Python obfuscation

[Steven D'Aprano]

Can you cite your source(s) for this information?

Not easily, but I will try.

If it helps, I will clarify what I was talking about -- in hindsight it is
a little unclear. Most software written (I think about 95%) is by
companies for in-house use only. Since it never gets distributed outside
of the company using it, copyright is of little additional value.

 

[The Eternal Squire]

I'm asking coz i don't have any real world/industrial basis to better

understand the problem and factors involved when selling software - i'm
just a student

A fair request. The teaching of legality and ethics of incorporating
other peoples' works into one's own should begin at 6th grade and be
repeated every year until the message is driven home.

The concept of intellectual property (patent, copyright, trade secret)
is an extension into the business world of issues regarding the proper
usage of ideas (e.g. scientific principles) as treated in high school
and college.

Do developers, when writing code consider how protected their
code will be when considering what language they will write it in
i.e ease of use, speed of language, maintainability and
'obfuscatability' ?

Typically not due to a few well-known principles: 1) Essentially an
optimized (not debug!) compilation from source code to machine language
is nearly as good as encryption for hindering reverse engineering of
the distributed code, 2) Network license servers residing on a
seperate machine in the network apart from the executing software have
become the method of choice for securing more valuable software, 3)
User support and service is not an increasingly large component of the
service provided by a software product, which can only be obtained
through possession of a legal copy, 4) The time-to-market and
obsolescense windows of software are continuing to decrease to the
point where the time required to get around security is more expensive
than the utility that software provides.

Of course, all generally sweeping rules are false including this one,
but those are the trends.

All that being said:

The greatest theft of sales opportunities resides in entertainment or
gaming software. Little can be done to stop it except through
repeated education at every grade level that copying without paying is
as bad as plagiarism and just as dangerous to one's career in school.
Ourselves and our children are lost generations with respect to ethics,
manners, and respect for authority, perhaps we can train our
grandchildren to behave more proprely.

Productivity software is less so, the market is usually flooded with
reverse engineered or lookalike competitors but brand name loyality
usually wins out. Electronic Design Automation (EDA) software is
rarely so, due to the huge need for customer support that is denied to
an unregistered user.

 

[The Eternal Squire]

Change from

3) User support and service is not an increasingly large component of
the
service provided by a software product, which can only be obtained

to

3) User support and service is an increasingly large component of the
service provided by a software product, which can only be obtained

Oops,

The Eternal Squire

 

[Ben Finney]

The teaching of legality and ethics of incorporating other peoples'
works into one's own should begin at 6th grade and be repeated every
year until the message is driven home.

I disagree strongly.

The legality of copying, modifying and redistributing works should be
reformed until it matches a 6th grader's intuitions about sharing.

 

[Ben Finney]

The greatest theft of sales opportunities

Utter poppycock. Who is to say that a particular entity holds an
exclusive "sales opportunity" to a particular individual? Are we to
protect the expectations of profit for some, at the expense of sharing
things with each other?

Little can be done to stop it except through repeated education at
every grade level that copying without paying is as bad as
plagiarism and just as dangerous to one's career in school.

Wonderful double-think.

Ourselves and our children are lost generations with respect to
ethics, manners,

Ethics such as sharing, and helping one's neighbour?

and respect for authority

When such "authority" demands that we enter unsigned contracts to
protect their profits, they lose our respect, yes.

perhaps we can train our grandchildren to behave more proprely.

I certainly hope our grandchildren will live in an environment that
encourages helping each other, yes.

 

[The Eternal Squire]

The legality of copying, modifying and redistributing works should be

reformed until it matches a 6th grader's intuitions about sharing.

A 6th grader also has intuitions regarding the ownership of an idea.
"It was MY idea!!!" "No, it's NOT!!!" "Is TOO!!!"

The Eternal Squire

 

[The Eternal Squire]

Utter poppycock. Who is to say that a particular entity holds an

exclusive "sales opportunity" to a particular individual? Are we to
protect the expectations of profit for some, at the expense of sharing
things with each other?

