I don't know (but wanna learn) programming, but, for example, can't you inspect the code of an app if it's installed?
(yeah this is kind of a stupid question.)
Submitted 1 year ago by Sucuk@kbin.social to nostupidquestions@lemmy.world
https://kbin.social/m/nostupidquestions@lemmy.world/t/258666
I don't know (but wanna learn) programming, but, for example, can't you inspect the code of an app if it's installed?
(yeah this is kind of a stupid question.)
Kinda. What you’re referring to is “decompilation”, which is the process of taking the output of a compiler and trying to reverse-engineer the code that produced it. But decompiled code is really hard to read and modify, because it isn’t what humans wrote, it’s what the compiler translated it into, and that can have some unexpected changes than are mostly irreversible. And, since it’s closed source, if you somehow manage to make a change, you can’t re-release it – you don’t have the license to do so.
With open source, you see the same code as the maintainers, so it has the high-level programming concepts and good variable names, and you have permissions to fork and release your own version.
The other thing is that on modern platforms, decomplied code can and will be ludicrously complex and probably rely on several levels’ worth of abstraction layers, external libraries, API’s, and sandboxes provided by the OS or whatever other platform it’s meant to run on. Outside of microcontrollers and some embedded applications, the days are long gone where you just have relatively simple machine code running directly on the bare metal of the computer’s processor and unprotected memory.
This is a very good addition!
Assembly is a difficult beast
Try to inspect the code of any Microsoft program you have installed. You cannot, because you only have the executable, not the source code itself.
Imagine getting a can of purple paint and trying to figure out exactly how much red and blue dye was used to make that exact purple. Now imagine doing that every few lines of code in a code base of say 10k lines. That’s basically how decompilation goes. It’s extremely hard and even if you’re able to figure it all out, it’s still impossible to ever know what was actually originally written.
What you’re describing though does have done truth to it. There was a time when you could get a program from a magazine, type it all in to your commodore 64, and then it would run a pacman clone. These, line python today, are not compiled. So to have the program means to have the code too.
Expanding a bit on what others have said, for anybody who is further interested (simplified; this whole discussion could be pages and pages of explanation)
The code we write (source code), and the code that makes the machine do its thing (executable code) are usually very different, and there are other programs (some are compilers, others are interpreters, I’m sure there are others still) to help translate. Hopefully my examples and walkthrough below help illustrate what others have meant by their answers and gives some context on how we got to where we are, historically
At the bare metal/electricity flowing through a processor you’re generally dealing with just sequences of 0s and 1s - usually called machine code. This sequence of “on” and “off” is the only thing hardware understands, but is really hard for humans, but it’s all we had at first. A program saved as machine code is typically called a binary (for formattings sake, I added spaces between the bytes/groups of 8 bits/binary digits)
00111110 00000001 00000110 00000001 10000000 00100110 00000000 00101110 00000000 01110111
A while later, we started to develop a way of writing things in small key words with numerical values, and wrote a program that (simplified) would replace the key words with specific sequences of 0s and 1s. This is assembly code and the program that does the replacements is called an assembler. Assemblers are pretty straight forward and assembly is a close 1:1 translation to machine code; meaning you can convert between the two
LD A, 0x01 LD B, 0x01 ADD A,B LD H, 0x00 LD L, 0x00 LD (HL), A
These forms of code are usually your executable codes. All the instructions to get the hardware to do its thing are there, but it takes expertise to pull out the higher level meanings
This kind of writing still gets tedious and there are a lot of common things that you’d do in assembly that you might want shortcuts for. Some features for organization got added to assembly, like being able to comment code, add labels, etc but the next big coding step forward was to create higher level languages that looked more like how we write math concepts. These languages typically get compiled, by a program called a compiler, into machine code, before the code can run. Compilers working with high level languages can detect a lot of things and do a lot of tricks to give you efficient machine code; it’s not so 1:1
This kind of representation is what is generally “source code” and has a lot of semantic things that help with understandability
int main() { int result = 1+1; }
There are some, very popular, high level languages now that don’t get compiled into machine code. Instead an interpreter reads the high level language and interprets it line by line. These languages don’t have a compilation step and usually don’t result in a machine code file to run. You just run the interpreter pointing to the source directly. Proprietary code that’s interpreted this way usually goes through a process called obfuscation/minimization. This takes something that looks like:
def postCommentAction(commentText, apiConnection) { apiConnection.connect() apiConnection.postComment(commentText, userInfo) apiConnection.close() }
And turns it into:
def func_a(a,b){b.a();b.b(a,Z);b.c();}
It condenses things immensely, which helps performance/load times, and also makes it much less clear about what the code is doing. Just like assembly, all the necessary info is there to make it work, but the semantics are missing
So, to conclude - yes, you can inspect the raw instructions for any program and see what it’s doing, but you’re very likely going to be met with machine code (that you can turn into assembly) or minified scripts instead of the kind of source code that was used to create that program
Your computers CPU doesn't understand human language or code, so programs are compiled from human-readable programming languages (like C++, Rust, etc.) into binary machine code. Machine code is basically just a bunch of CPU instructions and data that are formatted specifically for your CPU's architecture (depending on if it's x86, ARM, etc.).
