Half-Elf on Tech

Thoughts From a Professional Lesbian

Tag: open source

  • ZOMG! You Stole My Code!

    ZOMG! You Stole My Code!

    While the GPL is pretty clear about this, and my personal moral code is as well, the topic today is not about the question of is it right to resell someone else’s work, but what do you do when someone’s reselling yours?

    This happened to my friend not too long ago. Someone else took her theme and was reselling it and you either already know who it is or you don’t, it doesn’t matter for the sake of this story. Now, the issue was not if they could resell it, we all agreed they could. The issue was how they resold it. That is, they took her images, much of her ad copy, and resold it, presenting it as if it was their own code. And that was, we all agreed, wrong. That’s fraud, in my eyes. You’re taking someone else’s work and claiming ownership of it. But. That wasn’t my fight, it was my friend’s, and all I could offer was some moral support and connections.

    But when this happens to you, what do you do?

    The Hulk, right after he punched Thor in First, don’t type angry. It’s okay to type while you’re mad, but if you’re like me, and your skin heats up when you’re angry and you get all green and violent (I type really loudly), it’s probably a good moment to step back and think about why you’re angry. After all, GPL says this is allowed, right? I get mad because of perceived ownership. It’s one of my things. You should never claim to be something you’re not and you shouldn’t sell something that isn’t yours.

    And that’s the angle I’d use to approach the situation. I would find the person, ping them privately if possible (almost everyone has a contact page these days) and ask them if they could change the wording to make it clear that this isn’t their code, it’s mine, and they’re using and providing it without the support of the original author. That’s what my friend did, and that’s also what the other people whose themes were being resold did. They pointed out that the reselling was confusing to the customers, and the customers got an unlicensed product.

    What if that fails? Well. Now it’s messy. Legally if they’re taking my content and putting it up on their site with verbiage that implies it’s theirs, I have a DMCA takedown right. My content is all under copyright (I have not, nor will I any time soon, chose to go copyless) and I use the CC BY-NC-SA 3.0 license, so if you use my content, wholesale, without attribution, you’re stealing. But this isn’t about my content, it’s my code, and all my code is released GPLv2 (unless otherwise noted). That means in order for me to come up and tap your shoulder, you have to take my code and my content.

    Dollar SignBoy this got complicated. But if I ping you and say “Hey, bro, not cool.” and you ignore me, or tell me to sod off, I’ll come back and ping your webhost. “Hi, this guy is stealing my content. I asked him nicely to stop. Here’s a copy of our conversation.” I should note, none of the times I’ve ever had to do this have gotten past this step. The hosts have always stepped in, poked the perpetrator, and that was that. The times I was the bad guy (reprinting news articles), the content owners have only ever had to ask me to take it down. It’s never gotten past me.

    Well okay, so what happens if the host says “Tough luck” or “We agree, but we can’t do anything without a takedown notice.” Now you bring in the law and file a DMCA (Digital Millennium Copyright Act) take down. DMCA is a U.S Copyright Law covering intellectual property. Your blog posts and ad-copy are your intellectual property. This went to a pretty dark place, didn’t it? I mean, I hate the DRM with a passion, and I freely give away my stuff, so let’s stop talking about the legal stuff. You can look it up on your own if you really want to know how to file all that.

    Most of the ‘handling’ of someone who steals your stuff isn’t even the legal hassle, anyway. It’s just the pain of getting in touch with them, explaining the situation, and getting it sorted. And the headaches come from having to explain over and over that you’re not mad (though you probably are) and you just want them to stop making it look like they’re you, please and thank you.

    Okay, so how might I justify selling someone else’s theme or plugin? I would sell a service. It’s really that simple. I would sell the downloading, installing, configuring, and tweaking of the product. I would charge them the raw cost of the product AND give them the license information (it’s their now). I may charge them for some ‘placeholder’ text to import via the WP importer, and to import it. Certainly I would charge for some training on how to do this going forward. But the thing I wouldn’t do is actually say “This is our plugin” or “This is my theme.” Because it’s not.

    I’m just making sure you can have the theme better, faster, and easier. Plus now they can upgrade and I can go to Fiji!

