Fore One Smarter Than Me- Don't Get Trampled In A Stampede!

[geots]

I would like to ask you (plural) something that bothers me. It seems the answer might be obvious, but then I wonder. Speaking of Rybka, and not in the sense of how much it took from Fruit, innocent or guilty. Has nothing to do with that. I only pick Rybka because it was the last one that is an example.


Fruit's source code was made public. Easy for anyone to take too much and benefit from it. Programmers like Vas (probably more commercial authors, but who knows for sure) go to great lengths to keep their sources a secret, some putting them on boxes not even running. Any evidence that was gotten against Vas in the Rybka/Fruit case was done so by RE Rybka 2.3.2a, unless you want to call the process by another name.
If all the evidence was gotten in that manner, and it is supposed to be reliable, ("supposed" because I would have no idea as computer science is foreign to me) then I don't see how Vas or any author can protect his source. Seems to me having the end result of RE should be as good as having the original code, or at least close. If that is true, then no original source code is actually protected. And programmers keeping their code a secret are spinning their wheels, when all you have to do is RE and take anything you want. If I am somewhat right up to here, seems that every engine in the "top 20" could be suspect just based on the ease with which they can take what they want from others. I hope I am wrong and just don't understand, because the alternative could make all of computer chess just one big train wreck.


gts

[kgburcham]

I thought that if you had the souce code and the ability, that any piece of software could be reverse enginneered.

kgburcham

[geots]

I thought that if you had the souce code and the ability, that any piece of software could be reverse enginneered.

kgburcham

As far as I know, you can. But with no skills in this area I am wondering if you would have the same end result that you would have with the original code in your hands- for the purpose of taking what and how much you wanted. Obviously, it is much more work- in one hand you have the code already- in the other you have to do some hard work to get it. But the kicker is what you have when you are thru RE.

gts

[bob]

I would like to ask you (plural) something that bothers me. It seems the answer might be obvious, but then I wonder. Speaking of Rybka, and not in the sense of how much it took from Fruit, innocent or guilty. Has nothing to do with that. I only pick Rybka because it was the last one that is an example.


Fruit's source code was made public. Easy for anyone to take too much and benefit from it. Programmers like Vas (probably more commercial authors, but who knows for sure) go to great lengths to keep their sources a secret, some putting them on boxes not even running. Any evidence that was gotten against Vas in the Rybka/Fruit case was done so by RE Rybka 2.3.2a, unless you want to call the process by another name.
If all the evidence was gotten in that manner, and it is supposed to be reliable, ("supposed" because I would have no idea as computer science is foreign to me) then I don't see how Vas or any author can protect his source. Seems to me having the end result of RE should be as good as having the original code, or at least close. If that is true, then no original source code is actually protected. And programmers keeping their code a secret are spinning their wheels, when all you have to do is RE and take anything you want. If I am somewhat right up to here, seems that every engine in the "top 20" could be suspect just based on the ease with which they can take what they want from others. I hope I am wrong and just don't understand, because the alternative could make all of computer chess just one big train wreck.


gts

For the record, the entire concept of "software protection" is flawed. If you sell me a CD/DVD with software on it, you just lost control. You can put any sort of copy protection you want on the thing, I will break it if so inclined. Not to give it to others, but to make it less odious to run. For example, I used to play "falcon" on my laptop all the time. When flying across the country, there was nothing like running a couple of F-16 missions. But to have decent battery life, I had to remove the CD/DVD drive and insert a second battery. And now Falcon would not run without the CD inserted. I simply removed that check from the executable, never gave away copies, never sold copies, but I could then play the game without the CD drive.

Same problem for a binary. A good CS person can take a binary and convert it to a working C program. In fact, there is software to do this (after a fashion) already. Not a thing that can be done, because at some point, the engine has to load into RAM in a normal format that will execute. And once that is done, a debugger can expose the entire thing, granted it is in assembly language that is very hard to read/understand without any symbols or procedure names, but that is a hindrance, not a barrier.

