[Interest] Building 5.13.1 on CentOS6.

2019-10-08 Thread Simon Matthews
I am trying to build Qt 5.13.1 on CentOS6. I have run into an error that
others have reported, but the reported solutions don't seem to work.

I am using devtoolset-8, which brings in gcc version 8.3.1

The error is:

ERROR: Feature 'xcb' was enabled, but the pre-condition 'features.thread
&& features.xkbcommon && libs.xcb' failed.

I have the related xcb packages installed:

# sudo yum install libxcb-devel xcb-util xcb-util-devel
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
epel/metalink |  17 kB 00:00
  * base: mirror.sjc02.svwh.net
  * centos-sclo-sclo: sjc.edge.kernel.org
  * epel: mirror.sjc02.svwh.net
  * extras: mirror.keystealth.org
  * updates: mirror.sjc02.svwh.net
base | 3.7 kB 00:00
centos-sclo-rh | 2.9 kB 00:00
centos-sclo-sclo | 2.9 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
Package libxcb-devel-1.12-4.el6.x86_64 already installed and latest version
Package xcb-util-0.4.0-2.2.el6.x86_64 already installed and latest version
Package xcb-util-devel-0.4.0-2.2.el6.x86_64 already installed and latest
version

I can't find a package that installs xkbcommon in the standard repositories.

My configure command:

./configure -v  -R
'\\$$ORIGIN/lib:\\$$ORIGIN:\\$$ORIGIN/../lib:\\$$ORIGIN/../../lib'
-opensource -qt-libpng -qt-zlib -qt-libjpeg  -nomake examples
-sql-sqlite -sqlite -confirm-license -prefix
/usr/lib/Qt/Qt-5.13.1-x86_64 -widgets -skip activeqt -skip androidextras
-skip connectivity  -skip macextras  -skip serialport -icu -fontconfig
-no-reduce-relocations -qt-xcb -system-proxies -no-pulseaudio
-no-alsa   -no-mtdev   -dbus -qt-pcre -no-libudev -no-openssl
-no-xcb-xinput   -rpath

which results in the following summary:

Configure summary:

Build type: linux-g++ (x86_64, CPU features: mmx sse sse2)
Compiler: gcc 8.3.1
Configuration: sse2 aesni sse3 ssse3 sse4_1 sse4_2 avx avx2 avx512f
avx512bw avx512cd avx512dq avx512er avx512ifma avx512pf avx512vbmi
avx512vl compile_examples enable_new_dtags f16c largefile
precompile_header rdrnd shani x86SimdAlways shared rpath release c++11
c++14 c++1z concurrent dbus reduce_exports stl
Build options:
   Mode ... release
   Optimize release build for size  no
   Building shared libraries .. yes
   Using C standard ... C11
   Using C++ standard . C++17
   Using ccache ... no
   Using new DTAGS  yes
   Using precompiled headers .. yes
   Using LTCG . no
   Target compiler supports:
 SSE .. SSE2 SSE3 SSSE3 SSE4.1 SSE4.2
 AVX .. AVX AVX2
 AVX512 ... F ER CD PF DQ BW VL IFMA VBMI
 Other x86  AES F16C RDRAND SHA
 Intrinsics without -mXXX option .. yes
   Build parts  libs tools
Qt modules and options:
   Qt Concurrent .. yes
   Qt D-Bus ... yes
   Qt D-Bus directly linked to libdbus  yes
   Qt Gui . yes
   Qt Network . yes
   Qt Sql . yes
   Qt Testlib . yes
   Qt Widgets . yes
   Qt Xml . yes
Support enabled for:
   Using pkg-config ... yes
   udev ... no
   Using system zlib .. no
   Zstandard support .. no
Qt Core:
   DoubleConversion ... yes
 Using system DoubleConversion  no
   GLib ... yes
   iconv .. no
   ICU  yes
   Built-in copy of the MIME database . yes
   Tracing backend  
   Logging backends:
 journald . no
 syslog ... no
 slog2  no
   Using system PCRE2 . no
Qt Network:
   getifaddrs() ... yes
   IPv6 ifname  yes
   libproxy ... no
   Linux AF_NETLINK ... no
   OpenSSL  no
 Qt directly linked to OpenSSL  no
   OpenSSL 1.1  no
   DTLS ... no
   OCSP-stapling .. no
   SCTP ... no
   Use system proxies . yes
Qt Gui:
   Accessibility .. yes
   FreeType ... yes
 Using system FreeType  yes
   HarfBuzz ... yes
 Using system HarfBuzz 

