I had a question with regards to software built on Ruby on Rails. I'm on the business end of an incubation team that has a few projects in the works, all built on Ruby on Rails. The goal from the investor was to sell the software out to third parties and have them use the platforms to their liking. From what I can tell though, there is no way to compile Ruby code and send it off to a third party, hiding the actual code from them.
We do not want our clients being able to copy our code and take it from us. Is there any actual solution to this problem, or are we screwed because they already decided to develop on Ruby? We wanted to be able to sell software as a service, but that's not going to work out if a client can sign up for a month, copy our code, and then build their own solution.
Thanks for any help in advance.
Ruby code obfuscators do exist, but that's of little real help IMO. But even if Ruby was compiled, chances are good it would get compiled into a format that is easily decompiled. Languages like C# and Java are both easily decompiled and thus source code is easy to get at these days.
Your real protection should probably come from a license. You may need to work with a lawyer or someone versed in software licenses. But if they violate your license, you have legal ground to take action.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 7 years ago.
Improve this question
I'm having some trouble recently with the open source licenses. I started to feel like if they are somehow tricky! So, I'm just asking about the rights, attribution and so on..
Know, if I for example used a Ruby Gem, licensed under GPL, I install the gem, use it, my web app works! But there is no referring to the Gem, how is behind it, its license. I can't just believe that I have to include those for every gem I'm using. Do I have to? Or can I just use it silently?
So, a website with Rails (MIT), some GPL ruby gems, and so on, what should I include publicly? I think I'm not going to modify the source code of any of those gems.. Yeah, and if I have to attribute in my web pages, do I have to link to the licenses or even worse distribute my source code under the same license?
Also, if I found a tutorial or something like that that is licensed under Creative Commons BY-NC, should I distribute my whole work or put it under the same license, if I wasn't going to run them outside my own server? What if I wanted to distribute my software, which used ideas (and modified code) from the tutorial?
What about using formulas, which are more general than being owned? One-liner commands from stackoverflow when a gem doesn't install - Should I attribute that I used that to install the gem?! I think of course not, but just asking to make sure of the whole thing..
A website is normally the output of a program. Like you save a text-document with your word processor in disk, the document itself does not fall under the reciprocal license of the proprietary word processor (MS Word) or the reciprocal and permissive licenses of the free software word processor (Open or Libre Office Writer).
Only in case you create and distribute derivative or combined works (e.g. packaging multiple programs together in one package) you need to care about the licenses.
That for sure always depends on the concrete things you do. You need to document these concrete things, then go to your lawyer and then find out for the stuff you exactly do if and how copyright is in effect and based on the licenses used and if in effect, which steps you need to do.
Here on SO we are all only software developers (or if lawyers, not your lawyer) so we can not give you any legal support.
Usually stuff about licences can be a little confusing with open source software being released under different licences and usually the license documentation is usually written in lawyer jargon which proves difficult to understand for a lot of people.
Luckily this kind of question has been asked alot of times in SO. Just look at the licensing tag and order the questions by votes and you should find a few questions that pretty much answer your questions. In particular look at this question.
I'm quite new to the field of computer science but I think I've got a pretty decent idea for a website to aid classroom CS learning and collaboration. I'd really like to develop the website from the ground up and make it a sort of pet project in hopes of eventually getting it out on the web for free. Hopefully I can get some teachers to adopt it for use with their classes.
The problem is that I honestly don't know where to start. I've got the idea but I don't have enough formal education to guide the implementation of my idea. The site should have quite a bit of functionality in the long run. I'll need to be able to store user and class data/files as well as offer discussion boards and other things.
Without getting into too many details, what is the best way for me to get started? What languages and databases should I be most interested in as I build the site and ensure scalability and future functionality developments? I would really appreciate any information you could give me on how to structure the project/stack as I don't have much of a clue at this point. I have the idea. Now I just need a little bit of help getting started.
Thanks!
There are definitely already projects out there that will (more than likely) do everything you're currently considering. That said, there's immense benefit in doing a project like this for personal development - you get to learn, and you expand your public portfolio. If you run the project as open source, you can also demonstrate your ability to work with others. All very good (hireable) attributes.
Are there any programming languages you already know? Are there any that your course is going to be teaching that you know ahead of time?
