Commercial codes using Julia - code obfuscation?


#1

Forking from the discussion on static compilation in Julia.
One of the arguments for static compilation seems to be the commercial code and obfuscation argument.
When shipping a commerical and paid for code the company does not want its work to be easily pirated.
But that has changed with open source.

I am familar with systems installation, systems management and installing both open source and commercial compiled codes.
I worked for one company who had venture capital, and I was told they were required not to allow the source code to be seen at the customer end. That company is no longer running.
For the same task, I was a customer of SGI. They had taken the open source Oscar toolkit (written in Perl if I am not wrong) and shipped this with their ICE clusters. As a user you coudl go in and see what each script did. I did have call to do this with an SGI engineer on several occasions. SO there are advantages is shipping source code. Also in that case I for one would not have altered any of that code. Understanding exactly what it did was vital, but I would not have copied the code,

Moving on to the applications codes, clearly there are CFD and FEA codes which cost money to license are shipped as compiled code. I see that continuing for a long time.
It is worth discussing though that CFD and FEA codes grew out of Government lab work and academic work many years ago. And continue to do so - for example OpenFOAM (which is open source of course).

However we are seeing the rise of ‘dual model’ codes, for instance the PBS Pro batch system where the source is public, on Github. Yet you can buy the supported version. The intent here is to keep market share with the academic market, who would not be willing to pay for support and like open source, and to have the option of companies buying a supported product, perhaps if the above academics move into industry.

I throw it open for discussion - when commercial Julia codes are being sold, will it be important to have obfuscated code? I do not have the answer.
I am assuming here there are no commercial Julia codes being sold at the moment. There may well be!


Julia static compilation
#2

One can off-course trivally encode julia so it is nonobvious what is being done.
But ofcourse one has to ship a decoder to

so using Base64; using Distributed
we can do eval(Distributed.deserialize(Base64.Base64DecodePipe(IOBuffer("N0pMBwQAAAAWAgEFYmxvY2sX4QEIUkVQTFsxOV0WAgEIZnVuY3Rpb24WAVYBCGZpenpidXp6FgIBBWJsb2NrF+IsAQAWAgEDZm9yFgJZAQJpaRYDVgEBOuAxZAAAABYCAQVibG9jaxfjLAEAFgMBAmlmFgUBCmNvbXBhcmlzb24WA1YBASUBAmlp4loWA1YBASUBAmlp5FrfFgIBBWJsb2NrF+QsAQAWAlYBB3ByaW50bG4hCEZpenpCdXp6FgMBBmVsc2VpZhYCAQVibG9jaxflLAEAFgNWWhYDVgEBJQECaWni3xYCAQVibG9jaxfmLAEAFgJWAQdwcmludGxuIQRGaXp6FgMBBmVsc2VpZhYCAQVibG9jaxfnLAEAFgNWWhYDVgEBJQECaWnk3xYCAQVibG9jaxfoLAEAFgJWAQdwcmludGxuIQRCdXp6FgIBBWJsb2NrF+osAQAWAlYBB3ByaW50bG4BAmlp"))))

and you have no idea what it says.
But you do know that you can find out:

julia> Distributed.deserialize(Base64.Base64DecodePipe(IOBuffer("N0pMBwQAAAAWAgEFYmxvY2sX4QEIUkVQTFsxOV0WAgEIZnVuY3Rpb24WAVYBCGZpenpidXp6FgIBBWJsb2NrF+IsAQAWAgEDZm9yFgJZAQJpaRYDVgEBOuAxZAAAABYCAQVibG9jaxfjLAEAFgMBAmlmFgUBCmNvbXBhcmlzb24WA1YBASUBAmlp4loWA1YBASUBAmlp5FrfFgIBBWJsb2NrF+QsAQAWAlYBB3ByaW50bG4hCEZpenpCdXp6FgMBBmVsc2VpZhYCAQVibG9jaxflLAEAFgNWWhYDVgEBJQECaWni3xYCAQVibG9jaxfmLAEAFgJWAQdwcmludGxuIQRGaXp6FgMBBmVsc2VpZhYCAQVibG9jaxfnLAEAFgNWWhYDVgEBJQECaWnk3xYCAQVibG9jaxfoLAEAFgJWAQdwcmludGxuIQRCdXp6FgIBBWJsb2NrF+osAQAWAlYBB3ByaW50bG4BAmlp")))               quote
    #= REPL[19]:2 =#
    function fizzbuzz()
        #= REPL[19]:3 =#
        for ii = 1:100
            #= REPL[19]:4 =#
            if ii % 3 == ii % 5 == 0
                #= REPL[19]:5 =#
                println("FizzBuzz")
            elseif #= REPL[19]:6 =# ii % 3 == 0
                #= REPL[19]:7 =#
                println("Fizz")
            elseif #= REPL[19]:8 =# ii % 5 == 0
                #= REPL[19]:9 =#
                println("Buzz")
            else
                #= REPL[19]:11 =#
                println(ii)
            end
        end
    end
end

Not really what you are getting at, I know.
I just figured interesting.

Making a code obsufucator would be cool.
It would be nice to be able to eval CodeInfo objects, and perform the obfuscation at that level.


#3

@oxinabox I commented on another thread about code obfuscation in Perl. Those Perl obfuscation contests were intellectually fun. Such as the all white space code. Or the ones written in Latin. But I don’t think they did the Perl language any favours in the long run.

I feel the same about Julia.
Of course your point is about obfuscating code for a reason.


#4

Code obfuscation is not the only issue for enterprise level products. When selling your product, you don’t want your clients to need installing interpreter or compiler. You want to pre-build your code for 10 different platforms, such that a client just downloads a binary and clicks a button to start a program.


#5

Errr… exposing my utter ignorance here, but surely that is a plus point for Julia… and its Julia all the way down…
Assuming a binary download and installation of course.


#6

minification for (very slight) paring speedup might be nice too.
and is a related problem


#7

Wikipedia says “While obfuscation can make reading, writing, and reverse-engineering a program difficult and time-consuming, it will not necessarily make it impossible.”

In contrast to the obfuscation discussed elsewhere in this thread and in the Wikipedia article above, indistinguishability obfuscation (iO) is a new field of cryptography. Here’s a survey that includes a comparison to fully homomorphic encryption and other fancy cryptographic tools. iO is not (yet) practical, even so I find it interesting to see what cryptographers are working on.