[Interest] Proper way to handle QUdpSocket::writeDatagram when it returns TemporaryError

2019-10-08 Thread Ola Røer Thorsen
Hi all, I've got a thread in an application (Linux, Qt 5.13.0) which just
writes udp datagrams at a relatively high frequency (video streaming).
Sometimes the QUdpSocket::writeDatagram function returns -1 and the socket
error is "TemporaryError". Looking into the source code of the udp socket
class, it seems like the actual reason is that the OS returns EAGAIN which
means I need to try again.

The thread is a QThread running the default event loop.

What's the best way to handle this? Right now I just made a dumb loop
trying again and again with a short usleep inbetween until it finally ships
the datagram. I tried using waitForBytesWritten when getting the temporary
error before trying again, but that had no noticeable effect. Without a
sleep, this spinning loop might have some several 100 retries before it is
successful.

Cheers,
Ola
___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest


Re: [Interest] Licensing

2019-10-08 Thread Ilya Diallo
It would maybe be useful to clarify what his mistake is ?
>From what I understand Uwe mixes "contributing to open source project" and
"using open source Qt for a closed project". In the former case, of course
he's welcome to buy commercial licences for whatever project he'll be
working on. In the latter case, the rational is (I guess) to prevent a
company, say, to work with 20 developers for 3 years on an OSS Qt license,
then switch to commercial when it's time to ship the product and the team
is reduced to a core maintenance crew. That late switch is unfair to
companies that are playing by the rule, but it's probably hard to police
for the Qt company.

Best regards

Ilya

Le mar. 8 oct. 2019 à 15:30, Melinda Seifert  a
écrit :

> Uwe,
> You are completely mistaken!  I'm more than happy to discuss this with
> you. My phone number is listed below. In the meantime please view
> https://www.qt.io/faq/
>
> 2.13. If I have started development of a project using the open source
> version (LGPL), can I later purchase a commercial version of Qt and move my
> code under that license?
> "This is not permitted without written consent from The Qt Company. If you
> have already started the development with an open-source version of Qt,
> please contact The Qt Company to resolve the issue. If you are unsure of
> which license or version to use when you start development, we recommend
> you contact The Qt Company to advise you on the best choice based on your
> development needs."
>
> Best Regards,
>
> Melinda Seifert
> Regional Director of the Americas
> The Qt Company
> O: 617-377-7918 | M: 617-413-4479
> Qt Customer Case Studies - https://resources.qt.io/customer-stories-all
>
>
> On 10/8/19, 3:54 AM, "Interest on behalf of Uwe Rathmann" <
> interest-boun...@qt-project.org on behalf of uwe.rathm...@tigertal.de>
> wrote:
>
> On 10/8/19 1:21 AM, Melinda Seifert wrote:
>
> > You can use commercial if you previously used Open Source but it’s on
> > a case by case basis and you need to get approval from the Qt
> > company.
>
> Like you need to get approval from the Qt company when not having been
> Open Source before - it is the basic right of any seller not to sell.
>
> But your statement implies, that the Qt Company is blacklisting users
> because of contributing to Open Source projects. Am I already
> blacklisted because of offering code under an Open Source license ?
>
> How does this all fit to the Qt project, that is in parts based on
> contributions from Open Source developers. Am I invited to contribute
> to
> the code base, while not being allowed to buy my own contribution
> afterwards ?
>
> Uwe
>
> ___
> Interest mailing list
> Interest@qt-project.org
> https://lists.qt-project.org/listinfo/interest
>
>
> ___
> Interest mailing list
> Interest@qt-project.org
> https://lists.qt-project.org/listinfo/interest
>
___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest


Re: [Interest] TLS/SSL XML encryption security

2019-10-08 Thread Roland Hughes


On 10/8/19 5:00 AM, Thiago Macieira wrote:

On Monday, 7 October 2019 18:08:27 PDT Roland Hughes wrote:

There was a time when a Gig of storage would occupy multiple floors of
the Sears Tower and the paper weight was unreal.

