I'm planning to build a 3d game using html5 canvas, which is javascipt API. I'm a noob who doesn't know anything about Javascript. From what I heard, every javascript code line will be visible to users like html. Does it mean the entire game that is built using Javascript API such as html5 canvas will necessarily become open source by its nature? I'm worried if someone can copy and paste the core mechanics of my game.
Copyright still applies even if you can see the code. Just as you can read the text of a book doesn't mean you can (legally) photocopy it and sell it to everyone.
Normally, Javascript is somewhat obfuscated via minification anyway, which makes it much harder to study. But it doesn't offer much protection against others duplicating and using the code. Minification does make it much harder for someone to reuse portions of the code, or modify the code to do what they want, which limits people to just wholesale copying of your site. Copying of the whole site is usually rendered useless by the fact that the frontend (JS) talks to some backend. So for example I could copy Gmail's JavaScript but that won't help me make another GMail since I don't have 1 million servers implementing GMail's database and APIs for it to talk to.
If your game runs entirely client-side and doesn't contact a server at all, then it could be copied whole.
So to summarize:
Copyright still means it's illegal for someone to do it without your permission.
Technically, your best defense is minification/obfuscation and ties to a backend.
No, just because someone sees your code doesn't mean it is "open-source." Open-source code requires a license that states that others may study, change and distribute the software to anyone and for any purpose.
This may guide you a bit more: http://opensource.com/resources/what-open-source
Edit: but they will be able to see your code. (Well as much of it is HTML/CSS/JavaScript)
Edit: This site may help you learn more about different software license https://tldrlegal.com/
Related
I have created a website for a third party, who have no experience in editing HTML. However, the third party wishes to be able to edit the content on the website without having to open the files and edit it this way, they wish to do it somewhat WYSIWYG (For example, hit an "edit" button for the content they wish to edit). Is this possible to achieve? It is not an internal website, it has user tracking (this should obviously only be available to admin users).
Is there a way of making contents of a div editable, then saving the change directly to the server, so the content gets updated publicly?
I am currently researching the topic, and although I have found some indications that the solution may be a PHP script, I have yet to find any definitive solutions or examples of similar functionality.
Yes you will need a backend language or framework to archive this. Where Javascript is used to interact with the page, the actual storage of information requires a database or similar technology.
Unfortunately which backend language or framework to choose really is the million dollar question. It largely depends on exactly what you are trying to accomplish, what your client or user is comfortable with, and how much experience you have programming.
PHP is fast and time tested backend language. Node is the new kid on the block, and it very popular also. Java and dotNet are on the way out. You can dig up a bunch more including Go, Python, Haskel, Etc.
You can use a languge listed above and start scripting away, but this can be time consuming and error prone. Most people use a framework to get started, and program using that framework's tools. The most popular PHP framework is WordPress, but it is designed for blogs and might not fit your use case. I use the framework Craft CMS which is very customizable. But the way you are phrasing the question a framework might be overkill. This is really up to you to decide after doing research into the available options and comparing them to what you wish to accomplish.
For the WYSIWYG, you might want to look into the following tools for the client to edit content:
https://imperavi.com/redactor/
https://ckeditor.com/
Hopefully this provides some direction, happy coding!
So this is an issue I come across frequently... there are many medical website calculators online that health systems would like to use, but the formulas, equations and statistical models aren't readily available. I was wondering if it would be possible to use Developer Tools on chrome or something similar to find these in the javascript? I can find pages of calculations when I mine into the data but nothing that makes sense to me. (EX: http://riskcalculator.facs.org/RiskCalculator/PatientInfo.jsp)
Yes and no. If everything works on the client side you should be able to read the code if you really need it. There's an option to "prettify" the minified script in chrome dev tools (sources -> "{}" icon below the editor).
However, I'm not so sure if reusing it won't violate a law in some countries.
Also, I believe if this is some kind of expensive information, the website authors would rather send input to a server and send back a result. You could also do some reverse engineering by watching the I/O in numerous ways.
I'd suggest writing to them directly first and as if they are willing to share the algorithm with you.
Additionally just do a research on the topic you're interested in. Most of those calculators are using publicly accessible knowledge which is pretty easy to write as a script.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 7 years ago.
