Python obfuscation

[Erik Max Francis]

Further, recent evidence is that this is no longer true in that
country, assuming it ever was.

Oh, please. Take the political crap elsewhere.

 

[Mike Meyer]

Wow, how Machiaviellian.

Just an observation on the state of the US. It's been a long while
since the people running the country did so for the people.

Yes, profitable innovation is 1 percent inspiration plus 99 percent
persperation.

The critical thing is that copyright isn't a vital part of the
formula. Lots of people make a good living creating intellectual
property without needing copyright on said property to provide the
income.

The whole claim that copyright benefits the creator is a
misdirection. Look at the number of creators who make a living off of
sale of copyrighted materials vs the number of people between the
creator and the consumer making a living off their work. Tell me who
owns the big, fancy offices - the creators, or the middlemen. Tell me
who's lobbying congress to create laws that protect and extend
copyright. Finally, notice the difference between what you pay for a
mass-market work - dollars - and what the creator gets - pennies, and
tell me who gets the difference. Yes, copyright benefits the creator,
but the primary beneficiaries are the people who arrange to put hard
media in the hands of the public - the publishers.

During the bulk of the twentieth century, this arrangement was
reasonable - the middlemen were putting up the money, and taking all
the financial risks. In some cases, they even took on the risk for the
creator themselves, paying the creator an advance against royalties,
so that if the product failed in the market, the creator got paid, and
they took the hit for it.

Given all that, the *real* question isn't "How will the creator get
paid?", it's "How will the creator get published?" The last few
decades have given us a *lot* of answers to that: put it on their web
site, which can be had for free; put it in a podcat; blog it; put it
in a torrent; and so on. How they make money off of it after that is
still being explored, but people are doing it. Yes, the creator
doesn't sell as many copies this way. On the other hand, they get a
much larger percentage of the price of the product.

Publishers are in danger of becoming irrelevant. That's why they're
making all the noise, and doing everything they can to limit the
publics rights. They're distracting people from the real issue - their
bottom line - by claiming it's "for the good of the creator", while
they try and make sure their business model - the one where they get
the bulk of the profits - stays in place. *These* are the people whose
side you are arguing, not the creator.

It sometimes works that way, unfortunately. But at least we can vote
the
bastards out when we hear of such things.

It's been working that way regulary since the 1920s, and the same
bastards are still running the country.

And in what way is piracy a form of creation?

That's a complete non-sequitor.

The difference is that the RIAA does not copy software without the
copyright holder's consent.

Actually, they do. More accurately, the companies that form the RIAA
do. That's the point.

<mike

 

[Mike Meyer]

Oh, please. Take the political crap elsewhere.

It's got as much right to be here as the copyright crap. And I'm
trying to keep it to the minimum required to refute the political crap
I'm answering.

<mike

 

[Steven D'Aprano]

Perhaps there is no way to make a living from writing novels without
copyright. [snip] I can ask "But without it, how
could one possibly make a living playing solitaire?"

Reductio de absurdum counterargument.

You say that as if it is a bad thing.



[snip]

Thomas Edison (I think it was him) once said it took 999 failures to
make 1 success. That makes SourceForge 10 times more successful.

Argument by platitude is it?

Whose opinion? Yours, or the market's?

It isn't a matter of opinion, it is a matter of objective fact. Ask any
publisher: all the promotion in the world won't increase the number of
book sales in total, but merely shift sales from some other books to the
ones you are promoting.

Believe me, publishers have been trying to influence the market to buy
more books, and if there is a way, they don't know it. The Harry Potter
fad is exceptional, and the publishers don't know what triggered it any
more than anyone else. (It certainly isn't the writing, which is only
moderately good, or the plot, which is terribly unoriginal.)

Walk into any book shop -- there are thousands of books. I just spent a
wonderful, but frustrating, afternoon yesterday shopping for books at six
different shops. I ended up with three books in my bag and a sinking
feeling that there are thousands of titles that I never even glanced at,
let alone made a rational decision whether or not to buy. I never even
walked through the history section, and I love history books.

With tens of thousands of new titles coming our every year, I can't even
notice all the new books, let alone the back catalog or out of print
books. Not read or buy -- merely notice.

