
> Revision 19980725T170241Z

Dan Evans

unread,
Jul 26, 1998, 3:00:00 AM7/26/98
to

Kalev Leetaru <lee...@gamacles.com> wrote in message
6pac3j$5nt$1...@news13.ispnews.com...
>Dear Mr. Sackett:
-----snip out the waffle-------

>were not aware that Internet browsers on Lynux operating systems have that
-----snip out a load of old bollocks written by a drivleing madman----

Any one else think this guy should learn to spell `Linux` before he goes
spouting ot us?

Just a thought.

Dan

Kalev Leetaru

unread,
Jul 26, 1998, 3:00:00 AM7/26/98
to
You be the Judge

We stand by our statement that the average user would not be able to recover
the HTML source of a document protected by Page Protect. The software is a
good deterrent to content theft for many users. We have made a few slight
modifications to the code. Please go to our site at [http://www.gamacles.com]
and go to the encryption example.

We have been unable to obtain a decrypted version of the HTML source using
either the "Save As" command under the "File" menu, or the "Save As" command
available on the right-click menu. We have also been unable to obtain the
source using the "View Source" command, or by browsing our cache directory.
Besides writing a complex decryption program, what other method would an
individual have of retrieving the HTML source of a protected document?

However, Mr Sackett has stated, "this product only keeps the ignorant from
liberating HTML source", that any NEWBIE could see the HTML with minimal
effort. We have already had numerous comments from individuals stating that
they can no longer obtain the source of our protected page. We do admit that
the code can be decrypted by a knowledgeable programmer, but doing so requires
the programming of a complete decryption filter, far beyond the capabilities of
the average user.

We welcome all readers to follow Mr. Sackett's instructions on how to bypass
Page Protect's security, and see for yourself how easy or hard it is to obtain
the HTML source of our protected page. Our server logs indicate that only a
few readers have actually gone to our site. Look for yourself at our example
and be the judge of whether our software would deter the average visitor from
directly stealing your code.

Our web site is located at [http://www.gamacles.com]

We look forward to hearing your comments on the ease or difficulty of getting
at the HTML code. We acknowledge that someone with good programming skills can
break the encryption, however content thieves are not usually programmers.


Ken

unread,
Jul 26, 1998, 3:00:00 AM7/26/98
to
i looked at your site...and a quick View Source wouldn't let me see
the source....but that doesn't mean everything was fine...see I use
Opera, which along with MANY other browsers doesn't support
JavaScript...so all i got when i viewed your page was a message saying
"Please wait while the document decodes..." ... now i would never use
this program to protect pages, because i for one want the majority of
internet users to be able to view my site. And thats just the people
who CAN'T use javascript...theres even more that just WON'T. many
people turn their java/javascript off for security reasons... so now
even more people are locked out of your site..

overall i think this is a no go....sorry guys..

ken


Blackdeath

unread,
Jul 26, 1998, 3:00:00 AM7/26/98
to
On Thu, 23 Jul 1998 00:20:02 +0000, Art Sackett <inv...@see.sig> wrote:

[...]
>1. Web browsers interpret plain old ASCII text;

That's the main thing that people must understand. For a browser to
display the page, it must be retreived as plain ASCII text. Browsers
don't decrypt/decipher the pages, they interpret the HTML text as-is.

If an HTML file WERE decrypted, and the browser COULDN'T decrypt it, it
would be displayed as gibberish.

Obviously, if the browser can decrypt the text, so can Joe User.

- Blackdeath - s_hons...@13usa.net
-- Web: http://tinys.oix.com/blackdeath
--- ICQ UIN # 3484915
---- Remove 'thirteen' to reply

Greg Berigan

unread,
Jul 26, 1998, 3:00:00 AM7/26/98
to
lee...@gamacles.com (Kalev Leetaru) wrote:

> We have been unable to obtain a decrypted version of the HTML source using
> either the "Save As" command under the "File" menu, or the "Save As" command
> available on the right-click menu. We have also been unable to obtain the
> source using the "View Source" command, or by browsing our cache directory.
> Besides writing a complex decryption program, what other method would an
> individual have of retrieving the HTML source of a protected document?

If you want to press the issue, I could put up a web page that would
accept a URL and spit out the decrypted page for everyone to see, but
then I don't care that much about it (yet).

It wouldn't even have to employ a direct method, just behave exactly
like a browser and spit out the decoded markup. The HTML and Javascript
engines out of the Netscape 5.0 public source would be sufficient to do
the decoding. Being free to use by anyone with a web browser would
eliminate the advanced knowledge requirement.

> We do admit that
> the code can be decrypted by a knowledgeable programmer, but doing so
> requires the programming of a complete decryption filter, far beyond
> the capabilities of the average user.