There are so many different languages and frameworks available to choose from, but I'll only mention a few.
Language: Framework
.NET: ASP.NET MVC
python: django
ruby: ruby-on-rails
I'm a huge fan of django. Python is quite a nice language to learn. I'd recommend django purely from a biased point of view. Python runs on Windows, Linux, and Mac, though you probably don't want to host python on windows (culture more than ability).
Conversely, if you really like Windows, ASP.NET MVC makes building out websites very very easy. Mono does allow you to run .NET on linux and mac, but you might find support lacking, and I wouldn't suggest using Mono for your first project.
PHP is (was?) another popular language for building websites in. There are tonnes of web frameworks available for PHP. Popular opinion seems to be that PHP makes it easier for developers to write bad code, though it is possible to write good code with PHP.
Unfortunately, without knowing a rough direction in which you're headed, it's nearly impossible to offer some concrete advice. Database choice will generally come down to what language and platform (linux/.net) you're targeting. Web server also fits this profile. Once you decide on a language, narrowing down the other choices become a lot easier.
Learn HTML to start with and keep improving as per needed with css , javascript. You won't need more then this.
I have some community running Drupal 6. Drupal 6 have great numbers of modules for what I need, plus word "Community plumbing".
I've tried PHP frameworks like Yii, but I dont like PHP-CLI, because I feel that not well integrated with the PHP itself. So, I stay with Drupal 6 with lots of hacks.
But Drupal now become more "CMS", more "Enterprise" (just like lots of Java CMS).
With Drupal 7, out of the box, it easier to make a newspaper site, but to me, it more difficult to tailored to my needs, it more magic, and also slower.
The word "Community plumbing" has been replaced with "Open Source CMS", with statement "Use Drupal to build everything from personal blogs to enterprise applications". This is scares me as community-based application developer.
Django looks promising, but Rails have much more open source kick-ass app avaiable.
I dont know anything about Drupal 8. I dont know what to do for my next development.
It sounds like you are looking to move from a CMS to a framework. I am not going to give advise on frameworks here, since there are numerous topics on SO that cover this already.
A few things you should realize, coming from Drupal, moving to a (RAD)framework are the following:
Drupal is not OO, has its own ways of using PHP (hooks, template overrides) and such. Expect the experience to be very different. Your Drupal-gained-knowledge may come in handy, but is often of little use in framework-land where OO is the alpha and omega. :)
Drupal takes a lot from your hands. By installing some module, you have a new feature. With frameworks you are all on your own in this. You should select a framework that works with gems, packages or modules itself if you want to stand on shoulders of others peoples work. The main difference between these libraries and Drupal modules, is that you will have to implement and integrate the libs yourself. I consider that a very good thing, since it makes no assumptions up front and allows you to build exactly what you had in mind, yet having the same experience as Drupal-modules: many things are already done for you.
You know PHP. You probably don't know Python or Ruby as well. That means PHP-based frameworks have an advantage for you. But read various posts on SO about the downsides of PHP used in Frameworks to see some reasons why learning a new language and environemnt is not all that bad.
All in all, I think you will be surprised byt the increase in development-efficiency when coming from Drupal into a framework.
Make your own CMS in 'just PHP' and go back to being happy and having fun coding all day long :)
More people than you have noticed this behavior of leaving developers that have supported a system for years and years with a take it or leave it option.
It seems all the big companies can do with a product is make it 'bigger'. More convoluted, automated, with more layers of code and less modularity - all in the aim to make 'the ultimate megaglobular ultrauniversecorporate site'. Almost as if small clients with 'just a website' don't exist. Enterprise products belong in the enterprise domain. When you upgrade a non-'do the mightiest world-spanning web site/application' system, you shouldn't get a 'do the mightiest world-spanning web site/application'system.
The bigger system may be able to do more things and be more scalable to large systems, but they leave behind no small, accurate tool to do small and medium jobs quickly and with ease. Also: "Documentation is not scalable" (c) H. Erlandsson. To even find the doItAll() function or even know it exists, you have to wade through increasingly huge documentation. To then learn how to use it correctly, if you don't know all the component the function builds on, you have learn the behavior of many subsystems to understand how to apply some terse declaration to your problem.
