Selling Python Software

Alex Martelli aleax at aleax.it
Tue Nov 4 11:31:08 EST 2003 

John J. Lee wrote:

> Alex Martelli <aleax at aleax.it> writes:
> [...]
>> Part of the problem is, that the "warezdoodz culture" is stacked
>> against you.  If you DO come up with a novel approach, that is a
> [...]
> 
> Ah, stop right there (oops, too late!-).  I think we're somewhat at
> cross-purposes.  I was talking about protecting something more at the
> level of source code than running programs.

Oh, "shrouding"?  Sure, you can do that.  Many programs might
actually be _enhanced_ by that approach (at least the variable
and function names, while not helpful, aren't actively hostile:-),
but probably not Python programs.


> I mostly agree with you on the issue of protecting "binaries", but:
> 
>> Part of the problem is, that the "warezdoodz culture" is stacked
>> against you.  If you DO come up with a novel approach, that is a
> [...]
> 
> Though information is indeed always incomplete, it seems a good bet
> that war3zd00dz are not an issue for a consultant being hired by a
> company to write a 1000 line program.  Do you disagree?

A Python 1000-SLOC program may be about 200+ function points --
not exactly trivial (it may be equivalent to more than 10,000
lines of C, easily) though not earth-shaking.  But, anyway,
we weren't talking about somebody being _hired_, but rather
wanting to sell what they independently came up with the idea
of developing -- there's a difference!  And yes, it wouldn't
be the first time that a company deliberately exploits the warez
"circuit" to get programs cracked -- look around and you'll see
it's definitely NOT just games and the like that end up there.


> Anyway, back to source vs. binaries.  Obviously, code that's closer to
> the "source" end of the spectrum has additional value.  I'd got the
> impression that something rather similar to the original source could
> be recovered from Python byte-code, due to its high-level nature
> (albeit obviously missing a lot of stuff -- including all those
> valuable names).  Certainly that's impossible with optimising
> compilers (I should have stated this much more strongly in my last
> message, of course -- there's no "may" or "guessing" involved there,
> unlike the Python case, where I don't know the answer).

If you think you do, "you're in denial".  Check out:

http://www.program-transformation.org/twiki/bin/view/Transform/DecompilationPossible
http://boomerang.sourceforge.net/
http://www.itee.uq.edu.au/~cristina/dcc.html#dcc

I suspect it must in some way be easier (but my multiplicative
constants, not O(N) easier...;-) for lower "semantic gaps" -- but
that intuition might well be misguided (it's close to "it must in
some way be easier to produce optimal machine code for a CISC
than for a RISC", and that's simply not true).


Alex

More information about the Python-list mailing list