hide python code !
Bayazee
can we hide a python code ?
if i want to write a commercial software can i hide my source code from
users access ?
we can conver it to pyc but this file can decompiled ... so ...!!
do you have any idea about this ...?
---------------------------------------
First Iranian Open Source Community : www.python.ir
John Machin
Bayazee wrote:
> hi
> can we hide a python code ?
> if i want to write a commercial software can i hide my source code from
> users access ?
> we can conver it to pyc but this file can decompiled ... so ...!!
> do you have any idea about this ...?
>
> ---------------------------------------
> First Iranian Open Source Community : www.python.ir
[1] and [2] don't seem to be compatible.
Really the only way to keep your code secret is not to distribute it --
provide the functionality from a web server.
If you want to distribute obfuscated code, consider writing it in perl
:-)
Bayazee
in compiled languages when we compile a code to an executable file it
convert to a machine code so now we cant access to source ...
but in python we easily open the program executable(ascii) file and
read source ....
i meen than any way to protect my code or convert it to executable
witch can not be decompiled (python code)....
John Machin
I know what you mean.
However consider this: There is no such thing as an executable which
cannot be decompiled; if the code can be executed, then anybody with
read access to the code can disassemble/decompile/whatever it -- there
is no theoretical difference between disassembling an .exe file and
decompiling a .pyc file. What's in a .pyc file is just the machine code
for a virtual machine ...
Consider changing your business plan: write crappy software, charge
heaps for support -- it's not a novel idea :-)
Steven D'Aprano
> hi
> in compiled languages when we compile a code to an executable file it
> convert to a machine code so now we cant access to source ...
There are disassemblers for machine code. If somebody really wants to see
how your code works, they can do it.
> but in python we easily open the program executable(ascii) file and read
> source ....
Yes. That is by design.
> i meen than any way to protect my code or convert it to executable witch
> can not be decompiled (python code)....
In your first email, you wrote:
"First Iranian Open Source Community : www.python.ir"
Hiding source code is incompatible with Open Source software. You can hide
code, or be Open Source, but not both.
What makes you think that your code is so special that it is worth
stealing? Do you have incredible secret algorithms that nobody has ever
seen before? Or are you just so ashamed of it that you don't want people
to see it?
Or maybe you've copied other people's code, and you don't want them to see
that? What are you hiding?
Whatever your reasons for hiding the source code, there are things which
you can do to obfuscate Python code which will make it difficult for
people to get to the source code. Google for "python obfuscate" for links.
But I'm guessing that, if you hide your source code, most people will
wonder what you are hiding and avoid your program.
If you really want something which compiles to machine code, then Python
is not the language for you. Use another language.
--
Steven D'Aprano
enigmadude
you might have some options:
1. If you are running it on Windows only, use py2exe to wrap it up as
an executable.
2. I've never done this, but you might be able to encrypt or otherwise
turn you modules into binary form, and then use a clever import hook. I
know zipimport in the standard lib gives you more control over
importing zip files, but I don't think it can handle encrypted ones.
3. Write a custom module importer in C using Python's API so you can
encrypt your modules any way you want as long as you know how to use C
to decrypt them again.
There's probably a thousand other ways if you're clever enough (e.g.
write it in Jython and package it as .jar files). As long as your
program sticks closer to pure Python, the easier it will be. If you're
using a lot of open source modules to help you out, you might want to
double-check their licensing to see if what you're doing is allowed
anyway.
Simon Forman
> hi
> in compiled languages when we compile a code to an executable file it
> convert to a machine code so now we cant access to source ...
It can still be disassembled and reverse engineered.
> but in python we easily open the program executable(ascii) file and
> read source ....
> i meen than any way to protect my code or convert it to executable
> witch can not be decompiled (python code)....
How do you reconcile this desire with being part of "First Iranian Open
Source Community"?
I am not hostile, just curious.
BTW, John Machin's suggestion of presenting your code as a web service
is a good one.
Peace,
~Simon
Cameron Laird
.
.
Oh, Pyrex <URL:
http://www.cosc.canterbury.ac.nz/greg.ewing/python/Pyrex/version/Doc/About.html >
on you.
I'll be more explicit. If Bayazee or others *truly* want to write in
Python, or something very close to it, and end up with machine code,
there *are* existing techniques, and I recommend Pyrex among them.
I also disagree with your characterization of Open Source. On the
other hand, your conclusion that Python probably will never make the
we-want-obfuscation-without-much-understanding-of-what-it-is crowd
happy probably is correct.
Myself, I just marvel at the different worlds in which we live. *My*
experience has to do with how tough it is to deploy and maintain
correct, working stuff, even with teams of seasoned pros. The thought
that users will routinely reverse-engineer our applications, and ...
well, I marvel.
Ben Finney
> can we hide a python code ?
Sure; don't distribute it to anyone. Then they can't run the program
or inspect it or anything.
> if i want to write a commercial software can i hide my source code
> from users access ?
You can write commercial software and sell it without hiding the
source code.
> we can conver it to pyc but this file can decompiled ... so ...!!
Indeed. So?
--
\ "For of those to whom much is given, much is required." -- |
`\ John F. Kennedy |
_o__) |
Ben Finney
Bruno Desthuilliers
> hi
> can we hide a python code ?
> if i want to write a commercial software can i hide my source code from
> users access ?
> we can conver it to pyc but this file can decompiled ... so ...!!
It's just the same with java byte-code or machine code. FWIW, I had a
cracked (and localised) copy of Steinberg's Cubase midi sequencer v1.1
*before* v1.0 was publicly available in France... And believe me, they
had made their best to protect the software (dongle etc...).
The only secure way to protect "critical" code is to not distribute it -
make it run on your own server, and require the application to access
the server.
Bruno Desthuilliers
(snip)
> If you really want something which compiles to machine code, then Python
> is not the language for you. Use another language.
>
But that won't protect your software from piracy anyway.
Rob Wolfe
John Machin wrote:
> If you want to distribute obfuscated code, consider writing it in perl
> :-)
LOL
That's really strong protection. Machine code is too easy
to reverse engineer. :)
Regards,
Rob
Slawomir Nowaczyk
enigmadude <enigm...@rock.com> wrote:
#> 2. I've never done this, but you might be able to encrypt or otherwise
#> turn you modules into binary form, and then use a clever import
#> hook.
Please observe that whatever the "clever import hook" is, it actually
needs to know the way to *decrypt* the module (secret key or
whatever). It means that if somebody decompiles the importing code, he
can just as well decompile the "hidden" one.
--
Best wishes,
Slawomir Nowaczyk
( Slawomir...@cs.lth.se )
Children are natural mimics, who act like their parents despite
every effort to teach them good manners.
Paul Boddie
> Steven D'Aprano wrote:
> >Hiding source code is incompatible with Open Source software. You can hide
> >code, or be Open Source, but not both.
[...]
> I also disagree with your characterization of Open Source.
I don't know which part of the open source movement would tolerate the
hiding of source code whilst simultaneously calling the resulting
software "open source", but I'd imagine they'd have a hard time
justifying their "open source" label. Of course, it is possible to be
the "First Iranian Open Source Community" in terms of consuming open
source software rather than producing it, so perhaps that's what the
questioner intended to communicate in their signature.
[...]
> Myself, I just marvel at the different worlds in which we live. *My*
> experience has to do with how tough it is to deploy and maintain
> correct, working stuff, even with teams of seasoned pros. The thought
> that users will routinely reverse-engineer our applications, and ...
> well, I marvel.
I've previously mentioned a very interesting paper which not only
described the reverse engineering of the Skype protocol and software
but also described how to make interoperating Skype clients. Given that
the well-financed developers spent a lot of time introducing various
protection measures (encryption, verification, etc.) and yet someone
can write the aforementioned stuff up in a paper, I'd recommend an
upgrade to any business plan which relies on obfuscation to prevent
"unauthorised" use or modification. Indeed, I'd recommend that any such
entrepreneur think twice about starting a traditional proprietary
software business in this day and age.
Paul
Fuzzyman
You can distribute the compiled byte-code files (*.pyc) which are
harder to turn back into source code.
There was a product called decompyle which could do it, but although
there is a version floating around which works for Python 2.4 I've
never heard of anyone getting it to work.
Import hooks and encrypted source are a good option.
Py2exe embeds the byte-code file for your main script into the
executable which is also pretty good.
All of these make it hard enough to deter most people who will ever
want to abuse your source code. Until you have *lots* of users this is
probably enough.
I never understand the knee-jerk reaction on this mailing list to
answer people who ask this question by telling them they don't really
want to do it...
Fuzzyman
Paul Boddie wrote:
[snip..]
> I've previously mentioned a very interesting paper which not only
> described the reverse engineering of the Skype protocol and software
> but also described how to make interoperating Skype clients. Given that
> the well-financed developers spent a lot of time introducing various
> protection measures (encryption, verification, etc.) and yet someone
> can write the aforementioned stuff up in a paper, I'd recommend an
> upgrade to any business plan which relies on obfuscation to prevent
> "unauthorised" use or modification. Indeed, I'd recommend that any such
> entrepreneur think twice about starting a traditional proprietary
> software business in this day and age.
>
How many users did skype have before that happened...
Several orders of magnitude above what is required to earn a living
from selling a few programs I suspect.
Fuzzyman
http://www.voidspace.org.uk/python/index.shtml
> Paul
Paul Boddie
> Bayazee wrote:
> > can we hide a python code ?
> > if i want to write a commercial software can i hide my source code from
> > users access ?
> > we can conver it to pyc but this file can decompiled ... so ...!!
[...]
> You can distribute the compiled byte-code files (*.pyc) which are
> harder to turn back into source code.
As the man said, and I've seen various proprietary software companies
do just that.
