Category: How It Is

Making philosophy about the why behind technical things.

FAIR: Successes, Lessons, and What’s Next

Yesterday we released FAIR 1.3.

Today we had to announce two of the top faces for the project were stepping back.

It’s been a rollercoaster, y’all!

FAIR IS NOT OVER

We understand and respect Joost and Karim’s decision. The challenges they faced: the reluctance of large ecosystem players to invest in neutral infrastructure, the misaligned incentives–these are real. We won’t pretend otherwise. But those challenges don’t define the entirety of what FAIR is or where it’s headed.

This means, right now, we keep going.

So what the hell, ammiright?

First and foremost, FAIR WORKS. As a drop in replacement for running all your updates from wordpress.org you can now use AspireCloud instead. What does that mean? We proved you absolutely can de-centralize WordPress. You can undo all the Gravatar and phoning home stuff, and just get code.

What we wanted to do was make it so we could add in more and more ‘sources’ (like, say, your own self-hosted one!) and give the world the ability to distribute and share. All you have to do is add in a repo.

Beyond that, I have dreams of layering in tools like security checks, reviews, ‘grades’ (how ‘good’ or safe is a plugin/theme) and more.

But you see, you need money to be able to build and host all that kind of thing. Our plan was to get some big players on board so they could control their own code flow. This sadly became a chicken and egg conundrum that did not result in oyakudon (one of my fav dishes, we call it “mother and child reunion” because we’re twisted people).

Someone had to be first. Some big company had to be first.

None were willing to take the risk.

What Risk?

Let’s not sugar coat.

By now, if you’re reading this blog, you know about the feud between Automattic and WP Engine. Frankly it’s a whole lot more drama than any of us needed in our lives. But the reality is that the feud put people, including major companies, on edge. They fear retaliation. I get it.

Did Matt Mullenweg have a point that people (meaning big companies) need to kick in more to this project they’re basing their companies on? Hell yes. I don’t disagree with the issue he raised, I disagree strongly with his methodology.

Fighting takes us away from our goals and honestly, who has the time?

Instead of jumping into a fight, why not make a better path available. Why not reinvent Five for the Future into something like adopt-a-highway. HostingCompanyA adopts the support forums, because their customers use it. They donate time/people or straight up money. BigPluginCompanyB helps plugins the same way. They sponsor someone who doesn’t work for them to chip in.

To do that, everything has to be public, though. That means the WordPress Foundation has to tell us what they need with actual fact sheets and budgets, so we know where to help and with what.

Who Helps the Helpers?

There’s also a flip side to Matt’s argument. The Big Companies who make a living on WP absolutely should be helping more. But the millions of volunteers should be helped more.

The majority of my contributions to WordPress were unsponsored

Okay? We’re talking the 11 years as the plugin rep, and the six years before that. Most of that was on my own, free time. Most of it was unfunded, not sponsored by my employers, and done because I strongly believe that people working together make things better.

And I’m not the only one. The folks behind PHPcs, ImageMagick, and more have all faced issues with funding.

I remain proud as hell over my contributions, the work I did, the ecosystem I helped create. It helped me get my last 3 jobs (that’s including this one).

But I’m sure as shit nowhere near “Post Economic.” And that’s actually okay by me. I did what I could, when and where I could, because I believe in the power of people. I took some massive mental hits from the work, which trickled down into physical.

As I’ve said about why I left plugins: I needed to take care of my mental health. Plugins was killing me. I needed to step away from WordPress as a whole for the sake of my life.

People who work on a certain edge of the tech world have seen shit no one should see, and deal with assholes no one should deal with.

For me, FAIR has been a healing project, as it feels like we’re ushering in a new era of hosting and sharing.

What’s Next?

Well, as my co-chair Ryan put it, we keep going.

So we don’t have a ton of money. Okay, we can keep going. We’ll do it slower, and we’ll step out of ‘just’ WordPress but y’all, that was the plan in the first place!

We always planned to make this bigger. We designed the systems to be agnostic on purpose. We’re just jumping to that a little differently than I’d hoped with TYPO3.

As for me, I keep going for now. I never planned on being a TSC Chair. I’ve never sought out accolades or power. That’s just not me. I’ve been handed it enough times to know that there will be a time for me to step away and let the next generation, as it were, carry on and keep paving the way to a better future.

But that’s not today. It’s not even tomorrow.