Most of the time, when you install a program/app/game, you're only getting the compiled binary in your CPU's machine code, so you couldn't view the original "source code" without going through a complex process called "decompilation".
For something to be considered truly "open source", it not only makes the original source code available to the user, it also publishes that code under a license like the GPL which gives the user certain rights to use, copy, and/or modify the code.
Most compiled apps (exes) can technically be read, but only if you use a disassembler to convert the machine code into raw assembly.
However, this assembly has no:
Only if you are extremely skilled at reading assembly can you read a compiled program.
Source code is called source because it’s the original verbose code that gets transformed through a compiler. The compiler output can be machine code which are special numbers the computer can interpret as instructions or minified code so the file size is smaller or even a totally different language through transcompilation. In all cases the source code is what was written by a human and is the original source of truth, while compiled code is transformed by a computer and it’s either condensed which makes it hard to read and loses informational context, or it’s transformed automatically which may not be as clean or idiomatic. Source code can have multiple compile targets so if you were to modify compiled code to change its behavior it would be very hard to collaborate or distribute those changes since it would only apply to one target. The source code is important because it’s easier to understand and it’s more organized and it’s a common source of truth that multiple developers can collaborate on.
Executable code inspection is not reading source.
If you read Javascript Code, it’s readable as Text. But even then, it may have been transformed from a readable source with speaking names and structure to an obfuscated mess that works the same, may be more performant, but is not human readable. It’s not the source, so it can’t reasonably be called open source.
Different languages have different transformations. Most programs you install are compiled to transformed data. The text source is readable. The transformed result is not. Tooling may help inspecting or seeing parts, or trying to recreate the source, but it’s not the source.
This is why we say “free and open source”, free software (not to confused with “freeware”), or FOSS (Free and Open Source Software), with sometimes added explanation of “free as in freedom” in many more formal setting. Meaning that these software comes with several essential right and align with the ideology of the free and open source movement.
In most daily conversation, open-source is really short for the “free and open source software” described above.
[www.youtube.com/watch?v=gh2RXE9BIN8](Everything is open source if you can reverse engineer)
Take a look at the definition of “Free Software”:
A program is free software if the program’s users have the four essential freedoms:
- The freedom to run the program as you wish, for any purpose (freedom 0).
- The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
- The freedom to redistribute copies so you can help others (freedom 2).
- The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.
The term “open source” has a more corporate-friendly connotation, but the freedoms it entails are the same.
fubo@lemmy.world 1 year ago
No.
First, “open source” doesn’t just mean “you can read the source”.
Second, compiled programs (e.g. most programs you run on a phone or a desktop PC) do not have source available.
Sucuk@kbin.social 1 year ago
Ah, that makes sense, thanks for clarifying.
KrokanteBamischijf@feddit.nl 1 year ago
Going into a little more detail:
There are plenty of ways to do open source, and the differences mostly come down to the license something is published under. Some licenses prohibit redistribution, while others restrict commercial use. One of the more popular permissive licenses is the GNU General Public License (or GPL for short). Which you can read up on over here.
Technically there’s nothing stopping you from ignoring the terms of the license agreement and just doing whatever. Think “agreeing to the terms without actually reading them”. While the licenses are usually proper grounds for legal action, it depends on the project and the resources associated wether actual legal action is within the realm of possibilities.
When it comes to “everything is open source”, you’re technically correct in the sense that you can reverse engineer everything and the amount of work you’re willing to put in is the only limiting factor. Compiled code and techniques like code obfuscation and encryption will pose barriers, but they will not protect from someone determined to get in. In the same way a door lock will not protect you from someone who brings a blowtorch.
Some code is technically not open source, but is delivered in human-readable form. This is the case for things like websites and scripts in languages like python. Other software is compiled (pre-converted to specific instructions for your processor), and is delivered in binary, which is not particularly human-readable. But with the right tools even binary applications can be “decompiled” and converted into something slightly more closely resembling the original source code.
A great one liner from the YouTube channel Low-level Learning is “everything is open source if you can read assembly”.
So, in summary: It depends how you look at it, generally speaking open source means that te source code is available for the public to see and that you’re free to submit any suggestions or improvements to the code, no matter who you are. In practise the source code is sometimes visible (out of technical necessity or for troubleshooting purposes) even though the product is not open source, in which case the end user license agreement will likely contain a clause prohibiting you from doing anything with it.
losttourist@kbin.social 1 year ago
It's not a perfect analogy, but a good way to think about it if you're not a programmer is to say "why do we need recipes when we can just buy a product in the store and read the ingredients list".
Just because you know the ingredients, that doesn't mean you know how to put them together in the right order, in the right quantities, and using the correct processes to recreate the finished product.