Half-Elf on Tech

Thoughts From a Professional Lesbian

Tag: software

  • Software Freedoms

    Software Freedoms

    copyleft image Like a million other posts, I’m starting this with a warning: I Am Not A Lawyer.  Sure, my mom is, but that qualifies me for a cup of coffee, if I have the cash.  Personally, I support open-data and open-code because I think it makes things better, but there are a lot of weird issues when you try and pair up software licenses, explain what ‘freedom’ means, and where it’s applicable. For the record, I am not getting into the ‘is a plugin/theme derivative software or not’ debate. I will wiggle my toe and point out it is a point of contention.

    I’m presuming you are already familiar with the idea of what GPL is. If not, read the GPL FAQ.

    Why are WordPress and Drupal GPL anyway?

    The people who built WordPress took an existing app (b2) and forked it.  Forking happens when developers take a legally acquired copy of some code and make a new program out of it.  Of the myriad caveats in forking, you have to remember that the fork must be a legal copy of the code.  In order to create WordPress, Matt et al. were legally obligated to make WordPress GPL.  No one argues that.  The only way to change a license from GPL is to get everyone who has ever committed any code to the project to agree to this, and you know, that’s like saying you’re going to get everyone in your house to agree to what pizza to order.

    WordPress and Drupal is GPL because it must be.  There is no other option.

    So why is this a problem?

    GPL poses a problem because of interpretations of what ‘derivative works’ are.  It’s very clear cut that if you take or use WordPress’ or Drupal’s code, you are taking code built on GPL, which means you must keep your code GPL.  The definition of ‘code’ is a bit squidgy.  A generally accepted rule of thumb is that if your code can exist, 100%, without WordPress or Drupal’s support, then it’s not a derivative.  By their very nature, plugins and modules are seen as derivative.  Both Drupal and WordPress have long since stated that this is, indeed, the case.

    Themes, modules and plugins are GPL because they must be.  There is no other option.

    Except…

    The GPL GNU. If you don't know, don't ask! Except there is.   Only the code that relies on the GPL code have to be GPL.  Your theme’s CSS and your images actually can be non-GPL (though WordPress won’t host you on their site if you don’t).  Also, if you have code that lives on your own server, and people use the plugin to help the app talk to that code, only the code that sits on WordPress or Drupal has to be GPL.  Your server’s code?  No problem, it can be as proprietary as you want!  Akismet, a product made by Automattic (who ‘makes’ WordPress, in a really broad interpretation) works like this.  So does Google Analytics (most certainly not owned by WordPress), and there are many plugins to integrate WordPress and Google.  This is generally done by APIs (aka Application programing interfaces), and are totally kosher to be as proprietary as you want.

    Themes, modules and plugins are GPL where they need to be, and proprietary (if you want) where they don’t.

    So what is GPL protecting?

    As we often carol, the GPL is about freedom.  And “free software” is a matter of liberty, not price. To understand the concept, you should think of “free” as in “free speech,” not as in “free beer.”  Freedom is a tetchy subject, misunderstood by most of us.  For example, freedom of speech does not mean you get to run around saying what you want wherever you want.  Free software is a matter of the users’ freedom to run, copy, distribute, study, change and improve the software.  This is pretty much the opposite of what you’re used to with the iOS, Microsoft and Adobe.  Free software may still charge you, but once you buy the software, you can do what you want with it.  Your freedom, as a user, is protected.

    WordPress’s adherence to GPL is for the user, not the developer.

    What’s so free about this anyway?

    The term ‘free’ is just a bad one to use in general. Remember, freedom of speech, as it’s so often used in inaccurate Internet debates, does not mean you can say whatever you want. ‘Free speech’ means ‘You have the right to say what you want, but I have the right to kick you out of MY house if I don’t like it.’ So what are these GPL freedoms anyway? In the GPL license you have the four freedoms: (1) to run the software, (2) to have the source code, (3) to distribute the software, (4) to distribute your modifications to the software. Really they should be ‘rights’ and not ‘freedoms’ if you want nit-pick, and I tend to think of the freedom of source code to be similar to data freedom. The freedoms of open-whatever are for the people who use the whatever, not those who come up with it.

    Software freedoms are for the user to become the developer.

    So if GPL is for the users, what protects the developer?

    Every post about software freedom requires Stallman's image! Not much, and this is where people get pissed off.  If anyone can buy my software and give it away for free (or pay), why would I even consider releasing something GPL?  The question, as Otto puts it, really should be ‘What exactly are you selling in the first place?’ What are we selling when we sell software?  I work on software for a living, and I never sell my code.  I’m hired to write it, certainly, and I do (not as often as I’d like).  Most of what I do is design.  It’s part math, and part art.  My contract doesn’t allow me to keep ownership of my art, which sucks, but if I was a painter, I’d sell the painting and lose the ownership anyway, so what’s the difference?  That painting can get sold and resold millions of times for billions of dollars.  And most artists die starving.