Today and tomorrow and for a while yet, I’m here to help make distributed deployment of code a bigger and better reality. I’m here to help shepherd in the freedom of owning your code from egg to chicken (see I brought it back to oyakudon).

If tomorrow, I get a phone call that WordPress.org wants to distribute the load to lower costs and help bring the world ready for the EU’s Cyber Resilience Act next year? Hell to the yes.

I’m here for a better tomorrow. I hope you are too.

26 February, 2026
AI Solves Site Speed And Won’t Make You Obsolete
I have a bit of a moral problem with AI.

I hate how it stole data without compensation to build its databases, and now charges people for use.

I hate how it’s shit for the environment.

But I also use it day to day for work because it can do some things faster than I can. Imperfectly, but still, it’s like having a handy junior programmer who is up to speed on the latest techno brouhaha, but doesn’t have the scope or depth of thought just yet.

It can be a very useful tool, but it’s difficult to look past the practical issues.

All that said, I have been hearing a lot about how plugin shops and theme shops for WordPress will go out of business because of AI.

Hogwash.

AI Doesn’t Think

This summer, I was designing and building an app for work that used two languages (BigQuery and Laravel) I wasn’t familiar with, and two services (PlanetScale and GCP) I hadn’t used before. I sat down and wrote up what I wanted the app to do and more or less how I envisioned it working and I tossed that into AI to ask it to help me:
1. Estimate costs based on data volume
2. Estimate time to develop
3. Construct a plan using Claude TaskMaster to keep it organized
4. Write up a summary pitch
After a lot of back and forth and starting new chats to clear the memory, I had a decent plan and presented it. It’s pretty much as planned though we did learn and tweak as we went along.

Could AI have invented that without me?

No.

AI can do a lot of things, but it cannot invent from nothing. It needs prompt and the better your prompt, with the more details of the needs and wants of the project, the better it can help you create. But it cannot just decide “you know what, I need an app for X.”

Unlike a human, who can think about the moral consequences or the practical UX, an AI only knows what it knows from its limited info base, and cannot expand on its own.

A human will go “this sounds nice, but …” where an AI might ask you about the flaws but only as it knows them.

AI Is Great For Optimizing

Also this summer, I was looking at how slow LezWatch.TV is in the back end. Now I knew that this was due to how much cross data we save, and how inefficient WordPress is about storing it.

For example, adding a new character to the database will:
1. update the character count for the actor(s)
2. update the character count for the show(s)
3. update the meta for the gender and sexuality of characters for the show(s)
4. update the stats of characters for actors, shows, formats, death, etc
5. adjust show(s) score
There’s a lot of other little stuff, but every save of character does that. And it’s slow.

So I thought “there must be a better way…” and I wrote up a list of everything. Then I asked Claude (the AI in my code editor) to review the character saving code and tell me where it was slow.

It listed everything I had, plus a couple more (shadow taxonomies, weird cmb2 <=> taxonomy stuff) and with that, I dumped a summary into Gemini (Google) and said “Based on all this, is Action Scheduler a good idea? Tell me why, or why not, and propose alternatives.”

Now notice I came in with my own proposal!

This is key because it set the expectation that I knew “saving is part of the issue, so if I can schedule out post processing, then saving will be faster!”

AI Extends What We Can Do

This is where AI is great, it extends. After I moved things to the action scheduler, I thought about the other slow parts and decided to make my sql calls more efficient.

I know how to solve an N+1 issue (not redundancy, but the select problem), but the pain in the ass with WordPress is it tricks you!

Let’s assume $things is a collection of post objects. And you want to loop through all those things to get the ones with a meta of ‘other’ and echo it.
```
foreach ($things as $thing) {
    $other = get_post_meta($thing->ID, 'other', true);
    echo $other;
}
```
Looks perfect, right? Simple. Fast. Easy.

Well it’s two of the three. When you have 100 post objects, it’s fast. It’s even fast at 1000. But when you get to 3000 … now you’re going to see things slow down, and Google will ding you for TTFB (time to first byte).

The fix?
```
$thing_ids = wp_list_pluck($things, 'ID');

foreach ($thing_ids as $id) {
    $other = get_post_meta($id, 'other', true);
    echo $other;
}
```
It doesn’t look much different, but the trick here is that instead of looping and getting all the post data, we’re just using the IDs for a faster lookup and echo.