Bottom line, if you want to keep it secret, you can't distribute it. That's just the way it is. Same thing for any product. A good engineer can disassemble the latest and greatest auto engine and unravel every secret pretty quickly. And can likely find ways to do the same thing without violating any patents that are in place. The thing you get is a window of opportunity where you can generate sales during that period of time the RE effort is underway. Then everyone catches up to you and away you go. Open-source simply avoids a lot of the headaches by simply admitting that nothing remains secret for very long.

It's just the way things are. And the way they will remain...

Only thing I would disagree with is that this is not an easy thing to do. It takes a ton of time. But other than that, if one has the time, one can do it.

[geots]

I would like to ask you (plural) something that bothers me. It seems the answer might be obvious, but then I wonder. Speaking of Rybka, and not in the sense of how much it took from Fruit, innocent or guilty. Has nothing to do with that. I only pick Rybka because it was the last one that is an example.


Fruit's source code was made public. Easy for anyone to take too much and benefit from it. Programmers like Vas (probably more commercial authors, but who knows for sure) go to great lengths to keep their sources a secret, some putting them on boxes not even running. Any evidence that was gotten against Vas in the Rybka/Fruit case was done so by RE Rybka 2.3.2a, unless you want to call the process by another name.
If all the evidence was gotten in that manner, and it is supposed to be reliable, ("supposed" because I would have no idea as computer science is foreign to me) then I don't see how Vas or any author can protect his source. Seems to me having the end result of RE should be as good as having the original code, or at least close. If that is true, then no original source code is actually protected. And programmers keeping their code a secret are spinning their wheels, when all you have to do is RE and take anything you want. If I am somewhat right up to here, seems that every engine in the "top 20" could be suspect just based on the ease with which they can take what they want from others. I hope I am wrong and just don't understand, because the alternative could make all of computer chess just one big train wreck.


gts

For the record, the entire concept of "software protection" is flawed. If you sell me a CD/DVD with software on it, you just lost control. You can put any sort of copy protection you want on the thing, I will break it if so inclined. Not to give it to others, but to make it less odious to run. For example, I used to play "falcon" on my laptop all the time. When flying across the country, there was nothing like running a couple of F-16 missions. But to have decent battery life, I had to remove the CD/DVD drive and insert a second battery. And now Falcon would not run without the CD inserted. I simply removed that check from the executable, never gave away copies, never sold copies, but I could then play the game without the CD drive.

Same problem for a binary. A good CS person can take a binary and convert it to a working C program. In fact, there is software to do this (after a fashion) already. Not a thing that can be done, because at some point, the engine has to load into RAM in a normal format that will execute. And once that is done, a debugger can expose the entire thing, granted it is in assembly language that is very hard to read/understand without any symbols or procedure names, but that is a hindrance, not a barrier.

Bottom line, if you want to keep it secret, you can't distribute it. That's just the way it is. Same thing for any product. A good engineer can disassemble the latest and greatest auto engine and unravel every secret pretty quickly. And can likely find ways to do the same thing without violating any patents that are in place. The thing you get is a window of opportunity where you can generate sales during that period of time the RE effort is underway. Then everyone catches up to you and away you go. Open-source simply avoids a lot of the headaches by simply admitting that nothing remains secret for very long.

It's just the way things are. And the way they will remain...

Only thing I would disagree with is that this is not an easy thing to do. It takes a ton of time. But other than that, if one has the time, one can do it.

I put in my answer to Burcham that the only difference might be you had the original code in one hand, in the other- you had to do some hard work to get it. I understand that. The thing that amazes me is in all the discussions about why most programmers, and all commercial ones, are so paranoid about their code getting in the wrong hands- NOTHING IS EVER MENTIONED by anyone that they are wasting their time. I guess because it is assumed by those in the programming world that everyone is aware of that anyway........ It looks to me like the only answer for sure would be to check the codes of every engine in any IMPORTANT events. And they understand they either release it to trusted people, or they don't play. But here you might get into a time factor that makes this idea not practical. I'm guessing if you picked 5 codes out of the "Top 30" at random from a fishbowl- you aint gonna like what you find.

gts

[hgm]

