venerdì 15 febbraio 2013

Hiding your own source code: rm

Often, or better always, some of your friends, or colleagues, or co-workers in general will come up with a question about how to protect the code they write against people that want to steal it.
"I am so smart, I wrote this elegant, fast, reliable piece of code and I don't want anyone else to take it and embed it in their programs" or something like that.
When asked about how to hide your own source code I usually pick up a piece of the Perl FAQs that states:

How can I hide the source for my Perl program?
Delete it.[ ... ] Security through obscurity, the name for hiding your bugs
instead of fixing them, is little security indeed.

In my opinion, in these days of the GitHub, BitBucket, Sourceforge and the others free repositories talking about code obfuscation is simply stupid: the whole world is sharing with you tons of source code and you, little tiny programmer, believe that your code is so great that you have to protect it running a "macumba" on anybody who just sees it?
Well, I'm not so smart and my code is not so brilliant. And this is the reason why I strongly believe that my code should be public: on one hand I want to help people providing them ideas and programs, and on the other hand I'm thankful to anybody points me to errors or programming bad practices or whatever way I can improve my way of writing programs.

Of course there are techniques that are based on a crypto-loader that will decipher on the fly your (ciphered) code and run it, so that on the disk only a ciphered text will exist. But usually these techniques are not easy to use, and performance are not really good at all.

But sometimes you are forced to keep your code hidden due to some contract terms or policies. Well, in such case the only solution I see is to not give away any source code at all.
But be aware pal, reverse engineering is something hard but not impossible. After all Samba was a reverse engineering effort, and did you know that OpenBSD runs on Sun Ultrasparc III machine due to reverse engineering?

I guess the only true way to keep your code only for you is to edit-save-compile-run only into your brain. Oh, and not dream about it because some scientist with some dream-machine-from-the-future could get it out of your brain too!

Nessun commento: