Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
Is it risky to have dependency on a open source service?
Unlike a open source dll or componenent the service obviously needs to be constantly running, therefore is it a business risk to rely on it? What happens if the open source service disappears for whatever reason?
The service under question would not be used for a business critical application but if successfull it will obviously gain in importance?
Many Thanks
If it's really "Open Source" (as opposed to merely free), you can download the source and run it yourself it the original provider goes away. Of course, you'd want to download the source ahead of time, because if the service provider goes away, there's not guarantee that there will be a site to download it from. Also, you'd probably want to keep backups of the data for yourself if you can.
But if you're misusing the term "open source" to mean a free service like the Google Maps API, then yeah, if it goes away, you're boned. But if Google Maps goes away, so is half the net.
What exactly is an "open source service"?
Any old website that offers an API? Yup, depending on it is a risk - they could go under or start charging a fee
Or a site that publishes the software it's running under an open source license? Just download a copy and if the site goes away, you always have the option to run it yourself
The better question is this:
What happens if your paid enterprise you rely on goes under, and you're left without any code whatsoever, and no support?
With that in retrospect, Open-source guarantees a future. All you have to do is find somebody to hack it. Proprietary on the other hand, legal hilarity ensues.
IMHO, the same as a closed source service.
Both, usually, have the same chances of being closed, with the usual surprises of course, as also Google and Microsoft close services without any previous notice.
Same as Paul says, you can run that service if it gets very important, if it closes, or you need big things of it.
But most important thing, appart from being open or closed source, is the access to your data... in case the service closes or you need to move away... will you have access to all your raw data for moving?
Probably yes. But if it is not a mission critical application, it might be okay.
I personally would try to avoid it just because of its vague future. But you never really know whether a commercial service will live through next year.
Just don't bind tightly to this service and not design strictly for it. Design so as to facilitate switch to another similar service in the future or even to a very different approach.
Design for the family of similar services. And always think of an escape plan in case this service goes away or even all services of the class.
I've also had similar considerations about this service: http://www.webservicex.net
Seems to be freely accessible but who really runs it and who can guarantee it will be there tomorrow?
As for tomorrow, even Google Mail happens to be down at some days. What do you want then of a free open-source service? :)
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 8 years ago.
Improve this question
I'm living in Ukraine and maybe you know that we have some serious problems in our country. Ukraineans nowadays have no rights and almost everyone who trying to do something about it(fight for democratic ideals) are treated as enemy of the state. Police kidnap own people and torture them in prisons.
I'm an author of Chrome extension and this is my way to fight against tyranny. Still i'm worrying for myself and my relatives that someone could somehow find my personal information through its page in the store. And you need a credit card to register chrome extension in store(onetime $5 payment) so all my information is linked to my account in store.
So my question is next: could my personal info can be found through extension page in the store ? And maybe there is a way to hide such info..?
You should probably use a completely separate Google Account than the one you ordinarily use for uploading this extension. The webstore does show other apps created by the same author, so if you were to upload multiple extensions from the same account, and it was known who created the other extensions, that would be one way to tie it back to you. The other things that could tie an extension back to you are the contents of the extension (e.g. if you had your own personally identifying information in the HTML or JavaScript embedded in the extension code). Another way that they could attempt to unmask you is by sending an email with a virus to this account (the webstore does provide a way to contact the extension's author, I believe).
Google does comply with valid legal requests. Interestingly, Google's Transparency report doesn't seem to show any data on requests for user data from Ukraine. I doubt that, faced with a request to de-anonymize a dissident who has otherwise done nothing wrong, that Google would comply. That being said, as a political dissident, it's always better to be safe than sorry. For making the registration payment, you might want to use MaskMe or a similar masking service. You might also want to use a VPN for all of this so that all your activities (both encrypted and not) occur outside of Ukraine.
