hide python code !

Wed Aug 16 00:51:27 EDT 2006

On Tue, 15 Aug 2006 09:00:16 -0700, Ben Sizer wrote:

> Yes, in much the same way that there is no point ever locking your
> doors or installing burglar alarms, as a determined thief will
> eventually steal your belongings.

That's an utterly pointless and foolish analogy.

(1) If a thief breaks into your house and steals your TV, you no longer
have a TV. If a developer sees your code, you still have your code, *even
if they subsequently copy it*. You haven't lost your code, it is just no
longer secret. Since secrecy is rarely valuable in and of itself, you've
lost nothing.

Yes, I've heard all the stories about "valuable algorithms" and the like.
Some of them might even be true. But for 99+% of code, spending even one
cent to keep it secret is just wasting money.

(2) Compiling code to machine language isn't like locking your door.
Compiling code doesn't prevent me from seeing your code or your algorithm,
it just means I see it written in machine language instead of C. If I know
how to read machine code, or if I have a decompiler, then I can read it,
no problems at all. Would you argue that Python source code hides your
algorithm because it is inscrutable to people who can't read and
understand Python? Surely not. So why do you argue that compiled code is
hidden merely because it is inscrutable to people who don't know how to
download a decompiler off the Internet?

(3) Compiling code is certainly not like installing a burglar alarm. When
I decompile your code, no alarms ring and you are not notified.

> I find it strange that people (at least on c.l.py) often equate
> 'imperfect protection' with 'pointless protection'.

Nonsense. Can I remind you that the Original Poster *explicitly* rejected
using Python's imperfect code-hiding technique (distribute only the
compiled .pyc files) because they can be disassembled, but failed to
realise that EXACTLY the same argument holds for compiled C code?

Let me make it clear with a better analogy than your locked door one: the
O.P. says "I don't want people to look through the windows of my Python
house. I thought about hanging curtains, but people with thermal imaging
equipment can see right through the walls. Can I hang vertical blinds in
Python like my C programmer friends?"

The answers are:

(1) No, Python uses curtains. If you want vertical blinds, use another
language.

(2) Even if you hang vertical blinds, it isn't going to stop people with
thermal imaging equipment from seeing into your house and copying your
algorithm, just like they can with Python.

> The all-or-nothing
> attitude makes no sense. If you can halve the number of people who can
> deduce your algorithm, that helps. If you can double the time it takes
> for those people to deduce it, that also helps. If it took you months
> of R&D, the value of even imperfect protection rises.

Fine. But you haven't demonstrated how to do that. You're just plucking
figures out of the air. Anyone can do that: I claim that going to the
trouble of hiding code with (say) py2exe reduces the number of people who
can deduce your algorithm by 0.1%, and increases the time it takes them by
0.01%. Who is to say that my figures are not as good or better than yours?
Do you really think that (say) Microsoft has got neither decompilers nor
people who can operate them?

-- 
Steven D'Aprano 