This gets compounded when you use WP_Query. Yes, it gives you the posts but if you also need their meta or taxonomy data, WordPress doesn’t load that in the same query. So you end up doing one query to get all the posts, and then one extra query for each post to get its related data.

That’s the N+1 problem: 1 big query + N small ones.

By writing direct SQL, I can grab posts and their meta/terms in a single query, instead of hitting the database over and over.

AI Solves With Directions

My father used to say that people think of AI like it works in Star Trek. Captain Picard says he wants “Tea. Earl Grey. Hot.” The replicator knows exactly what he wants and makes it. Geordi LaForge asks the Holodeck to make a Sherlock Holmes themed villain, capable of defeating Data.

Given the recent issues with guardrails on AI and it pushing people towards suicide, I can’t help but think Dad was 100% right and still is. People look at AI as a panacea. It will solve problems because it has access to all the information and can make the right conclusions.

It doesn’t.

While I used it to help me find all the speed issues, with my set parameters (saving, searching, etc), I can’t just say “make my site faster.” The amount of refining that happens, and sometimes straight up corrections on what is pretty basic dev work is how I know this. Any developer work their salt will tell you it’s not perfect.

What AI is great for refining, improving, and assisting.

It does not, cannot, think for itself. It will not propose to you “hey, I’ve been looking at the code you’re working on and I have an idea.” It will not solve the problem before you identify there is a problem.

AI is a tool.

Use your tool wisely.

But … can you make it better for the environment?
25 September, 2025
Toxic Users: The Unforgiven and the Danger of Unbanning

Over the last couple years, I posted a lot of stories about the crazy things I saw as the Plugin Rep on WordPress.org. A great number of those situations ended with someone being banned, but those aren’t the only stories out there.

Still, with the recent situation on WordPress.org, I felt it was appropriate to break down my views on banning, and when it’s the right thing to do.

Bans are about Safety First

The number one reason to ban anyone is the physical safety of the community.

With the recent announcement of a “Jubilee” and how people who were banned between August 2024 and now are being reviewed and (in some part) unbanned, I made a fairly vocal statement on Mastodon and BlueSky that this was a dangerous thing.

So #Wordpress (org) is really unbanning EVERYONE who’s ever been banned. This was confirmed by Matt on Twitter (screenshot attached).

I’m going to have to cold-stop any and all contributions because it’s demonstrably UNSAFE for me to be a part of the community.

Stalkers. Harassers. DEATH THREATS.

It’s NOT safe for me to be there.

Until someone SANE comes up with limits, guidelines, and restrictions for this ‘all bans,’ it is NOT SAFE for me to be on WordPress.org.

I repeat: THIS IS NOT A SAFE COMMUNITY FOR ME OR ANY OF THE THOUSANDS OF VOLUNTEERS WHO HAVE WORKED HARD TO ENFORCE GUIDELINES EQUITABLY FOR OVER A DECADE.

(See X/Twitter for the thread)

Ipstenu (Mika E.) on Mastodon

I will note, I posted that before any clarifications as to who was being unbanned.

While I have had one credible death threat (and a half dozen others that were laughably stupid, including threats to have various Gods wreak vengeance on me), I am aware via my friendships with Automattic employees that there are a significant number of legit threats out there.

Those people can and should be banned, and must remain banned. Period.

Safety isn’t Just Physical

The number two reason to ban anyone is the ephemeral safety of the community.

By ‘ephemeral’ I generally mean code. That is, if someone is putting backdoors in their plugin, we need to kick them out and ban them because they are an abject danger to the sites the plugins are installed on.

But this also means things like extortion, harassment, name calling, bullying, and so on. If someone demonstrates, through their repeated actions, that they can only communicate in a hostile manner, then they need to leave the community.

There’s a saying, once a single Nazi is allowed into a bar, it has become the Nazi Bar. All communities need to stringently protect the safety of their users. If leadership is okay with a couple people mistreating their community members, then they have just demonstrated they are not going to protect the more vulnerable members.

This protection is bidirectional, by the way. I’ve banned as many users for harassing developers as I have developers for harassing users!

The Community is More than Users and Developers

The number three reason to ban anyone is the legal safety of the community.

Any community of a decent size is one that faces legal matters. It can be a fan-club, an open-source development community, or a writing group. You have to be aware of the legalities of what you’re doing.

