Half-Elf on Tech

Thoughts From a Professional Lesbian

Author: Ipstenu (Mika Epstein)

  • On the EU Cookie Law

    On the EU Cookie Law

    ETA: Please check out Trac #19622 – There will be a new way to do this in WP 3.4

    I’m going to be bold and tell you that the new EU law, that goes into effect in the UK on May 25th, is going to be impossible to track and enforce, it’s being handled backwards, but besides that, it’s actually a pretty good idea.

    For most people outside the EU, we have no real idea about what’s going on, so here’s a short recap. As of May 25th, a change to the EU law will require businesses to request permission from visitors to their websites before they can store information about their identity, history and preferences via third-party cookies. You can read the whole details in the proposal or Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services. Those links are full of legalese.

    Now, I do want to point out that this only affects people who live in the EU. Arguably, it also only affects people who host sites in the EU, and you may be able to skirt around it by hosting in the US or Canada, but that’s a lawyer conversation. Basically, if you live in the EU and have a website that acts as a business, you’re kind of screwed. If you just have a blog with 100% personally controlled content and cookies that only come from your domain, you’re fine. The cookies, including the kind WordPress drops on your site, are not the kind they’re talking about. If your cookie is only tracking information used on your site (login information, recent comments, etc), you’re fine. If the cookie comes from someone else (like Google Analytics or Project Wonderful), then you need to explicitly tell the visitor and obtain their consent.

    This is done for a pretty good reason, when you get down to it. When you go to a restaurant and pay with your credit card, you trust that neither the credit card company nor the restaurant are going to turn around and give your personal information to some other company who uses it for their own purposes. Legally, they have to ask you for permission to use your info, and that’s why sometimes they ask for your zipcode when you’re checking out at a store (and also why you’re totally allowed to say ‘no’ when they ask). Third-party cookies, that is those put down by someone other than the domain you’re visiting, should also be ‘agreed’ to. The EU argues that just visiting a site with Google Ads does not constitute consent.

    Item #66 in the directive:

    Third parties may wish to store information on the equipment of a user, or gain access to information already stored, for a number of purposes, ranging from the legitimate (such as certain types of cookies) to those involving unwarranted intrusion into the private sphere (such as spy­ware or  viruses). It is therefore of paramount importance that users be provided with clear and comprehensive information when engaging in any activity which could result in such storage or gaining of access. The methods of providing information and offering the right to refuse should be as user-friendly as possible. Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user. Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user’s consent to processing may be expressed by using the appropriate settings of a browser or other application. The enforcement of these requirements should be made more effective by way of enhanced powers granted to the relevant national authorities

    That’s a pretty hefty thing to get through, but it clearly spells out that third party cookies are when they’re on about. And in that, they’re right. There should be transparency to all this. We should know when we’re being tracked around the internet. But they’re wrong in making this the sole responsibility of the website owners. This is not to say that, as a website owner, I’m not responsible for the cookies my site puts down. And this is not to say that, as a website owner, I’m shouldn’t tell people how cookies and personal information I collect are used on my site. But to say that the ‘solution’ is for me to alert you with “Hi, the EU says I have to tell you about cookies and make sure you’re okay with them on your computer.” or not to use things like Google Ads, Facebook Like buttons, or Twitter integration is unenlightened.

    The issue is not that I, as website owner, am using third party services, and it’s not even that I’m using those services in an ‘hidden’ way (I use Google Analytics on this site, which you can’t easily tell unless you look at my source code). The issue is that those services are using cookies to track you between sites. But it’s easier to go after you than it is to sort out how to go after them, at the end of the day.

    Arguably, this is also being done to protect the website owners. If a visitor agrees to have the cookies, then you’re not longer on the hook if they complain. How are they going to (1) verify that (a) you did ask first and (b) they did consent, and (2) enforce this at all? The only way this can be enforced is if someone (or a program) goes to every single website hosted in the EU, or owned by someone who lives in the EU, and checks them for cookies without explicit consent. This could be automated, and emails could be automagically sent out to the site-owners, who would in turn have to look at their software and ads and deduce what’s making the cookies. Already, the UK has said they know companies won’t meet the May 25th deadline and don’t plan to enforce the law yet.