Improve this question
Is there a well known Open Source license that would allow me to open source some mission critical code in such a way that the community could read it, but that would simultaneously prevent competitors from using it to gain an advantage over us?
I'll give you a bit more context. We are developing quite a complex and serious business analytics tool for which we decided to create our own in house javascript MVC framework. As part of the project we also built a bunch of reusable controls that seamlessly integrate with the framework for things like switches, tables, autocomplete search boxes, navigation controls, etc. (think Cocoa controls or jQuery UI).
We'd like to release the framework itself and the controls to the community for better or worse under the Apache2 license, fairly standard stuff there. However, and this is really what I'm asking, we would also like to show the source of our SaaS analytics app (the one that powers our business and generates revenue) for the purpose of demonstrating how a complex enterprise app can be built on top of our framework, for it to be sort of like a rigorous proof-of-concept/case study/demo. But we don't want competitors to just clone the repo and deploy it on their servers with some rebranding and start stealing our customers. Is there a well known open source license that could facility this type of information sharing for the benefit of the community whilst simultaneously precluding competitors from gaining a competitive advantage from it? (I mean obviously our competitors might learn a thing or two and that's fine, but we want to have legal power in case they blatantly copy parts of our code and use it to compete against us; and the judgement of whether they are copying or not should be at our sole discretion).
I think you should look at the Microsoft Reference Source license..
Microsoft does pretty much what you outlined up there with the .NET library.
But as always with these license questions:
Don't take the word of a bunch of internet strangers - ask a lawyer familiar with the topic before you do anything you might regret.
Also, on a side-note: With all my love for OSS software - Regardless of what your competitors do, the second they have your source they can blatantly copy you (and they will if you are successful enough). And once that has happened you have to spend a pile of money on lawyers trying to get to your rights.
Especially when it's the heart of an operation, I'd label that as "competitive advantage" and not release it to the public. It's your IP, once you give it out to someone anyone can simply take your ideas and write his own app with it - no license in the world can prevent that (besides stupid patents you probably don't have).
So my advice here would be to just wait a bit and see how the MVC lib turns out.
Look at Ruby on Rails. It's been developed as part of Basecamp at 37 Signals, but the Basecamp source code never became public simply because there is no need for that. If the framework is any good people will use it and you'll get organically to sample applications.
Having real world examples is nice, but especially for JavaScript frameworks you should aim to be pretty backend-agnostic - so it shouldn't really matter if you run ASP.NET MVC or Rails or Node on the backend. The logical consequence is that the backend code is of no real interest to your library users.
They can see the library working on your site, that in itself should be enough to show useful usage patterns.
If you take some parts out of your app and show them to users you'll be fine without the risk of lawyering to get to your rights..
No. The purpose of any Open Source license is to give the code to the community to further develop, fork, or use for other purposes. The whole point of having a license is purely to prevent complete theft of code without attribution. If code that is claimed as original appears down the road can be proven to be based on your work, you have sufficient grounds for legal action.
The best way to demonstrate a proof of concept is to take discrete parts of your work as an overall demonstration of the value of the framework.
But, I'm no lawyer so I would suggest that you consult with one before doing anything that might jeopardize your business or your job.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I am currently considering to build a single page web app using restful api and put the entire UI logic in javascript on the client side. This design concept has been adopted by twitter and several other web apps.
However, I am wondering how to prevent user from stealing my javascript code, since my app logic is all stored in javascript. Does product like gmail, grooveshark, or twitter not care about this issue? do they not care if people can just replicate their app by copy the javascript? if so, does it not bring a lot of risk to the business?
I hope someone can answer my question as I am figuring out how other people are building their app. and if anyone has similar concern on this issue.
On a pure technical level you can't. Any Javascript code readable by a browser can be read by a developer UserAgent. In fact there are browser addons which allow the user to read the Javascript behind or linked by any web page.
Having said that, you can make hijacking of your Javascript code harder by using Minification. (eg: http://code.google.com/p/minify/)
As previously stated, there are no way to prevent "code stealing". Just remember we are in a world where code isn't valued anymore. It's so easy to build an application that what really matters is the branding around it.
Anyone can build a facebook of it's own, but the real value is the number of users on facebook. I don't believe that company tries to protect their code anymore, they in fact make it easy for you to get it via github or the likes. Talking about their products and the way there are made are more beneficial to them than you think.
