Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 7 years ago.
Improve this question
I'm trying to figure out the licensing consequences of using Grails as the base for closed-source non-free software. This would be a server product that is downloaded and installed. Users would not have the right to redistribute it or run it as a hosted service.
Grails and Groovy themselves are cool: they're licensed under ASF 2.0 which is great. However, Grails has a billion dependencies and I'm going crazy tracking them all down.
Grails can generate a list of software that your project depends on by running grails dependency-report. I'm going through that list of dependencies, BUT:
Many of the libraries do not list their licenses. So I'm going to each and every library and figuring out its license.
I'm guessing dependency-report doesn't list all the transitive dependencies (libraries that THOSE libraries include, and so on) because they aren't fully specified in Ivy.
Has anyone gone through this exercise before? Just knowing the end result would be a HUGE help. Actually having a list of all the dependencies and their licenses would be a MASSIVE help.
Thanks!
I spent a day tracking down all the Grails 1.3.7 dependencies. Here's the gist:
Grails itself has the nice friendly ASF license
Some subcomponents use more restrictive licenses
However, none of the subcomponents use what I'd call a "showstopper" license like GPL
However, some people WOULD consider a few of the licenses to be showstoppers, most notably the LGPL used by Hibernate.
Lawyers are scared to death of LGPL because it's easy for developers to make a mistake that forces the entire system to become open source. Things that would trigger this are: modifying any little bit of the LGPL source code, copying any little bit of the source code into your product, or linked to the GPL software "statically" rather than "dynamically" (that's a long discussion).
Because of this, some software companies and purchasing departments have rules forbidding its use.
Here's the subcomponents with more restrictive licensing than ASF. LGPL's the worst:
Hibernate (LGPL)
A bunch of javax stuff (like activation and mail) under CDDL 1.0
org.beanshell BSH is SPL
javassist is MPL
Everything else is licensed BSD, MIT or ASF. Those are fine.
I should think that all of the Grails dependencies will be fine for use with commercial software since SpringSource sells commercial support for it. You could try asking them about licensing issues as they probably have it all figured out.
Can I use Grails in proprietary software?
Ask Oracle, Grails is running on Java. It might be restricted through higher rights so you might need to get a license from Oracle first to create your specific software with it. Better ask the vendor of the platform first.
[...] Java specifications are proprietary technology that must be licensed directly from the spec lead under whatever terms the spec lead chooses.
See Apache foundation resigns from Java community
Next to that it depends on the license of the Grails package. It's released under ASF 2.0 as you write. I would furthermost assume that this license applies to the whole package as the website suggest, but you must check the whole source code on your own if you really want to rely on this, because the software comes with no warranty. In case the Grails folks made a mistake in licensing it falls back to you in a larger share if the information they provided was wrong.
Keep in mind that you are asking about creating your own proprietary software. That's a job on it's own, your business, and you need to take care for anything legal then on your very own.
You can never rely to any comment unless it's one of a lawyer that is acting behalf of yourself for real.
There is one plugin that might be helpful to check upfront visible licensing terms: http://www.grails.org/License+Plugin
The ASF 2.0 license is a free software license, so even if you consider it "friendly" with all the attitude you show, keep in mind that it has termination clauses as well as the GPL / LGPL. Those are to protect the freedom of the software.
The license at the Grails web site will surely have an answer.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 7 years ago.
Improve this question
I'm having some trouble recently with the open source licenses. I started to feel like if they are somehow tricky! So, I'm just asking about the rights, attribution and so on..
Know, if I for example used a Ruby Gem, licensed under GPL, I install the gem, use it, my web app works! But there is no referring to the Gem, how is behind it, its license. I can't just believe that I have to include those for every gem I'm using. Do I have to? Or can I just use it silently?
So, a website with Rails (MIT), some GPL ruby gems, and so on, what should I include publicly? I think I'm not going to modify the source code of any of those gems.. Yeah, and if I have to attribute in my web pages, do I have to link to the licenses or even worse distribute my source code under the same license?
Also, if I found a tutorial or something like that that is licensed under Creative Commons BY-NC, should I distribute my whole work or put it under the same license, if I wasn't going to run them outside my own server? What if I wanted to distribute my software, which used ideas (and modified code) from the tutorial?
What about using formulas, which are more general than being owned? One-liner commands from stackoverflow when a gem doesn't install - Should I attribute that I used that to install the gem?! I think of course not, but just asking to make sure of the whole thing..
A website is normally the output of a program. Like you save a text-document with your word processor in disk, the document itself does not fall under the reciprocal license of the proprietary word processor (MS Word) or the reciprocal and permissive licenses of the free software word processor (Open or Libre Office Writer).
Only in case you create and distribute derivative or combined works (e.g. packaging multiple programs together in one package) you need to care about the licenses.