  • You’re Wrong about Open Source Development

    You’re Wrong about Open Source Development

    We like to say that the ‘customer’ is always right. But when it comes to open-source products, the line between customer and developer is blurred. I joke that I’m not the owner of code, I’m the custodian, and by fielding questions from users and other developers, I turn that into a better product. There’s more and more calls for people like me by the way. A non-insignificant number of companies ask me “Is there someone else like you who would want to work for us?” because giving good support is hard, it’s a weird skill set, and it requires the ability to tell someone “I’m sorry, but that’s just not correct.”

    Yes, I tell people they’re wrong a lot. When I say it, I try to couch it in more friendly terms like “I understand why you’d think that, however because of XYZ the product chose to do ABC.” Or maybe even “That would be great, but historical support forces us to do that in a way that would remain backwards compatible. It would suck if we broke everyone going forward, right?” See the point here is that you’re not right but you’re not exactly wrong either, you’re just isolated in view.

    Well that escalated quicklyTunnel vision is something that happens to all of us. We look at the world from our perspective (yes, I was Captain Obvious there, I know), which means when most people remark that a project needs something, what they really mean is they need it. This is the part of passion that escalates into angry and vitriol remarkably fast, by the way, so if you’ve ever seen someone go from zero to abusive in three comments, that’s often what’s going on. They really want something to the point that they see red and can’t get out of their tunnel.

    Getting back to the rational world is hard, especially if you don’t really understand what it means to develop open source. You may think the developers are ignorant of their users, or out of touch, or don’t care. After all, if open source allows anyone to contribute, why doesn’t a project do everything?

    Well besides the fact that it can’t do everything, there are four main reasons a project doesn’t do things the way you it to. This doesn’t mean you’re right or wrong. Being wrong doesn’t mean you are wrong. It’s pretty hard to ever hear ‘wrong’ and not take it a little personally, though. Just keep in mind the reality that most Open Source developers are way more in touch with their users than people behind iOS or Microsoft Word. They just move at a different pace.

    Support

    The people who write the code have to support the people who don’t (or can’t). If they don’t want to support certain code, they shouldn’t have to. After all, what if they don’t feel confident that they can!? If you ask a developer to put in a feature they don’t use and don’t really understand, what happens when it breaks? I always tell people “You can’t support what you don’t know, and you can’t know what you don’t use.” This is why everyone who’s been through my WordPress training is pushed to actually use WordPress. Supporting something is so much easier if you use it. Thankfully all WordPress developers use the product every single day, so they know what it’s like.

    Complications

    The code is something everyone wants, but it’s too damn hard to code and remain backwards compatible, which is a huge deal for WordPress. A good example of this kind of thing would be WordPress Multisite’s shift from using /blogs.dir/ to /uploads/ for storing uploads. Doing this allowed us to dump MS Files and speed up WordPress because we’re no longer routing images through PHP (lots of benefits there). It came at the cost of losing the ‘hide’ effect of the /files/ URL, but you weren’t really fooling anyone about that anyway. Point being, we had to do this in a way that didn’t break everyone on an older design of WP! That took a lot of time!

    Time

    It takes a lot of time to get code right. So maybe they’re actually working on it, but it’s going to take a long time and it’s not done yet. Open Source moves at the speed of imagination and passion, so if a developer has the time and the itch, things get done. Some tasks are pure drudgery, which brings us to …

    Feelings

    This is Open Source (ala Sparta Meme)If you’re stuck between writing code you like to do a feature you want and writing code someone else wants and you don’t have an investment in, you’re probably going to do what you want. This is the reason that’s hardest to understand, and it’s the one most people call ‘unprofessional’ because it boils down to “Oh you don’t like something so you’re not doing it?” If this was iOS or MS Word, yeah, you’d get fired. But this is Open Source, and the rules are a little different here. We make what we make out of that same passion you have to see what you want to see.

    So … why not what I want?

    Because not yet. Maybe never. But WordPress was built to be extendable, not to be everything for everyone all the time. And that’s the beauty of it. But that’s another post altogether.

  • The Responsibility of Freedom

    The Responsibility of Freedom

    I’m sure you know there are clubs out there that re-sell WordPress products at a far lower cost than their original source. This post is not about that being right or wrong via the GPL, nor is it about the morality.

    This post is about responsibility.