Just take a look at twitter bootstrap. The investment they put in that code is well rewarded by all the people building apps on their technology. It reinforce the technical value of their systems.
You can minify/obfuscate your javascript code, making it essentially unreadably.
For example: http://code.google.com/p/minify/
or check this question:
How can I obfuscate (protect) JavaScript?
If your business requirements state that your source must remain a closely guarded secret and you are attempting to make a single webpage that contains all your business logic you have a conflicting design.
No matter how much obfuscation or minification you perform on your client-side code, there is going to be a way (simple browser plugins to firebug can do this) to deobfuscate your code.
There is no such thing as "security through obscurity".
Take a look at:
http://a0.twimg.com/b/1/bundle/phoenix-core-en-201112200936.js
http://a2.twimg.com/b/1/bundle/phoenix-more-en-201112200936.js
And consider how hard it is to extract useful information from the code.
This is some of the javascript code that your browser downloads when you visit a page on Twitter. This code has been minified (to make it more efficient to move around the network) and obfuscated (to make it harder to read). These techniques make it much harder for the casual user to re-use or reverse-engineer your code. Tools for doing this a widespread and include: Google's Closure Compiler, Yahoo's YUI Compressor, and others.
No such tool is perfect, however. They won't stop a determined hacker -- of course, a determined hacker could probably just reproduce the functionality, which leads to your best defense, IMHO -- which is your copyright.
When you create software, that software is protected by copyright law, in much the same way as other works are (see Software Copyright). If you create a hot new javascript app, and someone rips the code and puts it in their app, you have grounds for legal action. However, the law doesn't just prevent them from using it exactly "as is". From Wikipedia:
There is a certain amount of work that goes into making copyright
successful and just as with other works, copyright for computer
programs prohibits not only literal copying, but also copying of
"nonliteral elements", such as program structure and design.
This can be very valuable protection.
I'm working on building a development tool that is written in JavaScript.
This will not be an open source project and will be sold (hopefully) as a commercial product.
I'm looking for the best way to protect my investment. Is using an obfuscator (code mangler) enough to reasonably secure the code?
Are there other alternatives that I am not aware of?
(I'm not sure if obfuscator is the right word, it's one of the apps that takes your code and makes it very unreadable.)
I'm going to tell you a secret. Once you understand it, you'll feel a lot better about the fact that Javascript obfuscation is only really useful for saving bandwidth when sending scripts over the wire.
Your source-code is not worth stealing.
I know this comes as a shock to the ego, but I can say this confidently without ever having seen a line of code you've written because outside the very few realms of development where serious magic happens, it's true of all source-code.
Say, tomorrow, someone dumped a pile of DVDs on your doorstep containing the source code for Windows Vista. What would you be able to do with it? Sure, you could compile it and give away copies, but that's just one step more effort than copying the retail version. You could painstakingly find and remove the license-checking code, but that's something some bright kid has already done to the binaries. Replace the logo and graphics, pretend you wrote it yourself and market it as "Vicrosoft Mista"? You'll get caught.
You could spend an enormous amount of time reading the code, trying to understand it and truly "stealing the intellectual property" that Microsoft invested in developing the product. But you'd be disappointed. You'd find the code was a long series of mundane decisions, made one after the other. Some would be smarter than you could think of. Some would leave you shaking your head wondering what kind of monkeys they're hiring over there. Most would just make you shrug and say "yeah, that's how you do that."
In the process you'll learn a lot about writing operating systems, but that's not going to hurt Microsoft.
Replace "Vista" with "Leopard" and the above paragraphs don't change one bit. It's not Microsoft, it's software. Half the people on this site could probably develop a Stack Overflow clone, with or without looking at the source of this site. They just haven't. The source-code of Firefox and WebKit are out there for anyone to read. Now go write your own browser from scratch. See you in a few years.
Software development is an investment of time. It's utter hubris to imagine that what you're doing is so special that nobody could clone it without looking at your source, or even that it would make their job that much easier without an actionable (and easily detectable) amount of cut and paste.
I deeply disagree with most answers above.
It's true that every software can be stolen despite of obfuscation but, at least, it makes harder to extract and reuse individual parts of the software and that is the point.