Have you ever heard of Claude Shannon?

Nope.

Anyway, you can't get more data into storage than there are possible states of
matter. As far as our*physics*  knows, you could maybe store a byte per
electron. That would weigh 5 billion tons to store 16 * 2^128  bytes.


The same physics, when incorrectly applied "prove" bumblebees cannot fly?

https://www.snopes.com/fact-check/bumblebees-cant-fly/

What I really loved was the science text my generation had in 4th grade 
which taught kids meat naturally contained maggots. Scientists had 
"proven" if you just left meat out maggots would magically grow from it.


https://www.google.com/search?client=ubuntu=2Tv=fs=CbicXZO3GJCo_QaUrJCoBQ=spontaneous+meat+naturally+contained+maggots=spontaneous+meat+naturally+contained+maggots_l=psy-ab.3...15501.20615..21681...1.2..0.164.1803.0j13..01..gws-wiz...0i71.mkiA8iHPvYk=0ahUKEwjT37W5iY3lAhUQVN8KHRQWBFUQ4dUDCAo=5



>
How about you do some math before spouting nonsense?


Considering and attempting to prove nonsense is what is required when 
you are at the architect level. At the Chicago Stock Exchange when they 
were running PDP machines they wanted to use 2 machines to run the 
trading floor having process shared memory between them. Digital 
Equipment Corporation, makers of the PDP and its operating system told 
them it was nonsense, couldn't be done. They did it. Ported it to the 
VAX (completely different hardware and OS), the Alpha ("same" OS, 
different hardware) and the Godforsaken Itanium.


At Navistar (though it wasn't named Navistar then) they wanted the IBM 
order receiving system to directly send orders to the VMS based order 
processing/inventory management/picking ticket system. Both DEC and IBM 
told them it was complete nonsense, couldn't be done. We did it. Long 
before RJE was talked about.




At any rate, enough rows in the DB to achieve a 1% penetration rate
gives them 10,000 compromised credit cards via an automated process. A
tenth of a percent is 1,000. Not a bad haul.

Sure. How many entries in the DB do you need to generate a 0.1% hit rate?

I don't know how to calculate that, so I'm going to guess that you need one
trillionth of the total space for that.


Depends on what you find when testing and probing. Some were richly 
rewarded with the Debian bug limiting keys to a range of 32768. If the 
current OpenSSL library isn't blocking keys below 32769, the database 
and tools created to exploit that weakness still work for any key in 
that range.


If there is a ToD sensitivity in the random generator, shouldn't be, but 
on this Debian system looks like there might be, then one can 
dramatically reduce the DB size needed and reduce the target range to 
all traffic within a window.



I don't doubt that there are hackers that have dedicated DCs to cracking
credit card processor traffic they may have managed to intercept. But they are
not doing that by attacking the encryption.
Some are and some aren't. The fact so many deny the possibility is the 
reason.


