jQuery license choice

| | August 7, 2015

“jQuery is currently available for use in all personal or commercial projects under both MIT and GPL licenses“. A software developer wants to modify few lines of the code and include as a part of a commercial project. What license (MIT or GPL) is most appropriate from open source community point of view to be accepted by the developer?

Not looking for a legal advice, but related to the subject differences in the licenses. jQuery is selected as an example.

Which open source license require re-release of modifications?

| | August 7, 2015

I need to use some open source components in my application. I can’t re-release my modifications (and certainly not the rest of the code that the opensource code touches). The software I’m working with isn’t distributed (unless you call working as a onsite contractor doing maintenance programming “distribution”, which seems a stretch.)

Which license are safe for this scenario? Or Which licenses are not safe for this scenario?

I’m interested in how ordinary developers are reacting to this scenario–or else I’d be asking at lawsuitoverflow :-), going to a lawyer at $200 an hour on my personal funds is currently out of the question, although I appreciate the humor of such an answer.

Should I go open-source even if I want to retain all rights?

| | August 7, 2015

Years ago I released a program called Banshee Screamer Alarm and at the time it included the full source code, “for educational purposes only.” You couldn’t extend it to make your own version, but you could learn from it. It actually helped somebody fix a bug in wine.

If I release more software like this (open source, but copyrighted and non-free), are there any legal thorns that I should know about? Are there any suitable licenses for this purpose?

How to gracefully abandon an open-source project?

| | August 7, 2015

A few years before I was employed at our organization, it demoed a useful but specialized Java application (library plus GUI) to our peers and to a few conferences. We had several requests for copies, and one of my projects when I joined the organization was to release it the code as an open source project. My role was project manager (and licensing expert) and I contracted out the development.

The open source release was undertaken as a goodwill gesture and to raise our profile in our community.

Fast forward a few years, and the software is still on sourceforge, and we have released new versions once or twice when we’ve added features as parts of other projects. It gets a bit of use, but has not attracted any external developer contributions. It is occasionally cited by peer or academic organizations, and we know other developers are using it for their own projects.

We field occasional requests (via support email address) for help from users, usually along the lines of “why doesn’t the installer work when…”. Over the last 18 months I have been able to send these to a colleague who uses the tool internally, but their position is changing and this is no longer possible. I want to recommend to my boss that we stop supporting the software at all.

What I would like to ask is whether there a good way for our organization to withdraw from supporting open source software? What can we can do beyond adding a notice that we no longer provide support to the project website and disabling the email address?
My main concern is the ramifications for our organization’s reputation.

An open-source license that doesn't let users compile the application unless they've purchased it?

| | August 7, 2015

I’ve been developing GPL’d software for years, but now I need a more restrictive license.

This is for a commercial application, and I want to share my source code with the whole world, regardless of whether they’ve purchased the application from me or not. I also want to allow people to produce derivative works, but I want to prohibit binary distribution of both my original work, and that of any derivative work.

Basically, if someone has already purchased the original work, he/she can compile and use the original source code, or any derivative work. Otherwise, they can only study my source code, or that of a derivative work.

Does anyone know a license that fits my needs, or do I need to write my own?



First of all, thanks everyone for the answers.

Let me clear up a few things:

  1. This application has not yet been released. So I’m not adopting a new license like XFree86, I’m trying to pick a license for a new application.

  2. I usually use the term “free software” instead of open source, so that’s why I used the term open source here. The source will be “open” indeed, just not the way the OSI defines it.

  3. I’m all for GPL, and almost all software I’ve written before was released under the GNU GPL v2. But this one has to be an exception.

  4. I don’t really care if people violate the license. I wouldn’t dream of suing anyone for that, unless they’re selling my software.

Now I’m not suggesting I’ve written a very special piece of software, but I just don’t want people making money by stealing my code. But I also want the tech-savvy users to be able to modify the software anyway they see fit.

Oh, and finally, the application is written in a compiled language (Objective-C, to be precise *cough*iPhone*cough*).

Extensibility without Open-Source

| | August 7, 2015

My company is currently in the process of creating a large multi-tier software package in C#. We have taken a SOA approach to the structure and I was wondering whether anyone has any advice as to how to make it extensible by users with programming knowledge.

This would involve a two-fold process: approval by the administrator of a production system to allow a specific plugin to be used, and also the actual plugin architecture itself.

We want to allow the users to write scripts to perform common tasks, modify the layout of the user interface (written in WPF) and add new functionality (ie. allowing charting of tabulated data). Does anyone have any suggestions of how to implement this, or know where one might obtain the knowledge to do this kind of thing?

I was thinking this would be the perfect corner-case for releasing the software open-source with a restrictive license on distribution, however, I’m not keen on allowing the competition access to our source code.


EDIT: Thought I’d just clarify to explain why I chose the answer I did. I was referring to production administrators external to my company (ie. the client), and giving them someway to automate/script things in an easier manner without requiring them to have a full knowledge of c# (they are mostly end-users with limited programming experience) – I was thinking more of a DSL. This may be an out of reach goal and the Managed Extensibility Framework seems to offer the best compromise so far.

How effective is obfuscation?

| | August 7, 2015

A different question, i.e. Best .NET obfuscation tools/strategy, asks whether obfuscation is easy to implement using tools.

