What is the best practice for releasing a simple software? Suppose I created a very small simple and useful program or a tool and would like to share it with everyone by uploading it to my web-site.
Do I need a license and which one? (I read http://www.gnu.org/ and http://www.fsf.org/ but still cannot decide - there are too many of them.)
Do I need to put somewhere a copyright and what is the basic principles of creating "Copyright" string?
How can I make a user, who is going to download and install my program, to believe that my program doesn't contain viruses or a malicious code?
Since this is a "very small simple and useful program" (e.g. someone could recreate it easily), I would not worry too much about the details and choose a simple license, something you can include in about 20 lines at the top of every file:
Copyright (c) <year> <copyright holders>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
There's really nothing you can say to the pessimistic user to convince them it doesn't contain a virus, and I would not even go into detail about that. Scan the file with a virus scanner and simply state which one you used, if you want, but nothing more. Providing the source code so someone can read, understand, and compile themselves should alleviate most users' concerns about you intentionally trying to sabotage them. (And this works even without people actually reading the source, because most people are trusting.)
These answers are just my own opinions, not some widely established best practices
Go for one of the permissive free software licenses, such as BSD license, they are short, simple and as the name states, permissive.
Copyright 2010 Your Legal Name should be enough - I would put it as a comment in all source files and in "credits screen" / help menu / whatever of the GUI. Also put a pointer to the license there too.
That is what the user uses antivirus for :) - perhaps host your software on some reputable site (like sourceforge), not on a suspicious site (like rapidshare). Also, just releasing your source code hints this (as anyone can take a look and see for themselves)
You need a license if you want to make it open source. If so, the license will specify a copyright, and by publishing the source code users can feel safe that it doesn't contain a virus.
If you don't open source the app, just upload it to one of those shareware sites (download.com, tucows.com) - they will take care of scanning for viruses.
If you are using any kind of .NET language there is a publish option in the properties file where you can specify the FTP location, and it automatically does a sufficient enough distribution system.
Also, you can have the program check for updates if any has been released, and it will develop the release before each run. Look trough that properties thing for copyright and support URL and what not fields. For the copyright thing, check Creative Commons if you want redistribution, but as soon as you put that magic c in circle thing, that's all you have to do to have copyright of your IP and no applications are necessary as far as I know.
Related
I'm looking for a security mechanism (extension to the existing auth methods in SSH) for the server to ask the client system for a sort of signature of important parts of the system (the /etc directory with Unix like systems for example, in combination with system id and hardware UUID's) which can "prove" it's the system whivch has been authentiacted before.
Checksums like SHA-{256,512} are not a good choice, since when a little bit changes in the source, the checksum may change a lot. I'm looking for a method that does also change a little but when the source changes a little bit (because the system changes through the use of the system...)
and which gives a probability it's the same source (=system).
Looking forward for your answer,
Stef Bon
the Netherlands
What you dream about is theoretically impossible.
See academic publications by Stefano Zacchiroli and by Roberto Di Cosmo and the SoftwareHeritage project
Notice that Rice's theorem and the Halting Problem and the P versus NP problem is relevant
What you could get (with efforts, time, and money) is some unsound and incomplete software tool. Read Pitrat's Artificial Beings : the Conscience of a Conscious machine book and see the RefPerSys, Frama-C, Bismon, DECODER projects.
You could contact me by email to basile#starynkevitch.net and basile.starynkevitch#cea.fr about them.
There is No Silver Bullet
I'm making a /meme {text} command for my discord bot. For this, I need a source for those memes. The reddit subreddit r/memes seems to be a good one. So I used a package to get the webpage of the search results for {text} then extract the top image (using JQuery through another package. It worked, but I wanna know whether it's legal, if I mention the source of the images/memes and a link as well. I can't ask on reddit due to my account being new.
Packages used:
https://www.npmjs.com/package/request-promise
https://www.npmjs.com/package/cheerio
StackOverflow is not so much about legal advice. But since the essentials of copyright and authorship laws are important for programmers, too, I think an answer is in order:
Is it legal for you to mass-download readily available resources from the Internet? Yes.
May you redistribute the material you downloaded? That depends on the copyright claims put by the original author on the material you downloaded. In case of doubt, err on the safe side and assume: No!
Furthermore scraping a site like Reddit with an automated script may violate their terms of service and it's perfectly legal for them to block your bot (i.e. kick you out of their house). If you try to circumvent their block, technically you're "trespassing" and they may take legal action.
Note that the specific laws governing this are specific to each country, so it doesn't really make sense to point to the specific laws in question. But in general these rules in some form apply everywhere on the world.
