Interview – Nick Lindridge of ionCube
Published (updated: ) in Uncategorized.
ionCube is well known as a provider of PHP orientated source code protection products, as well as server side PHP acceleration tools. With its flagship product, PHP Encoder, ionCube allow developers to protect all, of selected parts of their own PHP creations ensuring they get maximum return on sales as well as aiding the combat of piracy. I caught up with the Founder and Lead Developer, Nick Lindridge to discuss ionCube’s role in the web development world
1. Firstly, Nick, can you tell us a little about yourself, and your involvement with the ionCube development team? What first got you into software development and what is your programming background? What got you into developing applications such as ionCube?
I first became involved with computers some 20 years ago whilst at school, and quickly discovered a passion for programming. The personal computer market was evolving rapidly in the UK, and I built my first computer, a Clive Sinclair ZX80, from a kit. I was programming in BASIC and Z80 machine code, and had soon written my first commercial application – a stock control system for a small local company. I was also programming 6502 assembler and BCPL, a language that B and C are based upon, and by the time I set off to University, I’d designed a new programming language, written a compiler for it, written networking drivers to implement remote files access over serial ports, and numerous other fun things. At University I discovered Unix, and learnt much from studying sources to the BSD 4.2 Kernel. I also began designing and building hardware for embedded systems, writing a multitasking OS in assembler for the embedded systems, and development tools such as assemblers and linkers. After graduating I pursued a research degree to explore ideas for object oriented processors that featured an alternative design to traditional von-Neumann architecture, and that could be used to build potentially massively parallel machines to transparently exploit the inherent parallelism in object oriented software. Finally, I entered the real-world of commercial software development.
The involvement with ionCube comes from initially developing the PHP Accelerator. PHPA happened almost by chance, based on a need to improve the performance of my first project in PHP. Having made PHPA public in a PHP forum, it quickly became a major project as its popularity spread. PHPA was still a spare time activity, and at the time I was writing high-performance exchange connectivity solutions to US and European derivatives exchanges. But in 2002 I decided that it was the right time to start ionCube, and to dedicate efforts full time to developing other tools for the PHP market.
2. How long has ionCube been running and what made you decide to start developing the ionCube encoding/performance system? Did it just start off as a few people working on a small system? How do you manage such a large project now? Does everyone work in an office or is it entirely web based?
I started ionCube in October 2002, launching the first online PHP encoding system shortly after. With the only encoding system available at the time being very expensive, having limited functionality and also some problems, it was clear that there was a need not only for good encoding tools, but ones that would be affordable by everyone; not just those with deep pockets. The online encoding system was therefore created so that entire projects could be encoded securely for just a few dollars rather than thousands. The Encoder product was then created soon after.
Development is primarily office based as this tends to be the most productive, although we have partners in other countries and use remote working where necessary. Development work on the software products themselves is of course only a small part of what is involved in running a software company such as ionCube. In parallel to developing our core products, we invested time from the outset in developing our intranet systems for handling the likes of support, account management, server monitoring, license management, order tracking and credit card fraud analysis. This infrastructure enables us to operate efficiently, and with real time alerts for important or critical events, we can be highly responsive and maintain productivity. We also maintain servers in different geographic locations for fast disaster recovery and high availability, and this has paid off on several occasions.
3. How do you prefer to work when developing? Long hours broken up by long breaks, steady daily progress, or otherwise? What kind of work is involved in the development on a PHP encoding engine?
Personally I have no preference, and may work a stretch of 20 hours with a few breaks, or a few minutes here and there. With no shortage of project work, I’ll develop as much as my schedule will permit, although this is not as much as I would like.
In essence, the Encoder is a straightforward project. The PHP code is parsed and compiled, we apply our code optimiser to the compiled code, and the resultant compiled code structures are flattened and serialised to files, with various layers of encoding applied during this process. The Loader reads and decodes the flattened data then de-serialises it back to compiled code structures ready for execution. Of course this is a simplification. For both the Encoder and Loader, much of the work is related to the security and encoding techniques that we employ both in protecting the encoded files, and also the Loader and Encoder themselves. Performance wise, the Encoder and Loader deliver the best performance of current encoding systems, particularly at runtime, due to extensive performance testing and optimisation of algorithms. In our latest Loader release, over a day was spent tuning a crucial routine for the most common target architecture, even though it was only a few lines long, to ensure that we had the most efficient assembler code, and that we were getting the best from the processor. Performance tuning involves repeating the project (edit, compile, test and benchmark) cycle, until we are confident that we have the best approach. This is time consuming, but we see it as a vital stage in producing a quality product.
4. Is ionCube a full time job? When you’re not coding or managing the project, how do you like to spend your time? Does programming impact on your social life in any way?
ionCube is very much a full time job, but also being a musician, I try to find time to play the violin, and enjoy other pursuits.