You have no idea how many times I’ve had to explain the basics of copyright and trademark law to developers, who just want to have a plugin for Facebook. I totally get it, Facebook is delulu about how they enforce their trademark — you can’t even use the word ‘Facebook’ or ‘FB’ in any of your plugin names, meaning no ‘Integration of Blah with Facebook’. But that’s how it is, and you have to obey the law.

For example, if a plugin is closed for something like that and the dev complain but make the change, that’s good. But if they make the change back when the plugin team isn’t looking, because they happen to know the team doesn’t review every change, then what happens is the plugin team gets a very nasty legal doc that threatens the entire repository. They plugin gets closed a second time.

You can see how this would escalate. Especially when the dev starts complaining ‘but someone else got away with it!’ See what really happens when they do that is the team goes and looks at the other person and closes their plugin. No one wins. The legal team from Facebook gets angrier and angrier, and the legal mess gets worse and worse.

If someone is the cause of putting the entire repository (or worse, the project) in legal jeopardy, they’re going to get banned and should be. They’re reckless and a danger to all.

Fake Content Hurts the Community

The number four reason to ban anyone is spam, auto-generated content, and lying.

I’m sure someone is confused that I’ve lumped them together, but they’re all worthless content.

Spam, no one would argue is ‘good.’ I know you get that one. Lying? Again, pretty obvious why you’d get banned for lying over and over again. If you can’t be trusted, then your contributions can’t be trusted.

But auto-generated content? I almost called it ‘low quality content’ because that’s what it is. People who post copies of AI generated ‘answers’ wholesale are posting low quality content. Since we know that AI has issues with hallucinations (read ‘it just gets things wrong sometimes’), you have to verify it. If you’re doing that, you’re going to end up changing some of what it says.

When someone doesn’t change anything it said, they’re not adding anything of value. It’s like dropping a ‘Let me google that for you’ link. They’re wasting everyone’s time and aren’t educating someone on how to help themself in the future. This is especially true on support forums.

Community should help itself. If someone wants to look things up with AI, more power to them, but if they come to a place to ask for help, they deserve to be treated as a human, not a bot.

Protect the Community From Yourself

The number five reason to ban anyone is they’re actually acting harmfully to the community, not just you.

This is sort of a backwards thing. It’s more ‘the number one reason NOT to ban…’ but it works anyway.

I have never once banned a single person because they annoyed me, or hurt my feelings, or even threatened me.

I’m pretty sure there are some people out there who are scoffing.

As hard as that may be for some of you to believe, it’s the truth. I have only banned people for guideline violations. Pretty much all the threats I’ve received happened after I banned people, first of all, but more to the point, everyone who devolves to threats tends to have a violation first.

There are some rare exceptions. I remember a few plugin reviews that had the sole reply of “fuck you” (or similar eloquence) and those were pre-emptively banned. Not because they swore at me, but because they clearly were incapable of following the guidelines. I didn’t want people thinking it was okay to talk like that to the community.

Not me.

The community.

Call me whatever you want, I don’t care, but when you do that I sure as hell judge you.

The Community Must Come First

You may sense a theme here.

Every single reason you ban someone is to help the community. Sometimes you’re protecting the community from itself, sometimes you’re doing things because there’s a grumpy lawyer standing over your shoulder (metaphorically), but at the end of the day you ban people who are actively harmful to the community.

There will always be people who cannot be unbanned because of the danger they represent. Those people, the people who hurt the community, must stay out.

7 May, 2025
Open for Employment – No Longer!

As of Dec 2, 2024, I am employed with AwesomeMotive! I am no longer in need of a new gig. I am leaving this post up in case someone does want to pay me to work on LezWatch.TV and make bagels all day.

As of 31 October 2024, my engagement with XWP will end. I am incredibly thankful for the time I spent with them and the trust they placed in me. Don’t get me wrong, it sucks, but the world just works like this sometimes.

I’m currently in search of full time employment! I’ve updated my resume and begun posting and looking for gigs.

What am I looking for?

Honestly as much as I’d love someone to pay me to just work on LezWatch.TV and make bagels all day, it’s pretty unlikely (though if you do…).

What I’m looking for is a full time job where I get to make cool things, get a fair paycheck that allows me to save to buy a house, and provides enough vacation time that I’m not spending all of it on Jewish Holidays and can actually take a trip now and then.