Sort of in a soup now ..And sorry for being a bit generic.
I am an IT admin of a company and we have a small custom build software being used by one of the departments which was developed internally.Nobody seems to have the source code of it and the employee who created it has left. (This all happened before I joined)
Now as part of Security compliance implementation I need to test this software for vulnerabilities. I come from an IT infrastructure background and have no idea how to go about this .
Could some of you point me in the right direction
thanks
1. DIY
There are a number of "black box" tests you can perform yourself.
The easiest to perform are web based tools that will scan for well known problems. Companies such as Qualys (Just referencing the best known player, not an endorsement) offer the needed tools to generate a security report that might (or might not) be enough to proof compliance (or non-compliance) with your requirements.
The mentioned company even offers some of those for free, provided the test target can be reached over the Internet. The more advanced options are obviously not going to be free.
2. External Audit
Alternatively you could seek an auditor familiar with the rules/regulations you seek compliance with and get them to certify it is in compliance. It can be tricky to find one willing to work on a black box system depending on the specific rules/regulations you want to proof compliance with.
3. Ethical hacker
Another option is to hire a company that will audit it by employing similar tools you could do yourself in a first phase, and depending on those results they might actually deploy a skilled hacker to break into the system. If they are good at what they do, it'll cost you a significant amount and If you allow them enough budget to do this, it's next to a sure thing that they will break in. [nothing is 100% secure, esp. not abandoned deployments]
The report afterwards will point out a list of improvements you need to make (but since you have no reasonable way to do that ... and your only goal is to get a compliance rubber stamp ...
I am back porting a bunch of code to run on older kernels. (gcc 4.9 dependencies, x11, vlc etc.) as *.deb files. In this process, ( I am new to packaging) I need to create a copyright file. I can have a blank one, I know, but I would like to know, what is the copyright format?
Do i take the license of the software I am packaging? Or can I give the package a different license than the source licence?
I have been reading:
https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
but I am still confused about license and copyright, and whether or not license and copyrights are different for the *.deb file I am making.
Can someone clarify this?
First, according to Debian policy, it's not necessary to use any particular format for the debian/copyright file, as long as the reader can easily tell what copyrights and license terms apply to the package or to individual files (and, of course, as long as those license terms are actually met). I personally appreciate it when a packager uses the copyright-format/1.0, though; it's usually much clearer to read.
The license information in debian/copyright should cover the copyright(s) and licensing of the package you're distributing, as well as any additional copyright and licensing you want to apply to your packaging.
You can't give the package a different license than the source license unless you have permission to do so (nothing gives you automatic permission to license someone else's property on your own terms). Some open source licenses imply that it's ok to redistribute the source or derivatives of the source under a different license, as long as the copyright notice and a disclaimer are kept intact.
It's fairly common, for example, for code licensed under an MIT/X11-style license to be incorporated into code under a BSD-style or GPL license. The resulting combined work is then distributable as long as the terms of both licenses are met (this is not a very onerous requirement in the case of MIT/X11/BSD), and both copyright notices are included. If it's possible to meet the terms of two or more licenses at the same time, we say those licenses are "compatible".
Some works meticulously keep track of what copyrights and licenses apply to each particular file when combining source from multiple origins. Some instead apply all licenses and all copyrights of component parts to the entire combined work. Both are generally accepted by the open source community, as long as it's clear that an effort is being made to identify and comply with the original licenses. Both of those are easily representable in the copyright-format/1.0 syntax.
(I am not a lawyer, this is not legal advice, consult a real lawyer if you are worried about actual legality of relicensing, etc.)
I am using Haskell, which reported to be great and easy for parallelism. Unfortunately, I have no way to test this claim, as my computer has a single processor. Does anyone know of a utility that will make it appear as if my computer as 2 or 4(obviously slower than the real one) processors, and would let me track there performance. It should also let me test one imaginary processor at a time, so I could see how parallel to nonparallel would compare on such a computer. Although it would be better to the comunity for a more universal app, I will take answers even if they only work with haskell.
P.S. I am running Ubuntu 13.10.
The search keywords you are looking for are "simulate multiple cores"
Here's one: sniper
It is not open source. From the FAQ:
Q: What are the license terms for using Sniper?
A: In short, the interval core model is protected under a US patent
application. We automatically grant you a free license for using the
interval model inside Sniper for academic purposes. For commercial
use, please contact Lieven Eeckhout. All other code is licensed under
the very liberal MIT license. You can view the full details on our
License page.