Tcl Dev Kit (TDK) Now End of Life

TDK EOL

ActiveState’s Tcl Dev Kit (TDK) and ActiveTcl Pro Studio have been providing the Tcl community with essential tools for building and deploying Tcl applications for decades. However, sales of TDK/Pro Studio were discontinued in 2016, and End of Life (EOL) is now pending. That includes all of the following tooling:

  • TclApp – used to create stand-alone executables 
  • TclChecker – used for code linting
  • TclDebugger – used for profiling Tcl code
  • TclCompiler – used to compile bytecode

ActiveState no longer builds or maintains any of the tools that ship with TDK, and will stop renewing support subscriptions immediately. Support for existing contracts will cease on October 1, 2020. As a result, we are advising TDK/Pro Studio users to end their use of the product and its tooling, and either deploy their programs unobfuscated, or convert them to a compiled language.

Decommissioning TDK

While EOL will not occur until October 2020, the best course of action for customers is to end their reliance on TDK and remove it from their enterprise. In the meantime, be aware of the following potential issues with existing deployments:

  • Existing deployments should not be moved to new hardware, or a newer version of the operating system, which are more likely than not to be incompatible with TDK.
  • Neither TDK nor your deployment of ActiveTcl should be upgraded. This includes updating or adding any new Tcl modules.
  • Existing TDK licenses should not be reassigned. No new licenses are available for purchase.

Tcl Code Wrapping

ActiveState acknowledges that many TDK customers purchased it in order to deploy wrapped Tcl code. However, customers should be aware that open source, third party tools to crack Tcl bytecode have been freely available for several years. In fact, a tool to explore the contents of a Tcl virtual filesystem has been freely available since the release of ActiveTcl 8.5. These two tools allow a wrapped file to be opened, de-obfuscated, modified, and re-wrapped. If done carefully, the change can be difficult to detect.

Ultimately, wrapped bytecode is insecure, and should not be used to protect intellectual  property, or sensitive data such as login credentials. Instead, ActiveState recommends that Tcl scripts should be shipped in unwrapped form with the following caveats:

  • If obfuscation is required, the program should be converted to a compiled language, or converted to a hosted service that can’t be tampered with.
  • If ease of deployment is required, hosted services, VMs, or containers are far more future-proof.

Licensing Issues

The majority of TDK owners use it in conjunction with ActiveTcl Community Edition (ATCE). Previously, the ATCE/ATBE  license allowed TDK users to build and deploy, or even redistribute files without needing to attach a more senior license to the wrapped file. 

However, when ActiveState discontinued TDK/Pro Studio in 2016, this clause was removed from the ATCE license. The resulting modified license was posted to the ActiveState website and counts as an update to your existing license terms. In effect, TDK/Pro Studio customers have been grandfathered for the past 4 years. 

Grandfathering will end on October 1, 2020. On that date:

  • If an ActiveTcl distribution was used to wrap files for an external customer, an OEM agreement will be required.
  • If an ActiveTcl distribution was used to wrap files for internally deployed applications, every system where that application is installed will require an additional ActiveTcl node license.

More Information

If you have any questions concerning the pending EOL, or the impact to your organization around licensing issues, please reach out to the salesperson for your account, or else contact Sales.

If you have any questions regarding your TDK/Pro Studio deployment, wrapping technology, or other technical questions, please contact technical support.

Recent Posts

Tech Debt Best Practices: Minimizing Opportunity Cost & Security Risk

Tech debt is an unavoidable consequence of modern application development, leading to security and performance concerns as older open-source codebases become more vulnerable and outdated. Unfortunately, the opportunity cost of an upgrade often means organizations are left to manage growing risk the best they can. But it doesn’t have to be this way.

Read More
Scroll to Top