What do I want to do?

This is likely a tech stack question. I can do WordPress, I’m very good at it, but I also know Hugo and can pick up other stacks pretty quickly. I’ve done full stack work before (server birth to death), worked in automation, and myriad other platforms like MediaWiki, ZenPhoto, and more. I’m game for learning any CMS.

Would I really still work in WordPress?

I would.

Look, I know there’s a lot of volatility in the WordPress world but honestly with that in mind, you need someone like me! Why? Because I know WordPress plugins! If something happens and you can’t access .org, I’m your girl. I know how to scan plugins (and themes) for backdoors and bad code, as well as write the good stuff. I know risk assessment and management, which means I can help you when plugin ownership is in doubt.

I also know a lot of backstory to a lot of development shops and how they treat people. What? You knew I took notes about plugin devs!

There are millions of WordPress sites out there. They still need devs.

Would I leave WordPress for anything else?

Absolutely! Nothing against WordPress (or the current state of affairs), but my love for it is not absolute. It’s tempered in reality. WordPress is not the perfect solution for everyone, after all. I’m game to learn new things, to integrate, to test, and to break things.

And if you’re transitioning a site to or away from WordPress? Hey! I’m uniquely positioned to be able to tell you exactly what that code was doing and, in most cases, why!

Would I work for Automattic?

No. That ship sailed about 15 years ago. I interviewed pretty much around now back then, and in talking with Matt directly we both agreed I would be a bad fit. No harm, no foul. I think that was the right choice, all this time later, and I have no regrets.

Would I go back into Hosting?

Sure. I liked that work. It’s fun, challenging, and I learned a lot of new platforms and specifics. I got to play with servers and it gave me a deeper understanding in how to approach asking a host for help. Bonus? I know devs, so I can help debug your code on servers!

(If DreamHost calls me up right after this post, I would absolutely talk with them about opportunities without a second thought!)

What about Agency Work?

Depends on the agency.

Some agencies are real meat grinders, and some are less so. The hardest part about agency life is how fast everyone and everything has to move. Also it’s incredibly volatile! If the company who hired you isn’t doing well, fffftttt you’re screwed.

(Again, if XWP called me tomorrow, I would happily talk with them.)

Would I work for a plugin shop?

Yes, I would. I know plugins, I know the repo (sure things have changed but the basics aren’t going to), and I know the forums. Plugins are a lot of work of course.

How about a security company?

That would be epic fun. Yes. Finding issues, reporting them reasonably and privately, getting them fixed, and helping everyone? I miss that from Plugin Reviews.

What about just plain ol’ IT?

I’ve done it before. I’m sure some of my info is out of date (anyone need a Windows NT Server certified dev?), but again, I’m willing and able to learn. Basic IT has some joy you know, and users do some wild and crazy things you don’t expect.

Didn’t anyone tell me not to sell ME in a resume?

Many. But the thing is, you’re not hiring a machine, you’re hiring a person. If you want a grunt to grind? That ain’t me.

If you want a well reasoned, insightful, and creative individual who thinks for herself and is willing to try things even if they fail, because those lessons help you going forward? Who fights for the users and is honest even when it hurts? Who will stand by her principles even if they cost her work? Who is passionate and puts her all into everything?

That’s me.

Like what you read?
Check out my resume and toss me a line!

7 October, 2024
Why NOT WordPress?
There’s a website I’ve been running since 1996.

Yes, I know, I’m an Internet Old.

1996. That’s 7 years before WordPress was a thing. So it’s not surprising this site was (at one point) moved from ‘something else’ to WordPress. Actually a lot of something-elses over the nearly 30 years of its existence. I moved it over to WP around 2005 (WordPress 1.5) and pretty much left it there for years.

Now it’s different. Now the site is 100% powered by Hugo.

Why Did I Stop Using WordPress?

To understand this decision, you have to keep in mind that the site had been three parts for about 20 years.
1. The Blog, where announcements were made, etc, powered by WordPress
2. The Image Gallery, which had … images (about 20 Gigs), powered by netPhotoGraphics
3. The Wiki/Library, which is the documentation, powered by Hugo
Well, this year I got a nasty-gram and was forced to shut down the gallery. The simple truth was yes, the gallery included images that legally I didn’t have the right to use. No excuses. But the company involved was kind enough to work out a partial situation. I’m still in the middle of moving what images I can keep into a new home, but while that’s going on, I had a chance to sit down and face reality.