    Let’s say that they decide they will enforce the law. How can they verify that a cookie for your site is on someone’s computer? WordPress saves cookies in the name of wordpress_verylonghashkey, where your HASH key is specific to your install. Now they do show up as ‘from’ the website domain.tld but they can be forged. The easiest way is to copy cookies from one computer to another (I just did that when I moved everything from my old desktop to the new laptop). Another way is to take the information I have in my cookie, and tweak it to apply it to someone else’s site. That way requires a lot more savvy, more information than I’m providing here, obviously, and it’s incredibly hard, but it can be done.

    If they only rely on cookies that show up when your site is visited, they have to come up with a way to verify that it’s your site that put down the cookies and the visitor agreed to have the cookies put down. They have yet to explain how they’re going to be checking sites, which means you, as a site owner, still have no idea exactly what is and is not illegal to do. Sort of hard to protect yourself against an unexplained law, and it’s worse when you remember that “ignorance of the law is no excuse.” That should cut both ways. Ignorance in creating the law is no excuse.

    There’s already a way for users to stop cookies from being stored on their computers. Every browser out there has a way to turn off cookies. Most have a way to say ‘Don’t allow third-party cookies.’ If that’s not enough, Don’t Track Us has plugins for most browsers that let you block tracking plugins.

    To make this work, the EU needs to explain how they’re going to determine if you’re in violation of the law, and how they will enforce it. They also need to take this to the streets and tell the third-party cookie makers to stop. There are ways that third party tools can work around this, and one of which could be to tell people when they log in to FaceBook “We reserve the right to use your login credentials and other account information stored in cookies on other sites.” After all, the cookie belongs to FaceBook! Or we could just not use cookies at all for that sort of thing. But that has to change at the source of the matter, the third-party, and many of them don’t tell people that their cookies are used in such a way.

    As it stands, this law won’t be enforceable, it won’t be understandable, and it will cause more hassle with the wrong people without protecting anyone at all. It’s still a great idea, but it’s just not going to work this way. All they’d done is made a law to tell people that their hot coffee is, indeed, hot.

    Further Reading

  • Stopping Stalkers

    Stopping Stalkers

    We’ve all been there. One day you’re out enjoying the net, and the next you have a complete and total turd making your online life hell! What do you do? There are a lot of answers to this, but really it boils down to two types of reactions. You have to change your behavior, and you have to change your online accessibility.

    Changing your behavior is pretty obvious. Once someone starts abusing you online, calling you names, or just angry-ing up your blood, walk away. This is the hardest thing in the world, but do it. Most idiots will stop once you stop feeding them, which is why we always say ‘Don’t feed the trolls.’ When people go past your garden variety gnome moron, however, and start harassing you (and you know there’s a difference), you need to do more than just change how you react. Basically you need to stop making the problem worse. If you’re angry, you log off, walk away and grow the hell up, or you deal with the shit-storm you created.

    On the technical side of things, there’s a lot you need to do. If you’re on Facebook, Twitter, MySpace or any public forum with this person, you block them. If they evade the block by making new accounts, report them. Most sites have a policy about this, and the more you have to report them, the more likely they’ll get banned. Always remember to mention ‘I blocked this guy because as he was harassing me. Now he made to do it again.’ This will take a lot of doing, and a lot of arguing, but it will get things done. Block them on IM, Skype, everything you can think of that they might have.

    Once you’ve taken care of them on sites outside your control, let’s look at your site, which is the meat of this post.

    If you have a stalker, you want them to stop being able to contact you, right? If you have a blog, block their email in the comment blacklist. Just turf ’em. You don’t need to see them. If the harassment is bleeding into real life, I would moderate them instead, since you might need the comments for later proof in a legal case, but the effectiveness of that is in doubt right now (it’s too easy to fake that stuff). Make a note of the IP address and block that as well.

    In fact, block the IP from your server via .htaccess:

    order allow,deny
deny from 123.45.6.7
deny from 012.34.5.
allow from all

    If you have a firewall on your server, toss the IP in there as well. This servers two purposes. Most importantly, you no longer have to deal with nasty comments, but also, you are no longer feeding the troll, because the troll can’t get in. Of course, this isn’t perfect, as most of us use multiple IPs because our addresses, even with high speed, will change. This will only become more and more futile as we get into IPV6. In fact, you may recall I once said Don’t block IPs. When I said that I was talking, specifically, about spammers and bots. Blocking them by IP is futile. But blocking your stalker? Actually effective in certain cases, because some stalkers aren’t very technical. Alas, it’s only some. When you have a smart stalker, who knows how to use proxy servers to their benefit, you have to start learning tricks like How to Block Proxy Servers via htaccess.

