Update 2022.0 to include IP file and API doc Improvements

Author: hilliard-sketchup

file.intellectual_property.html

@@ -0,0 +1,230 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="UTF-8">
+  <!-- VIEWPORT -->
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <!-- AUTHOR and GENERATOR -->
+    <meta name="author" content="SketchUp Extensibility Team">
+    <meta name="generator" content="YARD https://yardoc.org">
+  <!-- TITLE -->
+    <title>
+    File: Protecting Intellectual Property &mdash; SketchUp Ruby API Documentation
+    </title>
+  <!-- SHORTCUT ICON -->
+    <link rel="shortcut icon" type="image/vnd.microsoft.icon"
+    href="favicon.ico" />
+
+  <!-- GENERIC META PROPERTIES -->
+    <meta name="url"   content="https://ruby.sketchup.com/file.intellectual_property.html" />
+    <meta name="image" content="https://ruby.sketchup.com/images/Ruby.svg" />
+    <meta name="title" content="File: Protecting Intellectual Property" />
+    <meta name="name"  content="SketchUp Ruby API Documentation" />
+    <meta name="description" content="Protecting Intellectual Property" />
+  <!-- OPEN GRAPH META PROPERTIES -->
+    <meta property="og:site_name" content="SketchUp Ruby API Documentation" />
+    <meta property="og:type"      content="website" />
+    <meta property="og:image"     content="https://ruby.sketchup.com/images/Ruby.svg" />
+    <meta property="og:image:width"  content="60" />
+    <meta property="og:image:height" content="60" />
+    <meta property="og:title"     content="File: Protecting Intellectual Property" />
+    <meta property="og:url"       content="https://ruby.sketchup.com/file.intellectual_property.html" />
+    <meta property="og:description" content="Protecting Intellectual Property" />
+  <!-- TWITTER CARD META PROPERTIES -->
+    <meta name="twitter:card"  content="summary"   />
+    <meta name="twitter:site"  content="@sketchup" />
+    <meta name="twitter:title" content="File: Protecting Intellectual Property" />
+    <meta name="twitter:description" content="Protecting Intellectual Property" />
+    <meta name="twitter:image:src"   content="https://ruby.sketchup.com/images/Ruby.svg?s=120" />
+    <meta name="twitter:url"   content="https://ruby.sketchup.com/file.intellectual_property.html" />
+
+
+  <!-- STYLESHEETS -->
+    <link rel="stylesheet" type="text/css"
+      href="https://fonts.googleapis.com/css?family=Open+Sans:400,700,400italic" />
+
+    <link rel="stylesheet" href="css/style.css" type="text/css" charset="utf-8" />
+
+    <link rel="stylesheet" href="css/sketchup.css" type="text/css" charset="utf-8" />
+
+    <link rel="stylesheet" href="css/rubyapi.css" type="text/css" charset="utf-8" />
+
+    <link rel="stylesheet" href="css/rouge.css" type="text/css" charset="utf-8" />
+  <!-- SCRIPTS -->
+<script type="text/javascript">
+  pathId = "intellectual_property";
+  relpath = '';
+</script>
+
+
+    <script type="text/javascript" charset="utf-8" src="js/jquery.js"></script>
+
+    <script type="text/javascript" charset="utf-8" src="js/jquery-migrate.js"></script>
+
+    <script type="text/javascript" charset="utf-8" src="js/app.js"></script>
+
+    <script>
+      // Every time this page is loaded, it sends this action to SketchUp, telling
+      // SketchUp that a new page has loaded that has example snippets that should
+      // be replaced with code editors. Nothing happens if the page is loaded in a
+      // regular browser outside of the SketchUp client.
