Develop Reference

Use of libraries that breach licenses you don't know about [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 7 years ago.
Improve this question
Building a commercial product may use various open source libraries that have use of other libraries. In an ideal world you would know which licenses they use and whether it is safe to use them.
However, if you use an open source product (or commercial can apply here also) that is in breach of licensing and you don't know about it how does this affect what you do?
So for example I use Product A that uses a licence than means product A and anything that uses it has to be open source. However Product A has breached the rules but hidden the fact.
Now this means my product is also supposed to be open source but I have no idea it should be. Can i be in breach of the license even though I don't know I am?

As it happens I am customizing a EULA for a commercial software component (using a template from a Legal firm) and I found this clause in it
(b) that the use of the Software by the Licensee in accordance with the terms of this EULA will not infringe the Intellectual Property Rights of any third party;
What I would do is scour the license of the component you are using as you may find this clause. If so (Im not a lawyer and this does not constitute legal advise), you may be able to reasonably assume that so long as you are complying with the license of the component you do own, you will not infringe the license of any component you do not own.

I'm not a lawyer (tm), but I'd say that you are responsible, of course. If you use a product A that uses another product B, you must know about that fact that B is used and also you must know about the licensing terms of B, as - effectively - you're using B yourself.
But that's just what I'd expect...

Licensing is like a chain. If for example one component makes use of some other work in an unlicensed way, the whole chain is broken, the other work can not be rightfully licensed to others.
For copyright it does normally not depend whether you know what you're doing or not. Sounds harsh, just saying upfront as you asked for commercial distribution.
If you create a work, you should do what that requires:
Locate all third party code you make use of.
Locate all binary blobs.
Catalog the components.
Find out who hold copyright and under which license each compontent is available, retrieve the licenses and store them with the software (if the software does not ship with the actual license text, document from where and why you've stored the texts).
If it's not clear under which license a component is available, contact the coypright owner/author. You should prefer written communication.
Verify that you full-fill the requirements of each license.
Verify that all components are license-wise compatible with each other.
I think doing this pro-actively is important because otherwise you can't argue that you did not know if you can't document what you did know. It would be just meaning that you didn't want to know which hardly can't offer any sort of protection. To which level you need to find out about an identifiable component I would say it depends (saying: How far you need to take this).
Ask your lawyer and do some risk analysis: You might not be legally obligated to check that subcomponent A which makes use of A-B and A-C has properly checked for the right of these two components. But in case it turns out that A-B was violated and A is not rightfully licensed to you regardless what the licensor of A told you, you can still loose any usage rights for A-B which could turn out that you must drop A. So for critical components you might want to do more than the law requires you to do.
In a commercial context "assuming" might be counter-productive. Ask your lawyer about that.
The work to clarify copyrights and licenses, it's progress as well as the underlying processes should be documented. You should also look for legal help with such processes as if you run into conflicts (and software licensing can be complicated) you need to legally discuss what you have as well. Depending on which components you use, expect this to be quite some work.

redistributing application with NAG math libraries- client must have license?

Has anyone dealt with re-distributing an application that uses the Numerical Algorithms Group (NAG) Libraries?
It seems like when I build an executable, it won't run unless I have an environment variable set for the license file- i.e. if I gave someone the code they would need a license and associated daemon as well.
Is there no way around that? I was hoping I only need the license to link with it.

#pkarasev,
You didn't say much about the nature of the application or what kind of organization. If you work for an academic institution and the application is to be shared with other researchers on a non-commercial basis, we have a program that may allow you to distribute it on a no-cost basis for users. Even if your application is to be sold, we can make so that you don't have to use NAG's license management in the application.
If you've got more questions and just want to talk with someone call either me or or John Holden in our Oxford UK office (+44 1865 511245)
Rob Meyer
+1 630 598-5215

Many parts of NAG are available for free with permissive licenses. For example, NAG's linear algebra package is taken from LAPACK, which is available in a BSD style license. You might be able to track down free versions of every sub-package in NAG, but it just won't be bundled up as nicely, and you'll then have to figure out how to make them all work together. If you list what functionality you use, perhaps people can offer more suggestions.