> There was a product called decompyle which could do it, but although
> there is a version floating around which works for Python 2.4 I've
> never heard of anyone getting it to work.
I've got decompyle to work in the recent past (about a year or so ago)
- the trick was to find the Debian package and to make some minor
adjustments to the code to work with whatever breakage the 2.3 -> 2.4
upgrade caused.
[...]
> I never understand the knee-jerk reaction on this mailing list to
> answer people who ask this question by telling them they don't really
> want to do it...
Well, given the pace of technological development and the disregard in
some environments for perpetual backward compatibility, how much of
your infrastructure would you implement in vendor-supplied binaries,
especially when the vendor is a one man plus dog operation? When the
binaries don't work on your newly-upgraded system and the vendor is on
holiday (possibly for good), it doesn't look like a knee-jerk reaction
any more.
Paul
Tim Chase
>> if i want to write a commercial software can i hide my source code from
>> users access ?
>> we can conver it to pyc but this file can decompiled ... so ...!!
>
> want to abuse your source code. Until you have *lots* of users this is
> probably enough.
>
> I never understand the knee-jerk reaction on this mailing list to
> answer people who ask this question by telling them they don't really
> want to do it...
I think the reaction is based mostly in reality...an honest
answer: If you give people the program, then you also give them
the ability to reverse engineer it. It's as simple as that.
No matter how dongled, obfuscated, compiled, encrypted, etc. At
some point the code actually has to be executed/interpreted, and
at that point, it can be intercepted. Thus, "by telling them
that they don't really want to do it", the list is conveying the
futility of attempting to strive for the goal. Obfuscation may
be a shallow speedbump, and for some folks, better than nothing.
However, it's better to have a good relationship with your
customers and know that they will adhere to licensing conditions,
rather than to try and strong-arm them into behaving a particular
way.
My "%s%0.2f" % (currency_marker, 0.02) on the matter. :)
-tkc
Fuzzyman
If you distribute applications with py2exe then your application is no
longer dependent on the installed version of Python.
The question keeps getting asked because a lot of new programmers are
looking to create programs that they will sell. A lot of these will be
good programmers, and some of the software will be successful. Telling
them 'you can't do that with Python', does no good to Python itself.
In fact what you can do with Python is not a lot worse than most other
languages, and almost certainly *good enough* for this sort of thing.
Fuzzyman
http://www.voidspace.org.uk/python/index.shtml
> Paul
Fuzzyman
Tim Chase wrote:
> >> can we hide a python code ?
> >> if i want to write a commercial software can i hide my source code from
> >> users access ?
> >> we can conver it to pyc but this file can decompiled ... so ...!!
> >
> > All of these make it hard enough to deter most people who will ever
> > want to abuse your source code. Until you have *lots* of users this is
> > probably enough.
> >
> > I never understand the knee-jerk reaction on this mailing list to
> > answer people who ask this question by telling them they don't really
> > want to do it...
>
> I think the reaction is based mostly in reality...an honest
> answer: If you give people the program, then you also give them
> the ability to reverse engineer it. It's as simple as that.
But until your number of users gets beyond quite a high level, it's
just extremely likely that any of your individual users will have that
sort of ability - or anyone else will have the motivation to do it.
What you can do with Python is almost certainly *good enough* for most
people who ask this question - and that fact never seems to be included
in the 'reality' propogated by the knee jerk reactionists... :-p
Paul Boddie
> Paul Boddie wrote:
[Skype paper]
> > I'd recommend an
> > upgrade to any business plan which relies on obfuscation to prevent
> > "unauthorised" use or modification. Indeed, I'd recommend that any such
> > entrepreneur think twice about starting a traditional proprietary
> > software business in this day and age.
>
> How many users did skype have before that happened...
>
> Several orders of magnitude above what is required to earn a living
> from selling a few programs I suspect.
The point was that dreaming up exotic "protection" schemes for closed
source software is quite possibly only the highest priority in either a
highly traditional shrinkwrapped proprietary software business (where
the evidence - my spam folder - suggests that the "protection" is only
a marginally effective deterrent) or in some kind of proprietary
software plus services business where you don't want people tampering
with your infrastructure (where the evidence suggests that anyone
determined enough will force you to continually focus on that
"protection" scheme over the long-term).
So, if the questioner just wants to sell a few programs, they might
want to either consider different business models than those
traditionally envisaged, or they might want to be aware that fancy
"protection" is most likely to be a long-term investment yielding
moderately disappointing results, and that their energy is best
directed elsewhere.
Paul
Fuzzyman
Tim Chase wrote:
[snip....]
> However, it's better to have a good relationship with your
> customers and know that they will adhere to licensing conditions,
> rather than to try and strong-arm them into behaving a particular
> way.
>
Don't forget that distributing your source code is more of a gift to
your competitors (and potential competitors) than it is to your
customers...
Fuzzyman
http://www.voidspace.org.uk/python/index.shtml
Paul Boddie
> Paul Boddie wrote:
> > Fuzzyman wrote:
> >
> > > I never understand the knee-jerk reaction on this mailing list to
> > > answer people who ask this question by telling them they don't really
> > > want to do it...
Note your choice of words: "don't really want to do it".
[...]
> If you distribute applications with py2exe then your application is no
> longer dependent on the installed version of Python.
But there are numerous other things that might stop whatever binary it
is from working over longer periods of time. Besides, py2exe
executables don't exactly exhibit various typical benefits of normal
Python programs such as being able to run on more than one platform,
unless you recommend that everyone runs those applications in some kind
of Windows virtualisation solution.
> The question keeps getting asked because a lot of new programmers are
> looking to create programs that they will sell. A lot of these will be
> good programmers, and some of the software will be successful. Telling
> them 'you can't do that with Python', does no good to Python itself.
But many people admit that solutions do exist, notably py2exe and other
tools which do very similar things but for more than one platform (and
have done so for at least a decade). Now you did say that people are
being made to feel that they "don't really want to do it", but that's a
very different thing from being told that they "can't do that with
Python".
Personally, I'd rather people chose not to do such things with Python,
for various reasons including the inability of the end-user to study or
fix bugs in the code or to take advantage of various well-known
benefits of the Python language, library and runtime. But I do admit
that they at least can achieve some level of obfuscation or
"protection" for such endeavours (and a suitably-phrased Web search
will provide established solutions for doing just that).
Paul
Helmut Jarausch
> Bayazee wrote:
>> hi
>> can we hide a python code ?
>> if i want to write a commercial software can i hide my source code from
> ^^^^^^^^^^^^^^^^^^^^^^^^[1]
>> users access ?
>> we can conver it to pyc but this file can decompiled ... so ...!!
>> do you have any idea about this ...?
>>
>> ---------------------------------------
>> First Iranian Open Source Community : www.python.ir
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^[2]
>
>
> [1] and [2] don't seem to be compatible.
I suppose all of you who have commented about this, are sitting in the
>>> free world <<< .
But there are countries (like .ir) where the government has totally different
ideas of 'freedom'. So taking the freedom to write something can be very
dangerous at times. Fortunately most of those guys which intercept every
email and check every web server are not so smart to reverse engineer
everything in a short time since they have to check thousands of pieces of
information each day. Let's make their work a bit harder!
Ben Sizer
> Fuzzyman wrote:
> > answer people who ask this question by telling them they don't really
> > want to do it...
>
> Well, given the pace of technological development and the disregard in
> some environments for perpetual backward compatibility, how much of
> your infrastructure would you implement in vendor-supplied binaries,
> especially when the vendor is a one man plus dog operation? When the
> binaries don't work on your newly-upgraded system and the vendor is on
> holiday (possibly for good), it doesn't look like a knee-jerk reaction
> any more.
It's worth remembering that there is a massive amount of software that
has nothing to do with 'infrastructure', that won't need to be
maintained, or upgraded. Examples include most retail software for the
home or small office, and most entertainment software. Developers of
such software often have understandable reasons for making it
inconvenient to examine the algorithms at a high level.
--
Ben Sizer
Duncan Booth
> Tim Chase wrote:
> [snip....]
>> However, it's better to have a good relationship with your
>> customers and know that they will adhere to licensing conditions,
>> rather than to try and strong-arm them into behaving a particular
>> way.
>>
>
> Don't forget that distributing your source code is more of a gift to
> your competitors (and potential competitors) than it is to your
> customers...
>
I believe Eric Raymond has argued that if your competitors are spending
their time trying to work out how to adapt to using your software, that is
time they aren't spending competing with you. So long as you make regular
releases of your software you can ensure that they are always at least one
step behind you.
Paul Boddie
>
> It's worth remembering that there is a massive amount of software that
> has nothing to do with 'infrastructure', that won't need to be
> maintained, or upgraded. Examples include most retail software for the
> home or small office, and most entertainment software. Developers of
> such software often have understandable reasons for making it
> inconvenient to examine the algorithms at a high level.
It may be the case that certain kinds of applications can go on working
forever on whatever hardware they were intended to run, right until the
point when the hardware ceases to function correctly or when the
end-user gets bored of it, or envious of the neighbour's hardware, or
for whatever other reason. However, I've seen plenty of evidence of
"home or small office" software which arrives as a binary, employs its
own proprietary format, runs on now-legacy hardware and whose users are
now high-and-dry with respect to accessing their old documents.
Sure, developers of such software may not want their competitors to
find out how their products work - certain companies also like to file
patents for that added anticompetitive edge, should their competitors
even consider figuring out the not-so-magic formula - but as end-users
of software ourselves, we don't have to share such an understanding of
their motivations, especially when such motivations directly conflict
with our own: with respect to the above evidence, our own motivations
are to have a reasonable level of control over the tools to manage our
own data.
