Re: [gentoo-user] Re: {OT} Deliberately obfuscating my code
Should I only hire coders I can sit in the same room with? That will probably work best, but it will cost more. Have you ever managed a programming team before? I haven't. Any pointers? Not really. Just be prepared for the programmers to misunderstand the specification at every turn. And once they've understood the spec, be prepared for them to just plain screw up the implementation. Unless you're hiring programmers who have a very good understanding of the problem space, they're not going to understand the spec. They are going to do the wrong thing in the first several iterations before they finally understand what it is that you want. Some of the wrong things will violate the spec. Many won't. It's like hiring to build a house carpenters who've never seen a house, never heard of a house, and have no idea what a house is for. The first version will look like the drawings, but they'll have misunderstood the dimensions and the whole thing will be 3 feet high an 5 feet wide. When you ask how people are going to fit in that, they're going to look at you completely dumbfounded because you never told them people had to fit inside -- how were they supposed to know that? The second version will be the right size, but the doors and windows won't open -- they'll be built solidly into the structure on all four sides. When you ask why, they'll say it's a lot stronger that way! You'll say but I told you people had to fit inside. They'll reply that people _do_ fit inside. You'll ask how are they going to _get_ inside. They'll say the specification doesn't say that doors and windows have to open, so we implemented it the strongest way, and now people fit inside just like you said. [Repeat until you're out of time and/or money.] The only advice I've got is to do things in increments as small as possible. Don't do big bang integration. Make sure there is a runnable testable program after the first week of development. Maybe it doesn't implement any significant features, but you must have something runnable and testable at all times. Otherwise, you can get too far down the wrong road before you finally figure out that either a) what you specified isn't going to work, or b) they didn't understand the specification at all. Great advice from everyone, thank you. By hiring coders, the intention is to save myself time and effort but it sounds like I would only be replacing one problem with another. I'm really not sure how to proceed but you guys have saved me from hurling myself into something I didn't understand. Trying to figure it out, Grant
Re: [gentoo-user] Re: {OT} Deliberately obfuscating my code
Great advice from everyone, thank you. By hiring coders, the intention is to save myself time and effort but it sounds like I would only be replacing one problem with another. I hope I wasn't too discouraging, but you're definitely replacing one problem with another. I don't need encouragement, I need advice. :) The questions are: 1) The relative sizes of the problems? No problems really. It's just kind of a never-ending project that could go in many directions. The more coders working on the project the more directions can be explored. 2) How much your time is worth? Even if I spend 80 hours a week coding, the rate at which I code will be the project's limiting factor. I'd love to fix the bottleneck and make the limiting factor the number of coders I can hire. 3) Do you prefer spec-writing and project management or writing code? If the choice is between 1 hour coding and 1 hour writing and managing in order to accomplish 1 hour of coding, I'll code. For me, I'd probably rather take a week off my without pay from my day jobs and write the code myself rather than pay somebody else $2000 to do it. [And that's assuming I could find somebody competent to work for $50/hour.] I'm really not sure how to proceed but you guys have saved me from hurling myself into something I didn't understand. I don't know what language you're using, but my only other recommendation might be to consider using a high level language like Python instead of C. Developing a large application in Python instead of C can save huge amounts of time. My guess would be that on average Python development takes about 25% of the time that C would take. That's great advice but the language is already very high level. I guess I'm trying to take it one level higher at which point it becomes English. :) - Grant
Re: [gentoo-user] Re: {OT} Deliberately obfuscating my code
On Thursday 11 November 2010 17:33:25 Grant wrote: Have you ever managed a programming team before? I haven't. Any pointers? Good grief! The literature is full of weighty tomes on the subject, and copious advice is available in multiple news groups - and no doubt e- mail lists too by now. This is not an enterprise to be embarked on lightly. People spend their entire working lives at it and are still learning at the end of it (counting project management as part of the subject). -- Rgds Peter. Linux Counter 5290, 1994-04-23.
