Re: [Tutor] don't steel my code Mister user

[Mats Wichmann]

On 5/4/19 8:35 AM, nathan tech wrote:
> It has to be said, after extensive research, and responses here, it 
> seems python was just not designed to be a commercial product.
> 
> Licenses are all well and good, but if you're hacking a product, you're 
> just not going to be stopped by a lisence.
> 
> Furthering to that, if I ever sold products it would be £5, or $7, and 7 
> bucks just isn't worth all the effort to make python difficult to hack.
> 
> Nothing is impossible, but, deterring the average user just for $7? Not 
> worth it.
> 
> Thanks anyway guys.
> 
> Nate


A few more comments to add, this is philosophical and business model
territory, not coding, thus not necessarily the space we here are good at :)

As Alan observed, the purpose of "compile" in Python is not to
obfuscate, it is to improve the chances that the program works right as
delivered  without running into dependency and path problems.
(especially on Windows, a tricky target anyway and you should have
limited confidence any given system has Python installed)

There are people who have been working for years on "protecting" code
written in Python. Some claim to have technologies with very good
success. Personally, I tend to take those claims with a grain of salt,
and won't provide any links; some internet searching should turn up some
ideas.

If you feel you have secrets to protect, or indeed simply want to
prevent people from using your code without paying there are several
different general approaches:

Licensing means - tell people they can't do that.
Technical means - the use of license keys, code obfuscation (*), etc.
Software as a service - put the "meat" of your technology as a web
service, give the application the user runs away for free but use some
sort of API/license key scheme to restrict who can actually use the service.
Better value - just make it not worth the time for people to cheat -
your product is so cheap the work to steal it costs more; you keep
adding new value such that reverse-engineers have to start over
frequently, etc.


There's a page on the Python wiki about this, which really doesn't have
that much information, but I will include anyway:

https://wiki.python.org/moin/Asking%20for%20Help/How%20do%20you%20protect%20Python%20source%20code%3F


* Note on code obfuscation: people can do surprisingly sophisticated
things here.  One approach that has been used is to change the bytecode
emitted so it can only be read by a custom interpreter which you supply.
Dropbox did this.  Of course, researchers figured out how to decode it
anyway. I didn't realize this was so old, time passes...

https://developers.slashdot.org/story/13/08/28/0048238/researchers-reverse-engineer-dropbox-cracking-heavily-obfuscated-python-app

This stuff definitely falls in the catgeory of "is it worth doing all
this to protect an inexpensive app"?
___
Tutor maillist  -  Tutor@python.org
To unsubscribe or change subscription options:
https://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] don't steel my code Mister user

[nathan tech]

Hello everyone,

Again, thank you for your replies.

I've always done free products up to the one I am developing now, and, 
having considered the things you guys have said, will continue to do so.

Part of it is a confidence thing, I really don't think my products are 
worth 7, let alone 700 bucks, the other is I'm a sucker for helping as 
many people as I can.

Anyway, staying on topic here, I really appreciate all of you taking the 
time to give me advice and help, thank you very much :)


Thanks

Nate

On 04/05/2019 22:50, Alan Gauld via Tutor wrote:
> On 04/05/2019 15:35, nathan tech wrote:
>> It has to be said, after extensive research, and responses here, it
>> seems python was just not designed to be a commercial product.
> That depends. Python wasn't designed to be a commercial product
> in that it is an open source programming language and interpreter
> and so is free and inherently non-commercial(*).
>
> Can it produce commercial products? Of course it can and has.
> It is no different to any other similar development environment
> such as Visual Basic, PHP, even JAVA or Lisp or Smalltalk.
>
>> Licenses are all well and good, but if you're hacking a product, you're
>> just not going to be stopped by a lisence.
> True, but you can hack any product regardless of the language,
> even C++ or assembler can be hacked. The vast majority of users
> don't have the skills nor the time nor the inclination. And,
> if you can catch them, the license allows you to sue...
>
>> Furthering to that, if I ever sold products it would be £5, or $7, and 7
>> bucks just isn't worth all the effort to make python difficult to hack.
> 7 bucks isn't worth building a commercial product, unless you are sure
> you will sell 100's of thousands. And 7 bucks is also not worth the
> time and effort of hacking anything! But there are commercial products
> that sell for 100s of dollars that are written, in part at least, in Python.
>
>> Nothing is impossible, but, deterring the average user just for $7? Not
>> worth it.
> A license is cheap to produce and deters the "average user".
> Very few users will know how to hack code of any kind, and
> even those that do will have better  things to do with
> their time than try to save 7 bucks!
>
> The real question is whether you can produce something
> that is worth $7 to your customers. If it is they will
> buy it. If not they will look elsewhere, they won't try to
> decompile it and disable the protection - assuming you
> installed any.
>
> If your software is worth, say, $700 then possibly they
> might think about spending time getting round the license.
> Then it might be worth some minor effort on protection.
> but not much because if they really want to they can
> reverse engineer it regardless. That's the rules and
> reality of commercial software.
>
> The value lies in always being one step better than
> the guys who are following. That's how Adobe, et al
> maintain their lead and why they keep issuing updates!
>
> (*)Even open source can be commercial if you build a
> support plan around it. Red Hat and Cygnus are good
> examples of that strategy. Selling support for
> opensource software can work.
>
___
Tutor maillist  -  Tutor@python.org
To unsubscribe or change subscription options:
https://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] don't steel my code Mister user

[Alan Gauld via Tutor]

On 04/05/2019 15:35, nathan tech wrote:
> It has to be said, after extensive research, and responses here, it 
> seems python was just not designed to be a commercial product.