    This won’t stop everything, of course, and I generally spend a bit of time with my firewall (I use CSF), activating the Real Time Block Lists (RBLs) and adding in certain countries to my block list using CC_Deny. I don’t like doing that, but sometimes you have to. I’m a pretty big advocate of Bad Behavior which, while it runs via PHP, can be instrumental in stopping bots. That helps me sort out proxy servers, since once you understand how Bad Behavior works, you can check its logs and weed out the proxy servers. Grown up Geek’s post on How We Block Proxies, Bots, Scrapers, Trolls & Assholes is an invaluable resource here.

    This also doesn’t stop email, and I personally filter all of mine on the server level. This does mean I keep the emails on my server, but again, this is something useful to have if these things ever go to lawyers. If you use IMAP, generally it’s okay to keep the emails up on the server, but it’s also a good idea to save them as .eml files to your computer, as they store all the data needed to trace back the emails. Most of us never need this, but the CYA is worth it.

    When things start to spill over into your ‘real’ life (or at least your physical world), don’t be afraid to go get a lawyer. Yes, this will cost money, but if you’ve done all this and can use it to prove this person is escalating their behavior, a good lawyer will know how to get you a restraining order. If you’re not being stalked today, lucky you! I would strongly suggest you do a few things in advance, though! You already know not to put anything out on the net if you don’t want it found, but I would also say that if you registered a domain, consider making your registration private. That will hide your address and phone number. If they’re calling your phones, the phone company can block them, and it’s definitely worth your while to ask them to do so. Peace of mind is part of the reason, but the other is that if you ever end up in court, you can show them the phone company records.

    A word of legal advice, here. The courts recently ruled that an IP address is not a person. This means that even if you have a bunch of emails and comments and whatever from a specific IP, that alone won’t be just cause for a warrant to break the door down. That’s a good thing for most of us, and means you’ll have to do detecting the old fashioned way.

  • Learning From Failure

    Learning From Failure

    The term criticality accident is what happens when there’s an increase of nuclear chain reactions.  This lets loose a radiation surge that kills people.  This is what happened at Chernobyl, Three Mile Island, Fukushima, and many other places.   To date, twenty-two criticality accidents have occurred outside nuclear reactors (some resulting in deaths), but thus far, none have resulted in explosions.

    When we look at the death of Louis Slotin, we think ‘God, how did we not know that was dangerous?’  When we regard the Trinity Test, we think ‘How did we not know we were unleashing hell on earth?’  The fact is that we cannot see the future, and we cannot predict how far we we go.  Therefore we certainly cannot see when we are too far gone before, indeed, we have gone too far. You cannot divine and magically know the unknown, though that doesn’t mean we’re in complete ignorance of the possibility.

    There is always a possibility that things can go terribly wrong, in the worst way possible. In a nuclear power plant (NPP), obviously things like a meltdown is up there on the top of the ‘worst outcome’ list. Did the scientists know there was a possibility this could happen? Of course they did. Did they know that it might leak into the ocean, pollute the land, and kill those 50 people who are still working at the plant, and who are all expected to die of radiation poisoning? Again, of course they did.

    Before any NPP is built, they go over the risks and mitigate them as best they can. They review the known risks, and solve as many as possible. But there will be a point where someone will correctly state “We’ve thought up ways to solve every problem we can come up with. Now we need a plan to handle situations where the unexpected arises.” Oh yes, they have a plan for this sort of thing too, but it’s probably really basic.

    I don’t work in NPPs, I work for a bank. We sit around and discuss things like ‘If the city of Chicago is destroyed tomorrow, how would we make sure that everyone can get to their money?’ Given that your money, like mine, is pretty much virtual and stored on computers, we do that via data integrity. Make sure that our data is all safe, secure, and backed up in multiple places. We have multiple data centers across the state, protecting your money. What about the software? It’s written to talk to those data centers. How do we compensate if one of them vanishes? The problem with those meetings, is that people want to know specifics. And I always point out ‘Give me a specific situation example, and I will give you specific steps. But since every situation is different…’ Because the answer to ‘What do we do if our Chicago servers vanish?’ is ‘Route everything to this other location.’ See how that’s really basic?

    The problem with all this is we can only plan for what we can imagine, and we can’t imagine past our abilities. Should we have seen the possibility of someone flying a plane into the World Trade Center? Of course! We should have always thought ‘Hey, this nice big skyscraper sure is an easy target for someone really pissed off!’ But the probability of that happening was so low we didn’t come up with plans for how to handle it. A criticality incident happens at that point when we realize what we should have known all the time, but couldn’t have possibly known because we are not omnipotent. We are not perfect and we cannot know everything.

    In the case of a nuclear power plant, when all hell breaks loose, people die. Even today, we know that the radiation being leaked out is bad for us, for the environment, the water and animals, but we don’t know how bad. We cannot possibly know. We can guess and infer and hypothesize. But we do not know. And the only way to know is to experiment. If that doesn’t scare the pants off you, to realize that all innovation comes from an experiment that could kill us all, well, then you’re probably not aware of the hadron collider and how we all joked about how it would open up a black hole and kill us all.

    Innovation takes risk. It takes huge risks. The people who take the risks, like Louis Slotin, know that things can happen. They know that irradiating themselves to kingdom come ends with a slow and painful death, and not becoming Dr. Manhattan. We won’t become Spider-Man or any sort of godlike superhero. We. Will. Die. And we know it. And we do not stop. We cannot stop. The only way to get better, to make it safer, is to keep trying and keep dying.

    Not to be too heavy handed, but with our code, it’s the same thing. We cannot see where too-far in our code, where danger lies, until it hits us in the face. We will destroy our programs over and over, we will crash our servers, and infuriate our customers, but we will pick up the pieces and learn and make it better the next time. This is human nature, this is human spirit and endeavor. We cannot fear failure, even if it brings death. For most of us, the worst it can bring is being fired, but really that’s not that common. I’ve found that if you step up and accept responsibility for your actions, you get chastised, warned, and you keep your job.

    When everything goes bad, it’s easy to point a finger and blame people. That’s what people do. They complain that the programers suck and didn’t test enough, that the testers didn’t do their job, that everyone is terrible and did this just to piss them off. They rarely stop and go ‘What did I do?’ They rarely say thank you, and they rarely learn from the experience of failure. Thankfully their failures will not end in death. Money loss, certainly, and a great inconvenience to everything in your life, but you learn from this far better than you can learn from anything.

    Learning from extreme failure is not easy. It’s hard to get past that initial moment of absolute terror. It’s harder still to train the end users (clients, readers, whatever) that this is okay. This is normal and it happens to everyone, everywhere, everything. But if we cannot learn from failure, we’ll never have the courage to create again.

    Get messy. Make mistakes.

  • WordPress: Open Comments More Selectively

    WordPress: Open Comments More Selectively

    There are a whole lot of tricks you can do with SQL to enable/disable comments.

    If you want to turn them on for every single page, there’s this:

    UPDATE wp_posts SET comment_status = 'open';

    But me? I don’t like to blanket turn things on! I don’t like to have my pages allow comments, you see, so I use this instead:

    UPDATE wp_posts SET comment_status = 'open' WHERE post_type = 'post';

    I find this preferable than just opening it for everything (most people will tell you to omit the WHERE clause) since if you do that, you open comments for attachments, pages, CPTs and everything. Which I never want.

    But what if you did open comments for everything and now you realized, oh snap!, you want to turn them off on attachment pages? That’s pretty easy:

    UPDATE wp_posts SET comment_status = 'closed' WHERE post_type = 'attachment';

    For more awesome SQL queries, check out Digging into WordPress – Easy Comment Management via SQL or the incredible Andrea’s How to Close Comments Across a MultiSite Network.

  • WordPress: Sticky Posts On Static Front Page

    WordPress: Sticky Posts On Static Front Page

    I built my Dad a site, and while he still emails me the content, I still want the code to be easy to use for me and, in theory, for him one day.  The original design was (and is) a static front page with the whole company spiel.  Dad rarely changed things since 1999 anyway, so I figured I was pretty safe keeping that layout.  I did add in a ‘News’ page, which he could use to ‘blog.’  I keep trying to explain that it’s not being a nerdy blogger, it’s a way to reach out to his readers, but … well, it’s a paradigm shift for him.

    Then February happened.

    Dad lives in Japan, you see, and among other things, works on Risk Analysis for nuclear power plants.  This Fukushima disaster is his bread and butter and in his backyard.  Obviously he’s involved.  This had a round-about way to making he delve into theming more than I normally do, because my Dad wanted to put something on the front of his page.  I thought that it would be a one time thing, but last night he wanted to change it with a new thing.  Suddenly Dad needs featured posts!