Re: [gentoo-user] Re: {OT} Deliberately obfuscating my code
Grant, you need to stop being paranoid. ?I am surprised you even worked up the courage to let slip on here, in public, that you even have a sooper dooper sekrit project. This seems to be the general consensus. You see, I don't have a computer science degree and about 75% of what I know about Linux I learned on this list. Apparently this idea of mine is not a good one. The sekrit isn't really a secret, it's just a mature piece of ordinary software. Most if not all of you wouldn't be interested in receiving it for free, but people in the right industry would like to have it and I'd like to keep it for myself. Surely there is room for private software even in an open source world. So it's either trust your coders or do it yourself? Yup, pretty much. My budget is small and the coders I can afford are outside of the US. I'd be working with them via chat, email, or phone. Should I feel OK about turning my source over to them? Yes, if you deal with reputable companies or individuals who's references you can verify. If you're dealing with random individuals, then maybe. Should I only hire coders I can sit in the same room with? That will probably work best, but it will cost more. Have you ever managed a programming team before? I haven't. Any pointers? - Grant
Re: [gentoo-user] Re: {OT} Deliberately obfuscating my code
Am 10.11.2010 06:56, schrieb Grant Edwards: On 2010-11-09, Florian Philipp li...@f_philipp.fastmail.net wrote: Well, there are two ways to go here: 1. Modularize what you have. Give every developer only the source he is supposed to work on and binary interfaces (libs + header files for C/C++) and documentation for everything else. Then the devs will be able to run the software but no one will have all the source code. 2. Do not give working code to anyone. Define specs, test cases, prototypes and mock-ups. Then tell your devs to develop against these. When they have finished their modules (classes, units, whatever), it is your job to integrate these modules and see whether they work together as expected. If they don't, improve your specs and tests and give the code back to the devs for another iteration. I favor the second approach, especially as there are tools available to help you and it is safer against reverse-engineering. Both of these approaches are going to involve a lot of overhead (the second more so that the first). I would _guess_ than approach 2 will add at least 50-100% overhead. IOW, there's a pretty good chance that writing the whole thing yourself would take less of your time than designing, specifying, coordinating, integrating, testing and managing approach 2. [...] Sure. But it will be fun! ;) ... Just kidding. Unless specifications, inline interface documentation (doxygen, javadoc) and unit tests were already planned or even done (kudos if you actually do this while developing), you are probably right concerning the overhead. Of course it all depends on your development environment. When you get into the embedded, real-time, high-performance, high-security or high-redundancy realm, specifications etc. tend to become less overhead in comparison to actual coding and algorithmic effort. There are reasons why in some environments it is even affordable to create two independent implementations and then choose the better one. I highly doubt that we are actually talking about such software here, though. Regards, Florian Philipp signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Re: {OT} Deliberately obfuscating my code
Read the OP again. He wants to obsfuscate the code to make it unreadable for the people he's hiring to work on it. It would be simpler and cheaper to hire developers who don't understand programming language in question, computers, programming in general, or even english. Then don't let them access any computers that have the source code. You'll get better results that way -- far fewer bugs will be introduced. The idea isn't to make the code unreadable. Obviously anyone working on it needs to be able to read and understand it. This idea was brought on while reading a Wikipedia page about modular programming: Theoretically, a modularized software project will be more easily assembled by large teams, since no team members are creating the whole system, or even need to know about the system as a whole. They can focus just on the assigned smaller task. http://en.wikipedia.org/wiki/Modular_programming I don't mind system administration but I don't want to be a programmer any more. I'd like to hire programmers to work in the manner described above. They would each work on modules and not know about the system as a whole. How can something like this be implemented? - Grant
Re: [gentoo-user] Re: {OT} Deliberately obfuscating my code
On 9 November 2010 09:14, Grant emailgr...@gmail.com wrote: Theoretically, a modularized software project will be more easily assembled by large teams, since no team members are creating the whole system, or even need to know about the system as a whole. They can focus just on the assigned smaller task. http://en.wikipedia.org/wiki/Modular_programming I don't mind system administration but I don't want to be a programmer any more. I'd like to hire programmers to work in the manner described above. They would each work on modules and not know about the system as a whole. How can something like this be implemented? Okay, so this has nothing to do with obfuscation, not trusting people, or protecting IP. This is normal software development. One would want to break a large application into manageable pieces. Usually, those pieces would be libraries (where the meaning of library depends on your programming language of choice: SOs, DLLs, JARs, etcetera). If your application is monolithic right now then you (and/or your developers) will have to spend some time modularizing it. So is your question really how do I modularize my code?
