obfuscation

Re: obfuscation


"James Kanze" <james.kanze@gm ail.comwrote in message
news:1180791530 .919780.165470@ o5g2000hsb.goog legroups.com...
On Jun 1, 10:16 pm, "JohnQ" <johnqREMOVETHI Sprogram...@yah oo.com>
wrote:"And what does obfuscation change with respect to that?"

It makes is harder to reverse-engineer and disuades the casual
infringer.

"The copyright is there, whether the code is obfuscated or not. It's
software, so it's not patentable in the civilized world."

You mean all that hullaballoo in all the US courts about software
patents is moot?

"And obfuscation doesn't affect the trade secret status either."

I disagree. One must take reasonable measures to conceal trade
secrets to be recognized as such.

"About the only real reason I know for obfuscation is that you're
ashamed of the quality, and don't want the customer to be able
to see how bad it is."

Now you're describing _open_ source! ;)

John

Re: obfuscation

On Jun 5, 7:25 pm, "JohnQ" <johnqREMOVETHI Sprogram...@yah oo.com>
wrote:You don't casually "reverse-engineer" software, even if you have
the sources. Look at all the open-source stuff floating around;
unless you're really working with it, you can't do anything with
sources.
I said the civilized world. Where international law is
recognized and respected. Software is not patentable under
international law.
Like having the user sign a non-disclosure agreement. Once
you've delivered software to a customer who hasn't signed such
an agreement, trade secrets are out.
Not really. Almost the opposite, in fact: all you can do with
the sources, really, is judge the quality of the software.
Having access to the sources doesn't really buy you much more,
despite all the claims of the open source movement.

I use a number of open source products: g++, vim, etc. I'm
totally incapable of modifying any of them, or even stealing
ideas from them. If, on the other hand, my goal was to steal
the ideas, and I was willing to invest the effort, the lack of
sources wouldn't really hinder me very much. And if I wanted to
modify g++ or vim, I'd start by contacting people already
working on them, to get the additional internal documentation
that they certainly have---things like a description of the
internal data structures and such.

--
James Kanze (GABI Software) email:james.kan ze@gmail.com
Conseils en informatique orientée objet/
Beratung in objektorientier ter Datenverarbeitu ng
9 place Sémard, 78210 St.-Cyr-l'École, France, +33 (0)1 30 23 00 34

Re: obfuscation


"James Kanze" <james.kanze@gm ail.comwrote in message
news:1181117607 .284328.296440@ w5g2000hsg.goog legroups.com...
On Jun 5, 7:25 pm, "JohnQ" <johnqREMOVETHI Sprogram...@yah oo.com>
wrote:"You don't casually "reverse-engineer" software, even if you have
the sources. Look at all the open-source stuff floating around;
unless you're really working with it, you can't do anything with
sources."

Now you're trying to get me started on the unapproachabili ty of open
source (!). My point: class hierarchies and function declarations and
such can be enough to rob someone of their R&D efforts. If that is
readily available by examining the executable in a text editor, it makes
it too easy for someone to steal the concept/trade-secret or whatever.
"I said the civilized world. Where international law is
recognized and respected. Software is not patentable under
international law."

That's what I thought you meant. But that doesn't solve the problem of
someone taking from you something you don't want to give them.
"Like having the user sign a non-disclosure agreement. Once
you've delivered software to a customer who hasn't signed such
an agreement, trade secrets are out."

But if the executables don't contain the information to begin with,
the NDA is not necessary. The thread is about obfuscation beyond
what the compiled code gives in order to keep things a secret.
"Not really."

IMO, open source is of low quality in general.

"Almost the opposite, in fact: all you can do with
the sources, really, is judge the quality of the software.
Having access to the sources doesn't really buy you much more,
despite all the claims of the open source movement.

I use a number of open source products: g++, vim, etc. I'm
totally incapable of modifying any of them, or even stealing
ideas from them."

Well if you replace 'stealing' with 'using', then you'd have my
point that open source is of low quality.

"If, on the other hand, my goal was to steal
the ideas, and I was willing to invest the effort, the lack of
sources wouldn't really hinder me very much."

My point is: why make it easy to steal in the first place?
Obfuscation can make the concepts hidden from entire classes
of would-be <whatever you wanna call thems>.

"And if I wanted to
modify g++ or vim, I'd start by contacting people already
working on them, to get the additional internal documentation
that they certainly have---things like a description of the
internal data structures and such."

There's a lot more software than the large and complex
examples though and you're focusing just on them. Also, you
are assuming "the whole program" whereas I am concerned
also about the underlying abstractions that the program is
built up: class libraries etc.

Anyway, point made (?). I'm not sure what can be gleaned from
non-debug executables with the vendor supplied developer
utilities (in my case VC++), but I'll certainly be checking that
before I release any product (beta or otherwise).

John