--
Roland Hughes, President
Logikal Solutions
(630)-205-1593

http://www.theminimumyouneedtoknow.com
http://www.infiniteexposure.net
http://www.johnsmith-book.com
http://www.logikalblog.com
http://www.interestingauthors.com/blog

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest


Re: [Interest] import sitecustomize fails 5.12.4, OSX

2019-10-08 Thread Jason H
This part is still true:
> I'm stuck in XCode hell. I upgraded XCode because I needed to work with a 
> iPhone 11 (iOS 13), which required me to install XCode 11, which created 
> issues.  I started a new project and got:
> 11:27:26: Starting: "/usr/bin/make" clean -j4
> 'import sitecustomize' failed; use -v for traceback
> Traceback (most recent call last):
>   File "/Users/jhihn/Qt/5.12.4/ios/mkspecs/features/uikit/devices.py", line 
> 78, in 
> if is_suitable_runtime(runtimes, runtime_name, args.platform, 
> args.minimum_deployment_target):
>   File "/Users/jhihn/Qt/5.12.4/ios/mkspecs/features/uikit/devices.py", line 
> 53, in is_suitable_runtime
> and "unavailable" not in runtime["availability"] \
> KeyError: 'availability'
>
> Not sure if 5.12.5 or 5.13 will fix?


But this part is not an issue, was due to a bad include path, ignore this 
part!!:
> Curiously, my old legacy app is still working though.  But compilation does 
> not stop and it gets through many of my own files until finally bombing out 
> at:

 > In file included from 
 > /Users/jhihn/Projects/ios_mobile_app/ios/platformshim_ios.mm:1:
> In file included from 
> /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.0.sdk/System/Library/Frameworks/UIKit.framework/Headers/UIScreen.h:12:
> In file included from 
> /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.0.sdk/System/Library/Frameworks/UIKit.framework/Headers/UITraitCollection.h:13:
> In file included from 
> /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.0.sdk/System/Library/Frameworks/UIKit.framework/Headers/UIInterface.h:11:
> In file included from 
> /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.0.sdk/System/Library/Frameworks/UIKit.framework/Headers/UIColor.h:13:
> In file included from 
> /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.0.sdk/System/Library/Frameworks/CoreImage.framework/Headers/CoreImage.h:15:
> In file included from 
> /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.0.sdk/System/Library/Frameworks/CoreImage.framework/Headers/CIImage.h:10:
> In file included from 
> /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.0.sdk/System/Library/Frameworks/CoreVideo.framework/Headers/CoreVideo.h:29:
> In file included from 
> /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.0.sdk/System/Library/Frameworks/CoreVideo.framework/Headers/CVPixelBuffer.h:462:
> In file included from 
> /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.0.sdk/System/Library/Frameworks/CoreVideo.framework/Headers/CVPixelBufferIOSurface.h:26:
> /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.0.sdk/System/Library/Frameworks/IOSurface.framework/Headers/IOSurfaceRef.h:15:96:
>  error: expected ';' after top level declarator

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest


Re: [Interest] TLS/SSL XML encryption security

2019-10-08 Thread Roland Hughes


On 10/8/19 5:00 AM, Thiago Macieira wrote:

On Monday, 7 October 2019 15:43:21 PDT Roland Hughes wrote:

No. This technique is cracking without cracking. You are looking for a
fingerprint. That fingerprint is the opening string for an xml document
which must be there per the standard. For JSON it is the quote and colon
stuff mentioned earlier. You take however many bytes from the logged
packet as the key size the current thread is processing and perform a
keyed hit against the database. If found, great! If not, shuffle down
one byte and try again. Repeat until you've exceeded the attempt count
you are willing to make or found a match. When you find a match you try
key or key+salt combination on the entire thing. Pass the output to
something which checks for seemingly valid XML/JSON then either declare
victory or defeat.

That DOES work with keys produced by OpenSSL that was affected by the Debian
bug you described. That's because the bug caused the problem space to be
extremely restricted. You said 32768 (2^15) possibilities.
Unless the key range 2^15 has been physically blocked from the 
generation algorithm, the database created for that still works ~ 100% 
of the time when the random key falls in that range. The percentage 
would depend on how many Salts were used for generation or them having 
created the unicorn, a perfectly functioning desalinization routine.


A non-broken random generator will produce 2^128  possibilities in 128 bits.
You CANNOT compare fast enough


Does not matter because has nothing to do with how this works. Not the 
best, not the worst, just a set it and forget it automated kind of 
thing. It's taking roughly 8 bytes out of the packet and doing a keyed 
hit on the database. If found great! If not, it slides the window down 
one byte and performs a new 8 byte keyed hit.