Re: [gentoo-user] Re: {OT} Deliberately obfuscating my code
Theoretically, a modularized software project will be more easily assembled by large teams, since no team members are creating the whole system, or even need to know about the system as a whole. They can focus just on the assigned smaller task. http://en.wikipedia.org/wiki/Modular_programming I don't mind system administration but I don't want to be a programmer any more. I'd like to hire programmers to work in the manner described above. They would each work on modules and not know about the system as a whole. How can something like this be implemented? Okay, so this has nothing to do with obfuscation, not trusting people, or protecting IP. This is normal software development. One would want to break a large application into manageable pieces. Usually, those pieces would be libraries (where the meaning of library depends on your programming language of choice: SOs, DLLs, JARs, etcetera). If your application is monolithic right now then you (and/or your developers) will have to spend some time modularizing it. So is your question really how do I modularize my code? I'm most interested in the part about developers not knowing about the system as a whole. I'd like developers to work on my code, but prevent them from selling the code or using it themselves. I thought a good way to accomplish this might be to modularize heavily and change variable names. It sounds like I'm really going against the grain here. Is it standard practice to hire a developer on the internet from any given country, never meet him or her, have them fax a signed NDA, and turn over your biggest asset to them? - Grant
Re: [gentoo-user] Re: {OT} Deliberately obfuscating my code
On Tue, Nov 9, 2010 at 9:14 AM, Grant emailgr...@gmail.com wrote: Read the OP again. He wants to obsfuscate the code to make it unreadable for the people he's hiring to work on it. It would be simpler and cheaper to hire developers who don't understand programming language in question, computers, programming in general, or even english. Then don't let them access any computers that have the source code. You'll get better results that way -- far fewer bugs will be introduced. The idea isn't to make the code unreadable. Obviously anyone working on it needs to be able to read and understand it. This idea was brought on while reading a Wikipedia page about modular programming: Theoretically, a modularized software project will be more easily assembled by large teams, since no team members are creating the whole system, or even need to know about the system as a whole. They can focus just on the assigned smaller task. http://en.wikipedia.org/wiki/Modular_programming I don't mind system administration but I don't want to be a programmer any more. I'd like to hire programmers to work in the manner described above. They would each work on modules and not know about the system as a whole. How can something like this be implemented? - Grant Get ready to pay a lot more for the documentation and testing portions of your costs. If you write a clear spec for the modular block that the programmer is developing or maintaining then they can follow that during implementation. However, how do they test their code if they don't understand the environment that it's being used in? 1) Write test programs that call the block they developed or maintained. Ensure those test programs exercise _ALL_ the functions of the block in all possible permutations with all possible initial states that the module will see during it's life in the larger product. That's a very difficult problem to _prove_ you've done. I have worked on chip designs with hundreds of millions of transistors. In a sense every transistor is a line of code somewhere and it's simply very difficult to prove you've ever tested everything. I promise you that the processor in your computer has bugs in the hardware. They are there. Once in awhile you'll hit on and your PC will crash. No processor is 'perfect'. 2) Pay the developer to 'Instrument' your module so that every time it's called it saves some info that can be used to backtrace what has been happening. When a problem arises have a way to read and understand the implementation. This can slow down the performance of the system terribly. Keeping the software developers completely in the mushroom barn is (possibly) a pretty expensive thing to try and do. Hope this helps, Mark
Re: [gentoo-user] Re: {OT} Deliberately obfuscating my code
Only expose the teams to what they need, give them prototypes and discriptions to the other parts. Like a man page. On Nov 9, 2010 12:16 PM, Grant emailgr...@gmail.com wrote: Read the OP again. He wants to obsfuscate the code to make it unreadable for the people he's hiring to work on it. It would be simpler and cheaper to hire developers who don't understand programming language in question, computers, programming in general, or even english. Then don't let them access any computers that have the source code. You'll get better results that way -- far fewer bugs will be introduced. The idea isn't to make the code unreadable. Obviously anyone working on it needs to be able to read and understand it. This idea was brought on while reading a Wikipedia page about modular programming: Theoretically, a modularized software project will be more easily assembled by large teams, since no team members are creating the whole system, or even need to know about the system as a whole. They can focus just on the assigned smaller task. http://en.wikipedia.org/wiki/Modular_programming I don't mind system administration but I don't want to be a programmer any more. I'd like to hire programmers to work in the manner described above. They would each work on modules and not know about the system as a whole. How can something like this be implemented? - Grant
