Software Licensing

August 5th, 2009

A software license is a legal instrument which governs the usage and distribution of copyrighted software. Software licenses can fall into two broad categories:

Proprietary software licenses grant the buyer of a copy of the software the permission to use it, but ownership of the copy remains with the publisher. A limited set of rights is granted to the buyer. The buyer has to accept the terms and conditions in order to be able to use the software. Microsoft Office, for example, is distributed under a proprietary license.
Open source and free software licenses transfer ownership of the copy to the buyer/end user. The end user is free to modify the source code and redistribute the modified version(for free or at a price), with a few simple conditions that depend on the type of license. There are many open source licenses; we will look at some common ones here:
MIT License: This is probably the simplest license. It surrenders all rights that the copyright holder/publisher typically receives, including the exclusive right to commercially exploit the work. It also disclaims any express warranty and fitness for a purpose.. There is no clause prohibiting use of the names of publishing organizations and contributors for product endorsement. When the original work or “substantial portions” of it are distributed, the licensee is required to include a copyright notice and the notice giving permission to potential licensees of their rights to use the work. However, modifications may go into proprietary software and need not necessarily be redistributed.
BSD License: The BSD license is very similar to the MIT license except with respect to a major clause: the names of the contributors may not be used without their explicit permission. This provides protection to contributors in the event that the product is associated with a poorly written program.
GPL – GNU General Public License: The GPL, created by the Richard M. Stallman of the Free Software Foundation (FSF), also provides licensees with full modification and distribution rights, with two conditions: redistribution can be done under the same terms as the original license  and redistributed copies must contain the original GPL text without any modifications. This ensures that a licensee has the same rights that the licensor had over the document, the idea of copyleft. The GPL also allows value-add activities: a person can sell a guarantee that a GPL work will perform under a particular condition and make the changes necessary to achieve this goal. There are multiple versions of this license, the latest being version 3.
LGPL – GNU Lesser General Public License: This license allows work licensed under GPL to link to non-GPL software. A company could integrate LGPL software for with proprietary software for in-house use, but if the integrated work were to be sold under a proprietary license, it would violate the legal terms of the GPL. This license is generally applicable to subroutine libraries.
(There is another category of licenses called free software licenses, but since most of them are compatible with one of the above open source licenses mentioned above, this is not listed separately.)
One of the greatest advantages of open source licensing is innovation: contrary to popular belief, programmers are willing to contribute to open source projects with only a more useful program as the reward. More people using a software and more people trying to fix known issues (in a well organized manner, as is the case with many open source software) generally results in better quality and reliability. Also, while the publisher of a proprietary software can stop supporting it after some time, it is generally quite easy to find someone on the internet who will be able to help you out with the problems you may be facing with your open source code.
http://oreilly.com/catalog/9780596005818/

Proprietary software licenses grant the buyer of a copy of the software the permission to use it, but ownership of the copy remains with the publisher. A limited set of rights is granted to the buyer. The buyer has to accept the terms and conditions in order to be able to use the software. Microsoft Office, for example, is distributed under a proprietary license.

Open source and free software licenses transfer ownership of the copy to the buyer/end user. The end user is free to modify the source code and redistribute the modified version(for free or at a price), with a few simple conditions that depend on the type of license. There are many open source licenses; we will look at some common ones here:

MIT License: This is probably the simplest license. It surrenders all rights that the copyright holder/publisher typically receives, including the exclusive right to commercially exploit the work. It also disclaims any express warranty and fitness for a purpose.. There is no clause prohibiting use of the names of publishing organizations and contributors for product endorsement. When the original work or “substantial portions” of it are distributed, the licensee is required to include a copyright notice and the notice giving permission to potential licensees of their rights to use the work. However, modifications may go into proprietary software and need not necessarily be redistributed.

BSD License: The BSD license is very similar to the MIT license except with respect to a major clause: the names of the contributors may not be used without their explicit permission. This provides protection to contributors in the event that the product is associated with a poorly written program.

GPL – GNU General Public License: The GPL, created by the Richard M. Stallman of the Free Software Foundation (FSF), also provides licensees with full modification and distribution rights, with two conditions: redistribution can be done under the same terms as the original license  and redistributed copies must contain the original GPL text without any modifications. This ensures that a licensee has the same rights that the licensor had over the document, the idea of copyleft. The GPL also allows value-add activities: a person can sell a guarantee that a GPL work will perform under a particular condition and make the changes necessary to achieve this goal. There are multiple versions of this license, the latest being version 3.

