A question to experienced Pythoneers

[geremy condra]

On Fri, Aug 20, 2010 at 1:16 AM, Rony <kara at kara-moon.com> wrote:
> Here's the story :
> I've been hired by a company as a consultant to reorganise there
> development department.
> The actual situation is :
> The manager of the development has been fired, main reason (what they
> told me) is that they have big big troubles in keeping deadlines ! For
> there last product, for which they estimated 3 man years of
> development they had 9 months extra effort, and the product was
> delivered a year to late.
>
> I basicaly have 'carte blanche' :)
>
> One of my plans is to introduce Python as development tool.
> They mostly develop back-office software, and at the moment they do it
> all in C with MFC.
> Another new requirement they have, is that the new product should run
> on Win & Mac.
>
> So, my strategie would be :
> - Use Python and wxpython for the GUI
> - Develop critical routines in Pyrex or in C and make PYD's from it
> which will be imported by the main Python programm.
> - Distribute with py2exe on Win & py2app for Mac.
>
> What do you think of this ?
> Another point of attention is that the software isn't Open Source, it
> is a commercial package. So protection of sources is important.
> Now I know that anything can be decompiled, even C. The only question
> is, how hard is it and how much effort must someone do to decompile
> and retro engineer code to understand it.
> I think by putting all program logic in Pyd files that I would be
> quite secure ?
> On a side note : Is it harder to decompile PYD files then PYC files ?
>
> I allready had a meeting with the developpers and did a presentation
> of python with wxwindow, mostly with an open source project where I
> contribute to the development. They didn't see any big problems to
> learn Python fast and they allready know C.
>
> All opinions, advice here is welcome :)

1) Don't take this the wrong way, but get in the habit of using proper
grammar and spelling. Especially as a consultant. It will make the job
of convincing people to take you seriously that much easier.

2) Use the tools at hand. If your developers don't know Python, you
could wind up wasting a lot of talent turning a top-notch C developer
into a bottom-tier Python developer, assuming you don't lose them
altogether.

3) Don't rewrite critical code in a new language unless you have
somebody who really knows what the hell they're doing. All you've done
is turn programming's usual first-order ignorance into a much harder
second-order problem.

4) Don't fool yourself into thinking that your code can't be
decompiled. Odds are your code isn't worth decompiling, but it isn't
hard, and a surprising number of people have the requisite skills. It
certainly isn't 'secure'.

Also- in my experience when people say 'I don't see a problem' to a
consultant, what they really mean is 'I don't think you'll be around
long enough for this to be a problem for me', but you may have the
tools to deal with that.

Happy hunting,
Geremy Condra