    In my home office hangs a poster “Flynn Lives” which I have to constantly remind me “I fight for the users.” It’s a nerd level joke most of my fellow developers and support gurus get, but many people I help would not understand the point. My job, as a WordPress Support Guru, is to help people. This is simple, straightforward, and obvious.

    My other job, though, is to make their lives easier and better. It’s my responsibility, when I write code, to make it do something to make someone’s life easier. Even if the only person it helps is me, the point is that someone is being helped. If it’s just me, it’s really easy to support myself. “Hey, Ipstenu, you know this broke?” “Yeah, added to my list!” But when it’s someone else, how does that change?

    I firmly believe there’s an expectation of support with all plugins and themes hosted in the WordPress.org repository. Period. That means, yes, I have code I don’t put up there because I don’t care to support it. But I know that expectation puts responsibility on me as more than just “Someone who writes code.” I can’t just write code, drop it into the world, and never support it.

    “But Ipstenu,” I hear you say. “Isn’t that what WordPress.org does? It just dumps WP into the world. I never see the devs in the forums!”

    You’re not WordPress.org. You’re not that big, that complex, and that intricate. Unless you’re BuddyPress-levels of plugins, and you’ll notice they have support forums. Instead of directly supporting WP, the core devs of WordPress who are dedicated to WordPress have people like me, who traipse about the forums and help. And when I see broken things, I either take it to trac or help the person who found it do so. My determining line is “Can I fix it? Okay, I’ll trac it and patch it.” If I can’t, I help them. Low hanging fruit.

    The point here is that all this wonderful software came with a responsibility to make it great and help people. What does this have to do with sites like those Justice League Clubs that offer cheap/free versions of pay-wall’d software? They’re not helping you.

    FreedomOh, in the short term they’re helping you by giving you something for free. They’re getting you further in your site development than ever before. However that help ends at the provisioning level, because you aren’t paying for support from these resellers, you’re paying for product. That’s okay, so long as you know what you’re paying for, and a lot of people don’t. If people did know what they were paying for, they wouldn’t use nulled themes with base64 backdoors in them.

    The ethics and morals of reselling someone else’s work aren’t at play here. Yours are yours, mine are mine, and that’s just fine. What is at play is what are we paying for, what are we providing, and what are we devaluing when we resell someone else’s product?

    Devaluing is the easier one. People sell products at cost in order to make money. It’s simple. I work for a company that sells space on a computer and world wide availability from anyone to that space. We sell it at a price that allows us to make money, but also that allows us to hire amazing people like me who work on WordPress, write some of the code, test it, and otherwise spend all this time on WordPress, just because it’s software you use!

    The value of the product is, again, not just in the product, but in the service. And the service is more than just access and accessibility, but also in the support you get. No matter what people think, we aren’t just rolling around in money and laughing at you. We reinvest that money in ourselves, our hardware, the software (some of which we give to you). But what we always do is support that. Sometimes the support isn’t what you want to hear, but we do our best to solve problems, or explain why we can’t.

    So what are you paying for? Support! In the end, you’re pretty much always paying for support. You buy Microsoft Office and you don’t get the kind of support you get with WordPress, but you pay a lot more money. Where’s the support? When Word crashes, it sends (or asks you if it can send) a report back. That report gets noticed and acted on so that if it’s solvable, it’s solved. The next upgrade you get has a patch, and that crash doesn’t happen again. That’s support!

    You can also get actual support from Microsoft (though I know of no one who’s done so). They have people who write fantastic help docs and who monitor their forums and twitter. If you took Word (let’s pretend that was legal) and resold it, would you have all that?

    But that’s a quite extreme example. WordPress plugins are significantly smaller in scale than MS Office. So why is Office (and Adobe Photoshop etc) so expensive if they don’t give you half the help that the free WordPress product does? There are a lot of reasons. Patents and copyright are expensive, and frankly we’re all willing to pay for it. When Apple dropped the price of the new OS down from hundreds to $25, we were all suspicious. When it became free, we flipped out.

    But Apple wisely noted that making us pay that much money wasn’t helping them as much as it might. Free gives you a certain brand loyalty because we get to try before we buy. And we will buy those apps and those app add-ons (though I don’t fully approve of games that force you to pay to play all the time). We buy them because after we get the base product for free, we see the real value in the cost of the other products and we’ll pay for them willingly. Apple takes responsibility for their free software in interesting ways. We have to pay for assistance (most of us via the Genius Bar). And in the WordPress ecosystem, that too is what you pay for. The help.