The ultimate something can be several refined gems, and not an asteroid-size cluster of crystals.
Was a bit tricky to read out exactly what you're asking, hope I read you right. I can recommend some programming system gems, but they are not in the web dev domain, maybe others will know a few :)
Tomorrow, I will meet a client that is not working in technology but might ask if RubyOnRails is the right choice for his site. He might think that there's not enough RoR programmers and that he will be "hostage" of the language.
I have good reasons to use RoR and the client has good reasons to like it (it costs less!).
Do you have "official" sources I could show them?
Using a framework ensures that the "next guy" can pick it up quickly
Rails has reduced my workload by 80% over hand-coding.
Huge, active, friendly community to draw upon
Self documenting testing frameworks
It uses Ruby, which is super easy to learn in a pinch
Open source language, framework, and database that uses an open source OS. FREE sells.
This is, in some sense, a variant on the "bus hit factor" problem. Any app, once developed, is pretty much "hostage" to the language, the question is whether it is also "hostage" to the single developer who wrote the app. I think that RoR is a perfectly reasonable choice for development, but the issue is really how many developers in your local area are available to take this over if you happen to "get hit by a bus." If the customer is willing to work with someone remotely, this becomes much less of a problem. To reassure him, though, I'd first look to the local scene and find out about local Ruby developer groups. The presence of active, local developer groups is one measure that might convince him.
If, on the other hand, he's concerned that RoR will not continue to be viable in the future that is a slightly different issue. Again, I think you're ok -- you may want to point out other applications that are written using RoR as an indication of continuing pressure to improve both the language (Ruby) and the framework (Rails). You can find a lot of this information at http://rubyonrails.org/.
"might ask if RubyOnRails is the right choice for his site. He might think that there's not enough RoR programmers and that he will be "hostage" of the language."
Have you considered the possibility that these are valid concerns that should be taken seriously?
"I have good reasons to use RoR"
How does that help your client, though?
"it costs less!"
Does it? Do you have any specific evidence to support that assertion? Have you factored in hosting costs? Rails on MRI uses a lot of RAM. You're probably in Java territory or worse. Depends on the app and the load of course. Phusion Passenger (mod_rails) has improved the situation somewhat, but it's still an issue.
As mentioned by others documentation is a "HUGE" issue. Ruby and Rails official docs are sparse, to put it kindly. The community tends to rely on paper books which become outdated and misleading in a matter of weeks, thousands upon thousands of unreliable, contradictory blog posts, and screencasts which also suffer severely from the "quickly-outdated" problem. Don't think PeepCode is going to save you.
I would still consider advising a client to use Rails because the claims of programmer efficiency are more or less true, sort of, but I'd do so with extreme caution and I'd let him know the downsides.
Documentation is HUGE when it comes to open-source projects.
One thing you could do would be to explain to your client that it will cost them much more to have you and your developers spend hours and days searching for documentation on some other open-source framework that is less used and supported. Explain that there may not be as much ROR developers out there as there are PHP developers per say, but the fact that there's such a great amount of documentation and information about ruby and rails makes it exponentially easier to for any open-source developer to learn and use the framework.
There would be some things I would try to convince the client-
Ruby Community is huge
Ruby is mature enough
Ruby works with most database systems.
Rails is a product based on an Idea(MVC) most other platforms have embraced.
Improved readability and testability of code.
COSTS LESS!!
Migration methodology in RubyOnRails
If you want you can even target the Java Platform using JRuby and Java Platform is a pretty respectable platform.
Show some cool RoR applications.
Explain how you could be Agile!
I know so well clients not agreeing when you dont have a big company backing a technology.
The "cost less" feature of RoR is debatable, I agree with you. But in my case, I have a complete RoR-ready environment and I know that I can charge less for a RoR app than any PHP app that I could do.
The hardware/software environment for PHP and Rails are almost the same... so is the price of it. What will cost less for the client is the robust environment that we built.
That's the "cost less" feature. I'm not talking about about memory comsuption or anything else. It all can be bought for almost nothing.
This depends a lot on location. If RoR developers are plentiful and work for prices comparable to other programmers then you can use that to help sell Ruby.
For a client one of the main concerns is cost. Perhaps he is concerned about maintenance costs of finding and paying for a RoR developer, not the cost of the technology.