It may not matter if some console game or other doesn't work after 20
years, although I think it's actually something of a shame given that
such artifacts, no matter how apparently trivial they are, are actually
part of our culture and shouldn't be so readily discarded and
forgotten, but when your own data is not easily accessible within a
much shorter timeframe, the scandal is (at least to me) so much more
obvious.
Paul
Ben Sizer
> Ben Sizer wrote:
> >
> > It's worth remembering that there is a massive amount of software that
> > has nothing to do with 'infrastructure', that won't need to be
> > maintained, or upgraded. Examples include most retail software for the
> > home or small office, and most entertainment software. Developers of
> > such software often have understandable reasons for making it
> > inconvenient to examine the algorithms at a high level.
>
> find out how their products work - certain companies also like to file
> patents for that added anticompetitive edge, should their competitors
> even consider figuring out the not-so-magic formula - but as end-users
> of software ourselves, we don't have to share such an understanding of
> their motivations, especially when such motivations directly conflict
> with our own: with respect to the above evidence, our own motivations
> are to have a reasonable level of control over the tools to manage our
> own data.
I think you're possibly being a bit idealistic here. I use and endorse
open source and open formats wherever possible but I don't believe we
would have the same degree of diversity of software available if
everything was open.
Imagine if you were the single-person developer of a small application
that did something quite innovative, and charged a small fee for your
product. Now imagine you were practically forced to make your algorithm
obvious - a couple of months later, Microsoft bring out a freeware
version and destroy your business in an instant. Sure, they and others
can (and have) done that with closed-source products, but you increase
your chances of survival 10-fold if the key algorithms are not obvious.
The only other way to protect against that would be a software patent,
and I disagree with their existence on the grounds that it punishes
those who discover the techniques independently.
> It may not matter if some console game or other doesn't work after 20
> years...
Certainly; yet this is a valid example of software that requires a
degree of protection since some of the algorithms employed truly are
'worth stealing'. They can usually be replicated in time, but that may
be months and allows the original company to have a deserved commercial
advantage.
> ...although I think it's actually something of a shame given that
> such artifacts, no matter how apparently trivial they are, are actually
> part of our culture and shouldn't be so readily discarded and
> forgotten...
Thankfully we have emulators for most platforms, and hopefully
litigation won't kill those off.
> ...but when your own data is not easily accessible within a
> much shorter timeframe, the scandal is (at least to me) so much more
> obvious.
I think it's quite possible to have a closed binary but an open
document format, thus allowing the user to migrate away at any point
while still preserving any 'secrets' in the implementation.
--
Ben Sizer
Terry Reedy
"Fuzzyman" <fuzz...@gmail.com> wrote in message
news:1155300852....@74g2000cwt.googlegroups.com...
> I never understand the knee-jerk reaction on this mailing list to
> answer people who ask this question by telling them they don't really
> want to do it...
Let's clarify the question: "Dear Python programmers: please tell me for
free how I can hide my code from you and others like you."
This question has nothing to do with preventing blind copying of
distributed software, whether in source or binary form.
tjr
Paul Boddie
>
> Imagine if you were the single-person developer of a small application
> that did something quite innovative, and charged a small fee for your
> product. Now imagine you were practically forced to make your algorithm
> obvious - a couple of months later, Microsoft bring out a freeware
> version and destroy your business in an instant. Sure, they and others
> can (and have) done that with closed-source products, but you increase
> your chances of survival 10-fold if the key algorithms are not obvious.
This point is fairly comprehensively answered in the following article:
http://radar.oreilly.com/archives/2006/08/apple_eats_whiners.html
> The only other way to protect against that would be a software patent,
> and I disagree with their existence on the grounds that it punishes
> those who discover the techniques independently.
And that's not all. Even if you accept the granting of patents for
mathematical or scientific processes (which I don't), it's hard to
justify people privatising the commons by building on the freely
available knowledge which made their own work possible whilst holding a
monopoly which not only prevents others from building on that work, but
also, as you say, from building anything similar independently or
otherwise from the starting point of that prior knowledge.
[...]
> Thankfully we have emulators for most platforms, and hopefully
> litigation won't kill those off.
Hopefully, yes. But the wider issue is that of ownership of culture and
whether such a concept makes sense. When you're having some popular
music involuntarily pumped into your consciousness through multiple
channels of the media, do you not have the right to say that since
you've heard the song in question umpteen times, and that the "rights
holder" was quite happy to have the work broadcast on the radio, on
television, in the shopping mall, at the airport, and so on, that you
should then be able to record the song, play it back whenever, however
and how often you like, or perhaps remix it, parody it, cover it, or
play it backwards at your leisure?
The stuff about patents, small companies supposedly innovating and
popular culture intersect quite nicely around things like copyright
expiry. I read an article where various aging popular musicians were
lobbying the British government to extend the period of copyright
beyond 50 years because their first works would soon fall into the
public domain and that they'd no longer earn royalties on those works.
But in what percentage of the many other jobs that exist do you still
get paid for a day at work that happened over 50 years ago?
[...]
> I think it's quite possible to have a closed binary but an open
> document format, thus allowing the user to migrate away at any point
> while still preserving any 'secrets' in the implementation.
That's the point of view held by certain software vendors, but many
vendors have sadly failed to resist the temptation to lock users in
completely, using every available technique to make it almost
impossible to migrate. And then the end-users are faced with migrating
away from obsolescence. It doesn't matter if it's a Fortune 500 company
or just some individual whose data is at risk: putting the "competitive
advantage" of the vendor before that data is plainly unethical.
Paul
Philippe Martin
> hi
> can we hide a python code ?
> if i want to write a commercial software can i hide my source code from
> users access ?
> we can conver it to pyc but this file can decompiled ... so ...!!
> do you have any idea about this ...?
>
> ---------------------------------------
> First Iranian Open Source Community : www.python.ir
Unless you have some very specific (patent-prone) algo in your code, I do
not think you really have an issue there: *.pyc is enough to disturb most
people.
The real danger I see is a company trying to copy your concept as the real
IP (assuming the above is true) is in your specifications ... which can be
re-designed from looking at your application: I buy one legal copy of your
stuff, put a few smart guys on the deal and come up with a competitive
application some time later (I've seen companies do that).
Philippe
Fuzzyman
Terry Reedy wrote:
> "Fuzzyman" <fuzz...@gmail.com> wrote in message
> news:1155300852....@74g2000cwt.googlegroups.com...
> > I never understand the knee-jerk reaction on this mailing list to
> > answer people who ask this question by telling them they don't really
> > want to do it...
>
> Let's clarify the question: "Dear Python programmers: please tell me for
> free how I can hide my code from you and others like you."
>
And categorising their intent in this way is likely to make many
genuine coders cross Python off their list and go and see if the Ruby
community is any friendlier...
Fuzzyman
http://www.voidspace.org.uk/python/index.shtml
Ben Finney
> Paul Boddie wrote:
> > Well, given the pace of technological development and the
> > disregard in some environments for perpetual backward
> > compatibility, how much of your infrastructure would you implement
> > in vendor-supplied binaries, especially when the vendor is a one
> > man plus dog operation?
>
> The question keeps getting asked because a lot of new programmers are
> looking to create programs that they will sell.
"Sell the software" is in no way dependent on "hide the source code":
businesses across the globe sell software that doesn't have the source
code hidden, often *with* source code.
Indeed, as Paul Boddie points out, hiding the source code from one's
customers, and refusing them permission to take the software to
someone else to improve it, is increasingly becoming a way to *reduce*
the willingness of people to buy one's software.
All this seems worth pointing out to any new programmers whom you
posit are looking to create programs that they will sell.
--
\ "I always wanted to be somebody. I see now that I should have |
`\ been more specific." -- Lily Tomlin |
_o__) |
Ben Finney
Ben Finney
> Terry Reedy wrote:
> > Let's clarify the question: "Dear Python programmers: please tell
> > me for free how I can hide my code from you and others like you."
>
> And categorising their intent in this way
I don't see how this categorises intent at all. It's clarifying what
the question means.
"Dear Python programmers" -- the message was to comp.lang.python.
"please tell me for free" -- they have asked a question, and clearly
expect an answer without further remuneration requirements or other
payment.
"how I can hide my code" -- this is exactly what they've asked.
The only thing I can see in there you might object to is the "you and
others like you". Here, "you" is "Python programmers". By hiding the
source code to their programs, they will hide it from any Python
programmers.
Any one of their customers may want improvements to the program that
they (the author) may not be motivated to work on, for whatever
reason. No shame in that -- and no categorisation of intent.
The customer can then ask any other Python programmer to make the
improvements, offering whatever consideration is agreeable to both
parties. If the source code is hidden, its *hidden from the Python
programmer* and others like them.
Nowhere in this has intent of the author been categorised. It makes
clear some of the consequences of the proposed course of action.
--
\ "I used to be a narrator for bad mimes." -- Steven Wright |
`\ |
_o__) |
Ben Finney
Bayazee
ThnaX for Your Answers ...
i am an open source programmer ... ! and i never like to write a closed
source app or hide my codes ! it just a question that i must
answer/solve it!
one of site ( www.python.ir ) users asked this question ! but
unfortunately i have't any solution to it ! so i ask it here to know
your concepts ...
so sorry for my inferior question
but i realy want to know a way to do it(if it possible) ! and it is't
mean that i want to do it !
Best Regard's
Philippe Martin
Is there such a thing as inferior questions ? only fools do not ask
questions, you clearly do not qualify ... heads up !!!
Philippe
Grant Edwards
> The only thing I can see in there you might object to is the "you and
> others like you". Here, "you" is "Python programmers". By hiding the
> source code to their programs, they will hide it from any Python
> programmers.
And hiding Python code from non-Python programmers is sort of
moot. ;)
--
Grant Edwards grante Yow! ... I see TOILET
at SEATS...
visi.com
Cameron Laird
I disagree with the respondents who have told you it's
impossible. While I can't make time now to answer your
question fully, I recommend that you read up on Pyrex
and py2exe.