Computer code cannot be protected technically from reverse engineering. Decompilation / disassembly can produce a source code. That source code, however is not the same as THE source code. When programmers write source code, they use names for the memory variables that are helpful and indicative of the function. Like CastlingRights, OpenFileBonus, PawnIsPasser[n], rather than ByteVar472, IntVar989 and Array12[n]. And the might annotate it with 'comments', i.e.help-ful remarks that remind them what is the function of a section of code. That makes reading the original source like reading a novel, to an experienced programmer. The decompilation cannot recover that. It requires a human intelligence to painstakingly follow up the instructions of the program noting how it changes the value of variables in response to moves (after having figured out what variables constitute the board), like being set to zero when the King or Rook moves, or being added to the score only when a Rook is on an open file, etc.

This is a lot of work, but it can always be done. It is just a question of how much effort you are prepared to put in it, and that depends on importance and alteratives. It could also be your hobby. Some people like to solve sudokus, others like to disassemble source code.

Hence the only way to protect computer code is to lock it into your vault, and be sure no one ever has access to it. As soon as they can get their hands on an executable, there is no protection, other than that it takes time and effort. The only protection is legal protection, in terms of copyrights andpatents. It is like locking your car when you leave it parked alongside a stony road. You know that everyone can get in by simply picking up a stone and smashing the window.

[bob]

I would like to ask you (plural) something that bothers me. It seems the answer might be obvious, but then I wonder. Speaking of Rybka, and not in the sense of how much it took from Fruit, innocent or guilty. Has nothing to do with that. I only pick Rybka because it was the last one that is an example.


Fruit's source code was made public. Easy for anyone to take too much and benefit from it. Programmers like Vas (probably more commercial authors, but who knows for sure) go to great lengths to keep their sources a secret, some putting them on boxes not even running. Any evidence that was gotten against Vas in the Rybka/Fruit case was done so by RE Rybka 2.3.2a, unless you want to call the process by another name.
If all the evidence was gotten in that manner, and it is supposed to be reliable, ("supposed" because I would have no idea as computer science is foreign to me) then I don't see how Vas or any author can protect his source. Seems to me having the end result of RE should be as good as having the original code, or at least close. If that is true, then no original source code is actually protected. And programmers keeping their code a secret are spinning their wheels, when all you have to do is RE and take anything you want. If I am somewhat right up to here, seems that every engine in the "top 20" could be suspect just based on the ease with which they can take what they want from others. I hope I am wrong and just don't understand, because the alternative could make all of computer chess just one big train wreck.


gts

For the record, the entire concept of "software protection" is flawed. If you sell me a CD/DVD with software on it, you just lost control. You can put any sort of copy protection you want on the thing, I will break it if so inclined. Not to give it to others, but to make it less odious to run. For example, I used to play "falcon" on my laptop all the time. When flying across the country, there was nothing like running a couple of F-16 missions. But to have decent battery life, I had to remove the CD/DVD drive and insert a second battery. And now Falcon would not run without the CD inserted. I simply removed that check from the executable, never gave away copies, never sold copies, but I could then play the game without the CD drive.

Same problem for a binary. A good CS person can take a binary and convert it to a working C program. In fact, there is software to do this (after a fashion) already. Not a thing that can be done, because at some point, the engine has to load into RAM in a normal format that will execute. And once that is done, a debugger can expose the entire thing, granted it is in assembly language that is very hard to read/understand without any symbols or procedure names, but that is a hindrance, not a barrier.

Bottom line, if you want to keep it secret, you can't distribute it. That's just the way it is. Same thing for any product. A good engineer can disassemble the latest and greatest auto engine and unravel every secret pretty quickly. And can likely find ways to do the same thing without violating any patents that are in place. The thing you get is a window of opportunity where you can generate sales during that period of time the RE effort is underway. Then everyone catches up to you and away you go. Open-source simply avoids a lot of the headaches by simply admitting that nothing remains secret for very long.

It's just the way things are. And the way they will remain...

Only thing I would disagree with is that this is not an easy thing to do. It takes a ton of time. But other than that, if one has the time, one can do it.

