Yu-Xi Lim <[EMAIL PROTECTED]> writes: > Indeed, everything has a cost, and I was wrong in saying > "free". However, if convenient language-supported transforms are used, > the direct cost of using obfuscation would be miniscule in comparison > to just about everything else. Implementing it should be one simple > step, and testing it shouldn't be required (if you reasonably assume > the language isn't broken).
Failng to test what you ship is simply poor engineering and poor marketing. If you're incompetent, you might skip those steps. Otherwise, you have to test with obfuscation in place. > I am going to ignore certain aspects of the Sony XCP case, such as the > bad EULA and the bad PR (we shall leave that to the lawyers and > marketing folk and stick to something we programmers can actually > fix). What we have left is a broken software implementation of copy > protection. If language-supported (or even OS-supported, which would > have helped Sony*) transformations are used, we can expect to rule out > such brokenness, i.e. no obfuscation-induced incompatibilities and > related help-desk calls. This further reduces the unexpected costs of > code obfuscation to zero (did I miss anything?) You ignored the fact that the *act* of copy protection cost them customers. It wasn't the poor implementation or the EULA, it was the fact that people who were denied their fair use rights returned or refused to buy their product. The rest of it merely made it widely publicized. > This form of obfuscation is certainly weak, but given that the costs > are so tiny, why not use it? Even if you could gain one customer (and > a few dollars if you're a shareware developer), you have more than > recuperated your costs. If you don't, you probably lost 5 minutes of > development time. Is this a worthwhile gamble? I believe so. And if instead you lose one customer because you've denied them their fair use rights, then your copy protection has lost you more in the form of a cost that you overlooked than all the costs you actually considered. > Mike Meyer may reiterate his point about "keeping honest people > honest" and thus such obfuscation has little ("insignificant") > benefit. Whether this little difference is "insignificant" is up to > the developer/publisher/etc to decide. My thesis (to borrow Alex > Martelli's language) is that it is possible to obtain *some* benefit > from obfuscation with *minimal* costs. Actually, obfuscation by itself has *no* benefit. If all you do is obfuscate the code, none of the pirates will ever notice - they'll just copy the code without ever trying to read it. It's the copy protection mechanisms you're trying to obfuscate that gains you the alleged benefit. Once you provide a copy protection mechanism, obfuscation has some benefit, though the costs aren't clearly minimal, not if you're a cometent engineer. It's the benefits of the copy protection that I claim are insignificant. <mike -- Mike Meyer <[EMAIL PROTECTED]> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. -- http://mail.python.org/mailman/listinfo/python-list