Many people affirmed that the use of open source software to build internal websites, even for sale but did not specify the source, is a very common problem in Vietnam. Recently, there are some opinions that the website of the two major banks in the country have the same situation. How bad is it?
Open source software is software with free source code for the community and uses an open source license. This license allows anyone to research, change and improve the software for the purpose of continuing research and development of that source code.
But if using open source software for commercial purposes such as writing software, building a website then selling it to other units, without clearly stating the source, implicitly "consider" it is the product itself. Programming each command line is a completely different story.
Unfortunately, this situation is very popular in Vietnam, it proves that the awareness of using OSS, as well as the community and respect for intellectual property rights of domestic IT people is still limited. . Among them, there are also websites of two major banks in Vietnam.
Accidentally the same or just one?
The contact section of Techcombank.com.vn is exactly the same as the contact page of the website website - a site with the use of open code NukeViet.
On some recent security and informatics forums, there is information about Techcombank.com.vn website and some websites built from NukeViet have the same URL parameter (URL parameter) for each word! The interface also has many similarities, while Techcombank.com.vn has no information on the website saying that their site system is developed from open source!
These are just random duplicates? Or are the other systems actually made from open source software that has been ignored by the Copyright information like the practice of using OSS? . VietNamNet has tried to communicate with the stakeholders to clarify this information.
Just a matter of awareness?
"We still do that before!" (?)
VietNamNet contacted people related to the website Techcombank.com.vn. The talk between VietnamNet reporter and Mr. Nguyen Van Tiem - Techcombank's representative of Techcombank and Mr. Pham Van Doan - PM's development manager of GLTEC company (the website that Techcombank hired to build the website) also gave the pretty clear information.
1 / Bạn có thể sao lưu và gửi các bản đồ bản của bản ảnh của mã nguồnkeep intact all notices refer to this License and to the absence of any warranty;và đưa ra các người khác khác nào của chương trình một bản sao này này với chương trình.
Bạn có thể thực hiện một giá trị để động hành động của chuyển đổi một,
( Article 1 : You can copy and distribute verbatim versions of the product source code as if you received it, in any medium, but make sure that you publish it clearly and easily. see for the copyright line of each copy that comes with a disclaimer of warranty, keep all the notes about the license and no warranty or support, and come with a copy of Product for recipients is a copy of the license.)
(Originally article 01 of the public publishing license for open source products - GNU General Public License - https://www.gnu.org/copyleft/gpl.html)
The representative of TechComBank said that when there is a need to build a website, this bank has reached GLTEC and in the contract, they only give the required information on the content, form . of the website, but does not make requests about which language it is programmed in, open source or closed!
" We only agree that everything must be legal, " the Techcombank representative said.
GLTEC side affirmed the most important information: They acknowledge " in the process of building the website Techcombank.com.vn, GLTEC uses the open source PHP Nuke system ".
But GLTEC representative also casually: " We think that it is only necessary to specify whether to use the open source in the source code of the product, and we have done this in Techcombank's website. clearly the website was developed using OSS on the homepage, we decided not to record it for security reasons! "
" We have done so before !" - Mr. Doan - Head of PM development department of GLTEC added to VietNamNet .
However, according to Mr. Nguyen Ngoc Minh - Javavietnam.org forum administrator, this is contrary to the accompanying regulations for using PHP Nuke open source system! PHP Nuke requires writing copyright PHP Nuke in the footer (below the website):
When doing the "view source" action file " Footer.PHP " in the source code of PHP Nuke, it is clear right at the top position, very conspicuous and formal, with three big message lines posted: " Do not gỡ bỏ những kiểu quyền hạn sau. Không thể gỡ bỏ hoặc sửa này / Nếu bạn không phải cần gỡ bỏ nó, và có thể bạn đã ghi rõ lệnh: development, please ! " ( Temporarily translated : It is not allowed to delete the copyright line below and it is not allowed to edit it! / If you really need to delete it, you must get permission from the license owner https:///phpnuke.org . / Play beautiful and support common development!)
When we exchange security issues with some IT professionals, many argue that not stating the product developed with open source PM because security requirements are an incorrect view.
The message is very clear on the Footer.PHP file's source code, which is required to specify the source on the footer of the website using this open source system.
An expert said: " Open source products are the wisdom of the community, so it only has a high level of security when being updated regularly (bug). The copyright on the website will prompt the administrator to be regular. Update more bugs ! ".
Of course "Security" is even more sensitive when standing next to the phrase "online banking systems".
Obviously, the use of open source software but not taking into account - not respecting or misunderstanding the regulations related to OSS is currently a very common problem.
And according to many people, it is completely unnecessary mistakes, because as an IT expert states: " Using open source PM is not a bad thing, it even proves us. There is a relatively developed level and a positive direction, so why hide it ?! "