How safe is your code?

Every developer no matter what app they are working on, does consider their code as special and after all it is their IP, the hard work that they have put into it. How would they feel if it was being stolen...

Ways that code can be stolen

* Code is placed on a repository which is hacked and access gained
* Your machine has a virus or a Trojan and the hacker has access to the device
* The code is uploaded and cached

Uploaded and Cached??

Yes, this is the easiest way where your code can be stolen and you wouldn't even know that it happened. This is similar to the security identification on the phone, where the person at the other end asks a couple of security questions to identify you, these calls originate in various call centres around the world, handled by *people* more so *recorded for training purposes* so each and everyones security responses are recorded and retained. All it would take is one employee that has access to these records to go rogue and everything is compromised, after all how is a person identified? Name, Address, Telephone Number, Date of Birth and a couple of other questions as you might have set. Most of this information is available commonly, I get huge amounts of junk mail from Banks and other co's, if I did not shred them before dumping them, there you have my Name and Address. Telephone numbers can be picked up off visiting cards or phone books. In short though these are supposedly secure, they are as insecure as any other process.

So...

Well, in terms of software and IP, the issue on hand is similar to the Compilation process used by Ansca. Here is an example http://developer.anscamobile.com/forum/2011/12/29/new-corona-some-questions-i-need-answered-i-purchase We have to believe that the lua files that we compile do not ever reach the Ansca servers, then how is it compiled? The requirements for running corona are only xCode and not a lua compiler. Ansca has never detailed their compilation process and builds online only, so it is anyones guess that the code is uploaded to their servers, compiled and then send back, if this is the case, Ansca have a copy of the code, it is just a matter or ethics whether the code is cached or not? Lua files are really really small and storage is very very cheap. 2 + 2 = 4 ? The official response from an Ansca employee on this is that Ansca *do not*, they cross their hearts and ... Another user believes that Ansca can be sued. Can the users be so trusting, that because Ansca says they don't, they believe them? I guess that is one of the reasons that we have had the GFC and the OWS etc. We are all so trusting and gullible, and therefore the 1% take advantage and con us. Why does Ansca not detail their process, why can they not have an offline compilation process like any and every other software, why do they want everything controlled and closed with them? No bytecode, no add-ins, roadmap only for stuff where they get some tie-up money to sell a user base of xxx'000 over to a vendor?

stealing...?

Well, let us assume for a moment that Ansca is caching the code on their servers everytime we build, how can they profit off it?
1. They cannot share it, and if they did they would be the most stupid tech company to ever exist.
2. They can use the code to look at the cool stuff developers are doing, pushing the envelope and making Corona do things that it could not. This is what they can use internally and also *sell* these techniques / snippets under the Enterprise Support for which they charge big bucks.

So, if as a user you would be worried about them sharing the code, they will definitely not do something like that, but they can sell the code as theirs, after all how many different ways can you assign a variable? I can think of about 4, but all of them involve the common assignment operator *LeftHandSide = RightHandSide*

I must admit one thing here, I feel strongly about certain ethical conducts of Ansca, but that does not mean that they do not have wonderful developers, the guys there Eric, Walter, Tom, Gilbert, Josh are really good. I do not feel that they would be the ones that would steal the code from the cache if there is any and I do not even think that they would have the time, which is a different conversation on why does it take them so long to have features when Josh is solely responsible for the Android builds and Eric is a LuaCocoa guru and can manage the whole iOS platform alone like Josh can with Android, and then you also have Walter, Gilbert, Tom...

With that said, I cannot vouch for the other developers or rather the wanna-be developers employed at Ansca that they would not have an interest in the code. Actually this makes it more clear why Apple is quite clear on the policy as to why none of their employees are allowed to develop and have apps on the App Store, so the ones that have great ideas and want to explore the App Store resign from Apple and take up the challenge. This way there are no conflict of interests. You do not have an Apple Developer, that says this is how you do stuff, and btw you can also buy some of my sample code/templates, ti has no affiliation to Apple but since I am an Apple Employee, you would think that this is code right from Apple. Apple do not also try to peddle training and other such things that distract them from the core business, maybe they are a great organisation and maybe they do not have to scrape the barrel for finances and compete with their user base in the same ecosystem. Whatever happened to Service??

In summary

Does Ansca steal the code? No one apart from Sean, Walter and Carlos or anyone else that actually has a direct hand in the built servers can confirm that the code is not cached. Ansca thought they talk about the lessons learned from Adobe, surprisingly have the worst developer documentation and we are nearly in 2012, end of the world as some would claim, we have so many tools for generating documentation but still that remains shoddy, incomplete as like a dogs breakfast, everywhere. So they have the blanket excuse for not documenting the build process.

So, if you are involved in building the next app that requires high level security or have some nifty techniques that no one has tried and can make things better, you should rethink on generating a build also given that they bundle the spyware *Launchpad* if you were lucky to get the contract to build the app for the British Prime-Minister, good luck with the security of that app if you think Corona would be an option. If you are a beginner that will generally try simple code to learn how Lua and Corona work, then there is not much to worry, all of that code is available on several sites.

If you do see that your app has been duplicated, what you think is up to you, but there can only be two options, Ansca has stolen and sold the code/technique for a price and/or (not to undermine the abilities of other developers) the other developer has been inspired by or thought of the same thing.

Things are not just because someone said so, demand some form of documentation to confirm that it is so. Trust or blind trust, the choice is yours to make.

Comments

  1. Another great Article ... It is always a pleasure to read your thoughts. cheers Mark

    ReplyDelete
  2. @Kris, It is nice to see passionate people like you. I take it that you are new and a strong believer in this framework. I base my assumption on the fact that if you were an older developer, you would have known me and my level of interaction with the company.

    Documentation is a self-admitted problem, right from the start, not because it is changing so fast, because it was managed badly. Who uses manual entry into a CMS for Documentation? Well these guys do.

    The source code issue stems from the fact that not everyone that works there is a smart developer, and for some that answer, they need to learn, search new tricks to help as they are not part of the development process. Your faith in them seems to be strong, well good luck with that, I guess we will have a conversation when this would have worn off you.

    ReplyDelete
  3. Pretty Awesome article dude you have got some solid points as PapayaMobile has already stolen some code of Ansca Mobile and thats a full on company.. i wonder what Ansca does with our code ???

    ReplyDelete

Post a Comment

Popular Posts