This is *NOT* a real time attack. Everything is independent. The sniffer 
wakes up once per day, checks how much space is left in one or more 
directories, if there is room for more packets, it reaches out and 
sniffs a few more. Either way, it goes back to sleep for a day.





These attacks aren't designed for 100% capture/penetration. The workers
are continually adding new rows to the database table(s). The sniffed
packets which were not successfully decrypted can basically be stored
until you decrypt them or your drives fail or that you decide any
packets more than N-weeks old will be purged.

You seem to be arguing for brute-force attacks until one gets lucky. That is
possible. But the chances of being lucky in finding a key are probably worse
than winning $1 billion in the lottery. Much worse.
Not really, but I haven't had time to write this stuff because people 
keep interrupting me with direct mails. There are several things I want 
to deep dive on first. One of which is poking at some desalinization 
routines. The other, which really shouldn't be because such a thing 
would be taking us back to the 1970s is the few things I ran made it 
seem like the Salt had a ToD sensitivity.


So it can happen. But the chance that it does happen and that the captured
packet contains critical information is infinitesimal.
When you are targeting a DNS address which has the sole purpose of 
providing CC authorization requests and responding to them, 100% of the 
packets contain critical information. Even the denials are important 
because you want to store that information in a different database. If 
you ever compromise any of those cards, sell them on the Dark Web cheap 
because they are unreliable.

The success rate of such an attack improves over time because the
database gets larger by the hour. Rate of growth depends on how many
machines are feeding it. Really insidious outfits would sniff a little
from a bunch of CC or mortgage or whatever processing services,
spreading out the damage so standard track back techniques wouldn't
work. The only thing the victims would have in common is that they used
a credit card or applied for a mortgage but they aren't all from the
same place.

Sure, it improves, but probably slowly. This procedure is limited by computing
power, storage and the operating costs. Breaking encryption by brute-force
like you're suggesting is unlikely to produce a profit: it'll cost more than
the gain once cracked.

Crackers don't attack the strongest part of the TLS model, which is the
encryption. They attack the people and the side-channels.

Kids do.

If correct that means they (the nefarious people) could have started
their botnets, or just local machines, building such a database by some
time in 2011 if they were interested. That's 8+ years. They don't_need_
100% coverage.

No, they don't need 100% coverage. But they need coverage such that the
probability of matching is sufficient that it'll pay the operating costs. In 8
years, assuming 1 billion combinations generated every second, we're talking
about 242 quadrillion combinations generated. Assuming 64 bits per entry and
no overhead, 

[Interest] import sitecustomize fails 5.12.4, OSX

2019-10-08 Thread Jason H
I'm stuck in XCode hell. I upgraded XCode because I needed to work with a 
iPhone 11 (iOS 13), which required me to install XCode 11, which created 
issues.  I started a new project and got:
11:27:26: Starting: "/usr/bin/make" clean -j4
'import sitecustomize' failed; use -v for traceback
Traceback (most recent call last):
  File "/Users/jhihn/Qt/5.12.4/ios/mkspecs/features/uikit/devices.py", line 78, 
in 
if is_suitable_runtime(runtimes, runtime_name, args.platform, 
args.minimum_deployment_target):
  File "/Users/jhihn/Qt/5.12.4/ios/mkspecs/features/uikit/devices.py", line 53, 
in is_suitable_runtime
and "unavailable" not in runtime["availability"] \
KeyError: 'availability'

Not sure if 5.12.5 or 5.13 will fix?
Curiously, my old legacy app is still working though.  But compilation does not 
stop and it gets through many of my own files until finally bombing out at:

In file included from 
/Users/jhihn/Projects/ios_mobile_app/ios/platformshim_ios.mm:1:
In file included from 
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.0.sdk/System/Library/Frameworks/UIKit.framework/Headers/UIScreen.h:12:
In file included from 
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.0.sdk/System/Library/Frameworks/UIKit.framework/Headers/UITraitCollection.h:13:
In file included from 
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.0.sdk/System/Library/Frameworks/UIKit.framework/Headers/UIInterface.h:11:
In file included from 
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.0.sdk/System/Library/Frameworks/UIKit.framework/Headers/UIColor.h:13:
In file included from 
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.0.sdk/System/Library/Frameworks/CoreImage.framework/Headers/CoreImage.h:15:
In file included from 
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.0.sdk/System/Library/Frameworks/CoreImage.framework/Headers/CIImage.h:10:
In file included from 
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.0.sdk/System/Library/Frameworks/CoreVideo.framework/Headers/CoreVideo.h:29:
In file included from 
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.0.sdk/System/Library/Frameworks/CoreVideo.framework/Headers/CVPixelBuffer.h:462:
In file included from 
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.0.sdk/System/Library/Frameworks/CoreVideo.framework/Headers/CVPixelBufferIOSurface.h:26:
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.0.sdk/System/Library/Frameworks/IOSurface.framework/Headers/IOSurfaceRef.h:15:96:
 error: expected ';' after top level declarator


line 1 of platformshim_ios.mm is:
#import 

And yes, I added the framework to LIBS

Any help is appreciated.

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest


Re: [Interest] Licensing questions for iOS and Android

2019-10-08 Thread alexander golks
Am Tue, 8 Oct 2019 10:16:45 +0300
schrieb Vyacheslav Lanovets :

> 2 persons use *Mac* to make the app work on iOS (static linking!).

what about going lgpl and delivering object files to enable relinking 
statically with another qt version?

-- 
/*
 *  Your lucky number has been disconnected.
 */


pgpdN4BcRTmDG.pgp
Description: Digitale Signatur von OpenPGP
___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest


Re: [Interest] Licensing questions for iOS and Android

2019-10-08 Thread Tuukka Turunen

Hi Vyacheslav,

Where are you located? It is probably easiest that our regional sales team or 
local reseller is in contact to discuss.

Commercial Qt licensing is developer based, so each person working on the same 
project (e.g. same end user application) needs to have a commercial license. 
One person can use many machines to develop across multiple operating systems. 
The persons who are not developing with Qt, do not need a license (e.g. in case 
you have some part of the application not done with Qt). 

We have a FAQ to explain how Qt licensing works:  https://www.qt.io/faq/ 

Yours,

Tuukka

On 08/10/2019, 10.19, "Interest on behalf of Vyacheslav Lanovets" 
 wrote:

I hope to hear expert opinions on the following.

Let's say the company has 10 developers who develop a Mobile app for
consumer phones.

2 persons use *Mac* to make the app work on iOS (static linking!).
Another 2 persons work from PCs on supporting Android specifics
(shared linking).
All 10 have primary PC with Microsoft Visual Studio for regular
development because it is faster.
Also there is 2 build machines:
1 PC for generating Android builds.
1 Mac for generating iOS builds.

So, how many licenses should the company pay for?
13 licenses (~4 euro a year)? Or 12? Or 10? Or just for 3 Macs? Or
maybe only for 2 developer Macs?

Has anyone investigated the case with the legals?
Opinions?
___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest


___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest


Re: [Interest] Licensing questions for iOS and Android

2019-10-08 Thread Jason H
> I hope to hear expert opinions on the following.
>
> Let's say the company has 10 developers who develop a Mobile app for
> consumer phones.
>
> 2 persons use *Mac* to make the app work on iOS (static linking!).
> Another 2 persons work from PCs on supporting Android specifics
> (shared linking).
> All 10 have primary PC with Microsoft Visual Studio for regular
> development because it is faster.
> Also there is 2 build machines:
> 1 PC for generating Android builds.
> 1 Mac for generating iOS builds.
>
> So, how many licenses should the company pay for?
> 13 licenses (~4 euro a year)? Or 12? Or 10? Or just for 3 Macs? Or
> maybe only for 2 developer Macs?