Choosing licensing statement for an open standard/specification [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I've started to write a file format specification for a domain-specific data type. My goal is to improve interoperability between a large number of data providers and search algorithms. I want the result to be available for use, patent-free and without distribution fees.
I'm looking for advice on which license to use, both for the specification and for the contributor agreement, if I need one.
If this were software then I know enough about the GPL, MIT, etc. licenses to make an informed decision. If this were a straight document then I would pick one of the Creative Commons licenses, likely CC by attribution.
Looking around, I don't find any common license statement or much in the way of advice. I'm leaning towards the one used in RFC (for example, the HTTP/1.1 copyright statement) but that says "this document itself may not be modified in any way" (with exceptions), which is something I'm not used to from developing code under the MIT and GPL licenses. But that restrictions seems pretty common in specifications.
Unlike most documents but like code, specifications can be affected by patent. Is it best practices these days to also state that the specification is patent-free and require any contributors to reveal any patent conflicts they may know of and/or freely license those patents for the purposes of implementing the spec?
Should I require some sort of contributor agreement?
Or should I just wing it, choose the RFC copyright statement (or CC-By-Attribution), and not worry about this?

"this document itself may not be modified in any way" (with exceptions) [...] But that restrictions seems pretty common in specifications.
Actually, it is pretty much a requirement. If anybody could change it at will, it wouldn't be much of a specification: that would defeat the whole purpose to "improve interoperability between a large number of data providers and search algorithms".
Dalke: Is it? I'm so used to implementation-defined and ad hoc format definitions and people who break the spec left and right that I didn't think it would add anything, and protection would hinder future extension if I decide to not continue maintaining the code. I thought conformance was better handled by trademark law, like how DRM-based CDs which violate Phillips' Red Book can't use the "CD" logo.
[...] which is something I'm not used to from developing code under the MIT and GPL licenses
Actually, you are used to it, you just don't realize it: the whole reason why you were able to just write the three letters "GPL" above and blindly assume that everybody knows precisely what you mean, is because the GPL itself contains exactly that same restriction. ("Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.") The GPL itself is not distributed under a Free License, precisely because if anybody where allowed to modify it, it would lose its meaning.
Dalke: You're right, although the GFDL's "invariant section" sprang immediately to mind when I was considering the possibilities. I will point out that people do things in the license grant which modify the terms of the GPL to, among other things, make it non-free, and I've personally modified the three-clause BSD license to scratch out Berkeley and put in my name, but those are quibbles.
Is it best practices these days to also state that the specification is patent-free and require any contributors to reveal any patent conflicts they may know of and/or freely license those patents for the purposes of implementing the spec?
Yes. It is clear from your question that you care a great deal about making the barrier for implementors as low as possible. Then, what good is a free, open, royalty-free specification if I have to pay for a patent license anyway? This has to be addressed, preferably by an IP/patent lawyer with extensive expertise in such questions (including, but not limited to, the specific challenges that open source projects face with regards to patent licensing).
There are some quite subtle pitfalls in there. For example, one common theme is to require that patent licenses be made available under what is usually called FRAND (or RAND) terms, which stands for fair, reasonable and non-discriminatory. Which sounds good, right? Except there's a subtle problem there: charging 1 cent for every copy is certainly reasonable and if you charge everybody the same amount, it's also fair and non-discriminatory. Except that open source projects (and even freely distributable proprietary ones) cannot enforce those terms, therefore they cannot implement the specification.
Dalke: Very true. But for licenses that's a well described topic. There are reams of text on the matter, and suggestions, and podcasts, and even automated license choosers. For specifications, not so much. I did know about the RAND issue, and I've heard stories about other spec where a contributor at the end said "Oh! Look at that! We've got a patent on it. Well lucky us!" A question is how much I should worry about it.
So, proper patent promises or covenants or whatever you call them, are very important. (As are trademarks, by the way.)
For example, the W3C originally wanted to adopt a RAND license for its specifications, but after significant protests from projects such as Mozilla and Apache, they decided upon a royalty-free model. So, even an organization which cares deeply about freedom and openness almost made a mistake with the potential of killing every single open source web browser, feedreader and XML parser.
Or should I just wing it, choose the RFC copyright statement (or CC-By-Attribution), and not worry about this?
"Winging" important legal decisions is how people end up bankrupt or even in jail. Or at least extremely unhappy. While the first two are pretty unlikely in this case, I assume that you will be unhappy if you find out in two years that your specification is completely useless because of a glitch in its patent/copyright/IP legalese.
Dalke: I knew that word would be a draw. ;)
There are legal firms that specialize in pro bono work for non-profit developers of open source projects; maybe one of those will help you. The most well-known ones are probably the Software Freedom Law Center (SLFC) in the US and the Institut für Rechtsfragen der Freien und Open Source Software (ifrOSS) in Germany.
And whaddaya know, the fourth news item on the ifrOSS homepage is about the Open Web Foundation Agreement, which is a license template by the Open Web Foundation specifically for open, non-proprietary community-driven specifications for web technologies.
Dalke: Thanks. I'm in Sweden, so I wonder how well those resources will apply to me. Looking at the OWF I see it's US-based but it tries hard to be international, and I see one thing I don't like; the requirement for attribution. It does look like they are the people to talk to. Thanks for the pointer!