Steven D'Aprano
> What you can do with Python is almost certainly *good enough* for most
> people who ask this question - and that fact never seems to be included
> in the 'reality' propogated by the knee jerk reactionists... :-p
The Original Poster *explicitly* stated that he was aware of the .pyc
files, and rejected that strategy because .pyc files can be decompiled.
He was asking for something which can't be decompiled, which is not
possible since machine code can also be decompiled -- in fact, there
are probably lots more disassemblers and decompilers for C than there are
for Python. I'd rather educate him so he stops wasting his time rather
than reinforce his ignorance by pretending that there are ways of
distributing code without it also being decompilable.
You suggested that it does harm to Python to give developers a realistic
understanding of what Python is capable of, and that it's better to give
them a misleading answer. I reject that idea utterly.
--
Steven D'Aprano
Steven D'Aprano
> Imagine if you were the single-person developer of a small application
> that did something quite innovative,
And imagine that you found a money-tree in your back yard...
How about a more likely scenario? Imagine you're using a boring,
run-of-the-mill algorithm, the same as 99.9% of all software out there,
and that it's neither non-obvious nor innovative in any way at all.
Statistically, I'd say it is ten thousand times more likely that this is
the case than that the algorithm is at all valuable. Everybody thinks
their algorithm is "special". They almost never are.
Even this is more likely than the semi-mythical algorithm that needs to
be kept secret: the reason "you" (generic you) want to keep your software
secret is because you've copied source code -- from books, from your
friends, from Open Source projects, maybe even from stolen copies of
Windows source code you've downloaded from the darker corners of the
Internet, and you don't want people to know. That's more likely than you
hitting upon an amazing new innovative AND valuable algorithm.
Valuable algorithms are rare. Most software is not valuable for the
algorithm, which is hidden in the source code, but for the functionality,
which is obvious. Algorithms are a dime a dozen.
>> It may not matter if some console game or other doesn't work after 20
>> years...
>
> Certainly; yet this is a valid example of software that requires a
> degree of protection since some of the algorithms employed truly are
> 'worth stealing'.
Yes, and for every algorithm "worth stealing", there are ten thousand that
aren't. Play the odds, and you too will poo-poo the idea that some random
developer on Usenet has discovered a valuable innovative algorithm. More
likely he's just ashamed of his code, or wants to hide backdoors in it.
--
Steven D'Aprano
Ben Sizer
> Ben Sizer wrote:
> >
> > Imagine if you were the single-person developer of a small application
> > that did something quite innovative, and charged a small fee for your
> > product. Now imagine you were practically forced to make your algorithm
> > obvious - a couple of months later, Microsoft bring out a freeware
> > version and destroy your business in an instant. Sure, they and others
> > can (and have) done that with closed-source products, but you increase
> > your chances of survival 10-fold if the key algorithms are not obvious.
>
> This point is fairly comprehensively answered in the following article:
>
> http://radar.oreilly.com/archives/2006/08/apple_eats_whiners.html
I don't believe so. That talks about copying of ideas, which is quite
distinct from copying of implementations. The distinction may be
meaningless in your typical desktop app where implementation is usually
obvious from the interface. However in more high-tech systems such as
multimedia or AI, the same is far from true.
> I read an article where various aging popular musicians were
> lobbying the British government to extend the period of copyright
> beyond 50 years because their first works would soon fall into the
> public domain and that they'd no longer earn royalties on those works.
> But in what percentage of the many other jobs that exist do you still
> get paid for a day at work that happened over 50 years ago?
However, in most of those jobs you get paid properly at the time. Aside
from the 1% of musicians who are pop stars, musicians generally do not.
I'm not saying I agree with extending the copyright period, however I
do think you can't just compare it to 'a day at work'. It's a totally
different set of circumstances which requires a different set of rules
to both encourage artists to continue creating while benefitting
society in the long run too.
--
Ben Sizer
Ben Sizer
> On Fri, 11 Aug 2006 09:18:12 -0700, Ben Sizer wrote:
>
> > Imagine if you were the single-person developer of a small application
> > that did something quite innovative,
>
> And imagine that you found a money-tree in your back yard...
>
> How about a more likely scenario? Imagine you're using a boring,
> run-of-the-mill algorithm, the same as 99.9% of all software out there,
> and that it's neither non-obvious nor innovative in any way at all.
> Statistically, I'd say it is ten thousand times more likely that this is
> the case than that the algorithm is at all valuable. Everybody thinks
> their algorithm is "special". They almost never are.
I work in game development, where new algorithms and processes are
being discovered all the time. Sure, they're not going to cure cancer
or end poverty but there are most definitely some algorithms devised by
many developers which other companies have no idea how to emulate until
years down the line; long enough for the first company to enjoy a
little commercial benefit based on their individual implementation.
> Valuable algorithms are rare. Most software is not valuable for the
> algorithm, which is hidden in the source code, but for the functionality,
> which is obvious. Algorithms are a dime a dozen.
True, however, most is not all, and I think it's unfair to categorise
all software as being so trivial.
> Yes, and for every algorithm "worth stealing", there are ten thousand that
> aren't. Play the odds, and you too will poo-poo the idea that some random
> developer on Usenet has discovered a valuable innovative algorithm. More
> likely he's just ashamed of his code, or wants to hide backdoors in it.
Play the odds, and pretty much everything is unlikely. Of all the names
in the world, what was the chance of this language being called Python?
Yet these things occasionally happen. I have no opinion on why the
original poster wants to hide code, only an opinion on there definitely
being a few applications where it is very useful.
--
Ben Sizer
Paul Boddie
> Paul Boddie wrote:
> > Ben Sizer wrote:
> > >
> > > Imagine if you were the single-person developer of a small application
> > > that did something quite innovative, and charged a small fee for your
> > > product. Now imagine you were practically forced to make your algorithm
> > > obvious - a couple of months later, Microsoft bring out a freeware
> > > version and destroy your business in an instant. Sure, they and others
> > > can (and have) done that with closed-source products, but you increase
> > > your chances of survival 10-fold if the key algorithms are not obvious.
> >
> > This point is fairly comprehensively answered in the following article:
> >
> > http://radar.oreilly.com/archives/2006/08/apple_eats_whiners.html
>
> I don't believe so.
Well, it talks about competing against some large business who will
eventually emulate your work. The advantage of small businesses
competing against anyone with a fairly rigid schedule and an arguably
non-agile internal organisation is that there will be a certain amount
of time before that large business firstly gets round to dismantling
your product (as opposed to that of the other small competitors),
secondly manages to produce something which does more or less the same
thing, and thirdly is able to bring it to market with the same level of
quality/branding that its customers expect.
Successful software businesses are not merely founded on the process of
having ideas and implementing them - they might also need to be
effective at delivering those ideas and going through the whole process
again and again. Writing a neat utility for Windows is not by itself
the foundation of a successful business - other factors are critical,
whether they be continuous improvements, service, support, or a number
of other things.
> That talks about copying of ideas, which is quite
> distinct from copying of implementations. The distinction may be
> meaningless in your typical desktop app where implementation is usually
> obvious from the interface. However in more high-tech systems such as
> multimedia or AI, the same is far from true.
Well, let's say that algorithms are a step up from mere ideas, and
let's also say that actual code is a step up from mere descriptions of
algorithms (since actual code serves to verify the behaviour of those
algorithms). The article I mention states that people shouldn't expect
to be rewarded forever for dreaming up some idea, and I extend that
point by stating that people shouldn't expect to be rewarded forever
for describing an algorithm - both of these things being patentable in
various permissive patent regimes, which (in conjunction with a few
other factors) really is quite harmful for anyone actually doing work
in any of the affected lines of work.
So, if we decide to ignore people waving pieces of paper around which
make some claim to an idea or some way of solving some problem, instead
investigating the actual code, others have pointed out already that if
you provide just a binary and there exist people who want to know what
you've done, those people will find it out whether you make it easy for
them or not. Now, if we sidestep the issue of decompiling binaries and
cast the affected work as some kind of service, the question can now be
expressed as whether you should expect to be rewarded forever for
providing such a service. This brings in a number of issues that are
suddenly more apparent than in the case where the end-user has some
binary - notably the issue of control over the activity that the
service performs - and such issues could possibly increase competitive
pressure rather than enhance any supposed competitive advantage if
people felt that the market wasn't providing enough in the way of
choice in that area.
> > I read an article where various aging popular musicians were
> > lobbying the British government to extend the period of copyright
> > beyond 50 years because their first works would soon fall into the
> > public domain and that they'd no longer earn royalties on those works.
> > But in what percentage of the many other jobs that exist do you still
> > get paid for a day at work that happened over 50 years ago?
>
> However, in most of those jobs you get paid properly at the time. Aside
> from the 1% of musicians who are pop stars, musicians generally do not.
The article I read was in the paper edition of the newspaper in
question, but here's a fairly similar electronic version:
I don't doubt that sessions musicians are paid badly, but multiplying
every musician's income by a certain factor doesn't necessarily
represent a just solution to that issue.
> I'm not saying I agree with extending the copyright period, however I
> do think you can't just compare it to 'a day at work'. It's a totally
> different set of circumstances which requires a different set of rules
> to both encourage artists to continue creating while benefitting
> society in the long run too.
For some of those musicians (ie. probably not Sir Cliff Richard), it
probably was a day at work for which they were badly paid, whilst
others (eg. Sir Cliff Richard) went on to make quite a bit of money. Of
course, one can always argue that the result of this particular kind of
day at work is something that can be enjoyed again and again, but then
you should consider the issue of why the person working at the car
factory doesn't get paid royalties every time you turn the key in the
ignition (even if it's just $0.0001 each time).