I know a web shop who was bitten by the relative 'newness' of RoR. They hired a developer to make a site and that developer use RoR. After the project the developer left. In our area RoR developers are not only scarce, they charge more than any other type of web developer. In this particular case the web shop ended up losing their client. The last I checked their client's web site is in PHP.
I'm not trying to say RoR is bad and I think that's an extreme case, but make sure to consider the client's concerns. The cost of maintenance is a very valid concern.
I'm wondering if it's possible to distribute a RoR app for production use without source code? I've seen this post on SO, but my situation is a little different. This would be an app administered by people with some clue, so I'm cool with still requiring an Apache/Mongrel/MySQL setup on the customer end. All I really want is for the source to be protected. Encoding seems a popular way to go for distributing PHP apps (eg: Helpspot).
I've found these potential solutions:
Zenobfuscate - not all types of Ruby code is supported however, so that counts that out
Ruby Encoder - may be the best option, as their PHP encoder looks alright (I haven't tried it however) but it's not available yet. I've used IONcube for PHP before and it worked well, but it doesn't seem that IONcube is interested yet.
Slingshot - it was mentioned in the other SO post, but it solves a different problem to mine and the source is still visible.
RubyScript2Exe - from the doco, it's not production ready, so that counts that out.
I've heard that potentially using JRuby and distributing bytecode might be a way to achieve this, but I've never used JRuby so I'm not sure what's involved.
Can anyone offer any ideas and/or known examples? Ideally I'd love to have some kind of automated build scenario as well.
Your best option right now is to use JRuby. A little bit of background: My company (BitRock) works with many proprietary and commercial open source vendors. We help them package their server software, which is typically based on PHP, Java or Ruby together with a web server or application server (Apache, Tomcat), the language runtime and a database (typically Postgres, MySQL) into a self-contained, easy to use installer. We have a large number of PHP-based customers (including HelpSpot, which you mention) but also several Rails-based ones. In the case of the RoR customers the norm is to use JRuby together with Tomcat or Glassfish although in some cases we also bundle a native Ruby interpreter to run specific scripts that rely on libraries not yet ported to JRuby (usually not core to the application). JRuby has matured quickly and in many cases it actually runs their code faster than regular Ruby. You will need to also consider that although porting your code to JRuby is fairly straightforward, you will need to invest some time on that. You may want to check JRuby Stack which is a free installer of everything you need to get started. Good luck!
If you release the source, obfuscated or otherwise, your app will be pirated. See, for example, Mint. It depends on what you're building, but you may find that you're better off releasing the app as a hybrid of sorts: A hosted app with a well-defined API, and a component that runs on the customer's server. As long as the true value of your product lives on the server side, you don't need to obfuscate your code, and you can just release the source code unmodified. Additionally, this may also give you the opportunity to reach clients running, say, PHP rather than Ruby. See, for example, Google Analytics, HopToad, Scout, etc, etc.
You can, but it wouldn't do anything to prevent somebody from reverse-engineering or modifying it. I remember there was an article about similar attempts to obfusticate Perl and how they could be effectively bypassed by a debugger and 5 minutes of effort.
If you can't wait for the delivery of RubyEncoder, then I think ZenObfuscate is the most promising. Though it may require some modifications to your source code, they do say this on their site:
ZenObfuscate costs $2500 for a site license or is individually negotiable for other licensing schemes. Yes, that is expensive. That was on purpose. But don't let that thwart you too much. If your product is really cool and we want to see it succeed, we'll make it work. "Really cool" is not freecell.
Of course, for $2500 (or more), you'd hope to get a few tweaks to the compiler that'd make your codebase fully supported. It might be worth engaging them in the conversation.
You can also take a look at Mingle from ThoughtWorks studios as an example of using JRuby for this.
It's a Ruby on Rails app, they run it using JRuby. They've customized jruby to load encrypted .rb files.
Take a look at JumpBox.
I've had conversations with them on the topic, and they seem to have a solution that will work soon for Rails apps.
I'm wondering if you could just "compile" the ruby code into an executable using something like RubyScript2Exe ?
To be honest I haven't used it but it seems like it could be what you want, even if it just packages up the scripts with the interpreter into a single executable.