Why does software have EULA? [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
This is the only product that I know that a consumer must agree to something that only lawyer can (something) understand. I'm sure car accidents kill more people each year than software accidents. But I don't sign anything like an EULA when I buy a car.
So why does software have EULA? Were there a bad accident that triggered the need for software companies to protect themselves? (and what was the first software that had EULA?)
[Update] Just to clear my point: I don't understand why software have EULA. No other product that I can think of does (not even gun)! So what makes software different that this product needs some sort of "liability limitations"?
By the way, Wikipedia says that "The legal status of shrink-wrap licenses in the US is somewhat unclear."

The difference is that you are purchasing a license to use software, not the software itself (which the software company still owns). The EULA stipulates the method with which you can use the software. Similar agreements are in place when you rent things (e.g. a home), lease equipment, etc.

An EULA is designed to be a contract that conveys or limits “usage” rights, hence the name End User Licensing Agreement. It has nothing more to do with a copyright than the mortgage loan contract that I have with my bank. That is why the legality of shrink-wrapped licenses is questionable. It is a contract that you do not get to read until after you purchase a product. It is clear from many responses here that the vast majority of people have not wrapped their heads around the idea the copyright does not extend to “usage” rights.
One responder wrote “Actually, the book is yours but the rights to the book are not. Just as in software, you purchased the physical media, but are bound by law on how you can use it.” Nothing could be farther from the truth. There is no law that restricts how you can use the book. Any restriction on usage would have to be agreed upon by you and the retailer as part of the sale.
Consider that in the absence of copyright, the copying and distribution of books would be perfectly legal. A book would be typical tangible property and nothing more. Copyright limits your ability to legally copy and distribute the content of the book. No additional agreement is necessary. Copyright in no way dictates how you can use your book and copyright law does not convey to the author the power to convey, limit, or negotiate “usage” rights. The only way that they can limit usage rights is through a separate contract that would have to be completed as part of the sale or rental.
There was some confusion regarding the GPL. The GPL is not an EULA. It is a copyright license that permits copying and distribution of the content so long as you comply with the restrictions of the license. In absence of the GPL (say you choose not to accept it), you can still use the software, but you are restricted from copying or distributing the software by Copyright Law.
EULA exist for various purposes. Companies that develop software want to negotiate a position that puts them at the least risk and gives them maximum leverage.

If a consumer receives software without any license, consider what they might consider their rights:
They may believe they can copy the software, as many times as they want.
They may consider re-selling the software, and still keeping a copy for them self.
They may believe the software must work perfectly, with zero bugs (as they understand a bug)
They may believe it is fully waranteed against any perceived defect, and try to return it, for a full refund, at any point in the future.
In short, the EULA disabuses consumers of these notions. It defines ownership and copyright of the software, limits on its use, distribution, features, and quality.
Now it is true that as lawyers get involved in the EULAs more and more, stranger and stranger provisions creep in, such as provisions that you cannot review the software on a blog, or you cannot bad-mouth the software to the press, or that the publisher owns content created with the software.
But fundamentally, the EULA is supposed to be about the producer and the consumer coming to an understanding of what is, and is not, an acceptable use of the software.

