On Oct 9, 2007, at 11:51 PM, Bill Kelly wrote:

>
> From: "John Joyce" <dangerwillrobinsondanger / gmail.com>
>>
>> Still, I ask, why obfuscate at all? If it is for security  
>> reasons,  there are better solutions.
>
> Most commercial desktop software I've installed in the last
> decade requires some sort of serial number or registration key
> to be provided to activate the software.
>
> Increasingly, such programs also seem to be requiring an internet
> connection, before becoming fully registered, so that the key
> provided may be verified to be authentic and not in promiscuous
> use.
>
> Of course, people who really want to crack the software, and
> people who really want to use cracked versions of the software
> will do so regardless.
>
> I think the head of a company that develops both games and
> application software summed it up well in this interview:
>
> http://www.gamespot.com/pc/strategy/galacticcivilizations2/ 
> news.html?sid=6145864&cpage=1
>
> "Any copy protection system, in my opinion, should be focused on
> trying to increase sales--not stop piracy. The two aren't the
> same. Most people who pirate a software product would never have
> purchased it. It's pointless to waste time on those people. The
> people to focus on are the ones who might have bought your product
> or service but chose not to because it was easier to pirate it."
>
> Thus, their company opted not to include game-like copy protection
> measures in their game (like requiring the CD in the drive), but
> did use application-like registration key measures, and added  
> incentives like only allowing product updates to be downloaded to
> registered versions.
>
> Now...
> What would happen if one released an un-obfuscated Ruby application,
> and included typical application registration/activation logic in
> the program, and added comments in the source code, like:
>
>  # Check registration.  PLEASE DON'T REMOVE THIS, THANKS.
>  # WE ARE A SMALL COMPANY AND HOPE THAT YOU WILL BUY OUR
>  # SOFTWARE IF YOU LIKE IT.
>  app.check_valid_registration
>
> I'm not trying to be coy by suggesting the above; I'm actually  
> wondering if it might work out OK.  Since most users aren't
> programmers, they likely wouldn't think to check the source to
> remove the registration box.  And the ones who would go looking
> for a warez version would have been able to do so regardless of
> whether your source was obfuscated or not.
>
> If I have the courage, I may try this someday. :)
>
>
> Regards,
>
> Bill
>
>
>
bingo!