Utter horse manure. Anyone can profit from something so long as it
is thier own idea.

Ethics such as sharing, and helping one's neighbour?

Giving away an illegal copy of software it not helping one's neighbor,
it is making that neighbor an accessory to copyright infringement,
a federal offense punishable not in excess of 10 years of $10K.
Such a nieghbor should ask: "with friends like that, who needs
enemies?"

I certainly hope our grandchildren will live in an environment that
encourages helping each other, yes.

Helping each other cheat on a test is not helping, it is hurting.
There
is no difference ethically between plagiarism, cheating, or
unauthorized
copying.

 

[Steven D'Aprano]

The teaching of legality and ethics of incorporating
other peoples' works into one's own should begin at 6th grade and be
repeated every year until the message is driven home.

I think you have that completely backwards.

Sixth graders have an intuitive understanding of the economics and
morality of using "things" that adults these days rarely have.

Material things, objects, are scarce resources and cannot be taken with
impunity. If I take your black crayon, then you have one less black crayon.

Non-material things, ideas, are not scarce resources. If I take your idea
of writing programs in a high-level language like Python instead of using
machine code, you still have the idea and we are both better off.

The concept of intellectual property (patent, copyright, trade secret)
is an extension into the business world of issues regarding the proper
usage of ideas (e.g. scientific principles) as treated in high school
and college.

Nonsense. Patents, copyrights and trade secrets are completely and utterly
opposed to proper scientific principles. Alchemists and magicians tried to
monopolise their knowledge. Scientists share. The proliferation of patents
in the medical industry is *hurting*, not helping, medical research:
scientists are reluctant to publish knowledge, or are prohibited by their
employer, and the cost of doing basic research is sky-rocketing due to the
need to pay licence fees.

This is especially obscene when one realises that in the US 80% of the
scientific research that gets patented by private companies is paid for by
tax payer dollars. Your taxes pay for the science which then gets given on
a silver platter to some private company who collects monopoly rents on
that knowledge for 20 years. It is a nice scam if you can get away with
it, and the pharmaceutical companies have got away with it.

Typically not due to a few well-known principles: 1) Essentially an
optimized (not debug!) compilation from source code to machine language
is nearly as good as encryption for hindering reverse engineering of
the distributed code,

That is utterly wrong. Reverse engineering of even optimized code is
relatively easy. That is one of the big myths that plague the IT industry:
"if I don't release the source code, nobody will be able to work out how
my code works".

It just doesn't work that way. Just ask the people working on the WINE
project, who have a working, almost complete, bug-for-bug compatible
reverse-engineered Windows emulator, and they've done it in their spare
time.

Or ask the virus writers, who often find bugs and buffer over-flows and
other security holes in software before the guys with the source code find
them.

Reverse engineering object code is harder than reading source, but it is
still not a barrier to anyone serious about working out how your code
works.



[snip]

The greatest theft of sales opportunities

Listen to yourself. "The greatest theft of SALES OPPORTUNITIES". What is
that supposed to mean? Not theft of goods, not even theft of ideas, but
the theft of an opportunity to make a sale?

"I might have been able to sell to that person, but now I can't, it's YOUR
FAULT... I'm going to sue!!!"

The greatest "theft" of sales opportunities is COMPETITION, not copying.
If every food store and restaurant in the country shut down except
McDonalds, then they would have all the sales opportunities anyone would
ever want. Every store that competes with them is "stealing" the
opportunity to make a sale.

We've already seen this way of thinking. Listen to Jamie Kellner, chairman
and CEO of Turner Broadcasting System:

"Any time you skip a commercial you're actually stealing the programming."

Listen to the arrogance: "I guess there's a certain amount of tolerance
for going to the bathroom." We need a permission slip from the television
stations to go to the toilet? Heaven forbid we turn the machine off,
that's theft of sales opportunities.

Perhaps somebody should remind these folks, we're not the customer. We're
the product they are selling: they sell our eyeballs to advertisers, who
give them money for the opportunity to be seen by us. If we choose to
skip the commercials, that's just too bad for Jamie Kellner's business
model.

Ourselves
and our children are lost generations with respect to ethics, manners,
and respect for authority, perhaps we can train our grandchildren to
behave more proprely.

There is too much respect for so-called "authority", not too little.
Respect for authority is just another way of saying "Don't think for
yourself, do as you're told."

 

[Steven D'Aprano]

A 6th grader also has intuitions regarding the ownership of an idea.
"It was MY idea!!!" "No, it's NOT!!!" "Is TOO!!!"

That's what happens when you try to teach 6th graders about intellectual
property: they revert back to two year old mentality.

 

[Ben Finney]

A 6th grader also has intuitions regarding the ownership of an idea.
"It was MY idea!!!" "No, it's NOT!!!" "Is TOO!!!"

And what should we teach those children?

"Now children, it can be an idea you *both* have, and you both get the
benefit. Learn to share."

Or, do we instead teach them:

"Excellent children! Keep on fighting over who owns ideas, and never
share them. That's the sort of society we want you to live in."

The more you try to teach them to stop sharing, the more we'll teach
them to share. Keep your propaganda about "sharing == evil" away from
children.

 

[Ben Finney]

Giving away an illegal copy of software it not helping one's
neighbor, it is making that neighbor an accessory to copyright
infringement, a federal offense punishable not in excess of 10 years
of $10K.

So the law is the guide to ethical behaviour? Sure you don't have that
reversed?

 

[Mike Meyer]

A fair request. The teaching of legality and ethics of incorporating
other peoples' works into one's own should begin at 6th grade and be
repeated every year until the message is driven home.

Right. You want to teach potential programmers that they should make a
checking the standard libraries and network library repositories for
libraries that can, if incorporated into their work, would make
finishing the product at hand that much easire. You wannt to teadh
them that this is not long legal and ethical, but smart.

I assume that other professions have similar tools/etc. available.

<mike

 

[The Eternal Squire]

Plenty of case law exists behind judgements made to repair loss of
sales opportunites... these are called infringement upon sales
territories..

 

[Alex Martelli]

Not easily, but I will try.

If it helps, I will clarify what I was talking about -- in hindsight it is
a little unclear. Most software written (I think about 95%) is by
companies for in-house use only. Since it never gets distributed outside
of the company using it, copyright is of little additional value.

Hmmm, I thought the original "95%" (which I think I remember from
something ESR wrote, but can't pin down what) applied to a wider
category matching your former description: 95% of all software written
is never distributed to others, _either_ because it was never meant to
be, _or_ because the development project failed disastrously (after some
code got written but before it got deployed, i.e., distributed), as so
many projects in the SW industry do (at various stages of the
development process).


Alex

 

[Alex Martelli]

Alex's solution doesn't require special treatment for disaster
recovery and/or planning, and as such is a valid answer to the

I'm not sure I understand this. I would assume that any software (or,
for that matter, data) of any substantial importance, worthy of being
deployed on a server, does include disaster planning (and recovery
plans, in particular) as a routine part of server-side deployment
(regular backups with copies off-site, etc etc).

Of course, server side deployment DOES make it considerably easier to
enjoy such crucial services, compared with client side deployment; but I
had not addressed such issues at all in my original posts on this thread
(in terms of "IP protection", a "fat client" with data kept client-side
might be just as suitable as a "thin client" for server-side
deployment... but it would be just as vulnerable as a wholly client-side
deployment to issues of [lack of] disaster planning etc).

So, I may perhaps be misunderstanding what you're saying about "my
solution"...?


Alex

 

[The Eternal Squire]

Standard libraries are usually paid for by the implementor of the
language, so this is not an issue.

 

[Mike Meyer]

I'm not sure I understand this. I would assume that any software (or,
for that matter, data) of any substantial importance, worthy of being
deployed on a server, does include disaster planning (and recovery
plans, in particular) as a routine part of server-side deployment
(regular backups with copies off-site, etc etc).