The gallery, you see, was the biggest feature of the site. Next was the Wiki/Library, and the blog was pretty much just announcements. There was a forum, it was removed ages ago. There was BuddyPress, ditto. People management just isn’t fun.

There was also the matter of cross linked data. Oh my, did a lot of images appear on the blog and the gallery. I was going to have to purge the old blog posts en masse anyway, so at that point, I asked myself that big question.

Do I want to move the library to WP, or the blog to Hugo?

Consider the following:
1. I was going to have to manually curate nearly 30 years of blog posts (took a few thousand down to about 50)
2. I already had a running Hugo site and was familiar with it (it has over 1600 files)
3. If I ported to WP, I would have to rebuild my data setup for how the data is output
4. Importing blog posts as text only is incredibly easy
With that in mind, it seemed obvious. Hugo.

What’s Different with Hugo?

Obviously I lose the ability to write a blog post and press publish. I have to add a new file, manually link it to my new image, and push to GitHub, where it’s auto-deployed to the site in question. The process for any data is basically this:
1. Create a branch on my GitHub Repo
2. Add the new content
3. Merge the branch into Production
At that point a GitHub action takes over.

Beyond that, however, there are some things you take for granted with WP. Like the ease of a mailing list with Jetpack. Now, I did export my Jetpack subscribers and I’m working on a solution there, but yeah, that was a big hit. There’s also the matter of auto-deploying content to socials. But… honestly that’s been pretty much shit-and-miss lately, what with Facebook and Twitter being what they are.

But all the ‘easy’ stuff? Well Hugo has RSS Feeds, it can process images as it builds (though that will cause your deployments to take longer), it’s open source, and best of all? The output is static HTML.

Go ahead, try and hack that.

How Hard Was It?

Honestly, it took me about 3 days to pick a new theme, apply it, move my basic content over, and start rebuilding the blog. Migrating blog posts took me about 3 weeks. The hardest part was realizing I was going to have to write some complex Hugo Mod code to include my gallery with lightbox code, but I banged that out in an evening.

There were frustrating moments. The Hugo community is significantly smaller than WordPress (I mean, whose isn’t?) and some of the code is a little on the ‘understood’ level (by which I mean things aren’t always spelled out, they assume you know what they’re talking about). In a way, it’s like using WordPress back in 2006 all over again, and look at where that’s taken me!

I’m very happy with the result. I picked a ‘fancy’ theme, called Hinode, and it came with Dark Mode built in. I ported over my custom code for recaps (I have a whole star rating system) and started building out topical small galleries where I could.

If I was a newbie to the web world? This would have been impossible. Then again, a lot of the work I’m doing in WP would be impossible for a newbie. About the only tool I’ve used where I think it’d be easier would be … Maybe MediaWiki? But only because you can build templates from the editor backend.

Even with Full Site Editing, WordPress would have been a bear and a half.

Historical Notes

The ‘Library’ was once on MediaWiki because I had this idea to be a public repository anyone could edit. Only I kept getting attacked by spammers, so I turned off registration. Then I had to apply all sorts of plugins, only MediaWiki didn’t allow you to self-update like WordPress, and I had to write scripts and it was just a pain.

I rebuilt it all as Hugo about 6 years ago, and I really enjoyed it. GoLang is not something I’m familiar with, and sometimes the language drives me to drink, but so does PHP.

The Gallery used to be a home-grown SHTML setup, which then moved to a now defunct project, Gallery, and then to ZenPhoto, and finally to NetPhotoGraphics after ZenPhoto decided to be more than just a photo library. NetPhotoGraphics is hella fun to use, and I even built an embed tool for it, so you could paste a link into WP.

I did that with Hugo as well, and I’ll probably port that back to the new site sooner or later.

It Is Sad Though

Basically this site has been a part of my dev growth from day one. I wouldn’t be working in WordPress were it not for this site, and I owe it a lot. Moving to Hugo is the end of an era, and it is a bit sad. But at the same time, I feel like I’m now in even more control over everything, and I’m making a leaner, faster, website every day.

I have no regrets for the steps I’ve taken on the way, and none about this move. It’s nice to not have to worry about updates all the time. After all, what’s on the site is just HTML.