Paul
Damjan
> that did something quite innovative, and charged a small fee for your
> product. Now imagine you were practically forced to make your algorithm
> obvious - a couple of months later, Microsoft bring out a freeware
> version and destroy your business in an instant. Sure, they and others
> can (and have) done that with closed-source products, but you increase
> your chances of survival 10-fold if the key algorithms are not obvious.
I think you increase your chances of Microsoft not even being in the same
room with your software 100-fold if you release it under.. say GPL.
--
damjan
Gerhard Fiedler
> I think you increase your chances of Microsoft not even being in the same
> room with your software 100-fold if you release it under.. say GPL.
... and have the money to run a law suit? Patents, licenses etc are only as
strong as the money that backs them, mostly.
Gerhard
Armin Steinhoff
> hi
> can we hide a python code ?
> if i want to write a commercial software can i hide my source code from
> users access ?
> we can conver it to pyc but this file can decompiled ... so ...!!
> do you have any idea about this ...?
Use Pyrex in order to build C-Modules from the critical parts of your
software.
>
> ---------------------------------------
> First Iranian Open Source Community : www.python.ir
Interesting ... but you are not a member of this community. Right?
--Armin
Bayazee
Hi
thanx for your answers . i read all of your replys carefully ...
i am an open source Programmer ! i love to distribute my sources and
use other ideas ! but asking a question is't reason of using it ! i
want to find a way to hide python source codes ! can we do it ? how ?
but i dont want to use it ....
this is a question that i must be answer to a friend !
Gerhard Fiedler
>> First Iranian Open Source Community : www.python.ir
>
> Interesting ... but you are not a member of this community. Right?
You know how to read a thread, right? :)
Gerhard
Philippe Martin
Then the answer could be a question: can we hide any source/binary ?
Hardware tokens (ex: smart cards) are used just for that purpose. So as long
as you distribute a PC with your package and are certain it cannot be
tempered with (the correct O/S, administrative rights, encrypted
partitions .....) ... but I do not think there is such a PC out there.
You might want to read this:
http://www.commoncriteriaportal.org/
www.commoncriteriaportal.org/public/files/ccintroduction.pdf
http://en.wikipedia.org/wiki/Common_Criteria
Philippe
Alex Martelli
I guess that's an advantage of GPL: there's a foundation (with much
better funding than you could raise as an individual) which will gladly
fight for GPL, both in the courts and in the arena of public opinion --
I believe that, so, far, they've won every single fight they've picked,
by just the joint threat of lawsuits and public shaming campaigns.
It just isn't worth Microsoft's while to take the public-relations hit
of such a fight: much cheaper for them to re-implement your ideas than
to copy your GPL'd code.
Alex
Ben Sizer
> Successful software businesses are not merely founded on the process of
> having ideas and implementing them - they might also need to be
> effective at delivering those ideas and going through the whole process
> again and again. Writing a neat utility for Windows is not by itself
> the foundation of a successful business - other factors are critical,
> whether they be continuous improvements, service, support, or a number
> of other things.
Yes, but this was never about 'successful software businesses' as such.
I'm not saying anyone deserves to earn a living just because they
created something, but that it is useful for them to be able to reduce
the ways in which others with more resources can replicate that
creation. You don't even need to be a 'successful' business to kill a
competitor, just to have more money in the bank for as long as the
competition exists. (eg. MS vs Netscape, Creative vs Aureal.)
> So, if we decide to ignore people waving pieces of paper around which
> make some claim to an idea or some way of solving some problem, instead
> investigating the actual code, others have pointed out already that if
> you provide just a binary and there exist people who want to know what
> you've done, those people will find it out whether you make it easy for
> them or not.
Yes, in much the same way that there is no point ever locking your
doors or installing burglar alarms, as a determined thief will
eventually steal your belongings.
I find it strange that people (at least on c.l.py) often equate
'imperfect protection' with 'pointless protection'. The all-or-nothing
attitude makes no sense. If you can halve the number of people who can
deduce your algorithm, that helps. If you can double the time it takes
for those people to deduce it, that also helps. If it took you months
of R&D, the value of even imperfect protection rises.
> Now, if we sidestep the issue of decompiling binaries and
> cast the affected work as some kind of service, the question can now be
> expressed as whether you should expect to be rewarded forever for
> providing such a service.
But what is 'forever'? Is it a single service for one customer that
persists forever? Or is it a service that will be invoked many times by
different customers forever? Since these are completely different
scenarios, the answer is "it depends".
> such issues could possibly increase competitive
> pressure rather than enhance any supposed competitive advantage if
> people felt that the market wasn't providing enough in the way of
> choice in that area.
I'm not interested in whether it's a sound business decision or not.
I'm just interested in the developer's right and/or ability to make
that call.
> > I'm not saying I agree with extending the copyright period, however I
> > do think you can't just compare it to 'a day at work'. It's a totally
> > different set of circumstances which requires a different set of rules
> > to both encourage artists to continue creating while benefitting
> > society in the long run too.
>
> For some of those musicians (ie. probably not Sir Cliff Richard), it
> probably was a day at work for which they were badly paid, whilst
> others (eg. Sir Cliff Richard) went on to make quite a bit of money. Of
> course, one can always argue that the result of this particular kind of
> day at work is something that can be enjoyed again and again, but then
> you should consider the issue of why the person working at the car
> factory doesn't get paid royalties every time you turn the key in the
> ignition (even if it's just $0.0001 each time).
There's a key distinction to be made here, at least legally.
Session musicians do work for hire - they're paid by the
hour/day/whatever, and typically have no copyright to the work they
perform on. They are analogous to the person at the car factory. Any
royalties they receive - typically none - would be from the contractual
agreement and nothing to do with copyright.
On the other hand, writing musicians/composers typically will be paid
absolutely nothing for their original creation. They never get paid for
it as such, but they can (and typically do) yield the copyright to a
publishing company in return for an agreed royalty rate on sales of the
reproduced item. They don't so much get paid forever for a service
rendered long ago, they just have their payment spread out over an
indefinite period of time, and that is dependent on people buying that
item.
This is no different from me investing my own time and money into
manufacturing 10,000 cars and selling them between now and 50 years
from now. The major difference is that replicating creative work is
typically much cheaper and easier than replicating automobiles, hence
the existence of various laws safeguarding intellectual property, as
without such laws there would be little incentive to create any such
works that were non-trivial. No-one is going to pay you up front for
it, so you need a way of protecting future potential income. Since that
future income is typically strongly linked to the quality of your work,
it's arguable that this is in fact a fairer business model than being
paid a normal salary.
--
Ben Sizer
Paul Boddie
> Paul Boddie wrote:
> > Successful software businesses are not merely founded on the process of
> > having ideas and implementing them - they might also need to be
> > effective at delivering those ideas and going through the whole process
> > again and again. Writing a neat utility for Windows is not by itself
> > the foundation of a successful business - other factors are critical,
> > whether they be continuous improvements, service, support, or a number
> > of other things.
>
> Yes, but this was never about 'successful software businesses' as such.
If success is defined as staying in business whilst making a profit,
then the issue is inseparable from being successful. As "the
single-person developer of a small application that did something quite
innovative" who charges "a small fee for your product", isn't the goal
at least to cover your costs? If you're making software purely to
contribute to society, where the money isn't important, what relevance
does this have to you increasing "your chances of survival 10-fold"?
Few people contribute to society whilst deliberately obscuring the
thing they're trying to contribute.
> I'm not saying anyone deserves to earn a living just because they
> created something, but that it is useful for them to be able to reduce
> the ways in which others with more resources can replicate that
> creation. You don't even need to be a 'successful' business to kill a
> competitor, just to have more money in the bank for as long as the
> competition exists. (eg. MS vs Netscape, Creative vs Aureal.)
While that is often true, I've already noted several disadvantages that
can outweigh pure financial superiority in such large businesses.
> > So, if we decide to ignore people waving pieces of paper around which
> > make some claim to an idea or some way of solving some problem, instead
> > investigating the actual code, others have pointed out already that if
> > you provide just a binary and there exist people who want to know what
> > you've done, those people will find it out whether you make it easy for
> > them or not.
>
> Yes, in much the same way that there is no point ever locking your
> doors or installing burglar alarms, as a determined thief will
> eventually steal your belongings.
Despite the pictures various people seem intent on painting, most
contributions to this thread have focused on the tradeoffs involved in
"securing" algorithms via compilation, obfuscation, and so on.
Analogies about houses and alarms fail to capture the sophistication of
the matter, especially considering the different views on what your
belongings in the context of writing software for profit actually are.
> I find it strange that people (at least on c.l.py) often equate
> 'imperfect protection' with 'pointless protection'. The all-or-nothing
> attitude makes no sense. If you can halve the number of people who can
> deduce your algorithm, that helps. If you can double the time it takes
> for those people to deduce it, that also helps. If it took you months
> of R&D, the value of even imperfect protection rises.
Imperfect protection isn't pointless but it comes at a cost. Perhaps
Skype's elaborate protection scheme gave that company such an advantage
over its competitors that having the scheme described publicly has had
little impact on its market position. However, such work doesn't just
happen at zero cost, and where people decide to "roll their own" rather
than purchase some kind of system to do the job, it can be quite a
distraction (both strategically and financially) from just focusing on
the rest of the business.
> > Now, if we sidestep the issue of decompiling binaries and
> > cast the affected work as some kind of service, the question can now be
> > expressed as whether you should expect to be rewarded forever for
> > providing such a service.
>
> But what is 'forever'? Is it a single service for one customer that
> persists forever? Or is it a service that will be invoked many times by
> different customers forever? Since these are completely different
> scenarios, the answer is "it depends".
That a continuous stream of possibly different people keep demanding
your service and rewarding you for having provided it. The real,
non-computing world exhibits an abundance of services, of course, and
the area where the "right" to profit from providing a service becomes
controversial is where monopolies are providing such services.