My question though is, is obfuscation effective? In a comment replying to this answer, someone said that “if you’re worried about source theft … obfuscation is almost trivial to a real cracker“.

I’ve looked at the output from the Community Edition of Dotfuscator: and it looks obfuscated to me! I wouldn’t want to maintain that!

I understand that simply ‘cracking’ obfuscated software might be relatively easy: because you only need to find whichever location in the software implements whatever it is you want to crack (typically the license protection), and add a jump to skip that.

If the worry is more than just cracking by an end-user or a ‘pirate’ though: if the worry is “source theft” i.e. if you’re a software vendor, and your worry is another vendor (a potential competitor) reverse-engineering your source, which they could then use in or add to their own product … to what extent is simple obfuscation an adequate or inadequate protection against that risk?

1st edit:

The code in question is about 20 KLOC which runs on end-user machines (a user control, not a remote service).

If obfuscation really is “almost trivial to a real cracker“, I’d like some insight into why it’s ineffective (and not just “how much” it’s not effective).

2nd edit:

I’m not worried about someone’s reversing the algorithm: more worried about their repurposing the actual implementation of the algorithm (i.e. the source code) into their own product.

Figuring that 20 KLOC is several month’s work to develop, would it take more or less than this (several months) to deobfuscate it all?

Is it even necessary to deobfuscate something in order to ‘steal’ it: or might a sane competitor simply incorporate it wholesale into their product while still obfuscated, accept that as-is it’s a maintenance nightmare, and hope that it needs little maintenance? If this scenario is a possibility then is obfuscated .Net code any more vulnerable to this than compiled machine code is?

Is most of the obfuscation “arms race” aimed mostly at preventing people people from even ‘cracking’ something (e.g. finding and deleting the code fragment which implements licensing protection/enforcement), more than at preventing ‘source theft’?

choosing a SOAP library to integrate with ISAPI webapp

| | August 7, 2015

The company I work for has a large webapp written in C++ as an ISAPI extension (not a filter). We’re currently enhancing our system to integrate with several 3rd party tools that have SOAP interfaces. Rather than roll our own, I think it would probably be best if we used some SOAP library. Ideally, it would be free and open source, but have a license compatible with closed-source commercial software. We also need to support SSL for both incoming and outgoing SOAP messages.

One of the biggest concerns I have is that every SOAP library that I’ve looked at seems to have 2 modes of operation: standalone server and server module (either Apache module or ISAPI filter). Obviously, we can’t use the standalone server. It seems to me that if it is running as a module, it won’t be part of my app — it won’t have access to the rest of my code, so it won’t be able to share data structures, etc. Is that a correct assumption? Each HTTP request processed by our app is handled by a separate thread (we manage our own thread pool), but we have lots of persistent data that is shared between those threads. I think the type of integration I’m looking for is to add some code to my app that looks at the request URL, sees that it is trying to access a SOAP service, and calls some function like soapService.handleRequest(). I’m not aware of anything that offers this sort of integration. We must be able to utilize data structures from our main app in the SOAP handler functions.

In addition to handling incoming SOAP requests, we’re also going to be generating them (bi-directional communication with the 3rd parties). I assume pretty much any SOAP library will fulfill that purpose, right?

Can anyone suggest a SOAP library that is capable of this, or offer a suggestion on how to use a different paradigm? I’ve already looked at Apache Axis2, gSOAP and AlchemySOAP, but perhaps there’s some feature of these that I overlooked. Thanks.

Disclaimer for API code sample distributed to third party

| | August 7, 2015

I am going to offer an API description and code samples to 3rd parties so they can integrate their software with the one developed by the company i’m working for.

I think I should include some kind of disclaimer in source code files headers and some kind of license terms.

We want to allow them to modify the code but not to redistribute it without our agreement. And we want to discharge responsibility for any consequences of using the provided code.

What do you suggest?

Migrating MySQL to PostgreSQL – what features not visible in SQL code will be important?

| | August 7, 2015

We’re migrating MySQL to PostgreSQL. I can easily audit the schema and the SQL statements used throughout the (REALbasic) program. Most of the SQL is composed by building string variables.

I already know about needing to replace our use of SELECT LAST_INSERT_ID() with a SERIAL column with UNIQUE constraint.

What, if any, differences between the two which are not obviously visible in SQL statements might bite us? I’m looking for (probably subtle) assumptions about behaviour such as any differences in autocommit, need to add constraints which aren’t in MySQL etc.

I’m trying to tease out any gotchas for a couple of reasonably smart, attentive guys who aren’t gurus in either of the databases.

This is a one-way commitment so if there are major benefits we will get by adding new declarations I’d appreciate them pointing out.

Note: we’re not using any form of parameterised queries and, yes, I’ve pointed out issues with injection attacks as a required audit of the code.

Yes, for the curious, this decision was prompted by GPL issues, not that we’re averse to paying for licenses but, unfortunately, the sole REALbasic driver for MySQL was GPL. As of May 2009, Real Software have released a new Community driver which is GPL, and properly includes source. They have promised a non-GPL Enterprise driver in the near future.

I am prepared to believe that the answer might be there are no invisible monsters under the bed but thought I’d ask to be sure.

Page 1 of 812345678