That for sure always depends on the concrete things you do. You need to document these concrete things, then go to your lawyer and then find out for the stuff you exactly do if and how copyright is in effect and based on the licenses used and if in effect, which steps you need to do.
Here on SO we are all only software developers (or if lawyers, not your lawyer) so we can not give you any legal support.
Usually stuff about licences can be a little confusing with open source software being released under different licences and usually the license documentation is usually written in lawyer jargon which proves difficult to understand for a lot of people.
Luckily this kind of question has been asked alot of times in SO. Just look at the licensing tag and order the questions by votes and you should find a few questions that pretty much answer your questions. In particular look at this question.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
We currently have a large business-critical application written in COBOL, running on OpenVMS (Integrity/Itanium).
As the months pass, there is more and more speculation about the lifetime of the Itanium architecture. Nothing is said out in the open, of course, but articles like this and this paint a worrying picture. Although I can find nothing official to support this, there are even murmurings in the corridors of our company of HP ditching OpenVMS and HP COBOL along with it.
I cannot believe that we are alone in this.
The way I see it, there are a few options:
Emulate some old hardware and run the application on that using a product like CHARON-VAX or CHARON-AXP. The way I see it, the pros are that the process should be relatively painless, especially if the 64-bit (AXP) option is used. Potential cons are a degradation in performance (although this should be offset by faster and faster hardware);
Port the HP COBOL-based application to a more modern dialect of COBOL, such as Visual COBOL. The pros, then, are the fact that the porting effort is relatively low (it's still COBOL) and the fact that one can run the application on a Unix or Windows platform. The cons are that although you're porting COBOL, the fact that you're porting to a different operating system could make things tricky (esp. if there are OpenVMS-specific dependencies);
Automatically translate the COBOL into a more modern language like Java. This has the obvious benefit of immediately freeing one from all the legacy issues in one fell swoop: hardware support, operating system support, and especially finding administrators and programmers. Apart from this being a big job, an obvious downside is the fact that one will end up with non-idiomatic Java (or whatever target language is ultimately chosen); arguably, this is something that can be ameliorated over time.
A rewrite, from the ground up (naturally, using modern technologies). Anyone who has done this knows how expensive and time-consuming it is. I've only included it to make the list complete :)
Note that there is no dependency on a proprietary DBMS; the database is ISAM file-based.
So ... my question is:
What are others faced with the imminent obsolescence of Itanium doing to maintain business continuity when their platform of choice is OpenVMS and COBOL?
UPDATE:
We have had an official assurance from our local HP representative that Integrity/Itanium/OpenVMS will be supported at least up until 2022. I guess this means that this whole issue is less about the platform, and more about the language (COBOL).
The main problem with this effort will be the portions of the code that are OpenVMS specific. Most applications developed on OpenVMS typically use routines and procedures that are not easily ported to another platform. Rather that worry about specific language compatibility, I would initially focus on the runtime routines and command procedures used by the application.
An alternative approach may be to continue to use the current application while developing a new one or modifying a commercially available application to suit your needs. While the long term status of Itanium is in question, history indicates that OpenVMS will remain viable for some time to come. There are still VAX machines being used today for business critical applications. The fact that OpenVMS and its hardware is stable is the main reason for its longevity.
Dan
Looks like COBOL is the main dependency that keeps you worried. I undrestand Itanium+OpenVMS in this picture is just a platform.
You're definitely not alone running mission-critical stuff on OpenVMS. HP site has OpenVMS roadmap (both Alpha and Integrity), support currently stretches to 2015. Oracle seems trying to leverage it's SUN asset in different domains recently.
In any case, if your worries are substantial (sure we all worried about COMPAQ, then HP, vax>>alpha>>Itanium transitions in the past), there's time to un-tie the COBOL dependency.
So I would look now into charting out migration path from COBOL onto more portable language of choice (eg. C/C++ ANSII without platform extensions). Perhaps Java isn't the frendliest choice, given Oracle's activity. Re-write, how unpleasant it is, will be more progressive and likely will streamline the whole process. The sooner one starts, the sooner one completes.
Also, in addition to emulators, there're still plenty of second-hand hardware. Ironically, one company I know just now phases-in Integrity platforms to supplant misson-critical Alphas -- I guess, it's "corporate testing requirements"...
Do-nothing is an option as well, though obviously riskier: OpenVMS platforms are proven to be dependable, so alternatively, finding a reliable third-party support company may extend your future hardware contingency.
This summer's Rolling Roadmap makes porting off OpenVMS look like an excellent idea.