Technical protections (reinforced by strict legislation) and patents
also serve to impose monopolies, which is why people feel so strongly
about such matters.
[...]
> I'm not interested in whether it's a sound business decision or not.
> I'm just interested in the developer's right and/or ability to make
> that call.
Of course the developer can make that call. The intention was to inform
such developers that yes, there are ways of protecting your "trade
secrets", but that it's better to understand the tradeoffs than to rely
totally on some potentially flawed solution.
[Cliff Richard's day at work]
> On the other hand, writing musicians/composers typically will be paid
> absolutely nothing for their original creation. They never get paid for
> it as such, but they can (and typically do) yield the copyright to a
> publishing company in return for an agreed royalty rate on sales of the
> reproduced item. They don't so much get paid forever for a service
> rendered long ago, they just have their payment spread out over an
> indefinite period of time, and that is dependent on people buying that
> item.
Agreed. The contracted sessions musician or car worker takes a
guaranteed amount home and bears little or no financial risk in
relation to the success of the product. If the worker had the
possibility of changing the nature of their remuneration, they might
expect to receive a lot less money initially for that day at work, but
to be rewarded more over the lifetime of a successful product. Still,
despite various share ownership incentives, it must still be puzzling
for someone with experiences of decades of work, having had very little
control over their means of reward, to see very well-rewarded people
(yes, even though they exposed themselves to a degree of risk) to be
requesting higher levels of reward, even if such requests are
ostensibly philanthropic.
> This is no different from me investing my own time and money into
> manufacturing 10,000 cars and selling them between now and 50 years
> from now. The major difference is that replicating creative work is
> typically much cheaper and easier than replicating automobiles, hence
> the existence of various laws safeguarding intellectual property, as
> without such laws there would be little incentive to create any such
> works that were non-trivial. No-one is going to pay you up front for
> it, so you need a way of protecting future potential income. Since that
> future income is typically strongly linked to the quality of your work,
> it's arguable that this is in fact a fairer business model than being
> paid a normal salary.
The critical issues around the concept of "intellectual property"
legislation involve various things you've mentioned in the above
paragraph, notably the cost of replicating creative work (but also the
cost of creating such works in many cases), the model through which new
products originate (manufacturing vs. other processes) and are provided
(sales vs. services), incentives (guaranteed financial rewards vs.
other motivations), as well as things like the apparent need for
society to encourage people to contribute new things. However, all this
has to be balanced against the effect on society: you selling 10000
cars over 50 years even with some kind of "right" to demand a
reasonable price for every single one of them may not in itself be
negative, but if it stops someone else from selling cars then the
people in society who make the rules have to then consider whether
their promises to you were overly generous, to the detriment of others
in society, or not.
Paul
Gerhard Fiedler
> It just isn't worth Microsoft's while to take the public-relations hit
> of such a fight: much cheaper for them to re-implement your ideas than
> to copy your GPL'd code.
Exactly. So by publishing the ideas as GPL code, the author presents them
not only the ideas very clearly and well documented, but also an example
implementation. If there was some R&D work involved, it may be a better
thing (in terms of protection) not to publish it. The protection from GPL
is pretty much worthless if the worth is more in the principle than it the
execution.
Gerhard
Alex Martelli
Indeed, copyright is specifically meant not to cover ideas. However, if
you DO care specifically about Microsoft (and that was the company that
was specifically being discussed), I believe you could take advantage of
their policy forbidding employees from accessing GPL-covered materials
(for fear of them being "tainted" by it). If your fear is not
specifically one of Microsoft, then GPL is less likely to help (and I
won't get into a discussion of trade-secrets vs patents -- things vary
far too much amongst jurisdictions, differently from Copyright which
thanks to the Berne convention is "kinda" internationally standardized).
However, as may already have been mentioned in this thread, distributing
executable code _is_ "publishing" of the ideas it embodies, to all
intents and purposes, since many jurisdictions allow reverse
engineering, and the costs of the reverse engineering are not large for
ideas embodied in software (assuming those ideas _do_ have any
substantial value from a financial viewpoint, of course). It may be
worth looking into ways of monetizing the ideas that are less easy to
reverse engineer, such as webservices and custom hardware -- that is, as
always, for ideas of substantial worth, financially speaking (that is
different from the cost of the "R&D work", if any, which is a sunk cost
weakly correlated to a competitor's cost for re-developing the ideas
based even just on knowing that what they enable is indeed feasible).
Alex
danielx
> Bayazee wrote:
> > hi
> > can we hide a python code ?
> > if i want to write a commercial software can i hide my source code from
> > users access ?
> > we can conver it to pyc but this file can decompiled ... so ...!!
> > do you have any idea about this ...?
> >
> > First Iranian Open Source Community : www.python.ir
>
>
> harder to turn back into source code.
>
> There was a product called decompyle which could do it, but although
> there is a version floating around which works for Python 2.4 I've
> never heard of anyone getting it to work.
>
> Import hooks and encrypted source are a good option.
>
> Py2exe embeds the byte-code file for your main script into the
> executable which is also pretty good.
>
> All of these make it hard enough to deter most people who will ever
> want to abuse your source code. Until you have *lots* of users this is
> probably enough.
>
> I never understand the knee-jerk reaction on this mailing list to
> answer people who ask this question by telling them they don't really
> want to do it...
I'm I've compained about this before, but I'd say people apply that
response to alot of other things too here on this mailing list.
***
Earlier in this thread, people were making alot of noise about Bayazee
trying to protect the code while it seemed he was part of an open
source group. He never mentioned that he intended to hide any code
produced for this open source group; indeed, he never mentioned any
code he wished to hide at all. People must have been inferring that if
one is part of an open source group, that all work one produces is for
the group and must therefore be open source. Otherwise, people might
have been thinking that being a member of an open source group makes
you an open source evangelist.
If the latter is true (and these cases are neither mutually exclusive
nor exhaustive), then those who were so vocal in pointing out the
"appearant discrepency" must have been projecting their own views on
Bayazee. I'm not sure if this needs to be said, but just because
someone posts on comp.lang.python does not mean he or she believe (or
even should believe) the same things as you!
My last statement applies to a few other things I've read around here,
but I'm going to be done for now...
>
> Fuzzyman
> http://www.voidspace.org.uk/python/index.shtml
Steven D'Aprano
> Yes, in much the same way that there is no point ever locking your
> doors or installing burglar alarms, as a determined thief will
> eventually steal your belongings.
That's an utterly pointless and foolish analogy.
(1) If a thief breaks into your house and steals your TV, you no longer
have a TV. If a developer sees your code, you still have your code, *even
if they subsequently copy it*. You haven't lost your code, it is just no
longer secret. Since secrecy is rarely valuable in and of itself, you've
lost nothing.
Yes, I've heard all the stories about "valuable algorithms" and the like.
Some of them might even be true. But for 99+% of code, spending even one
cent to keep it secret is just wasting money.
(2) Compiling code to machine language isn't like locking your door.
Compiling code doesn't prevent me from seeing your code or your algorithm,
it just means I see it written in machine language instead of C. If I know
how to read machine code, or if I have a decompiler, then I can read it,
no problems at all. Would you argue that Python source code hides your
algorithm because it is inscrutable to people who can't read and
understand Python? Surely not. So why do you argue that compiled code is
hidden merely because it is inscrutable to people who don't know how to
download a decompiler off the Internet?
(3) Compiling code is certainly not like installing a burglar alarm. When
I decompile your code, no alarms ring and you are not notified.
> I find it strange that people (at least on c.l.py) often equate
> 'imperfect protection' with 'pointless protection'.
Nonsense. Can I remind you that the Original Poster *explicitly* rejected
using Python's imperfect code-hiding technique (distribute only the
compiled .pyc files) because they can be disassembled, but failed to
realise that EXACTLY the same argument holds for compiled C code?
Let me make it clear with a better analogy than your locked door one: the
O.P. says "I don't want people to look through the windows of my Python
house. I thought about hanging curtains, but people with thermal imaging
equipment can see right through the walls. Can I hang vertical blinds in
Python like my C programmer friends?"
The answers are:
(1) No, Python uses curtains. If you want vertical blinds, use another
language.
(2) Even if you hang vertical blinds, it isn't going to stop people with
thermal imaging equipment from seeing into your house and copying your
algorithm, just like they can with Python.
> The all-or-nothing
> attitude makes no sense. If you can halve the number of people who can
> deduce your algorithm, that helps. If you can double the time it takes
> for those people to deduce it, that also helps. If it took you months
> of R&D, the value of even imperfect protection rises.
Fine. But you haven't demonstrated how to do that. You're just plucking
figures out of the air. Anyone can do that: I claim that going to the
trouble of hiding code with (say) py2exe reduces the number of people who
can deduce your algorithm by 0.1%, and increases the time it takes them by
0.01%. Who is to say that my figures are not as good or better than yours?
Do you really think that (say) Microsoft has got neither decompilers nor
people who can operate them?
--
Steven D'Aprano
danielx
> On Tue, 15 Aug 2006 09:00:16 -0700, Ben Sizer wrote:
>
> > Yes, in much the same way that there is no point ever locking your
> > doors or installing burglar alarms, as a determined thief will
> > eventually steal your belongings.
>
> That's an utterly pointless and foolish analogy.
>
> (1) If a thief breaks into your house and steals your TV, you no longer
> have a TV. If a developer sees your code, you still have your code, *even
> if they subsequently copy it*. You haven't lost your code, it is just no
> longer secret. Since secrecy is rarely valuable in and of itself, you've
> lost nothing.
But haven't you lost your control over the code? If you were trying to
sell a program (regardless of whether this is a good way to make money
from it), hasn't your ability to do so been undercut? This is the loss.