And so the only valid income for a creative type is psychic income?

Do you think Michaelangelo survived on psychic income? Or Shakespeare, or
Bacon, or Ovid?

Nature can be cruel. Do we dare drink unpasteurized milk because
natural is always good?

I've drunk unpasteurized milk. It is lovely. There is nothing wrong with
unpasteurized milk, if it is fresh. Keeping it fresh is the hard part.

For millenia slavery and serfdom were
considered "natural", but it caused endless human misery. And what
about plumbing and flush toilets? Those are not natural means to
convey eliminated wastes, but having just that in a society increases
the life expectancy of all its members by at least 10%.

It is irrelevant that natural things can be bad -- firstly, you have to
demonstrate that the alternative is better, and secondly you accused me of
"punishing" writers. Punishment doesn't come into it.

But please, if you can demonstrate that some level of copyright and/or
patent protection is good, I'm all ears. I already have my opinion, as I'm
sure you do, and if you read my earlier post carefully instead of jumping
to conclusions you will probably be able to work out what that is.

The purpose of humanity is to NOT accept the way the things are... but
to apply compassion in all situations which if unaided cause great pain
and suffering.

Exactly, which I why I'm doing my best to have the excessively strong
so-called "intellectual property" laws rolled back. I may never succeed,
but at least I'm trying to prevent abominations like the lawyer who has
applied for a patent on storylines.

Last I knew, we had government by, for, and of the people.

And a wonderful fairy tale that is too.

We give
these gifts to ourselves, our officials serve at our pleasure. I
believe we decided to choose to give ourselves the gift of copyright
because that way a creator can be rewarded for his efforts rather than
his hiers.

Yeah, right, that's why the Sony Bono Act extended copyright to 90 years
for corporations. You think Walt Disney is still alive to enjoy the riches
generated by Mickey Mouse?

Perhaps you should tell that to musicians, who were robbed of copyright
protection by an underhanded trick committed by a glorified clerk Mitch
Glazier, who later got a job for the RIAA:

http://www.cdbaby.net/articles/courtney_love.html

Yeah, government by, for, and of the people. It is to laugh.



Did you know that when copyright was first introduced in the United
States, you had to register to get 14 years protection, and then could
re-register for another 14 years if you wished? Registration was
essentially free of cost except for time. Only TWO PERCENT of books
published at the time were protected by copyright, the authors and
publishers making the decision that registering for copyright wasn't even
worth their time, and of those that did bother to register once, less than
one percent bothered to re-register 14 years later.

The market spoke: something like two out of a thousand authors felt that
28 years of monopoly protection was worth perhaps a day filling out a
couple of forms. The result was a wonderful vibrant public domain for
publishers and authors and other creators to work from.

Today, the merest scribble on a napkin is automatically protected by
copyright for 90+ years, and the public domain for authors to build on is
impoverished. In the twenty years since the Sony Bono Act was enacted,
more than one million patents will expire and not one copyright.

When you replied to my post, and your software automatically copied my
text into your reply, you were infringing my copyright -- as I have
infringed yours. The chances of me collecting damages from you are
essentially zero, but you were breaking the law. Laws which make ordinary
behaviour criminal or civil offences are not good laws, even if they
aren't enforced: they encourage disrespect for laws.

Reductio de absurdum counterargument again.

No, it comes to the very heart of the matter. Why are some ideas given
monopoly protection and not others? Why shouldn't cooking, which is an art
form, be given legally enforced monopoly protection? When you go to a
restaurant and see a dish on the menu, why shouldn't the restaurant be
permitted to sue you if you steal their intellectual property? They
worked hard to invent that recipe, why should anybody be allowed to just
duplicate it?

This is a corallary of the idea that people have the right to pursue
happiness... which could basically mean either increased convience of
life, longer lifespan, or greater joy within. Any idea which increases
happiness in a society as a whole is more worthwhile than an idea which
does not. And the market decides which is which.

Oh dear, a market-worshiper. "The Almighty Market Shall Provide".

And again, is everything about nature always good? God made us just a
little less than the angels, so that we could apply our sense of
compassion to natural situations that are bound to cause misery.
Copyright produces less misery, IMHO, than it causes.