Re: [gentoo-user] Re: {OT} Deliberately obfuscating my code
On 9 November 2010 10:08, Grant emailgr...@gmail.com wrote: It sounds like I'm really going against the grain here. Is it standard practice to hire a developer on the internet from any given country, never meet him or her, have them fax a signed NDA, and turn over your biggest asset to them? :-) No way. :-) That is a recipe for disaster. Firstly, in general, when it comes to code: you get what you pay for. And bad code will cost you much more in the long run than simply paying more for good code. Now that doesn't mean that by definition all cheap(er) developers are bad (or that all expensive ones are good) but the odds are not in your favour. So if you still want to pay less then go with a reputable company that provides that service. (I don't mean IBM, I mean some company in India or Russia.) You'll not only get your developers but you'll also be guaranteed that they'll be automatically replaced should they leave the company. You still have to insist on talking to the developers. Make sure they can code and know what they're talking about. I think you'll find that it takes a *lot* of time and effort (and a teaspoon of luck) to create a good team. And handling a distributed team in different timezones is hard work too. You'll need a lot more documentation which then will still be interpreted incorrectly. Yes, I'm talking for experience. :-)
Re: [gentoo-user] Re: {OT} Deliberately obfuscating my code
Apparently, though unproven, at 20:08 on Tuesday 09 November 2010, Grant did opine thusly: It sounds like I'm really going against the grain here. Is it standard practice to hire a developer on the internet from any given country, never meet him or her, have them fax a signed NDA, and turn over your biggest asset to them? You are posting to a list dedicated to a Free and Open Source distro. Folks here won't even bother with an NDA, they'll mostly just give away the entire code base for free. Come on Grant, you know the ropes. What kind of response did you expect? I'll repeat my earlier question, which you didn't answer as yet. You want to keep your code away from your own staff. Obviously, you do not trust your staff completely (for whatever reason). Why did you hire them if you can't trust them? You are also abusing code modularity for a purpose it was not intended. It improves code quality and reduces cohesion. It does not increase obfuscation. -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] Re: {OT} Deliberately obfuscating my code
Am 09.11.2010 19:08, schrieb Grant: Theoretically, a modularized software project will be more easily assembled by large teams, since no team members are creating the whole system, or even need to know about the system as a whole. They can focus just on the assigned smaller task. http://en.wikipedia.org/wiki/Modular_programming I don't mind system administration but I don't want to be a programmer any more. I'd like to hire programmers to work in the manner described above. They would each work on modules and not know about the system as a whole. How can something like this be implemented? Okay, so this has nothing to do with obfuscation, not trusting people, or protecting IP. This is normal software development. One would want to break a large application into manageable pieces. Usually, those pieces would be libraries (where the meaning of library depends on your programming language of choice: SOs, DLLs, JARs, etcetera). If your application is monolithic right now then you (and/or your developers) will have to spend some time modularizing it. So is your question really how do I modularize my code? I'm most interested in the part about developers not knowing about the system as a whole. I'd like developers to work on my code, but prevent them from selling the code or using it themselves. I thought a good way to accomplish this might be to modularize heavily and change variable names. Well, there are two ways to go here: 1. Modularize what you have. Give every developer only the source he is supposed to work on and binary interfaces (libs + header files for C/C++) and documentation for everything else. Then the devs will be able to run the software but no one will have all the source code. 2. Do not give working code to anyone. Define specs, test cases, prototypes and mock-ups. Then tell your devs to develop against these. When they have finished their modules (classes, units, whatever), it is your job to integrate these modules and see whether they work together as expected. If they don't, improve your specs and tests and give the code back to the devs for another iteration. I favor the second approach, especially as there are tools available to help you and it is safer against reverse-engineering. I repeat myself but: It would help a lot to know more about the project. What programming language? What basic structure? Object-oriented, procedural, distributed (sockets, web services, RPC, ...)? Hope this helps, Florian Philipp signature.asc Description: OpenPGP digital signature