Actually, what is quite funny, in Germany EULAs are pretty much legally-non binding, since you only get to see them after the purchase, so for us the answer to your question is:
To intimidate the user from doing stuff the company does not want

There are basically three reasons for EULAs:
Software is much more copyable than any other product I can think of. It is almost never left on its distribution medium. That creates a huge temptation to, for example, buy one copy of Windows and install it on all of a company's thousand computers. Developers want to explicitly lay out how many computers the software may be installed on.
Software often has undetected problems. Even the best QA department never finds all the bugs in a software product. Developers know this and want to be legally covered.
Software can often be easy to take apart to discover a developer's trade secrets or other information the developer doesn't want others to know. Developers want to legally restrict this to protect their advantage over competitors.
Of course, there are sometimes other reasons for other terms. EULAs for Apple's Mac applications, for example, usually state that you can only install the software on an Apple-branded computer; this ensures that Apple's software (which is usually sold much cheaper than it would be from any other developer) increases sales of Apple hardware. The GNU GPL tries to ensure that the innovations in derivative software remain available to the community that developed the original. There are as many reasons as there are clauses.

It depends on the exact wording of the EULA. Often, it's written to reinforce existing laws, such as copyright, by directly informing the user that it's unlawful to copy the program. It also adds on other restrictions such as no reverse engineering, restricting the intellectual property.
Additional clauses may include "not to be used in nuclear projects" or similar. This is merely covering the developer's bases, as it is extremely unlikely that a nuclear system developer would use a non-realtime, non-approved system without extreme amounts of research.
A further clause could restrict certain classes of users, such as military or government, which the developer feels strongly against.
As for which software had the first EULA, I have no idea.

Cars and guns technically have something like a EULA... we just call them "licenses". You have to learn the limitations and rules of their operation, then take some tests and sign some papers.

Nobody has mentioned the obligations of the provider, which are often in the EULA too. If I make your software a critical piece of my corporate infrastructure and you go bust I want to be able to get my hands on the code so your failure doesn't precipitate mine.
As someone said, this is more akin to a rental agreement than a purchase agreement, which is why the analogy with a gun does not really apply.

For proprietary software, License tells about your right to use specific software copy and impossibility to re-sell it, also your and software authors rights and charges
For open source software, License also tells about your right and charge about source code (distribute, do not do that, do that with limitations)

When you use a gun at a firing range, don't you have to sign some type of release or waiver? The logic is similar.

Does anyone have database, programming language/framework suggestions for a GUI point of sale system?

Our company has a point of sale system with many extras, such as ordering and receiving functionality, sales and order history etc. Our main issue is that the system was not designed properly from the ground up, so it takes too long to make fixes and handle requests from our customers. Also, the current technology we are using (Progress database, Progress 4GL for the language) incurs quite a bit of licensing expenses on our customers due to mutli-user license fees for database connections etc.
After a lot of discussion it is looking like we will probably start over from scratch (while maintaining the current product at least for the time being). We are looking for a couple of things:
Create the system with a nice GUI front end (it is currently CHUI and the application was not built in a way that allows us to redesign the front end... no layering or separation of business logic and gui...shudder).
Create the system with the ability to modularize different functionality so the product doesn't have to include all features. This would keep the cost down for our current customers that want basic functionality and a lower price tag. The bells and whistles would be available for those that would want them.
Use proper design patterns to make the product easy to add or change any part at any time (i.e. change the database or change the front end without needing to rewrite the application or most of it). This is a problem today because the Progress 4GL code is directly compiled against the database. Small changes in the database requires lots of code recompiling.
Our new system will be Linux based, with a possibility of a client application providing functionality from one or more windows boxes.
So what I'm looking for is any suggestions on which database and/or framework or programming language(s) someone might recommend for this sort of product. Anyone that has experience in this field might be able to point us in the right direction or even have some ideas of what to avoid. We have considered .NET and SQL Express (we don't need an enterprise level DB), but that would limit us to windows (as far as I know anyway). I have heard of Mono for writing .NET code in a Linux environment, but I don't know much about it yet. We've also considered a Java and MySql based implementation.
To summarize we are looking to do the following:
Keep licensing costs down on the technology we will use to develop the product (Oracle, yikes! MySQL, nice.)
Deliver a solution that is easily maintainable and supportable.
A solution that has a component capable of running on "old" hardware through a CHUI front end. (some of our customers have 40+ terminals which would be a ton of cash in order to convert over to a PC).
Suggestions would be appreciated.
Thanks
[UPDATE]
I should note that we are currently performing a total cost analysis. This question is intended to give us a couple of "educated" options to look into to include in or analysis. Anyone who could share experiences/suggestions about client/server setups would be appreciated (not just those who have experience with point of sale systems... that would just be a bonus).
[UPDATE]
For anyone who is interested, we ended up going with Microsoft Dynamics NAV, LS Retail (a plugin for the point of sale and various other things) and then did some (and are currently working on) customization work on top of that. This setup gave us the added benefit of having a fully integrated g/l system, which our current system lacked.