Given how much COBOL exists in the world finding people to support COBOL will not be a problem for the foreseeable future. As noted above there are COBOL compilers on other platforms. The problem lies in the OpenVMS system service calls and DEC language extensions your application uses. You do not mention where your data is stored, so worst case your COBOL uses RMS. There is a company that provides an implementation of many OpenVMS system services on Linux and the Unixes. Not needing to replace those services while porting to another operating system may reduce the complexity. Check out Sector7.com.
I had a question with regards to software built on Ruby on Rails. I'm on the business end of an incubation team that has a few projects in the works, all built on Ruby on Rails. The goal from the investor was to sell the software out to third parties and have them use the platforms to their liking. From what I can tell though, there is no way to compile Ruby code and send it off to a third party, hiding the actual code from them.
We do not want our clients being able to copy our code and take it from us. Is there any actual solution to this problem, or are we screwed because they already decided to develop on Ruby? We wanted to be able to sell software as a service, but that's not going to work out if a client can sign up for a month, copy our code, and then build their own solution.
Thanks for any help in advance.
Ruby code obfuscators do exist, but that's of little real help IMO. But even if Ruby was compiled, chances are good it would get compiled into a format that is easily decompiled. Languages like C# and Java are both easily decompiled and thus source code is easy to get at these days.
Your real protection should probably come from a license. You may need to work with a lawyer or someone versed in software licenses. But if they violate your license, you have legal ground to take action.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 9 years ago.
Improve this question
I am looking a tool for protect and licensing my commercial software, Ideally must provide an SDK compatible with Delphi 7-2010, support AES encryption, Keys generator and capacity to create trial editions of my application.
I am currently evaluating ICE License. Someone has experience with this software?
Here's my list of software protection solutions. I'm looking at switching from ASProtect to another protection so I'm also in the process of analyzing most of these programs:
Themida (Oreans)
http://www.oreans.com/products.php
There are unpacking tutorials for all the versions of Themida. There is however the possibility of requesting "custom" builds which might help avoid this.
Code Virtualizer (Oreans)
http://www.oreans.com/products.php
Allows to protect specific parts of the application with a Virtual Machine. A cracker on a forum said he "made a CodeUnvirtualizer to fully convert Virtual Opcodes to Assembler Language".
EXECryptor
Very difficult to unpack. GUI does not work under Vista. Appears to no longer be developed.
ASProtect
Small protection overhead. Appears to no longer be developed.
TTProtect - $179 / $259
13 MB download. Chinese developer. Adds about xxx overhead to the exe.
http://www.ttprotect.com/en/index.htm
VMProtect - $159 / $319 (now $199/$399)
http://www.vmprotect.ru/
10 MB download. Russian developer. Seems to be updated frequently. Supports 32 and 64-bit. Uncrackable according with one exetools post, but there seems to be an unpacking tutorial already.
Enigma Protect - $149
http://enigmaprotector.com/en/home.html
7 MB download. Russian developer. Regarded as very difficult to crack. Adds about xxx overhead to the exe.
NoobyProtect - $289
http://www.safengine.com/
10.5 MB download. Chinese developer. Regarded as very difficult to crack. Adds about 1.5 MB overhead to the exe.
ZProtect - $179
http://www.peguard.com
RLPack
http://www.reversinglabs.com/products/RLPack.php
KeyGen already available.
One thing to note is that the more protection options you enable on the software protector, the bigger the possibility of the protected file being flagged by an anti-virus as a false-positive. For example, on Themida, checking the option to encrypt the file, will most likely create a few false-positives by a few anti-virus programs.
I'll update this answer once I get more replies from a hackers forum where I asked some questions about these tools.
And finally, don't use the build-in serial number/license management of these tools. Although they might be more secure than using your own, you will be tied up to that specific tool. If you decide to change software protection in the future, you will also have to manage all the customer keys transfer to a new system.
Don't bother. It's not worth the hassle. Only a perfect licensing system would actually do you any good, and there's no such thing. And in the age of the Internet, if your system isn't perfect, all it takes is for one person anywhere in the world to produce a crack and upload it somewhere, and anyone who wants a free copy of your program can get it. (And using a pre-existing library just gives them a head start on cracking it.)
If you want people to pay for your software instead of just downloading it, the one and only way to do so is to make your software good enough that people are willing to pay money for it. Anyone who tells you otherwise is lying.
I have used OnGuard (using the Delphi 2009/2010 source from SongBeamer) along with Lockbox to handle encryption with success. Both are commercial quality libraries and are free to use with full source.
I did once also use IceLicense, but switched to OnGuard/Lockbox which allowed me greater control over the key generation process which we embedded directly into our CRM system.
Of course there is no %100 bullet-proof protection suite, but having some type of protection is better than having nothing.
I worked with WinLicense in Delphi 2009 and Delphi 2010 on Windows XP and Vista. It is a good product with lots of protection options, and customizations. It provides a SDK for developers, and has nice documentation and samples. It also provides a license manager for you. They provide trial download too.