    On one of my sites, I use a special category for featured posts, list five in a sort of news/image scroller that swipes across your screen.  It works.  What Dad needed was a little different:

    1. A way to flag a post as ‘featured’ or ‘forward facing’
    2. Keep his main ‘page’ stuff below
    3. Show videos (embeds don’t work in the_excerpt)
    4. Show nothing if you have no featured posts

    Thanks to Twitter, I came up with a pretty simple answer.  For a brief moment, I toyed with making this a widget, but since I already had a special front page template for the site, instead I added a special loop that runs at the top:

     <?php
	$sticky = get_option( 'sticky_posts' );
	rsort( $sticky );
	$sticky = array_slice( $sticky, 0, 1 );

if (is_numeric($sticky&#91;0&#93;)) {
	/* Query sticky posts */
	query_posts( array( 'post__in' => $sticky, 'caller_get_posts' => 1 ) );
		while ( have_posts() ) : the_post();
		the_title('<h3>', '</h3>');
		if($post->post_excerpt) :
			the_excerpt();
		else:
			the_content();
		endif;
		endwhile; // End the loop. Whew. 

	wp_reset_query();
}
?>

    From Justin Tadlock we get the very helpful Get the latest sticky posts in WordPress which I used to show the first (and only) sticky. Obviously change the 1 to the number of stickies you want.

    <?php
	$sticky = get_option( 'sticky_posts' );
	rsort( $sticky );
	$sticky = array_slice( $sticky, 0, 1 );
?>

    Once we’re in the meat of the query, I wanted to show the full post if there’s no custom excerpt, and then just the excerpt if there is one.  This works around the annoying fact that you can’t embed videos in the excerpt (images and italics, yes, but not videos). Also, I tossed in if (is_numeric($sticky[0])) {} around the whole thing. If there is no sticky post, then $sticky[0] (which is the first item in the array $sticky) isn’t a number, it’s ‘null’ (which means ‘Hey! Nothing here!). My check is simply ‘If there’s any number in here, we’re good!’

    <?php
	query_posts( array( 'post__in' => $sticky, 'caller_get_posts' => 1 ) );
		while ( have_posts() ) : the_post();
		the_title('<h3>', '</h3>');
		if($post->post_excerpt) :
			the_excerpt();
		else:
			the_content();
		endif;
		endwhile; // End the loop. Whew. 
?>

    At the end I called in wp_reset_query(); so I could reset the query and go back to the regularly scheduled post.

    There’s really not a whole lot customized on Woody.com, but what there is works and it’s simple. I try to keep everything such that if Dad every decides he can do this stuff, it will be straightforward so he can do it. Telling him ‘Mark a post as sticky and it’ll show on your home page’ is easy. He can do that.

  • Software Freedoms

    Software Freedoms

    copyleft image Like a million other posts, I’m starting this with a warning: I Am Not A Lawyer.  Sure, my mom is, but that qualifies me for a cup of coffee, if I have the cash.  Personally, I support open-data and open-code because I think it makes things better, but there are a lot of weird issues when you try and pair up software licenses, explain what ‘freedom’ means, and where it’s applicable. For the record, I am not getting into the ‘is a plugin/theme derivative software or not’ debate. I will wiggle my toe and point out it is a point of contention.

    I’m presuming you are already familiar with the idea of what GPL is. If not, read the GPL FAQ.

    Why are WordPress and Drupal GPL anyway?

    The people who built WordPress took an existing app (b2) and forked it.  Forking happens when developers take a legally acquired copy of some code and make a new program out of it.  Of the myriad caveats in forking, you have to remember that the fork must be a legal copy of the code.  In order to create WordPress, Matt et al. were legally obligated to make WordPress GPL.  No one argues that.  The only way to change a license from GPL is to get everyone who has ever committed any code to the project to agree to this, and you know, that’s like saying you’re going to get everyone in your house to agree to what pizza to order.

    WordPress and Drupal is GPL because it must be.  There is no other option.

    So why is this a problem?

    GPL poses a problem because of interpretations of what ‘derivative works’ are.  It’s very clear cut that if you take or use WordPress’ or Drupal’s code, you are taking code built on GPL, which means you must keep your code GPL.  The definition of ‘code’ is a bit squidgy.  A generally accepted rule of thumb is that if your code can exist, 100%, without WordPress or Drupal’s support, then it’s not a derivative.  By their very nature, plugins and modules are seen as derivative.  Both Drupal and WordPress have long since stated that this is, indeed, the case.

    Themes, modules and plugins are GPL because they must be.  There is no other option.