Where is your evidence for this? Economic analysis of the Sony Bono Act
was that it would add an average of just pennies of extra income to
the average copyright owner over an entire lifetime, while costing
publishers and readers hundreds of dollars in lost opportunities.

Billions of dollars supporting the lives of hundred of thousands of
people is pretty strong evidence that we are doing something right.

What billions of dollars? What hundreds of thousands of people? The
average writer does not make a living from his or her books -- they are
lucky to make minimum wage. The average advance for a first novel is
$2000. It might take an author a year's work to get the book in a state
that they will be offered a contract, and another six months of extra work
before it is ready to be published. Something like 90% of books never get
any royalties beyond that first advance, and they never get offered a
second contract. You do the maths.

Copying is theft of opportunity for the creator to be rewarded for his
efforts. The RIAA serves an important role in attempting to introduce
this idea as part of our social norms and courtesies.

The RIAA are the biggest thieves and pirates out there. Their concern for
artists is *negative* -- they will, and have, deliberately attempted to
impoverish artists out of spite or an attempt to control the market, even
if it costs them money in the short term. I'm married to a musician who
had a long career in California, I know what I'm talking about. Or ask
George Michael what he thinks of the RIAA and the labels.

Or read this:

http://www.negativland.com/albini.html

 

[Robert Kern]

It's got as much right to be here as the copyright crap. And I'm
trying to keep it to the minimum required to refute the political crap
I'm answering.

Off-topic responses are just as off-topic as the off-topic posts they
are responding to. Take 'em off-list. Use http://conversate.org/ for a
relatively convenient way to do so.

--
Robert Kern
(e-mail address removed)

"In the fields of hell where the grass grows high
Are the graves of dreams allowed to die."
-- Richard Harter

 

[Ben Sizer]

This isn't a Python problem, it's a problem with what you're doing. Try
Alex's solution, and put the data on a network server that goes
through whatever authentication you want it to.

To be fair, I don't think I have accused Python of having a problem,
just mentioned that this is an area where Python is less appropriate
than other languages which have a significant degree of obfuscation as
a side-effect of their use.

I already explained elsewhere that putting the data on the network is
not always appropriate. I know people love web services and the like
these days, but they are not the answer to everything. Even in
situations where it is practical to keep all the data server-side, it
still just moves the problem rather than solving it, in that instead of
people copying the data they now copy the authentication for the data.
Anecdotal evidence from experiences with online registration for
Half-Life 2 and Windows XP would suggest that this method ends up
annoying more legitimate customers than the usual copy-protection does.

It is? Is the Python disassembler so much advanced over the state of
the art of binary disassemblers, then? Or maybe it's the Python
decompilers that are so advanced?

Decompyle (http://www.crazy-compilers.com/decompyle/ ) claims to be
pretty advanced. I don't know if you can download it any more to test
this claim though.

As far as I can tell, the only real
difference between Python bytecodes and x86 (for instance) binaries is
that Python bytecodes keep the variable names around so it can do
run-timme lookups. That's not that big a difference.

It makes a lot of difference when you're hunting around for something
or trying to understand a bit of code. Python bytecode (or at least,
the output from dis) is also a lot more straightforward than x86 or 68K
assembly to decipher.

Elsewhere in the thread, you said:


How do you do that without infringing my fair use rights?

Yes, I suppose my terminology there was wrong. The term I should
probably have used was 'distribute usable additional copies'. Generally
speaking I believe in the "like a book" interpretation of rights... you
should have the right to give it away, sell it to someone, lend it,
excerpt parts for review or criticism, but not to distribute additional
copies that essentially duplicate the original.

On the other hand though, what you term a 'fair use right' is not
necessarily viewed that way under law. The relevant part of the law (at
least in the US) says "it is not an infringement for the owner of a
copy of a computer program to make or authorize the making of another
copy or adaptation of that computer program provided [...] that such
new copy or adaptation is for archival purposes only", which is quite
distinct, legally speaking, from saying "you have the right to make a
copy or adaptation for archival purposes".

