hide python code !

Steven D'Aprano steve at REMOVEME.cybersource.com.au
Thu Aug 17 06:06:59 EDT 2006 

On Wed, 16 Aug 2006 13:39:10 -0700, danielx wrote:

> Steven D'Aprano wrote:
>> On Tue, 15 Aug 2006 09:00:16 -0700, Ben Sizer wrote:
>>
>> > Yes, in much the same way that there is no point ever locking your
>> > doors or installing burglar alarms, as a determined thief will
>> > eventually steal your belongings.
>>
>> That's an utterly pointless and foolish analogy.
>>
>> (1) If a thief breaks into your house and steals your TV, you no longer
>> have a TV. If a developer sees your code, you still have your code, *even
>> if they subsequently copy it*. You haven't lost your code, it is just no
>> longer secret. Since secrecy is rarely valuable in and of itself, you've
>> lost nothing.
> 
> But haven't you lost your control over the code? If you were trying to
> sell a program (regardless of whether this is a good way to make money
> from it), hasn't your ability to do so been undercut? This is the loss.

Maybe so. And if a competitor creates a better product than yours, hasn't
your ability to sell your program been undercut too?

Either scenario has NOTHING to do with thieves breaking into your house
and locks on doors. The analogy is bogus. Undercutting your ability to
sell a product is not theft, and compiling source code to machine code is
not analogous to a lock on the door.


>> Yes, I've heard all the stories about "valuable algorithms" and the like.
>> Some of them might even be true. But for 99+% of code, spending even one
>> cent to keep it secret is just wasting money.
> 
> That may be true, but for someone who has determined that the hiding
> the code would be best, it would seem to be quite a good investment.

Whether it "seems" to be a good investment is quite different from whether
it *is* a good investment.

If they ask me for advice, I'll tell them that they're almost certainly
wasting their time, that their algorithm almost certainly isn't as
valuable as they think, and that if they disagree, well, Python supports
.pyc files, there are tools like py2exe which will put their Python code
inside an exe file, there is a Python obfuscator, and a few other tricks.
If none of those things are good enough for them, then Python is not the
language they want to be using.

As for the rest of your post, it is mostly irrelevant. However, I will
answer one last point:

[snip]

> Even if we don't take the "twice" figure literally, I imagine
> that most of us would agree that the amount that the bar can be raise
> is considerable and not insignificant.

I dispute that "most of us" agree that the bar can be raised a
considerable amount. It is my position that in the real world, as opposed
to the fantasies of amateur programmers, compiling code is virtually NO
BARRIER to your competitors understanding your algorithm.

Perhaps you would like to consider how it is that black-hat hackers and
virus writers can analyse Microsoft Windows for vulnerabilities and
security holes *without access to the source code*? 

(And by the way: your suggestion that Microsoft has very few workers is
wrong. Microsoft has approximately 60,000 employees, and that almost
certainly doesn't include the many sub-contractors they hire.
http://www.networkworld.com/news/financial/microsoft.html ) 



-- 
Steven D'Aprano

More information about the Python-list mailing list