Anyway, that is a very interesting question, and I wish you the best of luck in restoring santity and democracy over in that part of the world.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
Recently I did some web design work for a person. I continued to show him progress by giving him a link to his new site on my development server. Nearing the end of completion, he dropped all contact with me and I was completely unable to get a hold of him. I took a look at his site recently, and he mixed a combination of his old site, with the new one I was creating. I thought maybe he redesigned it himself after looking at my version, however a quick look at his source code shows that the parts I recognized were full out just copied by viewing the source code on my dev server. So he completely stiffed me and I received no payment from him.
Just wondering if there's anyway to prevent that in the future?
My first thought was obfuscation, but a quick search shows that doing that to html is not recommended and not foolproof anyway.
Obviously this is a lesson learned for me to get some sort of up front payment first, but being able to prevent work from being so easily stolen in the future would be nice.
Are there any developers that have come across similar issues? How do you show someone the progress of your work without giving them plain as day access to your source?
The other answers here are just a set of hacks that can be undone.
The client side, HTML, CSS, and JS is made up of all open source technologies. While you could spend a lot of time trying to obfuscate your client side code, your best bet is just to practice better business logic.
The options open up widely on protections for server side code but your question seems to focus on client side code.
For well established trustworthy clients I am much more flexible but new clients I am super careful with. I demand progressive payments. For each deliverable there is a payment involved. That way if the relationship is ever severed both parties have what they want.
When you make yourself an easy mark for scammers you only attract scammers.
IMHO a good way would be presentations e.g. with TeamViewer or a similar software when you cannot go to your customer.
You could also provide screenshots or a basic remote access with vnc or so, where you customer can see but not touch the site.
What you could do, is use HTML Image Maps with screenshots to create a basic, interactive version of the final product.
It's possible to encrypt your source code with javascript. Try this website: http://www.iwebtool.com/html_encrypter
I never used this tool myself and I don't know if everything works well, but I think it's worth giving a shot. You can always upload the normal source code after being paid. Also, make sure that you have the right contact information of your client in the future. I also highly recommend using a contract in the future so that your client is legally bonded to pay you. Another possible option is giving your client nothing but a screenshot of the site, but of course your site will become static.
Use a website that have an escrow service, or an escrow-like service, where the employer pays all the money upfront to the website, and it will only be released to the coder after achieving a predefined goal.
Many freelancing websites provides this service.
I've built a tool, which really encrypts your JS-sources - no simple obscurity by obfuscation, but good security by encryption.
See how it works here: http://ec2-176-34-64-10.eu-west-1.compute.amazonaws.com/nopro/xscroll - it's a demo only for hiding the script xscroll.js.
When you inspect the DOM in your client, all you see is: nplreq(url) for each script you bind into HTML head.
Encryption and decryption are totally transparent to the browser. It is tested with Firefox, Chrome, Opera, Konqueror, IE8-10, Dolphin and Safari on an Android tablet.
Encryption with AES (Rijndael 256) using one-shot-keys which are negotiated between client and (liblock-)server using Diffie-Hellman.
The sources are securely hidden, and only with really great efforts they may be reached again.
You could either just run the site on your laptop or put the entire site behind a login page that requires a password. You would be able to do live demos, but the client would not have access to the site until you have been paid.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
Assuming you have been involved in an open source project (GPL'ed) that has been around for as long as 5-10 years, during this time it has been fairly successful - despite a good handful of commercial/proprietary alternatives.
Now, you've come to realize that the long term contributors would like to leverage the project commercially, possibly even in order to make a living or start a company based on it. So that they can exclusively work on it, without depending on other, unrelated, work.
So, what are some of the viable and recommended steps to turn an open source/GPL project into a commercial "success" (in the sense of self-sufficiency), so that long term contributors may preferably be paid to work on the project, without affecting the open source nature of the project itself?
In other words, what are generally some of the more common revenue-creating mechanisms for open source software, and how can these be successfully introduced/implemented - also, what prerequisites/conditions apply?
I saw a company a few years back that took a handful of OSS spam and virus filters, built a web interface to administer them all at once, put it on a 1U server, and sold it as a network security appliance.