Java for language (or Scala if you want to be "bleeding edge", depending on how you plan to support it and what your developers are like it might be better, but also worse)
H2 for database
Swing for GUI
Reason: Free, portable and pretty standard.
Update: Missed the part where the system should be a client-server setup. My assumption was that the database and client should run on the same machine.

I suggest you first research your constraints a bit more - you made a passing reference to a client using a particular type of terminal - this may limit your options, unless the client agrees to upgrade.
You need to do a lot more legwork on this. It's great to get opinions from web forums, but we can't possibly know your environment as well as you do.
My broad strokes advice would be to aim for technology that is widely used. This way, expertise on the platform is cheaper than "niche" technologies, and it will be easier to get help if you hit a brick wall. Of course, following this advice may not be possible if you have non-negotiable technology already in place at customers.
My second suggestion would be to complete a full project plan, with detailed specs and proper cost estimates, before going with the "rewrite from scratch" option. Right now, you're saying that it would be cheaper to rewrite the system than maintain it, and you don't really know how much it would cost to re-write.

I suggest you use browser for the UI.
Organize your application as a web application.
There are tons of options for the back-end. You can use Java + MySQL. Java backend will save you from windows/linux debate as it will run on both platforms. You won't have any licensing cost for both Java and MySQL. (Edit: Definitely there are a lot of others languages that have run-times for both linux & windows including PHP, Ruby, Python etc)
If you go this route, you may also want to consider Google Web Toolkit (GWT) for creating the browser based front-end in a modular fashion.
One word of caution though. Browsers can be pesky when it comes to memory management. In our experience, this was the most significant challenge in doing browser based POS You may want to checkout Adobe Flex that runs in browser but might be more civil in its memory management.

What is CHUI? Character-UI, as in VT terminals? Or even 3270 style?
It sounds like you need a 3-tier system - the database backend, a middle-layer that runs the bulk of the back-end business processes, and a front-end layer for the CHUI / GUI / data-gateway.
All three layers can reside on one machine; or you can distribute the tiers out to various servers. The front-end layer would control the actual terminals, whether they are VT-terminals, or a web-browser, or a custom-written 'client' application.
Make sure you have considered the hardware needs here -- are you going to have barcode scanners, cash drawers, POS debit/credit terminals, et cetra? If you are using a standard browser, it might be hard to reliably integrate those items. (At the very least, you're likely going to have to write special applets to handle them.)
Finally, consider the possibility of a thin-client technology on Windows. It greatly simplifies system management, since you only have to upgrade the software centrally. Thin-client PC's are cheap -- sub $200.

Golden Code Development (see www.goldencode.com) has a technology that does automated conversion of Progress 4GL (the schema and code... the entire application) to a Java application with a relational database backend (e.g. PostgreSQL). They currently support a very complete CHUI environment and they do refactor the code. For example, the conversion separates the UI, the data model and the business logic into separate Java classes. The entire result is a drop-in replacement that is compatible with the original (users don't need retraining, processes don't need to be modified, the data is migrated too). This is possible because they provide an application server and a set of runtime classes that provide that compatibility. The result of the automated conversion is not something that needs further editing before you can compile and run it. True terminal support is included so hardware terminals still work (it requires a small JNI library to access NCURSES from Java). All the rest of the code in the runtime is pure Java. No Progress Software Corp technology is used in the resulting system and it runs on Linux.
At least one converted system is already in production, running a 24 by 7 mission critical environment. It is a converted ERP system that their mid-sized pilot customer uses to run their entire business.