+      $( document ).ready(function() {
+        if (typeof sketchup == 'object') {
+          sketchup.page_loaded();
+        }
+      });
+    </script>
+
+</head>
+<body>
+
+  <!-- SU - start -->
+<header id="navbar" role="banner" class="navbar navbar-fixed-top navbar-inverse">
+    <div id="api-documentation-header">
+        <div class="navbar-header">
+            <a class="logo navbar-btn pull-left" href="https://developer.sketchup.com" title="Home">
+                <img src="images/sketchup-logo.svg" alt="SketchUp">
+            </a>
+            <a class="name navbar-brand" href="/en" title="Home">SketchUp Developer Center</a>
+            <!-- .btn-navbar is used as the toggle for collapsed navbar content -->
+            <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
+                <span class="sr-only">Toggle navigation</span>
+                <span class="icon-bar"></span>
+                <span class="icon-bar"></span>
+                <span class="icon-bar"></span>
+            </button>
+        </div>
+        <div class="navbar-collapse collapse">
+            <nav role="navigation">
+                <ul class="menu nav navbar-nav">
+                    <li class="first leaf"><a href="https://forums.sketchup.com/c/developers">Community</a></li>
+                    <li class="leaf"><a href="https://blog.sketchup.com/">SketchUp Blog</a></li>
+                    <li class="leaf"><a href="https://www.sketchup.com/download" class="top-menu--download-button">Download</a></li>
+                    <li class="last expanded dropdown">
+                        <a href="https://www.trimble.com" class="trimble-top-menu-item dropdown-toggle" data-target="#" data-toggle="dropdown"><img src="images/trimble-logo-white.svg" alt="Trimble"><span class="caret"></span></a>
+                        <ul class="dropdown-menu">
+                            <li class="first leaf"><a href="https://connect.trimble.com/">Trimble Connect</a></li>
+                            <li class="leaf"><a href="https://www.trimble.com/Corporate/About_Trimble.aspx">About Trimble</a></li>
+                            <li class="last leaf"><a href="https://buildings.trimble.com/">Trimble Buildings</a></li>
+                        </ul>
+                    </li>
+                </ul>
+            </nav>
+        </div>
+    </div>
+</header>
+<!-- SU - end -->
+
+
+  <div id="su-content">
+
+    <div class="nav_wrap">
+      <iframe id="nav" src="file_list.html"></iframe>
+      <div id="resizer"></div>
+    </div>
+
+    <div id="main" tabindex="-1">
+      <div id="header">
+        <div id="menu">
+  
+    <a href="_index.html">Index</a> &raquo; 
+    <span class="title">File: Protecting Intellectual Property</span>
+  
+</div>
+
+        <div id="search">
+  
+    <a class="full_list_link" id="class_list_link"
+        href="class_list.html">
+
+        <svg width="24" height="24">
+          <rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
+          <rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
+          <rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
+        </svg>
+    </a>
+  
+</div>
+        <div class="clear"></div>
+      </div>
+
+      <div id="content"><div id='filecontents'>
+<h1 id="label-Protecting+the+Intellectual+Property+in+your+SketchUp+Extensions">Protecting the Intellectual Property in your SketchUp Extensions</h1>
+
+<p>The code you write in your extensions is your intellectual property. You may choose to open source it or you might want to keep it hidden so no one else can see it. In this guide we’ll explain why hiding it can be tricky and what you need to know to protect your IP.</p>
+
+<h2 id="label-Ruby+code+is+visible.+Period.">Ruby code is visible. Period.</h2>
+
+<p>If you simply distribute your extension in an .rb file, anyone can open that file and see the code you’ve written. This is true even if your ruby file is wrapped in an .rbz file. This obviously isn’t good if you don’t want people to see your code. You can obscure your code through encryption and that’s a good step but even that’s not perfect protection.</p>
+
+<p>Unlike languages like C that must be compiled into machine language, Ruby runs inside an interpreter. Even if you’ve encrypted your code it must be decrypted in order to run. If someone is determined enough, there are ways to expose your Ruby code from within the running process.</p>
+
+<p>So is it hopeless to try to hide your source code? Should you just give up on writing extensions? No! But you should explore the options and choose what works best for you. Read on to learn more.</p>
+
+<h2 id="label-Encryption+can+be+broken">Encryption can be broken</h2>
+
+<p>No encryption is perfect. Like the lock on your door, it’ll keep out the vast majority of people but if someone is determined enough they’ll find a way in. And there are a lot of determined hackers out there. Some are malicious and some just enjoy solving puzzles but the end result is that secure encryption remains a moving target.</p>
+
+<h2 id="label-RBS+and+RBE+options">RBS and RBE options</h2>
+