    Broken windowSo back to this whole “I’ll take your paid software and give it away” thing.

    What are we paying for? I’ve heard tell that ‘Paying for support’ is a rip off. So is paying for documentation. I can see why some people balk at paying $25 a year for ‘support’ they may not ever need, and I’ve seen some companies work by letting you pay per-ticket. Though that makes people feel like you’re nickel-and-diming them, and I do agree it can come across that way. And yet that support which they so casually toss aside like an old shoe is where these free-software-clubs fall down.

    There is one club that says they will support all the plugins they re-host. Many of us are suspect at the possibility of that actually working well, though given the odds of how small their sales will be to start with, it may end up sustainable. The problem is that they’re not going to be patching upstream. They’ll fix your issue, and then when the real source pushes the next version, they get to reapply their patches. Strikes me as a lot of work.

    Is the payment system for some WordPress plugins and themes broken? I don’t think so. I think it’s not optimal for the user nor for the developers just yet, but monetizing these things is still relatively young. There will be mistakes and bad choices along the way. Finding the balance between the freedom of the GPL and the desire to make a living is difficult.

    The ultimate responsibility we have with WordPress is to give back. We give back with support and with improving things for everyone. If we’re just doing things for ourselves, after all, we don’t share them. Are these clubs failing in those responsibilities? Not yet. But all eyes will be on them if they do.

  • LastPass? LostPass!

    LastPass? LostPass!

    ModemLoper came up with the name.

    So here’s a frustrating experience. My office uses LastPass to share passwords for things. Secret things. They send me an ‘invite’ for the Enterprise account with my company email. I go to log in with the first-time password thing, and it says I need to make a new password. Sure, because email isn’t secure, so I make a new password the same way I have for the last year. I open up 1Password, make a new account there (LastPass – Work) with the login as my.email@myoffice.com and generate a password. So I have a password stored there you see. I then copy that password and paste it in, twice, to change the password.

    I want to note some things here. I did not have a message about how my master password was super important at this time. In fact, it just said to enter it twice. Also remember this was for an ENTERPRISE account. Not a normal user. Okay?

    So I do that, it says yay log in now! I take the same password, paste it in, no go. Oh, okay, maybe a butterfly farted. I’ll just reset it. Guess what I can’t do? The password ‘Hint’ was useless, since my password was along the lines of dyEno4FfW4EsED and I’d set the hint to “1Password” like you often do. Also there’s no ’email me my password’ or ‘reset my password’ thing I can use. Probably because email isn’t secure. The email where they’d emailed me a temp password just before to create my Enterprise account.

    At this point I tweeted obscenities. I have an account but I can’t use it. I can’t reset the password. I can’t recover the password. I don’t have a ‘One Time’ use password because I never got to the point where it let me create that sort of thing. Ditto with ‘reverting’ my vault. There was nothing to revert to so I couldn’t do that. The official answer was to delete my account and start over. There was more swearing. Most of it public use of the F-word on Twitter.

    But I did delete the account, made a new one, and this time it said “Hey, this master password thing is super important!” and took me to a second screen where I have to re-enter it. Oh, and yes, I used the same password I’d made before. It worked this time. My coworker resent the invite to join our Enterprise account. I do so, set up Two Factor Authentication, trust my laptop, and he shared the folders.

    As I spell out the drama to him, I realize that this may be happening because I didn’t have an account before. That is, I went ahead and used the account and password from the email. Don’t believe me that they sent a clear-text password? Here:

    LastPass email with a clear text password. Proof, I tell you!

    I redacted the account, even though you could guess it. Four hours pass. I get a tweet from the LastPass CEO:

    https://twitter.com/joesiegrist/status/403649508715667456

    to which I replied:

    https://twitter.com/ipstenu/status/403649761212784640

    Everything’s fine now, and my takeaway from this is ‘Make an account before joining an Enterprise’ because clearly their ‘sign up through your enterprise’ thing is buggy. The whole interface is a little janky, and I find that their statement of how they cannot possibly reset your password to be weird:

    Recovery for LastPass is not the same as other services you may have previously used – due to our encryption technology, LastPass does not know your Master Password, so we cannot look it up, send it to you, or reset it for you. This means your data remains secure from threats, but also means that there are limited options when you forget your Master Password.