I do miss being able to schedule posts though…
13 August, 2024
Piracy and the GPL
Sé and I go back a while, so when she asked me if I’d like to come on WPwatercooler and talk about Piracy and the GPL, I said sure! I’m including the video at the end so you can see the whole conversation but … What got me interested was that she didn’t ask me about what I thought she would!

The Hill I Die On Is Theft

I always get people pissed off when I say this, but you absolutely 100%, without question, can steal GPL code if you mess with copyright law.

I even went and asked ChatGPT for some fun:

It would be considered unethical and potentially illegal to take GPL-licensed code and release it as your own work. The GPL requires you to respect copyright laws and the rights of the original authors. By claiming GPL-licensed code as your own without proper attribution or acknowledgment of the original authors, you would be violating both the terms of the GPL and copyright law.

The GPL allows you to use, modify, and distribute the code, but it also requires that you maintain the integrity of the original license and give appropriate credit to the original authors. Failure to do so could lead to legal consequences, including potential copyright infringement claims. It’s essential to adhere to the principles of open source licensing and respect the contributions of others in the software development community.

I expected the chat to be about that. It wasn’t. It was about the lovely grey area I spent a decade and a half in.

Piracy is/n’t Theft

The crux of Sé’s question was this: Is it piracy to get a copy of a premium plugin (one you have to buy to get) from someone else.

The initial answer is ‘yes’ but then Sé laid out some amazing nuance.
1. She’d already bought the code before
2. She couldn’t buy the upgrade because the devs are in Russia (and sanctions)
3. There was a workaround to pay an intermediary, but she felt it was sketchy
4. She intended to migrate off the plugin, but needed the latest version to do so
5. Someone she knew offered to give her a copy of the latest version
Now, I worked for a bank before WP, and I can tell you that her workaround is what you do when you launder money. And if you did use that workaround, you run the risk of ending up on the FBIs sniff-list and they do not have any sense of humor about ignorance of the law.

So now, would I still call it piracy? Actually … yes. I would. But it’s small scale and not actually a huge issue and really depends on the intent of the person who gave it to her, and what Sé did with it in the end.

The Scale of Piracy

There’s a constant battle going on between consumers and corporations. I’ll use an example close to my heart. The TV show Willow was a fun fantasy romp with silly flashbacks and messy magic. It wasn’t perfect, it wasn’t the greatest thing ever, but it was fun. Shortly after it got mid-to-low reviews, it was removed from streaming.

There is no way to watch the TV series, except for piracy.

Is it piracy if I had managed to download the videos beforehand and kept them for my own entertainment? Yes. Yes it would be. The same as how all of our mix tapes were technically piracy. Mixtape artists have been arrested under RICO charges for that!

But the reality is that no one was going to waste time and kick in your door for making a mixtape and giving it to your sweetheart. They didn’t really care that much about it (and in some cases, like The Grateful Dead, encouraged it). It was incredibly hard to make money off mix tapes. I made copies of a CD I had bought in high school for friends, never sold ’em.

Then came the internet and suddenly I could copy that CD into files and send them across the world! And you know what? People did. Suddenly the scale of what could be done with a pirated copy of a CD had skyrocketed.

Obscure Monetization

I pause here to quote from Cory Doctorow’s interview back in 2010, when he was asked why does he give all his books away for free?

I give away all of my books. [The publisher] Tim O’Reilly once said that the problem for artists isn’t piracy – it’s obscurity. I think that’s true. A lot of people have commented: “You can’t eat page views, so how does being well-known help you earn a living as a writer?” It’s true; however, it’s very hard to monetise fame, but impossible to monetise obscurity. It doesn’t really matter how great your work is; if no one’s ever heard of it, you’ll never make any money from it. That’s not to say that if everyone’s heard of it, you’ll make a fortune, but it is a necessary precursor that your work be well-known to earn you a living. As far as I can tell, these themes apply very widely, across all media.

As a practical matter, we live in the 21st century and anything anybody wants to copy they will be able to copy. If you are building a business model that says that people can only copy things with your permission, your business is going to fail because whether or not you like it, people will be able to copy your product without your permission. The question is: what are you going to do about that? Are you going call them thieves or are you going to find a way to make money from them?