However, this is drifting more into the legal area which I am less
interested in. Really I'd just like to be able to use Python for my
work and am interested in finding the best way of doing so.

 

[Mike Meyer]

Decompyle (http://www.crazy-compilers.com/decompyle/ ) claims to be
pretty advanced. I don't know if you can download it any more to test
this claim though.

No, it doesn't claim to be advanced. It claims to be good at what it
does. There's no comparison with other decompilers at all. In
particular, this doesn't give you any idea whether or not similar
products exist for x86 or 68k binaries. Your claim was that it's
easier to go from pyc files to code than from binaries to code. To
show that, you have to show not only that it's easy to go from pyc
files to code, but that it's hard to go from binary files to
code. I've dealt with some very powerfull disassemblers and
decompilers, but none of them worked on modern architectures.

It makes a lot of difference when you're hunting around for something
or trying to understand a bit of code. Python bytecode (or at least,
the output from dis) is also a lot more straightforward than x86 or 68K
assembly to decipher.

I'm not convinced of the former. I'll grant you half of the
latter. 68K machine language is fairly straightforward. On the other
hand, it's also seems to be irrelevant. What platform are you
developing for that's still based on the 68K?

Yes, I suppose my terminology there was wrong. The term I should
probably have used was 'distribute usable additional copies'.

My question still stands, though - and unanswered.

On the other hand though, what you term a 'fair use right' is not
necessarily viewed that way under law. The relevant part of the law (at
least in the US) says "it is not an infringement for the owner of a
copy of a computer program to make or authorize the making of another
copy or adaptation of that computer program provided [...] that such
new copy or adaptation is for archival purposes only", which is quite
distinct, legally speaking, from saying "you have the right to make a
copy or adaptation for archival purposes".

I think this just makes explicit that those activies are indeed fair
use, which is what non-infringing copying is called, and that you're
playing semantic games to salve your conscience. But we can be
explicit if you want: How do you do that without requiring that your
software be given special consideration in the distaster recovery and
preparedness planning? You should be concerned about this, as that
special consideration is often "Return that POS".

<mike

 

[Ben Sizer]

No, it doesn't claim to be advanced. It claims to be good at what it
does. There's no comparison with other decompilers at all. In
particular, this doesn't give you any idea whether or not similar
products exist for x86 or 68k binaries.

That's irrelevant. We don't require a citable source to prove the
simple fact that x86 binaries do not by default contain symbol names
whereas Python .pyc and .pyo files do contain them. So any
decompilation of (for example) C++ code is going to lose all the
readable qualities, as well as missing any symbolic constants,
enumerations, templated classes and functions, macros, #includes,
inlined functions, typedefs, some distinctions between array indexing
and pointer arithmetic, which inner scope a simple data variable is
declared in, distinctions between functions/member functions declared
as not 'thiscall'/static member functions, const declarations, etc.

I've dealt with some very powerfull disassemblers and
decompilers, but none of them worked on modern architectures.

You can definitely extract something useful from them, but without
symbol names you're going to have to be working with a good debugger
and a decent knowledge of how to use it if you want to find anything
specific. Whereas Python could give you something pretty obvious such
as:

6 LOAD_FAST 0 (licensed)
9 JUMP_IF_FALSE 9 (to 21)

I'm not convinced of the former. I'll grant you half of the
latter. 68K machine language is fairly straightforward. On the other
hand, it's also seems to be irrelevant. What platform are you
developing for that's still based on the 68K?

There are several embedded/portable devices based on 68K derivatives.
That's not really the point though. I chose 68K assembly as an example
as it's considered to be simpler than x86 assembly, yet it's still
significantly more complex and less readable than the output from
dis.dis()

My question still stands, though - and unanswered.

I'm not really sure where we're going here. I have made the point that
I am not obliged to make my software copyable to facilitate your right
to copy it any more than any given newspaper is obliged to publish you
to facilitate your right to free speech. Therefore I find it hard to
see how anything is infringing upon a right here.

My interest lies in being able to use encrypted data (where 'data' can
also include parts of the code) so that the data can only be read by my
Python program, and specifically by a single instance of that program.
You would be able to make a backup copy (or 20), you could give the
whole lot to someone else, etc etc. I would just like to make it so
that you can't stick the data file on Bittorrent and have the entire
world playing with data that was only purchased once.