To recap, I asked the question "how do provide software that is
protected but doesn't require special treatment in disaster recovery
and preparedness planning?" I didn't raise the issue of server
deployment in light of this, but had earlier pointed it out as a good
solution to the general issue of copy protection. This resulted in my
beinng asked if I prefered your solution to an alternative that
involved local storage.

Anything on your server doesn't require any special treatment in my
planning. I might want to check what you promise to provide and how
well you live up to those promises as part of evaluating your service,
but that's a different issue. So "Put the software on a server and let
them run it there" is a valid answer to my question.

So, I may perhaps be misunderstanding what you're saying about "my
solution"...?

I hope I clarified what I meant.

<mike

 

[Steven D'Aprano]

Plenty of case law exists behind judgements made to repair loss of
sales opportunites... these are called infringement upon sales
territories..

Is that supposed to impress me? There are plenty of
lousy laws on the books being enforced.

Oh yeah, that's right, they are the Authorities, and
the Authorities can do no wrong.

 

[Ben Sizer]

Alex's solution doesn't require special treatment for disaster
recovery and/or planning, and as such is a valid answer to the
question. It may be unacceptable for *other* reasons, but it beats
dictating a disaster recovery plan for your software to the end user
hands down on that basis.

Sorry, I just don't see this as being a significant difference that
makes 'access-always' acceptable and 'access rarely' unacceptable.

You're still just playing semantic games. The common usage is "fair
use rights." If you mean "... without infringing on the end users
rights, except for fair use rights", then you should say that.

Call it what you like; still, I cannot be infringing on your right when
such a right does not exist to be infringed. If you want to term it a
'right', feel free, but that's not what you're granted under US law or
the Berne Convention. The 'common usage' here leads to a
misinterpretation of what you're entitled to. What is actually stated
is a limitation on the copyright holder's exclusive rights, which is a
very different matter.

 

[Chris Mellon]

Sorry, I just don't see this as being a significant difference that
makes 'access-always' acceptable and 'access rarely' unacceptable.


Call it what you like; still, I cannot be infringing on your right when
such a right does not exist to be infringed. If you want to term it a
'right', feel free, but that's not what you're granted under US law or
the Berne Convention. The 'common usage' here leads to a
misinterpretation of what you're entitled to. What is actually stated
is a limitation on the copyright holder's exclusive rights, which is a
very different matter.

Do you have a legal right to wear an orange shirt? To sit backwards in
your chair?

Your rights are anything you can do that is not forbidden - the US
constitution is explicitly designed in this way, something that people
often forget. There is no difference between an "explicit" and an
"inferred" right, by design. If you read the text of the US
constitution, even the phrasing makes this clear. In fact, the format
of the Bill of Rights was considered harmful by some of the founding
fathers, because they felt that people would interpert it exactly as
they have - as enumerating the limits of government power, instead of
enumerating the powers themselves.

Therefore, by extending your rights via DRM, you are infringing upon
the rights of your customers. I *do* have a legal right to backup and
archive my purchased software, just as I have a legal right to write
this email, and I have a legal right to watch a DVD I've purchased.

The very basis of law is about drawing lines between where one persons
rights end and another begins. What (all current) DRM solutions do is
extend the rights of the copyright holder. This, *by definition*,
comes at the expense of the rights of everyone else. The granting of
copyright at all is a limitation of the rights of everyone else, but
one that is legally enshrined and that people (generally) accept as
being in the common good. It's very similar to the concept of private
property. The law grants you the right to keep people from walking
into your house. However, if you decide to build an electric fence
across the sidewalk and into the street, you are infringing on thier
right to walk past.

Further, if you decide to define "right" as something that is
specifically legally protected, then you have no right to embed DRM in
your software at all - you are *explicitly* expanding the rights
granted to you by copyright law, and you do not have explicit legal
rights to do that. Further, you do not have explicit legal rights to
prevent fair-use copying.