That depends. Python wasn't designed to be a commercial product
in that it is an open source programming language and interpreter
and so is free and inherently non-commercial(*).

Can it produce commercial products? Of course it can and has.
It is no different to any other similar development environment
such as Visual Basic, PHP, even JAVA or Lisp or Smalltalk.

> Licenses are all well and good, but if you're hacking a product, you're 
> just not going to be stopped by a lisence.

True, but you can hack any product regardless of the language,
even C++ or assembler can be hacked. The vast majority of users
don't have the skills nor the time nor the inclination. And,
if you can catch them, the license allows you to sue...

> Furthering to that, if I ever sold products it would be £5, or $7, and 7 
> bucks just isn't worth all the effort to make python difficult to hack.

7 bucks isn't worth building a commercial product, unless you are sure
you will sell 100's of thousands. And 7 bucks is also not worth the
time and effort of hacking anything! But there are commercial products
that sell for 100s of dollars that are written, in part at least, in Python.

> Nothing is impossible, but, deterring the average user just for $7? Not 
> worth it.

A license is cheap to produce and deters the "average user".
Very few users will know how to hack code of any kind, and
even those that do will have better  things to do with
their time than try to save 7 bucks!

The real question is whether you can produce something
that is worth $7 to your customers. If it is they will
buy it. If not they will look elsewhere, they won't try to
decompile it and disable the protection - assuming you
installed any.

If your software is worth, say, $700 then possibly they
might think about spending time getting round the license.
Then it might be worth some minor effort on protection.
but not much because if they really want to they can
reverse engineer it regardless. That's the rules and
reality of commercial software.

The value lies in always being one step better than
the guys who are following. That's how Adobe, et al
maintain their lead and why they keep issuing updates!

(*)Even open source can be commercial if you build a
support plan around it. Red Hat and Cygnus are good
examples of that strategy. Selling support for
opensource software can work.

-- 
Alan G
Author of the Learn to Program web site
http://www.alan-g.me.uk/
http://www.amazon.com/author/alan_gauld
Follow my photo-blog on Flickr at:
http://www.flickr.com/photos/alangauldphotos


___
Tutor maillist  -  Tutor@python.org
To unsubscribe or change subscription options:
https://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] don't steel my code Mister user

[nathan tech]

It has to be said, after extensive research, and responses here, it 
seems python was just not designed to be a commercial product.

Licenses are all well and good, but if you're hacking a product, you're 
just not going to be stopped by a lisence.

Furthering to that, if I ever sold products it would be £5, or $7, and 7 
bucks just isn't worth all the effort to make python difficult to hack.

Nothing is impossible, but, deterring the average user just for $7? Not 
worth it.

Thanks anyway guys.

Nate

On 04/05/2019 12:46, Alan Gauld via Tutor wrote:
> On 04/05/2019 00:45, nathan tech wrote:
>
>> There are tools like py2exe and pyinstaller that are able to compile
>> your python code into .exe format.
>>
>> but why bother?
> It's easier and more convenient to distribute a single .exe
> file than a swathe of individual .py or .pyc files. It also
> removes any potential issues around the python interpreter
> version.
>
>> Lets say I create a program called awesomesauce.
>>
>> Now then, mister user comes along.
>>
>> He decompiles it with pyinstaller ("Which I'm told is easy"), removes
>> the check, and has himself a free product.
> Never consider compilation a security feature, it isn't.
> Regardless of the language not just Python. A skilled
> technician can hack the binary if necessary.
>
> Compilation is simply a distribution feature that makes
> life easier for both the distributor and the recipient.
>
___
Tutor maillist  -  Tutor@python.org
To unsubscribe or change subscription options:
https://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] don't steel my code Mister user

[Alan Gauld via Tutor]

On 04/05/2019 00:45, nathan tech wrote:

> There are tools like py2exe and pyinstaller that are able to compile 
> your python code into .exe format.
> 
> but why bother?

It's easier and more convenient to distribute a single .exe
file than a swathe of individual .py or .pyc files. It also
removes any potential issues around the python interpreter
version.

> Lets say I create a program called awesomesauce.
> 
> Now then, mister user comes along.
> 
> He decompiles it with pyinstaller ("Which I'm told is easy"), removes 
> the check, and has himself a free product.

Never consider compilation a security feature, it isn't.
Regardless of the language not just Python. A skilled
technician can hack the binary if necessary.

Compilation is simply a distribution feature that makes
life easier for both the distributor and the recipient.

-- 
Alan G
Author of the Learn to Program web site
http://www.alan-g.me.uk/
http://www.amazon.com/author/alan_gauld
Follow my photo-blog on Flickr at:
http://www.flickr.com/photos/alangauldphotos


___
Tutor maillist  -  Tutor@python.org
To unsubscribe or change subscription options:
https://mail.python.org/mailman/listinfo/tutor