The only people who really think that it’s plausible to reduce copying in the future seem to be the analogue economy, the people who built their business on the idea that copying only happens occasionally and usually involves a giant machine and some lawyers. People who are actually doing digital things have the intuitive knowledge that there’s no way you’re going to stop people from copying and they’ve made peace with it.
Cory Doctorow: Publish books free online

There’s Piracy and There’s Piracy

On the podcast, I mentioned a book I’d bought for school that was over $100 (this was in the mid 1990s) and, having bought it, I worked with a friend in the print shop to make copies for classmates and sold them at enough for me to break even. I think it was $5 a pop, and I would accept lunch instead.

Piracy? Oh you betcha.

Illegal? Again, yeppers!

Immoral? ….

Oooh now I brought up a dirty word.

But it ties in to that intent I mentioned when I was describing Sé’s situation.

If Sé or I took the copies of the book/plugin and sold them with the intent of making a profit, then yeah, we’re immoral shitbags. But that isn’t the case. I was trying to not go broke because of that stupid college textbook scam that’s only worse with DRM. Sé wanted to properly move off a plugin that she cannot use anymore.

It’s all about that intent. As I said on the podcast, if you see someone sleeping in their car and it’s illegal where you live? No, you did not see anyone sleeping in their car. Did you see someone shoplifting diapers? No you did not. And if I have to explain why you didn’t see those things, you may be following the wrong blog.

Those GPL Avenger/Nulled Shops

I have to loop back to the GPL.

Officially, technically, 100% the GPL says that the code you write and release under the GPL is free for anyone to do whatever they want. And if you make changes, you have to release it under the same license.

Now, if you’ve spent any time in the WP world, you’ve run into sites that offer the same expensive plugins as you’ve seen for sale, but cheaper and ‘nulled’ (which means they no longer phone home to momma for your license). And technically under the GPL, that’s allowed. But I argue this:
1. The intent here is to circumvent legitimate, available purchasing
2. There is no assurance the code has not been tampered with
3. It’s a dick move
Can plugins been overly expensive? Yes, absolutely. I saw one for over $500 and it was not worth it. But you’re not paying for the plugin itself, you’re paying for security, support, and maintenance.

(Off Topic: I mentioned how cool it is when someone releases free back ported security fixes for premium plugins – I wish it was easier to do and everyone could do it, but it’s really freakin’ hard! Still, the easiest way would be “find all people with expired licenses and email them the latest release of the last branch they paid for, free of charge”. Easier said than done.)

The other problem is that by giving away the plugin, you may have broken the purchasing agreement. You know the one? Don’t rip off the tags on this mattress? Well first of all, the GPL actually supports people selling code (they’re not stupid, people gotta earn a living), and they’re of the Doctorow approach — watch your price point, convert the free users to paying one with value.

The value most plugin shops offer is support and updates. They’ll patch your plugin until they go out of business. And they’re clear about how you’re not paying for software, you’re paying to have it sent to you:

You can charge people a fee to get a copy from you. You can’t require people to pay you when they get a copy from someone else.
Frequently Asked Questions about the GNU Licenses

So what do I mean by a purchasing agreement? Well it’s your license agreement. I pay for YoastSEO, and from them I get a license. If I break the terms of that agreement, they have the right to sever my license and no more updates for me.

Those nulled/GPL Avenger sites are regularly playing with fire, and most have to make purchases with disposable credit cards and shuffle things around in order to not get caught. Once they’re caught, they’re banned and blocked and someone figures out how to catch them ahead of time next time and prevent sales in the first place.

Piracy is Nuanced

The reality of all this is piracy is an incredibly nuanced situation.

Pirate Radio Stations use airwaves they didn’t pay for and play music they have no license to. But at the same time, they might be the first way you hear a certain song that inspires you to go out and buy the album.

Sharing Cory Doctorow’s books for free takes money from him, but how is that different than using the library or loaning your favorite book to a friend? The goal isn’t to make money, it’s to share joy.

Asking a good friend for a copy of a premium plugin so you can test it out is, in my eyes, much the same. Asking for a copy so you can update and move off it is also fine.

When you start working at scale to actively block people from making a living (like if I took all of Doctorow’s books, printed, and resold them) then you’ve crossed my line about what is ethical piracy and what is just being a jerk.

Don’t be a jerk.

And remember, they’re more like guidelines.

WPwatercooler

Watch me on the world’s most influential WordPress Podcast, talking about piracy, GPL, copying books, and money laundering.
21 February, 2024