But we can be
explicit if you want: How do you do that without requiring that your
software be given special consideration in the distaster recovery and
preparedness planning?

I should state that I am not at all claiming a "one size fits all"
policy for software development. Firstly, from a personal point of view
I am talking about simple consumer entertainment software which is not
mission critical or anything like it. For more important software,
there will surely be different expectations and requirements. In my
case, providing a free download of any lost executables or data upon
presentation of a legitimate license key should be adequate.

 

[Mike Meyer]

I should state that I am not at all claiming a "one size fits all"
policy for software development. Firstly, from a personal point of view
I am talking about simple consumer entertainment software which is not
mission critical or anything like it. For more important software,
there will surely be different expectations and requirements. In my
case, providing a free download of any lost executables or data upon
presentation of a legitimate license key should be adequate.

In other words, you don't do that at all. My special handling for such
things - and *especially* for entertainment software, where the media
gets handled by children - is "Return that POS." Worse yet, you play
semantic games so you can claim not to be violating fair use rights in
the process.

<mike

 

[Bruno Desthuilliers]

The Eternal Squire a écrit :

Without copyright, how could one possibly earn a living writing a
novel?

Without copyright, how could one possibly earn a living writing programs?-)

 

[The Eternal Squire]

In my case, providing a free download of any lost executables or data upon

presentation of a legitimate license key should be adequate.

Excellent compromise!

The Eternal Squire

 

[The Eternal Squire]

My point exactly. A good application of moderate to large size (100K
lines of code) is about as large as a single person can write without
automation, hence it is of an effort comparable in scope and creativity
to a novel.

 

[Chris Mellon]

The Eternal Squire a écrit :

Without copyright, how could one possibly earn a living writing programs?-)
--

I don't know about you, but I own the copyright to almost nothing that
I have written and been paid for, and further, none of has it's
copyright exploited to make money for the entity that does own the
copyright.

Thats not to say that there wouldn't be massive fallout from the lack
of copyright, or that I support that extreme of a solution, but many,
many programs would still be written, and people would still be paid
to write them, even in the absence of copyright. In fact, a few
decades ago, it was legally uncertain whether software qualified for
an IP protection at all, and people still wrote, and were paid to
write, programs.

 

[Erik Max Francis]

I don't know about you, but I own the copyright to almost nothing that
I have written and been paid for, and further, none of has it's
copyright exploited to make money for the entity that does own the
copyright.

But they wouldn't have paid you if you didn't (implicitly) transfer the
copyright to them. So copyright is just as relevant whether it's a work
for hire or not.

 

[Mike Meyer]

But they wouldn't have paid you if you didn't (implicitly) transfer
the copyright to them. So copyright is just as relevant whether it's
a work for hire or not.

I'm in the same position as Chris, and I'll say that that's almost
certainly not true. For most of them, the copyright was
irrelevant. What mattered was the right to use the software. In fact,
some of the contracts I have had explictly did *not* transfer the
copyright, but only granted the right to use it.

I don't have figured postdating the introduction of shrinkwrap
software, but before then, copyright was irrelevant for the bulk of
software written. The majority was either public domain or classified.

<mike

 

[Steven D'Aprano]

The Eternal Squire a écrit :



Without copyright, how could one possibly earn a living writing programs?-)

I'm not sure if that is meant to be a rhetorical
question or not, but something of the order of 95% of
all software written is never distributed to others,
and so copyright or the lack of copyright is not an issue.

If software is for purely in-house use, you don't care
if you have copyright on it, because nobody can use
that software.

Very few professional (i.e. they get paid to program)
developers actually own the copyright on the programs
they write, and of those that do own the copyright,
even fewer make money directly from that copyright.

 

[Ben Sizer]

My special handling for such
things - and *especially* for entertainment software, where the media
gets handled by children - is "Return that POS."

That's funny, I could have sworn that a few messages above you
suggested I "Try Alex's solution, and put the data on a network server
that goes through whatever authentication you want it to."

