Rails on Rubinius without source code

[rodrigo]

Hello,

The company I work for develops systems in delphi.
This system will be migrated to the web. I am convinced the team to
make this migration using Ruby / Rails.
But, I was questioned as to the source code is made available on
customer's server, which would bring risks to the business.
I always thought the Rubinius a very interesting project, how it is
conceived.
I wonder if there is a way to develop a system using Rails and
Rubinius, so that source code does not need to be available on servers
where this system will run.

Thank you,

Rodrigo.

[Rob Heittman]

I encounter this need more than I'd like. A production-ready way to
achieve this goal right now is with JRuby and Warbler:
https://github.com/nicksieger/warbler ... using the "compiled" flag
yields a deployable .war containing only Java classes instead of Ruby
sources.

In the future, I really do hope to meet this need without the Java
dependency. Shipping Rubinius VM bytecode would make me a lot happier
than shipping JVM bytecode.

[Matthew Winter]

Hi,

I know that you can achieve this with JRuby + Warbler. It basically compiles the Ruby source code and produces Java .class files which are then packaged as a WAR or JAR file, depending on what you trying to achieve. No source has to be present.

Regards
Matthew Winter

> --
> --- !ruby/object:MailingList
> name: rubinius-dev
> view: http://groups.google.com/group/rubinius-dev?hl=en
> post: rubini...@googlegroups.com
> unsubscribe: rubinius-dev...@googlegroups.com

[Eero Saynatkari]

On 2011-01-23, at 21:51:05, Matthew Winter wrote:
> I know that you can achieve this with JRuby + Warbler. It basically compiles the Ruby source code and produces Java .class files which are then packaged as a WAR or JAR file, depending on what you trying to achieve. No source has to be present.

At the risk of stating the obvious, even WARs are
easily disassembled. In fact, so is the Delphi code
although I think the tools for that are a little less
fancy.

It's certainly possible to to add a comparable
degree of obscurity – not security – to Rubinius
and I think it's been discussed as a goal but is
not implemented as yet.

Personally I'm not convinced it's worth the effort
but, then, I don't really have anything to do with
those decisions.

Off the topic, is it not possible to implement the
application/whatever in a manner that doesn't
require obfuscation?

E
--
Sent from my rotary phone using an enormous number of revolutions.

[rodrigo mendonca]

Thanks for the replies,

I thought that because of Rubinius compile Ruby code, I could only distribute the compiled files.
But, as apparently this is not possible, I'll have to think of some alternative way to distribute the application.
The company has 30 employees. The development team has 14 people and the system is already being developed for 12 years.
The project is too large. I estimate it takes four years to finish the migration.
I believe that in two years there will be a solution to our "problem."

I'm hoping that version 2.0 of Ruby use the Rubinius as implementation.

Thanks again!

Rodrigo.

2011/1/23 Eero Saynatkari <regist...@kittensoft.org>

--
--- !ruby/object:MailingList
name: rubinius-dev
view: http://groups.google.com/group/rubinius-dev?hl=en
post: rubini...@googlegroups.com
unsubscribe: rubinius-dev...@googlegroups.com

--

Rodrigo Mendonça Diretor de Tecnologia Tel: 31 3025 3550 / Cel: 31 8489 3119 rod...@vivver.com.br / dire...@vivver.com.br

[Radek]

2011/1/23 rodrigo <rod...@vivver.com.br>:

> But, I was questioned as to the source code is made available on
> customer's server, which would bring risks to the business.
> I always thought the Rubinius a very interesting project, how it is
> conceived.

Cant http://www.rubyencoder.com/ solve your problem?
I'm using it for "encrypting" sensitive code.
As far as I know it do some irreversible translation from source to AST.

--
Radek

[Matthew Winter]

Hi,

Indeed you can decompile the Java class file. However because the Ruby has been compiled into Java byte code with all the required JRuby wrappings, the code output from the decompilation is very much obfuscated for you. I am not saying it is impossible to understand, but you would need to have a degree of understanding of the internals of JRuby.

Because Rubinius makes use of LLVM I see no reason why it could not output a binary executable, but would need to statically link the Rubinius library or provide a shared library binary for use, so the final size could be quite large. After all if Mono can provide this function via LLVM, then I am sure Rubinius could do it. ;-)

I agree with your sentiment about whether it is really worth the effort. However the more Ruby, Rails, etc are used in the enterprise the more this kind of question will be asked.

Regards
Matthew Winter

[rodrigo mendonca]

Hi,

I know several people who develop personal projects in Ruby/Rails. But they can not convince their managers to use rails for precisely this reason: It is necessary that the source code is available on the application server?
I believe that if the Rubinius offers this feature, many companies would spend to use it to develop its projects in Ruby/Rails.
And I'm talking about big institutions with whom I have contact.
The question they ask is always the same: There is already some way to build applications in Ruby/Rails where the source code no longer need to be available on the server?

Regards,

Rodrigo.

2011/1/24 Matthew Winter <wint...@teratools.com>

[Tony Arcieri]

On Sun, Jan 23, 2011 at 10:42 PM, Eero Saynatkari <regist...@kittensoft.org> wrote:

At the risk of stating the obvious, even WARs are easily disassembled.

However, the resulting code will be Java as output by the JRuby compiler, not Ruby code. While it might be possible to infer the Ruby code from the resulting Java code, doing so is nontrivial and would require intimate knowledge of the JRuby compiler and runtime.

This approach provides, at the very least, a very good degree of source code obfuscation.

--
Tony Arcieri
Medioh! Kudelski