+<p>Over the years we’ve provided two encrypted file formats for SketchUp extensions: .RBS and .RBE files. RBS (which is no longer offered) used a scrambling technology. RBE is the newer format that uses a more sophisticated encryption. Neither of these have been infallible though and we don’t recommend depending solely on them to protect your code.</p>
+
+<h2 id="label-Encryptors-2C+obfuscators-2C+and+minifiers">Encryptors, obfuscators, and minifiers</h2>
+
+<p>Some extension developers pay for an external encryptor like <a href="https://www.rubyencoder.com/">RubyEncoder</a>. This can be layered on top of the encryption provided by SketchUp or used independently.</p>
+
+<p>Other developers use tools to make their Ruby code harder to understand. Obfuscators make your code more complex, and minifiers remove all unnecessary characters in your code. Both techniques try not to change the functionality of your code but serve to make it harder to read.</p>
+
+<h2 id="label-Compiling+your+code+into+a+C+library">Compiling your code into a C library</h2>
+
+<p>One of the best ways to hide your code is to write it in C and compile it into a library. Unlike with Ruby where you need to distribute your source code, your compiled C code has been translated into machine language binary files. The machine instructions are still human readable with the right tools but they are much more difficult to understand than the original C.</p>
+
+<p>But make no mistake, even this doesn’t completely obscure your logic. Yes, it protects your source code because there’s no way to rehydrate your exact code (including comments and variable names), but a determined hacker can use decompilation to expose your logic. This is true for all software written in compiled code, not just SketchUp extensions. Decompilation is sometimes referred to as turning a sausage back into a pig. There’s only so much that can be done, but with the right tools you can at least get the sausage into the shape of a pig.</p>
+
+<p>Your C extension will still need Ruby code but if you keep your Ruby simple (e.g. just the UI code) then you have less to lose from someone stealing this code.</p>
+
+<h2 id="label-Layering+multiple+levels+of+protection">Layering multiple levels of protection</h2>
+
+<p>As a best practice we recommend layering multiple levels of protection so you don’t have a single point of failure.</p>
+
+<p>Also consider what you are protecting against. Are you protecting your license logic from being tampered with, or are you trying to protect the intellectual property in your source code? Not all risks are equal. Your logic for setting up menus and dialogs is not likely to be as important as your algorithms. Focus on protecting the parts of your product that make it special.</p>
+
+<h2 id="label-Consider+Alternatives">Consider Alternatives</h2>
+
+<p>Would it be acceptable for you to open source your software? There are businesses that make a living out of producing open source software. They earn their income by selling services and support related to the software, despite the fact that their entire source code is open to everyone, legally free to copy and modify. The experience, service, and support of a product is also a vital part of its value.</p>
+
+<h2 id="label-Summary">Summary</h2>
+
+<p>Protecting your software product is a constant arms race, and your time is valuable. You’ll need to decide how important it is to protect your source code. You may also want to keep in mind that not every illegal copy equals a lost sale. Many users of pirated software wouldn&#39;t have paid for it in the first place. Giving your code an open source license and allowing others to freely use it can let you avoid the hassles from hiding your code.</p>
+
+<p>But this isn’t always desirable or even possible. If you need to protect your code from prying eyes, our recommendation for most developers is to use a layered approach. Don&#39;t rely on a single solution. Ideally you have control over at least one of these solutions so you can swap it out if needed. In the end this is a cost/effort/gain balance that will differ from case to case.</p>
+
+<h2 id="label-Further+Reading">Further Reading</h2>
+<ul><li>
+<p><a href="https://www.rubyencoder.com/faqs-protect-ruby-scripts-FAQs-Security-category-3.html">RubyEncode Security FAQ</a></p>
+</li><li>
+<p><a href="https://jonskeet.uk/csharp/obfuscation.html">Obfuscation and Decompilation</a></p>
+</li><li>
+<p><a href="https://stackoverflow.com/a/2478504/486990">Protecting your code from decompilation</a></p>
+</li><li>
+<p><a href="https://stackoverflow.com/a/19525834/486990">Obfuscators</a></p>
+</li><li>
+<p><a href="https://blog.ndepend.com/dont-rely-on-someone-else-to-protect-your-software/">NDepend decompilation protection</a></p>
+</li><li>
+<p><a href="https://security.stackexchange.com/a/107076/87978">Is obfuscation worth it?</a></p>
+</li><li>
+<p><a href="https://security.stackexchange.com/a/219347/87978">Does obfuscation have a security benefit?</a></p>
+</li></ul>
+</div></div>
+
+      <div id="footer">
+  Generated by
+  <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
+</div>
+
+    </div>
+
+  </div>
+
+</body>
+</html>