Python obfuscation

[petantik]

Alex Martelli wrote:
> Anand S Bisen <vmlinuz at abisen.com> wrote:
>
> > I dont know much !! But if somebody asks me this question my answer
> > would be to convert some of the meat inside my programs to C/C++ and
> > then provide the interface to those novel ideas to Python using swig.
> > And for another level of protection maybe use these offuscator on the
> > remaining Python source. What do you think ?
>
> I think that's feeble protection.  If you have valuable code, and
> distribute it, people WILL crack it -- just check the warez sites for
> experimental proof... EVERYTHING that people are really interested in
> DOES get cracked, no matter what tricky machine-code the "protections"
> are coded in.
>
> There's ONE way to have uncrackable code -- don't distribute it, but
> rather put it up on the net on a well-secured machine under your
> control, available as (say) a webservice (subscription-only, pay per
> use, or whatever business model you want).  You can distribute all the
> parts of your app that aren't worth protecting as a "fat client" app (in
> Python or whatever) and keep those which ARE worth protecting on the
> server that YOU control (and make sure it's very, VERY safe, of course);
> and you may write the precious parts in Python, too, no problem.
>
> This is (a minor) one of the many reasons that make webservices the way
> of the future (hey, even *MSFT* noticed that recently, it seems...).
> There are many other advantages, especially if you keep the clients
> thin.  The only issue is, your apps will require network connectivity to
> execute... but these days, with airlines and train lines busy adding
> wi-fi, and towns busily blanketing themselves with free wi-fi, etc, etc,
> that's less and less likely to be a big problem...
>
>
> Alex

I think that is not workable because it is easy to say the the internet
is available everywhere.

It is not available in developing countries or in rural areas and so
these people who live/work there will never benefit from a webservice
type protection scheme, and what if the network in your area goes down?
bye bye app that I *really* need for tomorrow.  Reliability is
important but so is protecting your code in an effective manner

I do believe that you are right about those that crack software for
kicks or money.  If you look around at you local market place i'm sure
there are many 'discounted' commercial softwares/games sold.  of course
the big software companies might say 'trusted computing will save us'
but I for one will never truly trust it.

Perhaps a comprehensive protection for interpreted languages can never
be built because of their high level nature?