    Software Freedom doesn’t stop people from being dicks (though they should).

    So what good is the GPL to the developer trying to make a buck?  

    It’s not.  But that’s not the point.  GPL isn’t about the guy who wrote the code, it’s about the guy who gets the code (again, legally) and says “You know, this is great, but it should make milkshakes too!” and writes that. GPL is all about the guy who uses the code and the next guy who takes the code and improves on it. If you have an open community where everyone has the privilege and right to use, view, share and edit the code, then you have the ability to let your code grow organically. If you want to watch some staid, tie-wearing, Dilbert PHB lose his mind, try and explain the shenanigans of Open Source development. “Develop at the pace of ingenuity” versus “Develop at the pace of your whining users.”

    Software Freedom isn’t about making money, it’s about making the next thing.

    Why would I want to use GPL?

    Other, more famous, Communists If you use WordPress, you use it because you have to. I prefer the Apache licenses, myself, but the purpose of using any software freedom license is, at it’s Communist best, a way to make software all around the world better for everyone. You stop people from reinventing the wheel if you show them how to make the axle in the first place! Did you know that Ford and Toyota independently came up with a way to make your brakes charge your hybrid battery? They latter opened up and shared their tech with each other, only to find out how similar they already were! Just imagine how much faster we could have had new technology if they’d collaborated earlier on? With an open-source/free license, my code is there for anyone to say “You know, this would work better…” And they have! And I’ve made my code better thanks to them.

    I use ‘free software’ open source licensing on my software to make my software better.

  • Sucking Clams, Kosher Style

    ClamAV is an tool that you put on your server and it detects malicious software. In short, it’s a server virus scanner and most servers use it to scan email for viruses. Now those of you who use stuff like McAffee and Norton and other virus scanners for your email, you may not know that servers also scan for that stuff as well, and try to kill the emails before they ever get to you! Yeah, think about how many emails with viruses you get. Personally, I’ve never had a problem with viruses and not because I use a mac. It’s because I pay attention to the content and context of an email before I open any attachments.

    But this is about ClamAV and server-side scanners.

    The story starts with my twice a week check of my server. I like to keep tabs on what it’s doing, how it’s doing, what’s going on, etc etc. I was a little surprised to see my server load spiked. Server load is sort of how you know how hard your server is working. A high load means its looking at a lot of work. A low load is ‘better’ but you have to admit that you’re going to have SOME load, so you may as well figure out what’s a good load for you. I’ve had problems with WordPress and right now I’m using WP Super Cache (See “I take it back. WP-Super-Cache is a Super Hero” from September 2009).

    The point is, I know that a spike like this is okay:

    That spike there was when I ran a small upgrade. You’ll notice how after the moment, it drops back down and has a happy nice day? That’s how things are supposed to work. A spike with traffic and then everything’s happy again. Great.

    So what does this mean?

    Yeah, I took a look at that, paled, and asked myself ‘What in the four hells is going on!?’ I did the logical thing and looked at the date and time. Noon on Monday I’d made a change to the firewall, moving from the perfectly acceptable, though harder to manage (no GUI), APF Firewall to CSF. That move was a TEENY bit on the spur of the moment, as I wasn’t having any problems with APF per se, but I was being hit up by a lot of spammers and my usual attacks of http:BL and Bad Behavior weren’t cutting it. They’re front end fixes to the ongoing spam problem, alas. I hate spammers.

    Worried that my new firewall was ‘bad’, I started to Google if CSF caused high server loads. And found nothing. So I went back to the beginning and checked top. Top is a unix command that you use to see what’s using up resources on your server. It’s like Task Manager for Windows, but it’s a lot more informative. Top lets you see details and sort and basically when you want to find out what ran off with the spoon and killed your server, baby, I’m the bottom and log on to top. Top showed me, interestingly enough, that ClamD was using between 70 and 90% of my resources. On a slow week, like the net generally has for entertainment sites between Christmas and New Years, that’s not really a problem. There’s not a lot going on with the sites I host right now, the extra CPU usage wasn’t a problem. Come back on January 20th, though, now that’s a problem.

    But the thing of it is, back in September, I optimized my server and I remember reading on multiple places that ClamAV and ClamD use up a lot of resources and people turn them off. So I did.

    Isn’t that much nicer?

    The real question, at the end of the day, is if having ClamAV turned off causes more problems than having it on? So far, no one’s breached my servers, though that’s a function of my firewalls, and SpamAssassin seems to be taking care of the spam emails, which is where most viruses come from in my experience, unless the server’s hacked, at which point I’m kind of screwed anyway. But what I find myself wondering now is if it’s dangerous to not be using ClamAV or what. And I don’t have an answer to that yet.