It was a nice product for mid sized companies that wanted a single solution for all spam and virus filtering, that auto-updated itself and was easy to administer.
Technically they were just selling the server, and the web admin tool, all the OSS components were freely available, if you wanted to spend the time setting them all up individually.
You should think in terms of the "product halo," which refers to all of the related items and services surrounding a product that are not the product itself. For example, MySQL is open source and freely downloadable, but its product halo could include services like installation, customization, consulting, training, etc. Or Zend contributes heavily to PHP and offers Zend framework, but they also have a number of commercial products surrounding those offerings. Active State creates the Komodo IDE and has an open source version and then a commercial version that extends the open source version. Or take Linux...or any other number of examples. A book that you might find interesting on the topic is Wikinomics.
I think the main issue is the business model adopted by the project owners and the ones who want to turn it into revenue. It will depen on what kind of project is it, such as end-user product or as software API. In the case of end-user projects, Software as a Service seems a very good choice as a business model.
Look out for examples, and case studies on successful projects, such as apache, firefox, sugarCRM...
Focusing on specific niches is also a very important thing.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I've got a couple open-source projects on Codeplex (I'll link if someone asks, but otherwise, I'm not quite that shameless ;)), but I'm not really sure how to go about spreading the word or getting people to take notice. Any suggestions for attracting users/contributors?
See also:
How to get users to your Open Source project
How do you promote/advertise/evangelize your open source project?
How to persuade people to contribute to an open source project?
Blog about them. Release often. If you can, use them in a higher-profile project. Contribute to other projects to build up your reputation. Be very responsive to bugs/feature requests/etc. Keep your issue tracker up to date.
Here are my 10 suggestions:
Interact with the community through forums, mailing lists, uservoice.com, bug tracker, IRC (server / client), etc. Communicate through blog, twitter, and mailing lists.
Give users the feel that the project is actively maintained through quick turn around for bug fixes, frequent releases, and ideally more than one developer.
Solicit user feedback as early as possible before implementing bigger features.
Reduce the friction through good documentation, easy installation, low bar to entry with less requirements (e.g. don't require latest version of .NET just because it is fun).
Maintain development / stable releases, let people trust that stable releases are releases stable.
Integrate with related projects - work with related projects to provide a better end to end experience. Working with other open source teams will eventually get you a reference on their site driving more traffic towards you.
Spend some SEO / analytics time, make sure than when people search for a software package that does X, then yours show up relatively high. Also understand your audience.
Build a testimonials page where you can capture positive community feedback.
Spot people who are contributing patches and invite them to join your team.
Localize your project where appropriate. There are some projects that specialize in providing translations for open source projects (e.g. Betawiki)
This isn't exactly spreading the word, but it will help your projects gain stature: provide good documentation -- well-written, detailed, complete, and above all up-to-date. Producing docs like that is a time-consuming pain in the ass, but it will help your projects enormously and lack of it will make people not want to use them. Given two projects, one carefully-documented and one with nothing but the docs generated by the language's automatic doc generator a lot of people will prefer the former even if it isn't quite as good.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
Say I had an open-source project which I wanted to try and generate some exposure for. Would it be considered unethical to set up a project entry for it on several sites such at github, sourceforge and google code, for example?
This would be purely for giving it greater exposure. I realise there might be some practical reasons for doing this, such as wanting to use github for source control, and sourceforge for issue tracking, forums and such. For the sake if this question I'm wanting to focus more on the case where you use one of the sites as the main site for the project, and make "stub" projects on the other sites that point back to the main site.
My gut feeling is that while it may not be outrightly unethical, it might be bordering on the sleezy side...
Stick with one provider. "If you build it, they will come" :)
Besides, once people do start coming, they'll just google the project name anyway. Finding the same project on Sourceforge, Github and Google Code is just going to annoy the hell out of people.