Maybe it's cheaper and less risky to use an obfuscation than leaving the code open and fighting at court after somebody stole the best parts of our software and made dangerous concurrency.
Unobfuscated code whispers:
Come on, analyze me, reuse me. Maybe you could make a better software using me.
Obfuscated code says:
Go away dude. It's cheaper to use your own ideas than trying to crack me.
You are going to be fighting a losing battle if you try to obfuscate your code in the hopes of someone not stealing it. You may stop the casual browser from getting at it, but someone dedicated would almost certainly be able to overcome any measure you use.
In the past I have seen people do several things:
Paste a lot of whitespace at the top of the page with a message telling people that the code is unavailable, when in actuality you just need to scroll down a few pages to get at it.
Running it through an encoder of some kind, this is so so useful as it can just be run through the decoder.
Another method is to reduce variable names to one character and remove whitespace (this is also an efficiency thing).
There are many other methods.
In the end, your efforts are only likely to stop the casual browser from seeing your stuff. If someone dedicated comes along then there is not much you will be able to do. You will have to live with this.
My advice would be to make a really awesome product that attracts the most people and beat off any competition by having the best product/service/community and not the most obfuscated code.
You're always faced with the fact that any user that comes to your webpage will download some working version of your Javascript source. They will have the source code. Obfuscating it may make it very difficult to be reused by someone with the intent to steal your hard work. However, in many cases someone can even reuse the obfuscated source! Or in the worst case they can unravel it by hand and eventually comprehend it.
An example of a situation like yours might be Google Maps. The Javascript source is clearly obfuscated. However, for really private/sensitive logic they push the data to the server and have the server process that information using XMLHttpRequests (AJAX). With this design you have the important parts on the server side, much more tightly controlled.
That's probably about the best you can do. Just be aware that anybody with enough dedication, can probably de-obfuscate your program. Just make sure you're comfortable with that before embarking on your project. I think the biggest problem with this would be to control who's using it on their site. If somebody goes to a site with your code on it, and likes what it does, it doesn't matter that they don't understand what the code does, or can't read it, when they can just copy the code, and use it on their own site.
A obfuscator won't help you at all if someone wants to figure out the code. The code still exists on the client machine and they can grab a copy of it and study it at their leisure.
There is simply no way to hide code written in Javascript since the source code has to be handed to the browser for execution.
If you want to hide your code, you have the following options:
1) Use an environment where compiled code (not source) is downloaded to the client, e.g. Flash or Silverlight. I'm not even sure that's foolproof, but it's certainly much better than Javascript.
2) Have a back end on the server side that does the work and a thin client that just makes requests to the server.
I'd say yes, it's enough if you also make sure than you compress the code as well using a tool like Dean Edward's Packer or similar. If you think about what is possible with tools like .NET Reflector in terms of reverse engineering compiled code / IL in .NET, you realize that there's nothing you can do to completely protect your investment.
On the other hand, remember that folks who release their source code also seem to make do quite nicely anyway - it's their experience that people want more than their intellectual property.
code obfuscator is enough for something that needs minimal protection, but I think it will definitely not enough to really protect you. if you are patient you can realy de-mangle the whole thing.. and i'm sure there are programs to do it for you.
That being said, you can't stop anyone from pirating your stuff because they'll eventually will break any kind of protection you create anyway. and it is espcially easy in scripted language where the code is not compiled.
If you are using some other language, maybe java or .NET, You can try doing things like "calling home" to verify that a license number matches a given url. Which works if you your app is some sort of online app that is going to be connected online all the time. But having access to the source, people can easily bypass that part.
In short, javascript is a poor choice for what you are doing.
A step up from what you are doing is maybe using a webservice backend to get your data. Let the webservice handle the authentication/verification process. Requires a bit of work to make sure it is bulletproof, but it might work
If this is for a website, which by its very nature puts viewing of its code one menu click away, is there really any reason to hide anything? If someone wants to steal your code they will most likely go through the effort of making even the most mangled code human readable. Look at commercial websites, they don't obfuscate their code, and no one goes out and steals code from the google apps. If you are really worried about code theft, I would argue for writing it in some other compiled language. (which does of course destroy the whole webapp thing...) Even then, you aren't totally safe, there are many de-compilers out there.
So really, there is no way to do what you want in the face of anyone with sufficient motivation.