I am not sure what the current licensing scheme is, however, following previous 
licensing models, I would not fault you for thinking that you need 10 licenses.
FWIW, AFAICR, I've never heard of Qt licenses being dependent on development 
platform, and have always seen the number of developers and deployment platform 
be what governs.

HTH, YMMV, IANAL.
___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest


Re: [Interest] Licensing

2019-10-08 Thread Melinda Seifert
Uwe, 
You are completely mistaken!  I'm more than happy to discuss this with you. My 
phone number is listed below. In the meantime please view https://www.qt.io/faq/

2.13. If I have started development of a project using the open source version 
(LGPL), can I later purchase a commercial version of Qt and move my code under 
that license?
"This is not permitted without written consent from The Qt Company. If you have 
already started the development with an open-source version of Qt, please 
contact The Qt Company to resolve the issue. If you are unsure of which license 
or version to use when you start development, we recommend you contact The Qt 
Company to advise you on the best choice based on your development needs."

Best Regards,
 
Melinda Seifert
Regional Director of the Americas
The Qt Company
O: 617-377-7918 | M: 617-413-4479
Qt Customer Case Studies - https://resources.qt.io/customer-stories-all
 

On 10/8/19, 3:54 AM, "Interest on behalf of Uwe Rathmann" 
 wrote:

On 10/8/19 1:21 AM, Melinda Seifert wrote:

> You can use commercial if you previously used Open Source but it’s on
> a case by case basis and you need to get approval from the Qt
> company.

Like you need to get approval from the Qt company when not having been 
Open Source before - it is the basic right of any seller not to sell.

But your statement implies, that the Qt Company is blacklisting users 
because of contributing to Open Source projects. Am I already 
blacklisted because of offering code under an Open Source license ?

How does this all fit to the Qt project, that is in parts based on 
contributions from Open Source developers. Am I invited to contribute to 
the code base, while not being allowed to buy my own contribution 
afterwards ?

Uwe

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest


___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest


Re: [Interest] Licensing questions for iOS and Android

2019-10-08 Thread Giuseppe D'Angelo via Interest

Il 08/10/19 10:24, Yves Maurischat ha scritto:


I dont think that you'll get a definitive answer from this list as


The other side of the coin: this list is NOT for sales or detailed 
licensing questions. It's about technical questions related to the usage 
of Qt (and, specifically, the parts of it released by the Qt Project, 
not the Qt commercial-only addons).


HTH,
--
Giuseppe D'Angelo | giuseppe.dang...@kdab.com | Senior Software Engineer
KDAB (France) S.A.S., a KDAB Group company
Tel. France +33 (0)4 90 84 08 53, http://www.kdab.com
KDAB - The Qt, C++ and OpenGL Experts




smime.p7s
Description: S/MIME Cryptographic Signature
___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest


Re: [Interest] Licensing questions for iOS and Android

2019-10-08 Thread Yves Maurischat
Let me answer that shortly with the gist of severeal other threads on 
this list: "It depends. Please contact the sales representatives of The 
Qt Company."


I dont think that you'll get a definitive answer from this list as 
licensing seems to depend on your project, the mood of the sales rep, 
whether Mars and Jupiter align and a million other things. You'll have 
to work it out with someone from TQtC as their licensing scheme changes 
often, is mostly not really shared with outsiders (even with partners) 
and often applied on a case to case base.



Mit freundlichen Grüßen | Kind regards,

*Yves Maurischat*
Senior Software Engineer

basysKom GmbH
Robert-Bosch-Str. 7 | 64293 Darmstadt | Germany
Tel: +49 6151 870 589 -144 | Fax: -199
yves.maurisc...@basyskom.com | www.basyskom.com

Handelsregister: Darmstadt HRB 9352
Geschaeftsfuehrende Partner: Heike Ziegler, Alexander Sorg


Am 08.10.2019 um 09:16 schrieb Vyacheslav Lanovets:

I hope to hear expert opinions on the following.