LGPL – GNU Lesser General Public License: This license allows work licensed under GPL to link to non-GPL software. A company could integrate LGPL software for with proprietary software for in-house use, but if the integrated work were to be sold under a proprietary license, it would violate the legal terms of the GPL. This license is generally applicable to subroutine libraries.

One of the greatest advantages of open source licensing is innovation: contrary to popular belief, programmers are willing to contribute to open source projects with only a more useful program as the reward. More people using a software and more people trying to fix known issues (in a well organized manner, as is the case with many open source software) generally results in better quality and reliability. Also, while the publisher of a proprietary software can stop supporting it after some time, it is generally quite easy to find someone on the internet who will be able to help you out with the problems you may be facing with your open source code.

Reference: http://oreilly.com/catalog/9780596005818/

Tags: , , , , ,
Posted in Articles | No Comments »

Ajax & UI Performance

August 5th, 2009
Ajax (also, AJAX), short for Asynchronous JavaScript and XML, is a group of interrelated web development techniques used to create interactive web applications. Ajax can improve response time by communicating with the server without full page requests. The result  is a rich interface and better quality applications. A simple example of Ajax is the ‘Suggest’ feature in Google – suggestions are displayed as you type in your query in the search box.
Why use Ajax?
Bandwidth savings: In applications that have a significant part of each page containing content that is identical in multiple page requests, using Ajax to update only the relevant parts of a page can bring about a significant savings in bandwidth requirements. The savings is generally dependent on the complexity of the website. Even a 10% saving in bandwidth will be significant when considering data intensive web applications (like one requiring display of rich, interactive maps and graphs) or a bandwidth constrained web application.
Time savings: Ajax can also bring increase the efficiency of using a web application. Let’s say you only want to see a list of refreshed news items on the website. The time saved by making a request only for the news items instead of the entire page is significant when accumulated over a period.
Improved responsiveness: Ajax can bring about a better and uninterrupted work flow, thus increasing productivity. Ajax also lets you work on the page while information is being retrieved in the background for a part of it.
These three factors can significantly improve overall business productivity.
One drawback with Ajax is that using the ‘Back’ button on the browser may not always take the user to the previous logical operation that they had performed, but to the previous page in the browser history, since an Ajax request is not a page request. Bookmarking will also not work. Recent releases of browsers have exposed functionality that allows developers to manipulate the browser history to show the correct operations performed by users on an Ajax enabled page, but not all web applications have incorporated this feature. Also, since the screen content is being updated dynamically, the changes may not be detected by accessibility tools.
Another is that, in many cases, complex JavaScript is required to make use of the full potential that Ajax offers, and JavaScript with high complexity is not the easiest of things to understand.
Ajax has been around for quite some time now, and has been playing a significant part in improving the interactivity of web applications. With the rich experience it can offer users, it is also one of the enablers of Web 2.0 (note: Ajax itself is not Web 2.0), and we can probably expect to see it around for quite some time to come.
http://www.helium.com/items/49433-advantages-and-disadvantages-of-ajax; http://www.webperformanceinc.com/library/reports/AjaxBandwidth/; http://www.ibm.com/developerworks/web/library/wa-aj-perform/index.html

Ajax (also, AJAX), short for Asynchronous JavaScript and XML, is a group of interrelated web development techniques used to create interactive web applications. Ajax can improve response time by communicating with the server without full page requests. The result  is a rich interface and better quality applications. A simple example of Ajax is the ‘Suggest’ feature in Google – suggestions are displayed as you type in your query in the search box.

Why use Ajax?

Bandwidth savings: In applications that have a significant part of each page containing content that is identical in multiple page requests, using Ajax to update only the relevant parts of a page can bring about a significant savings in bandwidth requirements. The savings is generally dependent on the complexity of the website. Even a 10% saving in bandwidth will be significant when considering data intensive web applications (like one requiring display of rich, interactive maps and graphs) or a bandwidth constrained web application.

Time savings: Ajax can also bring increase the efficiency of using a web application. Let’s say you only want to see a list of refreshed news items on the website. The time saved by making a request only for the news items instead of the entire page is significant when accumulated over a period.

Improved responsiveness: Ajax can bring about a better and uninterrupted work flow, thus increasing productivity. Ajax also lets you work on the page while information is being retrieved in the background for a part of it.

These three factors can significantly improve overall business productivity.