    I gather they mean “There’s no way to change your password without knowing your current password.” And really this is the ultimate security, isn’t it? No one but you can change it without knowing your master password. The problem with this, and really all these things, is that if I have one master password, it must be easy for me to memorize and remember at the drop of a hat.

    Which means my master password is my least secure password. Check the sticky notes on my monitor.

  • Dr. Jekyll and Ms. Hyde

    Dr. Jekyll and Ms. Hyde

    I like WordPress. I like the community and I like the way I can invite other people in on it. But. I wanted to run a site, a small site, with static content for the most part, no comments, and just the basics. So why not Jekyll? After all, I’m big on self-hosting, and while most people I know seem to be running Jekyll on GitHub, you know me. I want to do it myself, I want to have it all here.

    Six drinks later…

    DVD cover of Dr. Jekyll and Ms. HydeMy major issue with Jekyll is that the ‘Simple’ directions aren’t obvious the way everyone seems to think they are. I mean, yes, they’re simple, but they lead you to some pretty crazy misconceptions based on how websites and CMSs work, and have worked, for a long time. And given all the posts I’ve read about how terrible WordPress is, my remark on that is: No, Jekyll is not terrible, but it has an audience.

    Look, of course WordPress can be terrible. So can your car. It’s all in how you use it, what you add on to it, and what you fuel it with. I have a lot of reasons to use WordPress, and I really like it for many reasons (least of which is if you asked me to explain Jekyll to someone who emails me a PDF of a Word Doc to post on WordPress… Well, yeah, no, it’s not simple.)

    Misconception: Where Do I Install Jekyll?

    jackie-chan-memeDaFUQ?

    Okay… you think “Hey, Jekyll’s running my site so it’s all on Jekyll, right?” Nope! Jekyll is installed on my laptop. It’ll be used to create content that I will deploy to my website. Jekyll generates the webpages. Just bear with me. Yes, it also runs the site, but it doesn’t have to. In fact, it generates all of my pages into a subfolder called _site, which you can actually load as a webpage. If I copied all of that over to a folder, it’d work as is. So option one here is that I could just do that. But that’s not what I’d call ‘friendly’ and it means all my code has to be on the server where a sneaky person could go get it. Part of why Jekyll interested me is that it’s more secure by being a flat site.

    Option two is to use a Jekyll ‘front end’ deployer, like Octopress or Prose. Option three was to stop and think “Maybe I just don’t get this and I should start simpler.” It’s very odd to me to have my ‘content’ on a server, but the ‘source’ not there. While if it’s just me running a site, that’s great. But as soon as I have to tell my dad to check code out… Maybe this is a bad idea. I don’t want end-users to have to learn all this. I want to tell them “Write your content. Save it here. Magic.”

    Revise: Needs vs Wants

    When I get really bogged down in thoughts like this, I step back and ask my self “What are my needs?” That’s similar to asking “What problem am I trying to solve?” but it’s a little broader, as I may not have an actual problem, I may just need a small change.

    I’m looking for a product with a small footprint, no comments, a way to subscribe to updates (RSS or email), separate content and design (so my writers don’t mess with the layout), and it needs to have a workflow that does not involve me having to teach svn or git commands to a music major. Oh and it has to be easy for me to upgrade (one click or git pull will do).

    Say what you will that git is easy (it is for me, albeit sometimes confusing). It’s not necessary for everyone to learn. I really feel a journalist shouldn’t have to learn to use it in order to write content! Still, after banging my head on this, I finally decided I was making my life too complicated by trying to self host before I understood the actual workflow of the process. So I went one step further back and decided not to self host right now.

    KISS: GitPages

    Everyone uses GitHub Pages. So fine, so will I. They walk you through the setup, so that’s nice. It was pretty painless to make a repo. But what did that have to do with Jekyll? I can edit everything within GitHub which is nice but I don’t want that. I wanted to learn Jekyll… Scroll to the bottom and there’s a nice graphic saying I can use Jekyll!

    Now that you’re up and running, here are a few things you should know.

