Half-Elf on Tech

Plugins: Always Get a Contract

in

Sometimes people do stupid things. In the case of Gary (not his real name), it was hiring someone without a contract. This led to a complaint that a developer had taken Gary’s proprietary code and released it in public.

Gary explained he’d hired Frank (not his real name) to write a plugin for his company, and the agreement was it was not for resale. That’s pretty normal to hear. Gary went on to explain that Frank was from Pakistan (this will come back later) and he’d asked Frank to take down the plugin and Frank said no. Could we step in?

Time to Dig In

The answer to Gary was ‘maybe.’ I explained that, per the GPL, Frank was allowed to take and fork the code and release it for free. However, WordPress.org didn’t allow that if the source was a premium plugin. So first of all, was the infringing plugin actually hosted on WordPress.org? You see, Gary hadn’t named the plugin.

Once Gary linked to the plugin, I took a look for any obvious evidence that it wasn’t Frank’s. Sometimes people credit the source and it’s easy to see if it’s a fork, and other times they forget to clean it up and remove mention of the source. In this case, I saw no evidence, but I did see GARY had a number of warnings on his account for (basically) being an asshole in the forums. Never a good sign.

In fact, here’s what Gary posted in the forums against Frank:

[Frank] will take your money and then leave you with a plugin with bugs and [functions] paid for that he doesn’t deliver.

Gary in the forums

That’s it. That’s the review. Nothing about the specific plugin.

I then asked Gary if this was a premium (pay for) plugin. Gary said no (!) but it was a bespoke plugin with a contract provision to not distribute. I pointed out that meant the code wasn’t GPL, so we could remove it, and asked Gary for a copy of the code. I’m sure you won’t take the sucker bet about what the code was licensed, because it 100% said it was GPL.

Oh and yes, I had to warn Gary that his account was on mod-watch due to that review, which was not a review of the plugin. It was an attack on the developer. Right or wrong, personal attacks have no place in a review of a plugin. If some developer really did kick you in the goolies you should go to a lawyer, not the forums, to complain.

We understand that sometimes contracts and arrangements go south. This does not give you permission to make multiple accounts and to aggressively attack the developer in question. This is especially true when you are directly contacted and told to come talk to the forums team in Slack, and instead you attempt to contact them personally via [Social Media].

You were provided with the correct conversational methods, of which this email is in fact one, and instead you flagrantly disrespected and disregarded the directions.

We will of course still hear your claim and, if there is proof to it, close the plugin permanently. But that won’t make us unlock your account, since you behaved in a manner unbecoming to our community.

Plugin Team to Gary

This means it’s down to contract law, and I’m not a lawyer.

Let’s See That Proof

I decided to ask the simplest possible option. “Did Frank sign a contract, or was this a verbal deal?” Gary insisted Frank had signed a contract. And he provided ‘evidence.’

His evidence was a group of undated and unorganized screenshots about their work from Skype. Each screenshot was ‘dated’ in the name (thank you Apple), but that wasn’t actually the order of the conversation. I spent an hour or so trying to get the order correct, and what I saw was Gary asking for a lot of changes in a short amount of time. A lot. Like every other comment from Gary was “and I need this change…”

Frank would update Gary at the start and end of his (Frank’s) day. I thought that was pretty reasonable, since Frank was in Pakistan and Gary was somewhere in North America. And finally in those screenshots I found where it went south. There was an email from the end of the previous year (remember we’re in January) where Gary said Frank needed to close the plugin on WordPress.org because Gary owned it, not Frank.

Rather politely, Frank replied that he had only made public the code Gary didn’t want. It took more digging in those undated Skype logs to figure out that Gary had asked for a bunch of features, changed his mind more than once, and Frank had, quite clearly in fact, asked if Frank could use the un-used code elsewhere.

You know that Gary said yes. Of course he did.

Fool Me Twice, Shame On You

I wrote a reply to Gary explaining he’d actually agreed to let Frank share the code, and if Gary would send us his version, we would confirm the private code wasn’t there. My email included a screenshot to prove where Gary said that, just to cover my ass. Before I sent it, Gary sent me another story about how after this incident, he’d hired Frank a second time.

Y’all, if you hate a developer, why would you hire them a second time? What logic is that?

In the second incident, though, it got better. Gary had started this second “contract” at the same time he’d complained about the code not being removed from .org. Frank had started to accept the work, changed his mind, refunded Gary, and blocked Gary saying he didn’t want to work with Gary anymore. I felt that was quite reasonable of Frank, all things considered.

Gary also, as one would expect, took umbrage that he was suspended and Frank wasn’t.

The fact that you won’t reenable my account because of terrible customer service and rude mods is not something you should hold against me […].

[…]

If you think I will go down silently, trust me. You have not yet met a monster like me before.