One drawback with Ajax is that using the ‘Back’ button on the browser may not always take the user to the previous logical operation that they had performed, but to the previous page in the browser history, since an Ajax request is not a page request. Bookmarking will also not work. Recent releases of browsers have exposed functionality that allows developers to manipulate the browser history to show the correct operations performed by users on an Ajax enabled page, but not all web applications have incorporated this feature. Also, since the screen content is being updated dynamically, the changes may not be detected by accessibility tools.

Another is that, in many cases, complex JavaScript is required to make use of the full potential that Ajax offers, and JavaScript with high complexity is not the easiest of things to understand.

Ajax has been around for quite some time now, and has been playing a significant part in improving the interactivity of web applications. With the rich experience it can offer users, it is also one of the enablers of Web 2.0 (note: Ajax itself is not Web 2.0), and we can probably expect to see it around for quite some time to come.

References: http://www.helium.com/items/49433-advantages-and-disadvantages-of-ajax; http://www.webperformanceinc.com/library/reports/AjaxBandwidth/; http://www.ibm.com/developerworks/web/library/wa-aj-perform/index.html

Tags: ,
Posted in Articles | No Comments »

Security Threats – II: SQL Injection

August 5th, 2009
In this article, the second in our website security attacks series, we look at the hows and whys of SQL injection.
SQL injection involves compromising the security of an application by insertion or injection of an SQL query via the input data from the client to the application. This can happen when the input data is not correctly filtered for string literal escape cahracters. Successful SQL exploits can read data from the database and DBMS files, make modifications to it and execute administrative functions on the database.
How does this work? Let’s take a simple query
Select * from user_details where username = ;
The webpage probably has something similar to the following to capture the username and pass it on to the  backend:
string userName = field.getUserName();
string query = “Select * from user_details where username = ‘” + userName + “’”;
If a malicious user wanted to obtain the contents of the entire table (and the application is vulnerable to SQL injection attacks), all he would have to do is, instead of just typing in a username, he’d input <m_user’ OR ‘x’='x>. When this gets inserted into the query, the query gets transformed into
Select * from user_details where username = ‘m_user’ OR ‘x’='x’;
Because ‘x’ always equals ‘x’; the condition is always true and the query, which essentially converts into ‘Select * from user_details;’  returns the entire contents of the table user_details.
Hackers can make use of this vulnerability to obtain data and perpetrate malicious attacks on websites. Some databases allow multiple SQL statements separated by semicolons to be executed as a batch, allowing the attacker to execute arbitrary commands on the database.
How can you avoid such an attack on your website? A simple approach is to accept characters only from an allowed list of safe characters. This provides a first layer of security for the application. Another way is to use parameterized statements and stored procedures. Also, it must be ensured that the account with the least privileges is used for all user interactions. These precautions will go a long way in preventing your site from being hacked.
http://www.owasp.org/index.php/Guide_to_SQL_Injection; http://en.wikipedia.org/wiki/SQL_injection; http://www.owasp.org/index.php/SQL_injection

In this article, the second in our series of articles on website security attacks, we look at the hows and whys of SQL injection.

SQL injection involves compromising the security of an application by insertion or injection of an SQL query via the input data from the client to the application. This can happen when the input data is not correctly filtered for string literal escape characters. Successful SQL exploits can read data from the database and DBMS files, make modifications to it and execute administrative functions on the database.

How does this work? Let’s take a simple query:

Select * from user_details where username = ;

The web page probably has something similar to the following to capture the username and pass it on to the  backend:

{ …

string userName = field.getUserName();

string query = “Select * from user_details where username = ‘” + userName + “’”;

…}

If a malicious user wanted to obtain the contents of the entire table (and the application is vulnerable to SQL injection attacks), instead of just typing in a username, he’d input <m_user’ OR ‘x’='x>. When this gets inserted into the query, the query gets transformed into:

Select * from user_details where username = ‘m_user’ OR ‘x’='x’;

Because ‘x’ always equals ‘x’, the condition is always true and the query, which essentially converts into ‘Select * from user_details;’ returns the entire contents of the table user_details.

Hackers can make use of this vulnerability to obtain data and perpetrate malicious attacks on websites. Some databases allow multiple SQL statements separated by semicolons to be executed as a batch, allowing the attacker to execute arbitrary commands on the database.

