::Obfuscation Hubris:: [/tech/java] (00:12)

During my java internals talk at LSSS, I touched briefly on obfuscators in the tools section. I think obfuscation is almost always the wrong policy, so I put forth my normal case against obfuscation. Most attendees seemed to follow my logic, but one almost seemed offended and seemed to think that not obfuscating your code was irresponsible. I couldn't disagree more strongly. I'm not a fan of obfuscators. There are technical reasons why obfuscation is normally a waste of time, but what really frustrates me is not the lack of technical value that obfuscation provides, but the arrogance behind the idea of obfuscation.

Not shipping source code is arrogant. I've always felt so and I think it is the height of irresponsibility for any business to buy a software product critical to their business without demanding source. Obfuscation takes this arrogance to next level. Not only are you simply not providing critical information to your customers, but you are taking active steps to deny the customer the ability to look under the hood and see what exactly they bought. I don't want to dwell on the reasons why a customer should or shouldn't be able examine the system a bit, but in the end I think all arguments in favor of obfuscation boil down to simply arrogance. We are the all knowing all seing company and you are the helpless little consumer who doesn't have any legitimate reason to be looking at the system. "We know what's best for you."

This arrogance is born of fear. There are two main fears I have observed. Fear one is the fear that the customer will realize how poorly designed and coded the system is. Fear two is the fear that it will be obvious how small the intellectual part of your intellectual property really is. I think this is what the "They'll steal our code" line really means. When all your business value is in your code (as opposed to in your organization) then your business has serious problems.