I don't know about the ethics, but consider the practicalities:
you will have to do multiple repeated
uploads to several different sites,
doing it to a single site can be a
pain
users won't know which site to report
bugs at
if you use the SVN/CVS/git
repositories, you will have multiple
copies of your code in different
repositories - a very bad idea
I'm sure there are other problems. So stick to one site - I've been using Google Code for a small project I've just started (CSVfix, if anyone is interesed) and I can recommend Google as being very easy to set up.
I think this is fine, for the reason that each provider may have something you want. You should pick the services that are best for your project. For example:
Google code has file hosting, but the issue management is terrible, so
Launchpad has great bug tracking, but no wiki, and we use Mercurial, so
Bitbucket.org has mercurial hosting etc..
So it might be reasonable to use Launchpad for bug tracking, and Google code for hosting files and wiki, and Bitbucket.org for hosting source.
I would suggest choose your preferred host for your project. You can publish about your project on many forums. Exposure will come via search engines.
I don't know why you think it would be unethical or sleezy. Maybe you can say more about that so people could address your concerns directly. To measure that, consider if you are intentionally breaking the rules of the service, lying to anyone about how you are using the service, and being deceptive in some other way. If you are using multiple services, I don't think you have anything to hide.
Consider the Perl community, which is the one I deal with. Several projects are hosted on one of the source control services, such as SourceForge, Google Code, or Github. The main distribution for most Perl stuff is CPAN, though. Other people may distribute through Freshmeat or some other service. The main issue tracker comes from Best Practical, which hosts a free RT for every Perl module on CPAN. Most of the people I know use the best from more than one service. Indeed, the Web 2.0 way is to create applications by cobbling together services from multiple vendors. :)
You should also think about the social construction of these free sites. Places like SourceForge and Github give out free accounts, but they also sell services. They get the buzz through the free stuff that allows them to sell the premium services. I don't see anything wrong with that. If you're using the free services, just realize that in return for your free use, they get to use you as free tester, advertiser, and so on. Again, I don't see anything wrong with that. It's just part of the deal. You aren't just taking from them, you are also giving to them. There's an exchange between consenting parties.
What would be unethical, I think, is any service that forbids you to use another service or intentionally sets up a situation which would make it hard for you to use another service by not being compatible with common tools or not giving you access to your data (e.g. somehow disallowing git-svn, and so on).
Services spanning these various hosts will be inconvenient and difficult to maintain. For the above mentioned reliance on search engines to generate traffic take care to chose a name that differentiates your project from the web noise. A clear indication that traffic will not arrive is if your project first gets a re-recommendation on spelling. Take for example the people who brought you the chattr project from GNU. Immediately chatr is suggested as the proper search and your traffic will suffer accordingly.
as i has already been said having to maintain the code on several hosts will make it more trouble then it is worth. What you have to think is you would need to make sure that it uploads properly over several hosts, it would more then likely cause confusion to some over if one copy is legit and the others aren't which in turn could cause a bad name for the project before you even start.
End of the day there are much more, better ways to spread the word of your project, social networking sites, specific related forums are two main ones for you to consider, either way you would be better off spending your time posting to several sites then you would uploading and maintaining code on several sites.
I consider having several (independent) mirrors to be a benefit for the community, because such distributedness assures more reliable accessibility of your public work, now and in future (it will survive the failure of any single hosting site).
That's why I want to keep track of the available diffeent options to publicly host open-source projects:
Which public hosting sites for darcs projects are there?
Which public Git hosting sites are there that are free software?
I believe it's rather ethical (or moral) to put some effort into ensuring that your public work is published in the most accessible way (well documented, and with some guarantees about it being accessible at any moment when someone is interested).
The effort for you to push your work to several places independently (I mean, they won't depend on each other) and manage all this is probably not really a nightmare (as suggested in some other answers here), especially with a DVCS. For example, one can even set up Git so that one pushes to several places with just one command.
I feel that unless you are forcing someone to read something done by you, but you are rather just putting your stuff somewhere for it to be findable and accessible if someone is interested, you are not egoistic or ego-whatever.