    Except…

    The GPL GNU. If you don't know, don't ask! Except there is.   Only the code that relies on the GPL code have to be GPL.  Your theme’s CSS and your images actually can be non-GPL (though WordPress won’t host you on their site if you don’t).  Also, if you have code that lives on your own server, and people use the plugin to help the app talk to that code, only the code that sits on WordPress or Drupal has to be GPL.  Your server’s code?  No problem, it can be as proprietary as you want!  Akismet, a product made by Automattic (who ‘makes’ WordPress, in a really broad interpretation) works like this.  So does Google Analytics (most certainly not owned by WordPress), and there are many plugins to integrate WordPress and Google.  This is generally done by APIs (aka Application programing interfaces), and are totally kosher to be as proprietary as you want.

    Themes, modules and plugins are GPL where they need to be, and proprietary (if you want) where they don’t.

    So what is GPL protecting?

    As we often carol, the GPL is about freedom.  And “free software” is a matter of liberty, not price. To understand the concept, you should think of “free” as in “free speech,” not as in “free beer.”  Freedom is a tetchy subject, misunderstood by most of us.  For example, freedom of speech does not mean you get to run around saying what you want wherever you want.  Free software is a matter of the users’ freedom to run, copy, distribute, study, change and improve the software.  This is pretty much the opposite of what you’re used to with the iOS, Microsoft and Adobe.  Free software may still charge you, but once you buy the software, you can do what you want with it.  Your freedom, as a user, is protected.

    WordPress’s adherence to GPL is for the user, not the developer.

    What’s so free about this anyway?

    The term ‘free’ is just a bad one to use in general. Remember, freedom of speech, as it’s so often used in inaccurate Internet debates, does not mean you can say whatever you want. ‘Free speech’ means ‘You have the right to say what you want, but I have the right to kick you out of MY house if I don’t like it.’ So what are these GPL freedoms anyway? In the GPL license you have the four freedoms: (1) to run the software, (2) to have the source code, (3) to distribute the software, (4) to distribute your modifications to the software. Really they should be ‘rights’ and not ‘freedoms’ if you want nit-pick, and I tend to think of the freedom of source code to be similar to data freedom. The freedoms of open-whatever are for the people who use the whatever, not those who come up with it.

    Software freedoms are for the user to become the developer.

    So if GPL is for the users, what protects the developer?

    Every post about software freedom requires Stallman's image! Not much, and this is where people get pissed off.  If anyone can buy my software and give it away for free (or pay), why would I even consider releasing something GPL?  The question, as Otto puts it, really should be ‘What exactly are you selling in the first place?’ What are we selling when we sell software?  I work on software for a living, and I never sell my code.  I’m hired to write it, certainly, and I do (not as often as I’d like).  Most of what I do is design.  It’s part math, and part art.  My contract doesn’t allow me to keep ownership of my art, which sucks, but if I was a painter, I’d sell the painting and lose the ownership anyway, so what’s the difference?  That painting can get sold and resold millions of times for billions of dollars.  And most artists die starving.

    Software Freedom doesn’t stop people from being dicks (though they should).

    So what good is the GPL to the developer trying to make a buck?  

    It’s not.  But that’s not the point.  GPL isn’t about the guy who wrote the code, it’s about the guy who gets the code (again, legally) and says “You know, this is great, but it should make milkshakes too!” and writes that. GPL is all about the guy who uses the code and the next guy who takes the code and improves on it. If you have an open community where everyone has the privilege and right to use, view, share and edit the code, then you have the ability to let your code grow organically. If you want to watch some staid, tie-wearing, Dilbert PHB lose his mind, try and explain the shenanigans of Open Source development. “Develop at the pace of ingenuity” versus “Develop at the pace of your whining users.”

    Software Freedom isn’t about making money, it’s about making the next thing.

    Why would I want to use GPL?

    Other, more famous, Communists If you use WordPress, you use it because you have to. I prefer the Apache licenses, myself, but the purpose of using any software freedom license is, at it’s Communist best, a way to make software all around the world better for everyone. You stop people from reinventing the wheel if you show them how to make the axle in the first place! Did you know that Ford and Toyota independently came up with a way to make your brakes charge your hybrid battery? They latter opened up and shared their tech with each other, only to find out how similar they already were! Just imagine how much faster we could have had new technology if they’d collaborated earlier on? With an open-source/free license, my code is there for anyone to say “You know, this would work better…” And they have! And I’ve made my code better thanks to them.

    I use ‘free software’ open source licensing on my software to make my software better.