5. What are your favourite development tools (e.g. text editors, project management, source code maintenance)? What operating system do you use most and why?
I use xemacs where possible for editing. We currently use RCS for source code control, but may move to an alternative such as ClearCase. We have servers with a mixture of SuSE Linux and other Unixes, and Windows NT, XP and Linux development machines. I generally use a Windows desktop running an X server as this gives best productivity. I also have a Sharp SL-C860 imported from Japan. This is a pocket sized tablet or clamshell device, with a 75mm x 55mm, 640×480 screen, running Linux, and is ideal for remote access.
6. The only real competition you have is Zend. How do you think ionCube faces up to such a large, well known, PHP company?
By fulfilling market demand, we’ve been successful at capturing a sizable market share, and comprised of not only first-time Encoder users, but customers that have switched to ionCube encoding tools having previously purchased alternative products. For any company, it is primarily the products themselves, and the commitment that the company makes to support, that determine success, rather than the size or background of a company. It is also interesting to note that it’s not necessarily the developer of a given technology that is ultimately the best equipped or the most successful in exploiting it. This may be attributable to being too closely involved with the development of a technology, and not able to be detached, and approach product development from a user’s perspective, although this is something that is vital in the formation of a successful product.
Our philosophy is to focus on offering high quality and affordable solutions, to take a highly customer-centric approach to support, and to be flexible in accommodating bespoke development requests wherever possible. These factors have been a major factor in the success of ionCube, our software products, and to gaining the trust of our customers.
7. Do you believe you are doing a good job allowing developers to encode their systems rather than letting them distribute their code freely? ionCube allows developers to protect their intellectual property –to what extent do you believe this is necessary?
With PHP scripts being plainly readable and changeable, there are definitely situations where use of a reliable, secure and efficient encoding solution to protect source code or hide embedded data is essential. Even if a company chooses to offer their purchased products in source code form, and some ionCube customers do, the ability to encode time expiring evaluation versions allows a company to offer their potential customer a working trial version, and with a greatly reduced risk of this being abused. Licensing purchased software to specific machines is another common application.
On a different slant, protecting database connection details and website implementation details from exploitation if a hacker has gained machine access, is another use for such products.
8. What is your stance on open source software? Do you believe in both worlds?
Yes. OSS is now indispensable, and many enterprises, commercial or otherwise, may simply not exist if it were not for OSS. They can also be an excellent source of education for how and also how not, to write software. It’s also the case, however, that companies producing commercial, non-OSS software, play an important role; not least because such companies provide an income for many of the developers who choose to produce OSS in their spare time. As shown recently when the developer of a promising open source PHP extension left to work for a commercial company, a potential problem with free OSS projects is that they can be here one minute and gone the next. Whilst many OSS projects have enough momentum that this is unlikely to be the case, building a business around OSS projects, most particularly those that need to keep pace with a dependent and developing technology, can be very risky.
For companies placing a heavy reliance on software products for their business, it can be essential to have the backing of a solid company behind those products, and one that can guarantee to offer support, investigate and resolve problems quickly, be responsive to essential enhancements, and so on. In promising a quality product and reliable service to customers, a company has to be profitable in order for it to be able to invest in the necessary resources to deliver on that promise. An alternative approach is to provide products free of charge, possibly as OSS, and endeavour to recoup costs in other ways such as support contracts. However this may be a risky strategy and it’s actually in the best interest of both the company and their customers to be paying for software if this is going to ensure the building of a solid foundation that can maintain and support the product going forward. To paraphrase a popular saying, “You don’t get what you don’t pay for”, and when viewing the bigger picture, this is almost always the case.
9. What is your opinion on the future of open/closed source software, mainly PHP based but other languages as well?
The future of both is bright. Largely due to the integration of 3rd party libraries, PHP has proven itself to be a worthy system for constructing web sites, and although new releases are often buggy, increasingly it is being used for implementing large applications. PHP5 adds some useful features to enhance construction and maintenance of large projects and it should continue to enjoy success.
10. What plans do you have for the future of ionCube to keep it ahead of Zend, or any other competitors that may spring up?
Our strategy is driven largely by the needs of our customers rather than the actions of any other specific companies, and so our energies are directed both at evolving and developing the products for our core markets and in delivering excellent customer support.
11. PHP5 is here and with that, a much more streamlined language pointed in the direction of object-oriented programming. What do you see as the web based product for the future? How do you think the web, and the people developing for it, will change?
That’s a big question, but I expect changes in both the way that traditional websites are constructed, and also in the mechanisms used for manipulating and making data available on the internet.
12. Is there anything else you would like to say or add?
Thanks very much for the opportunity to respond to some interesting questions, it’s been fun.