How can you avoid such an attack on your website? A simple approach is to accept characters only from an allowed list of safe characters. This provides a first layer of security for the application. Another way is to use parameterized statements and stored procedures. Also, it must be ensured that the account with the least privileges is used for all user interactions. These precautions will go a long way in preventing your site from being hacked.

References: http://www.owasp.org/index.php/Guide_to_SQL_Injection; http://en.wikipedia.org/wiki/SQL_injection; http://www.owasp.org/index.php/SQL_injection

Tags: , , ,
Posted in Articles | 1 Comment »

The Month That Was – Google Wave and more

August 5th, 2009
Red Hat just got into the S&P 500 stock index!

- Red Hat (RHT) just got into the S&P 500 stock index! This is yet another indicator pointing to the growing importance that open source is gaining across industries.

- On July 29th Yahoo! and Microsoft inked a 10-year deal and joined hands in the ongoing search engine battle with a revenue sharing deal. Under the agreement, Microsoft, with Bing, will provide the search technology for Yahoo! search, while Yahoo! will focus on search engine advertising. Yahoo! also gets guaranteed revenues for the first 5 years of the deal. The move enables MS-Yahoo! to garner a greater search engine market share and slightly narrow the gap between them and rival (and market leader) Google.

- Google is releasing a preview build of a new Web-based communication and collaboration tool by late September. Called Google Wave, the open-source tool will initially be offered to about 100,000 people who have volunteered to provide feedback. Google Wave — based on the new HTML 5 markup language for building Web pages — is already available to developers via a “sandbox” version of the tool’s enabling APIs. The tool will let individuals communicate and work together on “waves” — collaborative communications containing richly formatted text, photos, videos, maps, gadgets and other elements. Each wave is formulated as a “tree structure of messages” within which conventional e-mail and instant-messaging capabilities are combined and delivered in almost real time on a keystroke-by-keystroke basis.

Tags: , , , , ,
Posted in News | 1 Comment »

Open Source Events in August

August 5th, 2009

The table below provides a listing of some open source events happening this month around the world.

Event Type Starts Ends Location

Umbraco UK Meetup (Aug-2009)

Community Event

Aug 6, 2009

Aug 6, 2009

London, UK

Drupal Camp Los Angeles

Community Event

Aug 8, 2009

Aug 9, 2009

Los Angeles, USA

Intensive Alfresco Training for Development

Training

Aug 10, 2009

Aug 14, 2009

New York, USA

Search Engine Strategies SJ 2009

Conference

Aug 11, 2009

Aug 14, 2009

San Jose, USA

Open Source World 2009

Conference

Aug 12, 2009

Aug 13, 2009

San Francisco, USA

Cloud World 2009

Conference

Aug 12, 2009

Aug 13, 2009

San Francisco, USA

Joomla Beginner Training in Reno

Training

Aug 17, 2009

Aug 17, 2009

Reno, USA

FrOSCon

Community Event

Aug 22, 2009

Aug 23, 2009

Sankt Augustin, Germany

Joomla Beginner Training in New Orleans

Training

Aug 24, 2009

Aug 24, 2009

New Orleans, USA

Discovering Open Source ERP

Community Event

Aug 24, 2009

Aug 24, 2009

London, UK

DrupalCamp Kyiv 2009

Community Event

Aug 28, 2009

Aug 29, 2009

Kiev, Ukraine

References: http://www.cmswire.com/events/;  http://ossg.bcs.org/; http://fossevents.org/?m=200908&cat=7

Tags:
Posted in Announcements, News | No Comments »

Google Chrome OS – Challenges Ahead

July 20th, 2009
Looking beyond the awe that Google  OS announcement has created,  Information Week writeup takes a look at the challenges ahead before Chrome OS wins it all.

Looking beyond the awe that Google  OS announcement has created,  Information Week writeup takes a look at the challenges ahead before Chrome OS wins it all

Posted in Articles | No Comments »

Video Goes Open Source

July 20th, 2009

For long, video has remained a blackbox.

Think about “text” as an expression medium,  it could be mixed with other text and it could evolve in interesting & powerful ways, could same be done with Video?

Going by Wikimedia Foundation’s plans,  it can soon be a reality.   For more visit this interesting story on Readwriteweb.

Posted in Articles | No Comments »

Google Chrome OS – Why Should you Care?

July 9th, 2009

Is Google Chrome OS a game changer?  Undoubtedly yes.  Instead of going gaga over the game changing potential, here is ADPS team’s  attempt to decipher how it affects future of your business and how should you position your IT Initiatives to leverage this game changing event in years to come.