A decryption filter you provide with the page at that.

Jo Meder

unread,
Jul 27, 1998, 3:00:00 AM7/27/98
to

lee...@gamacles.com (Kalev Leetaru) writes:
> Besides writing a complex decryption program

[...]


> We do admit that the code can be decrypted by a knowledgeable
> programmer, but doing so requires the programming of a complete
> decryption filter,

Oh, come on, this is not to hard to do. Since you insist in stating
that this task was "complex" and needed a "knowledgeable programmer" I
finally gave it a try.

So there you are, 67 lines (many blank or comments) of quickly hacked
together Python-Code completely decoding your "encrypted" page,
including your "second stage" with the swapped around bytes. This
script is available upon request to anyone interested, just send me a
mail. It is neither beautiful nor bugfree, but it proves my point.

The problem with your aproach is that you have to give away all
information needed to decode the page to enable the browser to decode
it. You cannot make the coding overly complex, since this would slow
down the whole thing. So what stops me from decoding it myself,
especially when standalone Javascript-Implementations become
available?


> far beyond the capabilities of the average user.

Depends on what you expect to be the "average user".


> We acknowledge that someone with good programming skills can break
> the encryption, however content thieves are not usually programmers.

Do you have any facts to prove this assertion?

Dan Evans

unread,
Jul 27, 1998, 3:00:00 AM7/27/98
to
Kalev Leetaru <lee...@gamacles.com> wrote in message
6pac3j$5nt$1...@news13.ispnews.com...
>Dear Mr. Sackett:
-----snip out the waffle-------
>were not aware that Internet browsers on Lynux operating systems have that
-----snip out a load of old bollocks written by a drivleing madman----

Or does he mean `Lynx`
Just a thought.

Dan

Hell Hound a.o.d. [AGQ2]

unread,
Jul 27, 1998, 3:00:00 AM7/27/98
to

Kalev Leetaru wrote:

> You be the Judge
>
> We stand by our statement that the

>

Define:

> average user

> would not be able to recover
> the HTML source of a document protected by Page Protect. The software is a
> good deterrent to content theft for many users.

And a good way to keep ppl from learning how HTML behaves too. I learned html by using WYSIWYG, text editors, and using source
from ppl's sites. The code can also be reproduced more often than not, with very sinple HTML knowledge, so why try to sell
something no one really needs?

> We have made a few slight
> modifications to the code.

Yeah. What I could do so easily before has become harder. your page protect, however I would dispise anyone using it, is better
now, and would require simple JS knowledge to undo. Since I'm learning Visual Basic, I have no such knowledge, and cannot get
the code.

> Please go to our site at [http://www.gamacles.com]
> and go to the encryption example.
>

> We have been unable to obtain a decrypted version of the HTML source using
> either the "Save As" command under the "File" menu, or the "Save As" command
> available on the right-click menu. We have also been unable to obtain the
> source using the "View Source" command, or by browsing our cache directory.
> Besides writing a complex decryption program, what other method would an
> individual have of retrieving the HTML source of a protected document?
>

> However, Mr Sackett has stated, "this product only keeps the ignorant from
> liberating HTML source", that any NEWBIE could see the HTML with minimal
> effort. We have already had numerous comments from individuals stating that

> they can no longer obtain the source of our protected page. We do admit that


> the code can be decrypted by a knowledgeable programmer, but doing so requires

> the programming of a complete decryption filter, far beyond the capabilities of
> the average user.

OK, you made it better. I really hope no one falls for it though, even tho it now works. Once again, I dislike the idea of
keeping someone from learning how some 'neat trick' on the page was accomplished, since that (and playing around with that
source once you get it) is prolly the most effective way of learning much of HTML.

>
>
> We welcome all readers to follow Mr. Sackett's instructions on how to bypass
> Page Protect's security, and see for yourself how easy or hard it is to obtain
> the HTML source of our protected page. Our server logs indicate that only a
> few readers have actually gone to our site. Look for yourself at our example
> and be the judge of whether our software would deter the average visitor from
> directly stealing your code.
>
> Our web site is located at [http://www.gamacles.com]
>
> We look forward to hearing your comments on the ease or difficulty of getting

> at the HTML code. We acknowledge that someone with good programming skills can


> break the encryption, however content thieves are not usually programmers.

Not usually, but I must say, plenty of ppl who know HTML may be. I must say that learning HTML has helped A _lot_ with VB, since
most of the things, I just see: OK, so this is how it's done...; where-as many would be: Huh? How's that?; and play around for
hours figuring it out. So expect quite a few good Web Designers to be programmers, at