Re: Seeing the source

< ^ > P N |<>|^_>< --- | ~ ...Help
> > Disagree. There is, obviously, a *market* for code obfuscation with
> > *affordable* tools. The challenges are higher for a highly dynamic
> > Language
> > like Ruby, but less so for languages like Java or C#, which have the
> > additional benefit of creating bytecode/IL, which can be obfuscated
> > easier.
> 
> There's a market for _lots_ of "bossware" - thinks like MS Project,
> that nobody really needs...

Gantt charts are not just unnecessary. They, and their brethren, are risk
management. Risk management is vital, even, nay especially, in software
development (You do want to keep your job, don't you? That can mean that a
pet project is axed by the Powers That Be to keep the company in
business..).

Agile is nothing more but risk management taken to the development team.
From YAGNI, via DRY, to TTD, it'S risk management.

Sure, a programmer won't need skills in risk management, business logic,
marketing, sales, or other social skills. A developer, though, does.
 
> > Code obfuscation is one step of many to "keep honest people honest".
> > Fighting a war with crackers will not end well, since there are more
> > crackers out there than people writing an application.
> 
> Right idea but wrong formula. For every week spent securing code, a
> cracker can spend an hour cracking it. That's just entropy - it's easier
to
> destroy than create.

Add a blank line, introduce a new feature, run the obfuscator after your
build before shipping. Crack won't work anymore. ;) Code obfuscation doesn't
(and shouldn't!) mean "I better rename my PatentedBusinessLogic class
Xxfghdofhdzsdfgdsb", but "Run a tool as part of my build7deplyoment process
to make the resulting built harder to read". Of course, less dynamic
languages like Ruby are better suited to this. And I don't think it is a
dealbreaker for using Ruby, either. ;)

Of course, if you spend months on that Really Clever Method To End Software
Cracking, you are betting on the wrong horse.

And as I said: it is *one* step of keeping honest people honest. You won't
be able to best the crackers. Never will be. But you can raise the bar one
bit more to sell probably a lot more units. microISVs are specialists in
doing that. ;)

Patrick McKenzie said it better than me, where this all fits into the bigger
picture:
http://microisvjournal.wordpress.com/2006/09/05/everything-you-need-to-know-
about-registration-systems/

> 09-f9-11-02-9d-74-e3-5b-d8-41-56-c5-63-56-88-c0, holmes. See you in
> GITMO!

Exactly. The DMCA is something that happens to "other people, never me!", or
can backfire nastily (the Science Fiction and Fantasy Writer Association is
currently (ab)using the DMCA to hilarious effect), but it didn't really stop
file sharing, or copyright infringement, either.

It is a social problem. It is a) largely perceived as a victimless crime,
and b) the MPAA/RIAA and equivalents aren't really making it easy to take
them serious in their efforts. (See McKenzie's blog post for reasons ;)

All in all, that doesn't mean you shouldn't protect your own IP, especially
if it is what guarantees your livelihood. This is less, much less, acute for
a bank's REST-API developer for intranet communication, than for somebody
who lives from the sales of his/her software.

--
Phillip Gawlowski