    And they link to the Jekyll quickstart. Okay, thank you, I can install Jekyll. How do I hook them up? I had to actually Google to find the link to Using Jekyll with Pages and frankly, after reading it… I don’t want to. Oh I did it, but it’s not “simple.” It’s a total pain in the ass. It reminds me of the old MoveableType when you had to fuss with cgi-bin. It’s all manual. And this is fine for a dev, but I don’t want to have to install this on my Dad’s laptop. Did I mention he was on Windows?

    See? Jekyll running on my laptop

    So using this for a version controllable, static website, is actually far less tolerable than I wanted it to be. I can use it, I kind of understand it (the whole source folder is confusing me a little…) but it’s not something I could easily roll out to a medium-technical person without some serious training. In fact, I need some serious training to get good at just pushing my content, and when I compare that to WordPress…

    I get why people like it, though. The static files alone are pretty cool, but it’s going to be a learning curve.

  • Open Source Olympics

    Open Source Olympics

    I try never to argue about the ‘spirit’ of the law these days and god help me if I ever consider talking about the spirit of GPL. But I do have a firm belief in the spirit of what Open Source is and how that impacts what we do.

    I generally tell people I’m a Socialist and that’s why I love Open Source. It’s also true that I love the Olympics not because I want my country to win (I rarely keep track of medal counts) but because I want to see people exceed their expectations and go higher, faster, stronger. I cheered when the Dutch finally won the shorter length races in speed skating. I was sad when Simon Ammann did not place in ski jumping (I’ve been watching him jump for 16 years!). I was delighted to finally see women’s ski jumping!

    But if I wanted to sum up exactly why I love the Olympics so much, this single viral photo sums it up:

    Russian skiier, Anton Gafarov, gets a new ski from Canada

    If you watched the US broadcast of the men’s cross country finals (individual sprinting – they’re basically doing running on skis, it’s brutal), you saw Anton Gafarov wipe out, or at least part of it. They readily admitted they missed why he fell, but rewound so you could see this poor guy, skiing in his home country, come flying down on his back, behind the other skiiers, and crash into the wall. He lay on the snow in anguish, because he knew he would never get a medal now. He had trained his life for a moment that may never come again, and that hurt.

    But, and this is what you didn’t see on NBC, Gafarov got up and kept racing.

    Russia's Anton Gafarov falls with a broken ski during his men's semifinal of the cross-country sprint at the 2014 Winter Olympics, Tuesday, Feb. 11, 2014, in Krasnaya Polyana, Russia. (AP Photo/Matthias Schrader)

    And then he fell again, because (as you can see), his ski was broken beyond repair. It would be illegal for him to finish on foot. His race was totally done. In a sport where the difference between first and second is tenths of a second, he was out the moment he fell, but now he wouldn’t even be able to place and would end his Olympic experience disqualified. If you’ve never been a part of a competition where you DQ’d, I promise you that hurts way worse than not placing well.

    That’s not where the story ends, though. Go back to that first picture. See the guy on the right side getting him set up with a new ski? That would be Canadian coach Justin Wadsworth.

    Canadian coach Justin Wadsworth ran to Gafarov with a replacement pair of skis and putting them on.

    Wadsworth took new skis out, helped Gafarov put them on, and thus the Russian finished the race (in dead last) to rousing cheers from the crowd. When asked by Canadian news site The Star why he did it, the answer was simple: “It was like watching an animal stuck in a trap. You can’t just sit there and do nothing about it. … I wanted him to have dignity as he crossed the finish line.”

    We love to say that the Olympics are about overcoming adversity and doing amazing things, but much of Olympic spirit is inclusion and helping others. It’s never ‘us versus them’ but ‘look at how cool humans are.’ And to me, that’s what I mean when I talk about the Spirit of Open Source.

    Open Source is about people creating amazing things in an open environment, without fear of restrictions. It’s giving incredible freedom to let the art of code shine through the function, and it allows for astounding advancements because of that. But it’s also about making things better by doing it together, and by enabling the next guy to take your work and do more.

    If we see someone who has a need, we try to meet it. Not always for those wants (like I’d love a new iPad and laptop, but I don’t need them), but when someone’s in a massive car accident, or loses a job, or wants to go to an event and can’t afford it, we move heaven and earth.

    Open Source would bring Gafarov a ski.