I put in my answer to Burcham that the only difference might be you had the original code in one hand, in the other- you had to do some hard work to get it. I understand that. The thing that amazes me is in all the discussions about why most programmers, and all commercial ones, are so paranoid about their code getting in the wrong hands- NOTHING IS EVER MENTIONED by anyone that they are wasting their time. I guess because it is assumed by those in the programming world that everyone is aware of that anyway........ It looks to me like the only answer for sure would be to check the codes of every engine in any IMPORTANT events. And they understand they either release it to trusted people, or they don't play. But here you might get into a time factor that makes this idea not practical. I'm guessing if you picked 5 codes out of the "Top 30" at random from a fishbowl- you aint gonna like what you find.

gts

Any "real programmer" knows that source security is 99% of the battle. And that's pretty big. But that 1% that can/will/are-able-to can get inside the binary if they want. And you simply can't lose sleep over that. Or else you just don't release ANYTHING and remain totally secure. I don't think "cluster rybka" will work, as most want something they can run anywhere, not just when they have web access. But it does address the problem directly.,

[mhull]

Computer code cannot be protected technically from reverse engineering. Decompilation / disassembly can produce a source code. That source code, however is not the same as THE source code. When programmers write source code, they use names for the memory variables that are helpful and indicative of the function. Like CastlingRights, OpenFileBonus, PawnIsPasser[n], rather than ByteVar472, IntVar989 and Array12[n]. And the might annotate it with 'comments', i.e.help-ful remarks that remind them what is the function of a section of code. That makes reading the original source like reading a novel, to an experienced programmer. The decompilation cannot recover that. It requires a human intelligence to painstakingly follow up the instructions of the program noting how it changes the value of variables in response to moves (after having figured out what variables constitute the board), like being set to zero when the King or Rook moves, or being added to the score only when a Rook is on an open file, etc.

This is a lot of work, but it can always be done. It is just a question of how much effort you are prepared to put in it, and that depends on importance and alteratives. It could also be your hobby. Some people like to solve sudokus, others like to disassemble source code.

Hence the only way to protect computer code is to lock it into your vault, and be sure no one ever has access to it. As soon as they can get their hands on an executable, there is no protection, other than that it takes time and effort. The only protection is legal protection, in terms of copyrights andpatents. It is like locking your car when you leave it parked alongside a stony road. You know that everyone can get in by simply picking up a stone and smashing the window.

Suppose a software cracker were to disassemble a chess program only to discover no chess program at all? Would he be able to detect that he was using a virtual machine parsing opcodes from an alien (or even notional) machine architecture known only to its creator?

In this way, a private (or commercial) chess program might be distributed with a greatly reduced risk of re-engineering, although it would mean a performance hit for end users. However, this would ensure that only the programmer himself could compile his code onto bare metal for the purpose of entering competitions and chess servers at full performance levels, guaranteeing a perpetual advantage over primitive cloners (and poseuers) at said competitions and chess servers. It would also preserve a proper "feudal spirit" between programmer and devotee.

[fern]

In fact almost Every progress in technology, sciences and even arts comes from that mechanism. Imitation was the name given by old archeologists to that process; now we call RE. It is the same thing.

Fern

[hgm]

Suppose a software cracker were to disassemble a chess program only to discover no chess program at all? Would he be able to detect that he was using a virtual machine parsing opcodes from an alien (or even notional) machine architecture known only to its creator?

I don't think this alters anything. What he would discover when he starts disassembling the binary is that there is only little code, (the VM emulator) and lots of 'data' (the Chess program). By inspecting the code he would quickly learn the architecture of the VM, and then write a disassembler for the interpreted code.

In fact this is exactly what people would find if they disassembled the binary of my engine Usurpator II. They would find an emulator, and if they are smart, they would actually recognize it as a 6502 emulator.

But it throws up an extra hurdle. Unfortunately you would also suffer a major speed hit, (an order of magnitude or so), so for Chess engines it is not really an option. Encrypting the native machine language, and only decrypt selective parts of it when needed at run time might be a better solution. Then they would not be able to just disassemble the static binary, but be forced to run a debugger on it, and catch it in action. But it can still be done (e.g. causing a core dump when the program is in full action).