>
> Yes, I've heard all the stories about "valuable algorithms" and the like.
> Some of them might even be true. But for 99+% of code, spending even one
> cent to keep it secret is just wasting money.
That may be true, but for someone who has determined that the hiding
the code would be best, it would seem to be quite a good investment.
Besides, these kinds of decisions are made case by case. We would not
throw a dice to see whether some code should be released or not. Of
course, these kinds of statistics _should_ moderate any decision, but I
don't think you can expect that "99+%" will make sense to most
(intelligent) people.
But we have only considered the economics of such a decision. Even if
there is no market value to a work, a person has an understandable
desire to exercise the rights of ownership over a work, given the
amount of personal investment one makes in producing it. It's reall
just a form of acknowledgement (you may consider an alternative form of
acknowledgement more rewarding, but we are talking about the author,
not you). Considering the "investment" justificiation, I find it
difficult to deny an author the right to his or her own work (the right
to a work, of course, implies the option to protect it).
I think the above idea is frequently missed in discussions about
copyrights/patents in the open source world. There, the focus seems to
be on the marketability granted by protections (legal or physical). The
post I am responding to illustrates this focus. Do we believe an author
forfeits ownership of a work merely by sharing it? As a matter of
conscience, I don't believe the answer can be imposed on anyone. Every
person must answer this for him or herself.
>
> (2) Compiling code to machine language isn't like locking your door.
> Compiling code doesn't prevent me from seeing your code or your algorithm,
If a house is locked, it can still be entered (without the key). The
point is not that it is impossible to break in, but that it is more
difficult.
> it just means I see it written in machine language instead of C. If I know
> how to read machine code, or if I have a decompiler, then I can read it,
> no problems at all. Would you argue that Python source code hides your
I know how to read asm, but if you say anyone can read asm just as
easily as one can read Python or even C, then you must be referring to
a machine.
> algorithm because it is inscrutable to people who can't read and
> understand Python? Surely not. So why do you argue that compiled code is
> hidden merely because it is inscrutable to people who don't know how to
> download a decompiler off the Internet?
It's all a matter of degree. The question of plausibility is always
relevant.
>
> (3) Compiling code is certainly not like installing a burglar alarm. When
> I decompile your code, no alarms ring and you are not notified.
That's pretty nit-picky...
I think the point still stands. You seem to acknowledge it at first.
Your m$ example even supports it, because the number of people that
work there is relatively small, not to mention the fact that m$
employees need to be paid (they are paying with their souls aren't they
:P). Your way of getting around the point is just nit-picking at the
figures. Even if we don't take the "twice" figure literally, I imagine
that most of us would agree that the amount that the bar can be raise
is considerable and not insignificant.
An ancillary point: If the bar can be raised (considerably) at little
cost, then a person who wants to protect his or her code (for economic
reasons or otherwise) profits from going through the trouble.
In the end, if he find that the trouble was not worth the cost, it is
his or her loss. Anyone else's loss due to the (relative)
inaccessibility of the code should not be the author's responsibility.
ie, the author should be under no obligation to save someone else the
trouble of accessing the code unfettered (imho).
>
>
>
> --
> Steven D'Aprano
enigmadude
sources, for example, doesn't mean that they have the necessary keys to
access other people's data across the internet. Also, I'm pretty sure I
know how a prison door lock works, but if I'm behind bars and don't
have the key, I'm still screwed.
I believe the same things applies here. Just because you can see the
import code, depending upon what it does, if it requires (for example)
a key in order to decrypt the binary data before the modules can be
loaded, then no matter how much you understand the import code, the
data itself (that is the binary encrypted modules) is still useless to
you.
In any case, everyone is correct in that any program can be reverse
engineered, just like any vehicle can be car-jacked. The point is to
have an at least rudimentary deterrent that makes it not worth their
while. Someone who's smart enough to crack a scheme like this is
probably a smarter programmer than the person who wrote the code in the
first place, and so has no need to be stealing newbie's code.
In any case, I prefer that people get over their greed and paranoia and
just keep Python code open. I agree with most people here. I'm not an
expert programmer, and many people I know aren't either, but for some
reason the whole "intellectual property" boogeyman keeps making
programmers believe that they have to hide even every example of a
linked list or sort function. Geez. Just keep the sources open people.
Slawomir Nowaczyk wrote:
> On Thu, 10 Aug 2006 17:35:27 -0700
> enigmadude <enigm...@rock.com> wrote:
>
> #> 2. I've never done this, but you might be able to encrypt or otherwise
> #> turn you modules into binary form, and then use a clever import
> #> hook.
>
> Please observe that whatever the "clever import hook" is, it actually
> needs to know the way to *decrypt* the module (secret key or
> whatever). It means that if somebody decompiles the importing code, he
> can just as well decompile the "hidden" one.
>
> --
> Best wishes,
> Slawomir Nowaczyk
> ( Slawomir...@cs.lth.se )
>
> Children are natural mimics, who act like their parents despite
> every effort to teach them good manners.
Steven D'Aprano
> Steven D'Aprano wrote:
>> On Tue, 15 Aug 2006 09:00:16 -0700, Ben Sizer wrote:
>>
>> > Yes, in much the same way that there is no point ever locking your
>> > doors or installing burglar alarms, as a determined thief will
>> > eventually steal your belongings.
>>
>> That's an utterly pointless and foolish analogy.
>>
>> (1) If a thief breaks into your house and steals your TV, you no longer
>> have a TV. If a developer sees your code, you still have your code, *even
>> if they subsequently copy it*. You haven't lost your code, it is just no
>> longer secret. Since secrecy is rarely valuable in and of itself, you've
>> lost nothing.
>
> But haven't you lost your control over the code? If you were trying to
> sell a program (regardless of whether this is a good way to make money
> from it), hasn't your ability to do so been undercut? This is the loss.
Maybe so. And if a competitor creates a better product than yours, hasn't
your ability to sell your program been undercut too?
Either scenario has NOTHING to do with thieves breaking into your house
and locks on doors. The analogy is bogus. Undercutting your ability to
sell a product is not theft, and compiling source code to machine code is
not analogous to a lock on the door.
>> Yes, I've heard all the stories about "valuable algorithms" and the like.
>> Some of them might even be true. But for 99+% of code, spending even one
>> cent to keep it secret is just wasting money.
>
> That may be true, but for someone who has determined that the hiding
> the code would be best, it would seem to be quite a good investment.
Whether it "seems" to be a good investment is quite different from whether
it *is* a good investment.
If they ask me for advice, I'll tell them that they're almost certainly
wasting their time, that their algorithm almost certainly isn't as
valuable as they think, and that if they disagree, well, Python supports
.pyc files, there are tools like py2exe which will put their Python code
inside an exe file, there is a Python obfuscator, and a few other tricks.
If none of those things are good enough for them, then Python is not the
language they want to be using.
As for the rest of your post, it is mostly irrelevant. However, I will
answer one last point:
[snip]
> Even if we don't take the "twice" figure literally, I imagine
> that most of us would agree that the amount that the bar can be raise
> is considerable and not insignificant.
I dispute that "most of us" agree that the bar can be raised a
considerable amount. It is my position that in the real world, as opposed
to the fantasies of amateur programmers, compiling code is virtually NO
BARRIER to your competitors understanding your algorithm.
Perhaps you would like to consider how it is that black-hat hackers and
virus writers can analyse Microsoft Windows for vulnerabilities and
security holes *without access to the source code*?
(And by the way: your suggestion that Microsoft has very few workers is
wrong. Microsoft has approximately 60,000 employees, and that almost
certainly doesn't include the many sub-contractors they hire.
http://www.networkworld.com/news/financial/microsoft.html )
--
Steven D'Aprano
Paul Boddie
>
> But we have only considered the economics of such a decision. Even if
> there is no market value to a work, a person has an understandable
> desire to exercise the rights of ownership over a work, given the
> amount of personal investment one makes in producing it.
There are other motivations, too. An author might wish that their work
convey a particular message and that others should not be able to make
derived works which distort or contradict that message. However, there
are various established principles of fair use which limit the author's
control over such derived works.
[...]
> I think the above idea is frequently missed in discussions about
> copyrights/patents in the open source world. There, the focus seems to
> be on the marketability granted by protections (legal or physical). The
> post I am responding to illustrates this focus. Do we believe an author
> forfeits ownership of a work merely by sharing it? As a matter of
> conscience, I don't believe the answer can be imposed on anyone. Every
> person must answer this for him or herself.
As we've mentioned above, one crucial issue is control over published
works and over the potentially related works of others. With software,
such control is mediated by the licence which is often prominent, even
unavoidable when using proprietary software; thus, people using or
distributing software should be aware of the licence which applies to
the work. In contrast, works in areas such as popular music are not
prominently "labelled" with licensing information if you're listening
to that music playing on the radio, television, in a public space, and
so on. This apparent "promiscuity" with such works leads people to
believe that they are freely exchangeable and that the author is not
exercising control, even if that isn't really the case due to the
framework established by the recording industry for broadcasters.
So, people perceive an apparent lack of control as some kind of lack of
ownership, that the work has, by being shared in an apparently
unconditional way, become part of their common culture - a sentiment or
an understanding that can presumably be traced back throughout the
history of human culture itself. At the opposite end of the spectrum of
control, when mechanisms of control are used to restrict the
distribution of derived works or the production of coincidentally
related works, is it unfair that people wish to disregard such
apparently counter-intuitive mechanisms? An interesting example in
popular culture was the legal argument about whether silence
constitutes an original work
(http://news.bbc.co.uk/1/hi/entertainment/music/2133426.stm), but
things like patents affect the ability of others to create works in a
fashion that can be much harder to predict.