Let's say the company has 10 developers who develop a Mobile app for
consumer phones.

2 persons use *Mac* to make the app work on iOS (static linking!).
Another 2 persons work from PCs on supporting Android specifics
(shared linking).
All 10 have primary PC with Microsoft Visual Studio for regular
development because it is faster.
Also there is 2 build machines:
1 PC for generating Android builds.
1 Mac for generating iOS builds.

So, how many licenses should the company pay for?
13 licenses (~4 euro a year)? Or 12? Or 10? Or just for 3 Macs? Or
maybe only for 2 developer Macs?

Has anyone investigated the case with the legals?
Opinions?
___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest


___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest


Re: [Interest] Licensing

2019-10-08 Thread Uwe Rathmann

On 10/8/19 1:21 AM, Melinda Seifert wrote:


You can use commercial if you previously used Open Source but it’s on
a case by case basis and you need to get approval from the Qt
company.


Like you need to get approval from the Qt company when not having been 
Open Source before - it is the basic right of any seller not to sell.


But your statement implies, that the Qt Company is blacklisting users 
because of contributing to Open Source projects. Am I already 
blacklisted because of offering code under an Open Source license ?


How does this all fit to the Qt project, that is in parts based on 
contributions from Open Source developers. Am I invited to contribute to 
the code base, while not being allowed to buy my own contribution 
afterwards ?


Uwe

___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest


Re: [Interest] TLS/SSL XML encryption security

2019-10-08 Thread Thiago Macieira
On Monday, 7 October 2019 18:08:27 PDT Roland Hughes wrote:
> There was a time when a Gig of storage would occupy multiple floors of
> the Sears Tower and the paper weight was unreal.

Have you ever heard of Claude Shannon?

Anyway, you can't get more data into storage than there are possible states of 
matter. As far as our *physics* knows, you could maybe store a byte per 
electron. That would weigh 5 billion tons to store 16 * 2^128 bytes.

We have absolutely no clue how to have that many electrons in one place 
without protons and without violating the Pauli Exclusion principle.

> According to this undated (I *hate* that!) BBC Science article at some
> point in time Google, Amazon, Microsoft and Facebook combined had 1.2
> million terabytes of storage. By your calculations, shouldn't putting
> that much storage on one coast shifted the planet's orbit? 

How about you do some math before spouting nonsense?

1.2 million terabytes is 2^60 bytes. Which is NOWHERE NEAR the mass I talked 
about for 2^132 bytes. At the estimate I used of 21 ng/byte, the total is only 
25200 metric tonnes.

> As I said, the hackers don't need the entire thing. If they are sniffing
> a CC processor handling a million transactions per day (not unreasonable
> especially during back-to-school, on Saturday or during holiday shopping
> season)
> 
> https://www.statista.com/statistics/261327/number-of-per-card-credit-card-tr
> ansactions-worldwide-by-brand-as-of-2011/
> 
> At any rate, enough rows in the DB to achieve a 1% penetration rate
> gives them 10,000 compromised credit cards via an automated process. A
> tenth of a percent is 1,000. Not a bad haul.

Sure. How many entries in the DB do you need to generate a 0.1% hit rate?

I don't know how to calculate that, so I'm going to guess that you need one 
trillionth of the total space for that.

One trillionth of 2^128 possibilities is roughly 2^88. Times 16 bytes per 
entry, with no overhead, we have 2^92 bytes. Times 1 picogram per byte is 5 
billion tons. More importantly, 2^92 bytes is orders of magnitude more storage 
than exists today. The NSA Datacentre in Utah is estimated to handle 12 
exabytes, so let's estimate the total storage in existence today is 100 
exabytes. That's 50 million times too little to store one trillionth of the 
problem space.

I don't doubt that there are hackers that have dedicated DCs to cracking 
credit card processor traffic they may have managed to intercept. But they are 
not doing that by attacking the encryption.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products



___
Interest mailing list
Interest@qt-project.org
https://lists.qt-project.org/listinfo/interest