Gary to Plugins

I put pause on my initial reply to Gary and emailed Frank. I was honest and told Frank someone was making a claim he’d put code on .Org that violated a contract. I asked if there was a contract at all, and what had happened from Frank’s PoV, because I wanted both sides. Rather politely, Frank said there was only a verbal agreement, no actual contract, and that he decided he didn’t want to work with Gary because he was kind of a dick.

I chastised him for working sans contract and pointed him to where he could get basic dev contracts that would protect him from things like this.

It Doesn’t Look Good

So here we are.

  1. Gary hired Frank to make a plugin
  2. Frank did so, after a lot of back and forth
  3. Gary changed his mind and asked for a feature to be removed
  4. Frank asked if he could put the removed feature up on .org
  5. Gary said yes
  6. Frank did so and linked to the plugin on .org (I think … it was truncated in the undated screenshots provided)
  7. Gary then asked Frank to make a second plugin (knowing the original was hosted on .org)
  8. Frank sent Gary the cost estimate
  9. Gary complained Frank put the first plugin in public
  10. Later on the day of the complaint, Frank refunded the down-payment
  11. Gary complained about the refund being a breach of contract
  12. Frank told Gary he would not work with him anymore and blocked Gary

From the outside, that looks pretty reasonable, right? And both parties (Gary and Frank) told the exact same story! I love when they line up. Gary had even shared the screenshot that confirmed he told Frank that the unused code was FRANK’S to do with what he wanted. The only difference was Frank said there was no contract, and Gary swore there was.

Now there’s a funny thing here. I still had no idea exactly which plugin this was! Frank had around 10 to his name, and three were from the December/January period. I had a guess about it, but I asked (for the fourth time) if Gary would please link to the plugin so I could be sure.

I also asked Gary for a copy of the bespoke plugin to compare (again, this was a repeat ask), proof of a contract (again, a repeat ask), proof Gary had said the plugin was not to be shared (again, a repeat ask), and to please be patient as we’re all volunteers here (a repeat reminder). Oh and to stop telling Frank he was mentally ill, that wasn’t okay.

Finally Gary linked to the code on WordPress.org. Gary also complained that he had a stellar history on .org (he did not) and I could see his public work history on a freelancing website that has a number for the name. That website, you may be amused to know, showed Gary had nothing but 1-star reviews. Gary claimed he’d conceptualized the plugin and named it (neither of those things are copyrightable to the best of my knowledge, especially since the name included someone else’s trademark).

The email also came with a mammoth rant about Frank and Gary’s history. Gary was of the opinion that a developer who quit/canceled a contract partway through was ‘too fragile’ to be a developer. Then he went on to explain he’d dealt with a family member who had a mental break, and he thought he saw the signs in Frank. And it came with a lot more screenshots, none of which proved anything.

Note: I have a tendency to stop talking to people when they get like Gary. It’s not because I’m fragile (as some people like to claim). It’s because when I find the other person so lacking in human empathy and so unwilling to compromise, I see absolutely zero point in continuing the conversation. If there’s no middle ground, and it’s only your way or nothing, you get nothing.

I read the email and the screenshots and replied:

Just so we’re clear here, you had no contract and no verbal agreement that he wouldn’t make the plugin publicly available?

Me to Gary

The rest of my email explained we needed to see something prior to the dust up of the plugin being hosted on .Org, that in any way shape or form indicated there was any agreement to not host this code on WordPress.org. Remember I had the evidence from GARY that he said it was okay. I wanted the evidence he claimed existed to prove he had said the opposite.

I also pointed out Skype absolutely lets you export chat logs, and that would be a lot easier to read than the disorganized grabastic piece of shit screenshots he sent (I didn’t say it like that, I said it would make this process a lot faster).

At this point, it had been 4 or 5 days of emails.

Why Bother With Directions?

Gary sent more low-quality screenshots, undated, unorganized, and hard to read. They looked like those fake screenshots people make of texts. That’s how bad it was. The screenshots, once I thought I had them in order, told a story of Gary bombarding Frank with messages at a time he knew Frank was offline (remember North America vs Pakistan). They all took place after Frank had put the plugin on .Org.

At this point I still had no proof from Gary that he’d ever told Frank to not post the code up on .Org.

In none of those screenshots is there mention of even “Make this plugin for us and only us.”

That’s why I asked if you had a contract with him, other than the alleged verbal arrangement in Slack. Even just something that has you saying “This plugin will only be for us, right?” and him replying “Yes” in chat would do […].

Me to Gary in email

I also told Gary to, in the future, not be an idiot and get a goddamn contract. Which he should know as a freelancer himself.

Gary replied that he’d had an actual verbal conversation on Skype. No one had a recording. So we were clearly back to the he-said/he-said world. I hate those. Gary also said if I didn’t pull the plugin, he’d get his lawyer involved. Again, Gary still had not sent me the code Frank wrote for him, so I still couldn’t even check if there was a GPL violation which, at this point, was the only reason I might have to pull Frank’s plugin.

