That is the risk behind all Software license keys. Dingles are much better but still. When using license Servers it is so that you may need a license for the system and you may be in the need to activate the license. Again: that is why I decided before 20 years to use C, C++ and Java instead of anything else.
my experience is that he is even proud that he doesnât care. And thatâs absolute ok, perfectly ok BUT than he is not allowed to sell his products of here. Our laws are crystal clear. For instance how a valid invoice has to look like. Okay, he doesnât need to fulfil those laws, but then the EU customer has the right to immediately cancel its order.
Iâm even surprised how they can charge a credit card, w/o an European user granting access, via 2-factor-authentication, which is a common standard for most banks, definitely mine. Only Xojo never asked but withdraw the money successfully - thatâs only possible in Europa with the good old paper way, which I think doesnât even exist any longer 
Besides that Xojo has apparently, no understanding about calendars, currencies etc. outside the US. Thatâs interesting as many devs are working from Europe and are Europeans, so that alone seems that Geoff is overruling them. Thatâs my only explanation how the first pdf version wasnât able to print umlauts etc.
I think you are both right. You and Thorsten. Opensource is not opensource. Granted Java is very mature, if not the most mature, so you have a certain guarantee that 99,999 percent of the libraries you are using are well checked by someone etc.
Different story with nodeJS for instance. Everyone can develop a library (like with Java) but if the solution is âcoolâ or a âhypeâ, a few hundred users might like it as well but how do I know, if they really checked what the code is doing, if the library is only using opensource libraries etc. - well you need to check it all by yourself, or you limit yourself to those libraries used by thousands of devs.
If you use closed source, like MBS (which is often based on free open source solutions), that risk is with the vendor, which sometimes might be the better approach. But it depend if the vendor is delivering good quality, ensures regular update and takes it seriously that the used libraries are constantly reviewed.