1. Platform Compatibility Issue is Dead – Long Live Browser

How many of us still remember the war between Netscape and IE?  Microsoft fought tooth and nail not because it loved Internet, MS just was smart enough to realize the future potential of browser as an application container, a platform that can make any application Windows independent.

If you have been betting on hosted applications as a server side paradigm of choice and browser as a client you are  already on the right side of the equation, if you have been waiting, it’s time you considered that golden move.  If you are a provider,  the hosted application market space just got a whole lot bigger, and its a good news.

2.  Arrival of a Killer Cloud App

Rhyme of “work from any where any time” has been there for some time now.  Things didn’t seem so obvious until the cloud arrived, web became faster and applications & data became detached from PC.

Arrival of free OS to drive the applications & a free Cloud to host them can just be the killer app the cloud computing has been waiting for.

3. Risk of Open source & Cloud Adoption just got Smaller

As an adopter of hosted application and open source paradigm, now you need not answer plethora of business continuity risks that you finally find a big brother in Google supporting your plans.

Nobody ever got fired for hiring IBM and may we add — No body will ever get fired for choosing Google Cloud.

4.   Whats  in it for YOU?

If you are an IT Services provider, it just makes plain future sense to focus on hosted open source application space and particularly on Cloud based applications.

As an adopter of open source, there couldn’t have been a better news.  It means a future that attracts more credible service providers and increasing lower total life cycle cost for your future IT initiatives.

Tags: , , , ,
Posted in Articles | 2 Comments »

The Fortnight That Was: Firefox 3.5 out and more

July 9th, 2009

•  Intel has just released the first beta of Moblin v2.0. Moblin is Intel’s open source operating system for netbooks, and is essentially another distribution of Linux, Fedora based. Moblin is built for Intel’s Atom chips which are found in many netbooks, and is an internet and multimedia focused OS. Moblin is open source and free.

•  PostgreSQL has released version 8.4 of the popular open source database. Features include faster recovery from backups, per column permissions for more granular control of data, faster upgrades from v8.3 and semi-joins and anti-joins, among others.

•  Mozilla has launched Firefox 3.5. It’s faster, and has features of IE8 and Chrome.

•  Red Hat is offering the Premier Cloud Provider Certification and Partner Program, designed to simplify and expand the adoption of cloud computing by enterprise customers. It enables industry leaders in cloud computing to become certified to offer Red Hat technology solutions. Amazon Web Services became the first Red Hat Premier Cloud Provide Partner.

•  In a survey of 104 Global 2000 companies, 30% of respondents said they were already using the cloud, and another 20% said that they would be moving their applications to the cloud in the next year. However, the remaining half said that they had no plans of using the cloud in the near future, citing lack of awareness, security concerns, cost, and not enough technical expertise.

Tags: , , ,
Posted in News | No Comments »

Why Use a PHP Framework?

July 9th, 2009

There are many PHP frameworks currently in use, with Zend and CakePHP being the most common, followed by Symfony and CodeIgniter. Why should frameworks be so popular? Why should you invest time in understanding and using them?

PHP frameworks follow the MVC architecture, which means that the presentation is separated from the database and business layers, resulting is neat, clean and understandable code modules.
You are forced to stick to certain coding rules, ensuring good coding standards, which means that the code is written as it is supposed to be written and you do not run into unreadable code later on.
Most frameworks have built in checks to ensure that urls are clean. This is particularly important when you consider SEO.
Access to service APIs makes expanding connecting to other applications like Facebook and Google Maps very easy
Access to plugins means that many commonly used components need not be developed.
Automatic includes mean that you never have to worry about forgetting to manually include common files ever again.
Validation of forms and error flagging are made easy with built-in objects.
Strictly followed coding standards and code modules makes it easier to reuse code.

You may be tempted to create just one or two controllers, which, if done, defeats one of the purposes of using MVC. So, keep your controllers small and as close to the view as possible.

Although the learning curve can be steep when it comes to understanding frameworks, the effort pays off in the end – applications are a lot easier, and quicker, to develop using frameworks.

Sources: http://joshsharp.com.au/blog/view/why_you_should_be_using_a_framework, http://toys.lerdorf.com/archives/38-The-no-framework-PHP-MVC-framework.html, http://www.workoninternet.com/article_26808.html

Tags: , , , , ,
Posted in Articles | No Comments »

« Older Entries