Paul
danielx
> On Wed, 16 Aug 2006 13:39:10 -0700, danielx wrote:
>
> > Steven D'Aprano wrote:
> >> On Tue, 15 Aug 2006 09:00:16 -0700, Ben Sizer wrote:
> >>
> >> > Yes, in much the same way that there is no point ever locking your
> >> > doors or installing burglar alarms, as a determined thief will
> >> > eventually steal your belongings.
> >>
> >> That's an utterly pointless and foolish analogy.
> >>
> >> (1) If a thief breaks into your house and steals your TV, you no longer
> >> have a TV. If a developer sees your code, you still have your code, *even
> >> if they subsequently copy it*. You haven't lost your code, it is just no
> >> longer secret. Since secrecy is rarely valuable in and of itself, you've
> >> lost nothing.
> >
> > But haven't you lost your control over the code? If you were trying to
> > sell a program (regardless of whether this is a good way to make money
> > from it), hasn't your ability to do so been undercut? This is the loss.
>
> Maybe so. And if a competitor creates a better product than yours, hasn't
> your ability to sell your program been undercut too?
Creating a better product is a legitimate activity (that's what the
market system is trying to promot after all (not saying the market
system is right, but it is relevant since many people believe in it)).
The whole question is whether copying your code is legitimate. Drawing
an analogy from art and clearly patent-able products, it seems software
might fall into the same category of protectable products. Again, this
is the question at hand.
>
> Either scenario has NOTHING to do with thieves breaking into your house
> and locks on doors. The analogy is bogus. Undercutting your ability to
> sell a product is not theft, and compiling source code to machine code is
> not analogous to a lock on the door.
>
>
> >> Yes, I've heard all the stories about "valuable algorithms" and the like.
> >> Some of them might even be true. But for 99+% of code, spending even one
> >> cent to keep it secret is just wasting money.
> >
> > That may be true, but for someone who has determined that the hiding
> > the code would be best, it would seem to be quite a good investment.
>
> Whether it "seems" to be a good investment is quite different from whether
> it *is* a good investment.
>
> If they ask me for advice, I'll tell them that they're almost certainly
> wasting their time, that their algorithm almost certainly isn't as
> valuable as they think, and that if they disagree, well, Python supports
So it's your opinion against the author's, no? And the decision is up
to the author, and not you, no?
> .pyc files, there are tools like py2exe which will put their Python code
> inside an exe file, there is a Python obfuscator, and a few other tricks.
> If none of those things are good enough for them, then Python is not the
> language they want to be using.
That seems good, but you also seem to have something against the whole
idea of stronger protections for Python. I don't think loose
protections has to be an inherent feature of Python.
>
> As for the rest of your post, it is mostly irrelevant. However, I will
> answer one last point:
>
> [snip]
>
> > Even if we don't take the "twice" figure literally, I imagine
> > that most of us would agree that the amount that the bar can be raise
> > is considerable and not insignificant.
>
> I dispute that "most of us" agree that the bar can be raised a
> considerable amount. It is my position that in the real world, as opposed
> to the fantasies of amateur programmers, compiling code is virtually NO
> BARRIER to your competitors understanding your algorithm.
Anyone willing to take a good survey? Until then, I think we can just
disagree over that point.
>
> Perhaps you would like to consider how it is that black-hat hackers and
> virus writers can analyse Microsoft Windows for vulnerabilities and
> security holes *without access to the source code*?
Yes, but wouldn't it be much easier for those vulnerabilities to be
discovered if the code were released? Black-hats also have to advantage
that MS announces vulnerabilities for them, which they take advantage
of during the period where people are patching their windows.
>
> (And by the way: your suggestion that Microsoft has very few workers is
> wrong. Microsoft has approximately 60,000 employees, and that almost
> certainly doesn't include the many sub-contractors they hire.
> http://www.networkworld.com/news/financial/microsoft.html )
I'd say that's not a large number (I was more or less aware that ms has
ten's of thousands of emploees), but obviously you'd disagree with
that...
>
>
>
> --
> Steven D'Aprano
danielx
While I agree with most of your post, I think the point should be made
that eula's don't hold up very well in US courts:
http://en.wikipedia.org/wiki/EULA#Enforceability
> prominently "labelled" with licensing information if you're listening
> to that music playing on the radio, television, in a public space, and
> so on. This apparent "promiscuity" with such works leads people to
> believe that they are freely exchangeable and that the author is not
> exercising control, even if that isn't really the case due to the
> framework established by the recording industry for broadcasters.
>
> So, people perceive an apparent lack of control as some kind of lack of
> ownership, that the work has, by being shared in an apparently
Extremely interesting point! This should really motivate people to
answer the question I posed earlier: Does an author of software forfeit
his rights to the code if he shares his program (ie, reliquishes
_complete_ protection over the code)?
Let's say this happens: I want to sell some software, but I'm affraid
people will just copy it. So I prototype it in Python (or whatever
programming language) and never release the program. Based on that, I
design a chip (I know this is nearly impossible, but we are doing a
mental experiment), which does exactly the same thing.
First of all, the chip can be reverse engineered (of course, with MUCH
greater difficulty than the equivalent code). Should I still be worried
that my invention will be copied?
A second point to consider: The chip is patentable (I think this is the
case legally, as well as in the court of public opinion), so what about
the equivalent code?
Gerhard Fiedler
> A second point to consider: The chip is patentable (I think this is the
> case legally, as well as in the court of public opinion),
No. A chip is not patentable. In your scenario, the /idea/ behind the
chip's functionality may be patentable, but for a patent it doesn't matter
whether the idea is realized as a custom chip or as software running on a
standard computer.
Differently from copyright (which is about a specific form), patents are
about ideas. They must have a realization (ie. you must be able to show
that it can work), but the patent encompasses all realizations of the
described idea. (It may of course be non-trivial to determine whether a
given modification has been described in the patent or not...)
Gerhard
Paul Boddie
>
[The suggestion that works apparently given away unconditionally become
part of common culture.]
> Extremely interesting point! This should really motivate people to
> answer the question I posed earlier: Does an author of software forfeit
> his rights to the code if he shares his program (ie, reliquishes
> _complete_ protection over the code)?
Well, although some software may be used without the user being
particularly aware of the licence, licences such as the GPL are defined
in terms of distribution. The authors of that licence perhaps realised
that grounding such an agreement in terms of the usage or performance
of a work may be susceptible to the misunderstandings which seem to
have plagued the music industry.
Listening to music over the radio is in practice an involuntary act,
whereas recording and redistributing the music is something that one
actively has to do. The apparent difference between broadcast popular
music and software is that software typically arrives with a licence
(or one is typically forced to view such a licence before downloading
it), and that redistributing software is an act where any later
argument that one was not aware of the licence would be a less credible
defence.
Of course, copyright laws may state that a work without a licence is
"strongly owned" by the author in that redistribution is prohibited,
but as I noted earlier this seems to have been perceived as
counter-intuitive, especially where the work is widely "performed" for
free.
> Let's say this happens: I want to sell some software, but I'm affraid
> people will just copy it. So I prototype it in Python (or whatever
> programming language) and never release the program. Based on that, I
> design a chip (I know this is nearly impossible, but we are doing a
> mental experiment), which does exactly the same thing.
I don't think it's an unreasonable suggestion.
> First of all, the chip can be reverse engineered (of course, with MUCH
> greater difficulty than the equivalent code). Should I still be worried
> that my invention will be copied?
It used to be said that the first people to buy the latest games
console were the competition.
> A second point to consider: The chip is patentable (I think this is the
> case legally, as well as in the court of public opinion), so what about
> the equivalent code?
This is why people are very worried about the scope of patents
gradually expanding from areas where companies have sought some kind of
incentive for investment in manufacturing, for example, to areas where
patents have actually been forbidden in the past, such as in computer
software. Sadly, there's a kind of misguided attitude amongst
law-makers (particularly certain "visionaries" in the European Union)
who think they're encouraging innovation when unquestioningly accepting
arguments that if technology A is patentable and if technology B is
like technology A, then technology B should be patentable, rather than
considering that patents on technology A should also be forbidden.
Paul
Slawomir Nowaczyk
enigmadude <enigm...@rock.com> wrote:
#> Slawomir Nowaczyk wrote:
#> > On Thu, 10 Aug 2006 17:35:27 -0700
#> > enigmadude <enigm...@rock.com> wrote:
#> >
#> > #> 2. I've never done this, but you might be able to encrypt or otherwise
#> > #> turn you modules into binary form, and then use a clever import
#> > #> hook.
#> >
#> > Please observe that whatever the "clever import hook" is, it actually
#> > needs to know the way to *decrypt* the module (secret key or
#> > whatever). It means that if somebody decompiles the importing code, he
#> > can just as well decompile the "hidden" one.
Please do not top-post...
#> I'm pretty sure that just because someone is familiar with the PGP
#> sources, for example, doesn't mean that they have the necessary keys to
#> access other people's data across the internet. Also, I'm pretty sure I
#> know how a prison door lock works, but if I'm behind bars and don't
#> have the key, I'm still screwed.
#>
#> I believe the same things applies here. Just because you can see the
#> import code, depending upon what it does, if it requires (for example)
#> a key in order to decrypt the binary data before the modules can be
#> loaded, then no matter how much you understand the import code, the
#> data itself (that is the binary encrypted modules) is still useless to
#> you.
Not really. The thing is, whatever data is actually required to
perform the decryption, *must* be available in the importing code...
as this code needs to -- by definition -- be able to decrypt the
binaries into a form understandable by the CPU. After all, the code is
supposed to actually work.
As far as your analogy goes, you *do* have a key to the prison door,
because you are *expected* to be able to let yourself out.
--
Best wishes,
Slawomir Nowaczyk
( Slawomir...@cs.lth.se )
War doesn't determine who's right, war determines who's left.