Are you claiming therefore that it's more acceptable to you to have to
access the data remotely every time you use the software than once per
install?

Worse yet, you play
semantic games so you can claim not to be violating fair use rights in
the process.

No, I am just pointing out that you are mixing up the concept of an
actual 'right' such as one embodied in a state's constitution, with an
implied 'right' that is just an exemption from committing an offence.
The term 'right' does not even appear in the relevant part of US
copyright law, except to state that it is a limitation on the copyright
holder's rights.

 

[Ed Jensen]

I'm not sure if that is meant to be a rhetorical
question or not, but something of the order of 95% of
all software written is never distributed to others,
and so copyright or the lack of copyright is not an issue.

Can you cite your source(s) for this information?

 

[petantik]

That's irrelevant. We don't require a citable source to prove the
simple fact that x86 binaries do not by default contain symbol names
whereas Python .pyc and .pyo files do contain them. So any
decompilation of (for example) C++ code is going to lose all the
readable qualities, as well as missing any symbolic constants,
enumerations, templated classes and functions, macros, #includes,
inlined functions, typedefs, some distinctions between array indexing
and pointer arithmetic, which inner scope a simple data variable is
declared in, distinctions between functions/member functions declared
as not 'thiscall'/static member functions, const declarations, etc.


You can definitely extract something useful from them, but without
symbol names you're going to have to be working with a good debugger
and a decent knowledge of how to use it if you want to find anything
specific. Whereas Python could give you something pretty obvious such
as:

6 LOAD_FAST 0 (licensed)
9 JUMP_IF_FALSE 9 (to 21)


There are several embedded/portable devices based on 68K derivatives.
That's not really the point though. I chose 68K assembly as an example
as it's considered to be simpler than x86 assembly, yet it's still
significantly more complex and less readable than the output from
dis.dis()


I'm not really sure where we're going here. I have made the point that
I am not obliged to make my software copyable to facilitate your right
to copy it any more than any given newspaper is obliged to publish you
to facilitate your right to free speech. Therefore I find it hard to
see how anything is infringing upon a right here.

My interest lies in being able to use encrypted data (where 'data' can
also include parts of the code) so that the data can only be read by my
Python program, and specifically by a single instance of that program.
You would be able to make a backup copy (or 20), you could give the
whole lot to someone else, etc etc. I would just like to make it so
that you can't stick the data file on Bittorrent and have the entire
world playing with data that was only purchased once.


I should state that I am not at all claiming a "one size fits all"
policy for software development. Firstly, from a personal point of view
I am talking about simple consumer entertainment software which is not
mission critical or anything like it. For more important software,
there will surely be different expectations and requirements. In my
case, providing a free download of any lost executables or data upon
presentation of a legitimate license key should be adequate.

Do developers, when writing code consider how protected their code will
be when considering what language they will write it in i.e ease of
use, speed of language, maintainability and 'obfuscatability' ?

Is the problem of protecting or otherwise encrypting portions of code a
showstopper for some companies/individuals when using bytecode
interpreted languages?

I'm asking coz i don't have any real world/industrial basis to better
understand the problem and factors involved when selling software - i'm
just a student



*********************************************************
petantik f00l
http://petantik.blogsome.com - A Lucid Look at Reality

 

[Mike Meyer]

That's funny, I could have sworn that a few messages above you
suggested I "Try Alex's solution, and put the data on a network server
that goes through whatever authentication you want it to."
Are you claiming therefore that it's more acceptable to you to have to
access the data remotely every time you use the software than once per
install?

Alex's solution doesn't require special treatment for disaster
recovery and/or planning, and as such is a valid answer to the
question. It may be unacceptable for *other* reasons, but it beats
dictating a disaster recovery plan for your software to the end user
hands down on that basis.

No, I am just pointing out that you are mixing up the concept of an
actual 'right' such as one embodied in a state's constitution, with an
implied 'right' that is just an exemption from committing an offence.
The term 'right' does not even appear in the relevant part of US
copyright law, except to state that it is a limitation on the copyright
holder's rights.

You're still just playing semantic games. The common usage is "fair
use rights." If you mean "... without infringing on the end users
rights, except for fair use rights", then you should say that.

<mike