As far as I remember, they offer some customer specific versions too; that means they are willing to provide a custom-built product which is customized according to your needs, but of course that will cost more.
Since WinLicense is a well-known and popular protection suit, many crackers are after it. As you know, the more famous a tool is, the more appealing it is to crackers. But the good thing about Oreans is that they actively monitor underground forums, and provide frequent updates to their products.
So IMHO, if you are supposed to buy a prebuilt protection suite, then you'd better go for WinLicense.
A little late to the post, but check out Marx Software Security (http://www.cryptotech.com) they have a USB device with RSA & AES on chip, with network based license management.
I bought a license for ICE License in 2007. Unfortunatly (as far as I know) the component haven't been updated since June 2007. Back then a Vista compatible version was in the work but never came out of beta. I don't think they updated the component for Delphi 2009 and 2010 yet.
Ionworx is an one man company which might explain the lack of updates and lack of answer to support questions (emailed them 2-3 times since 2007 and never got back to me). They also removed their support forum from their site.
ICE License is better than nothing but I would stay away from this product because the lack of updates & support.
I investigated this a few years ago, and came to the following conclusions:
All copy protection can be broken
Nag screens on load irritate people to the point where they may stop using the product
Random nag screens can interrupt the users work flow to the point where they perceive it to be a reduction in the speed of the application
Set up compiler options, so that you have a version as a demo (perhaps with save functions removed), reduce multi user versions so that only one client can connect at a time (not using, for ex:
if connection=1 then reject
but reducing the viability for multiple connections in code)
Themida has good protection, and I think it built with Delphi too ;-)
if you have a better budget, you can look at winLicense and other tools from same company.
Have a look at this question which is pretty similar, and includes many of the tools.
Take a look at InstallShield. We've been using it for a while ourselves, and it has a lot of capabilities for trial support, licensing, and others. I don't know about key generation off the top of my head as our use doesn't require keys, but there's a lot available to you from them.
AppProtect wraps an EXE or APP file with computer unique password or Serial Number based online activation. QuickLicense is a more comprehensive tool that support all license types (trial, product, subscription, floating, etc.) and support both a wrapping approach or API to apply the license to any kind of software. Both are available from Excel Software at www.excelsoftware.com.
We are currently evolving our development processes in an effort to become CMMI compliant (we will start with level 2, and move up from there). We are trying to locate a tool that is inexpensive (or free) that will allow us to develop requirements in the spirit of CMMI. In other words, we need to be able to enter our requirements, track changes to them, provide alerts to individuals when requirements change, perform traceability, etc. Our projects are typically small (typically 3 - 7 developers and a tester or two).
We have looked at many of the commercial tools, but they cost more than we are able to afford. We looked at a few on SourceForge (OSRM and others) but could not find anything that was sufficiently mature that also had the features that we needed.
We are looking for suggestions for a tool that meets the above requirements.
INCOSE is an excellent resource for this sort of question. They maintain a Tools Database that indexes COTS and GOTS System Engineering tools. Some of the tools that perform requirements management also have high-level System Eng functionality (CORE, for example) whereas others are more narrowly-focused (i.e. RequistePro).
Most of these tools will cost money, but may provide some limited free functionality. Workspace.com, for example, provides some free functionality. I would recommend against rolling your own solution, or adapting a tool that is not specifically intended for requirements management, because the hidden cost of getting it going, as well as inefficiency at the intended task could become burdensome.
If you absolutely can't afford to spend any money on a requirements tool, it would be better to use the free functionality from a commercial tool. But don't do that... pony up the cash for RequisitePro and sleep better knowing that you're getting the right tool for the job.
How about starting of with a Wiki? We use TWiki but there are many others available. The wiki we uses
sends an email when any pages change
stores the history of changes to each page
by using the auto-linking of wikis you can create a hierarchy of requirements
This seems to cover most of your items. Wikis like TWiki have plugins which may also help you.
If you only have 3-7 developers on a project using one of the big commercial tools may be far too complex for what you need.
We're heavily into CMMI at our company, but all of our tools are developed in-house.
All I can recommend is to develop your own tools. You will at least have the advantage that it will reflect your business process.
In general, for a new tool, we start off with a tool developed on a project, which is then shared with the rest of the company, if it has been successful. Don't be afraid to use Excel to trace your requirements along with a statuts, which along with a good change control system, such as subversion, gives you a lot of traceability.
A team in the company I used to work for was working on customizing Visual Studio Team System work item templates to handle requirements tracking. One goal, which you should consider as well, was to enable traceability from requirements through to developer work items and then defects. This enables some powerful analysis of which requirements are tied to the most defects.