In fact, if Gary could have proven any of the following, then I likely would have pulled Frank’s plugin:

  • Frank had agreed to never share the code he wrote while working for Gary
  • Gary had asked Frank to not share the code prior to it being submitted to .Org
  • Frank had used code from a non-GPL source

The whole ‘premium plugin’ reason didn’t really apply here. It maybe was code from a premium plugin but, since I’d never seen that plugin, I couldn’t be sure. Making it even murkier, Frank and Gary both explained the code Frank posted was not part of Gary’s, but Frank had started it to do an above-and-beyond aspect of Gary’s request. Who knew who owned what anymore.

Gary sent more emails of screenshots (still no log, still no dates, still a pain in the ass to decipher) and swore there was ‘proof’ in there.

Sure was. Proof that substantiated Frank’s claim. I’ve transcribed so you don’t have to suffer the shitty screenshots:

Gary: When we’re done with this [plugin] and it works, we’ll put this [on WordPress.org] and release it as a free/pay option.

Frank: Okay.

Gary: Free I guess can be the [extra] code which you have created […] then paid can be this version.

Chat Log provided by Gary

Later on in those logs was a bit where Frank specified exactly what code would be premium. Frank even said he was specifying so they were both on the same page, and there was no misunderstandings. And Gary agreed to that proposal. Only the ‘extra’ code (which was the only code in Frank’s plugin on .Org) was allowed to be on .Org.

Tough Nuts

Gary had no evidence that, prior to the code being on .org, he had ever said that Frank wasn’t allowed to post it. In fact, Gary had provided evidence to the contrary! All of Gary’s ‘proof’ about the code never being on .org happened after Gary found out the code was on .Org. Tough nuts here, Gary, but unless we can prove something, we’re leaving the plugin up.

Gary replied that ‘the screenshot’ he’d sent was from before the code was on .Org. He’d sent 7 screenshots in the previous email, none dated. His points:

  • He pitched the gig to Frank
  • Frank was overworked and said he could look later
  • When Frank had the time, they Skyped and hashed out the details
  • Frank tells Gary there were issues with the name, according to the WordPress Team
  • Frank sent the beta code to Gary
  • Gary and Frank worked out some changes
  • Gary then “realized” the code was on .Org and complained
  • Frank told Gary the code was limited, and contained none of Gary’s bespoke code
  • Frank told Gary (at some unspecified time) via voice-chat that none of Gary’s bespoke plugin would be public
  • After the breakdown in their work-relationship, Frank put the code up for sale on his own site

If you’re looking at the fourth point and blinking a lot, me too. Who did Gary think this ‘WordPress Team’ was if not us? I was more-so blinking because Gary concluded by saying I should confirm I knew the conversations took place before Frank put the code on .Org.

I could not confirm his claim on the timing because …

  • Many of the screenshots were clearly after the build of the plugin (the ones that have him swearing at Frank for releasing it)
  • None of the screenshots were dated so I cannot be sure about timeframes (I asked for the logs because of this)
  • I had no screenshot where Frank asks to have a Skype chat
  • I had proof Frank had told Gary there was a problem with the plugin name according to the WordPress team (aka the Plugin Review team)
  • Gary didn’t pay Frank until after the free version went up on .org (possibly after Gary knew the code was up, timing was unclear)
  • Frank promised none of the premium stuff would be in the .org plugin and Gary said he was okay with that
  • Frank denies any such Skype conversation took place that agreed nothing would be public
  • Work continued after this, with Gary not asking org to remove a plugin that he was aware of existing
  • After the money was refunded, Frank purportedly was selling the premium version on his own site (no one ever linked to where that might be)
  • Only then did Gary come to the plugin team
  • WordPress.org has no oversight as to what Frank does on his own site

So Gary was asking for WordPress.org to remove the free plugin that actually he agreed was okay to make and give away, with code he didn’t want in his bespoke plugin. Code he had, per his own screenshots, very clearly agreed to have hosted on .Org.

After the Battles

In the end, Gary got nothing. He remains banned from WordPress.org since, after that, he made a couple hate-attack accounts to go after Frank. Frank ended up taking that plugin down because, as he said, he was tired of Gary’s abuse. He also claimed he’d learned his lesson about having a contract and statement of work before doing work.

Gary never provided his copy of the code to validate the GPL issue. Gary never provided logs (with time/date stamps) that confirmed the order of events was what he said. Gary had no contract, only a verbal agreement, that Frank disputed.

This was memorable simply because I’d really never had anyone show me a screenshot proving the exact opposite of what their claim was before.

It was not the last time, but that’s a story for another day.

%d