[wp-hackers] WordPress and GPLv3

Thu Dec 27 00:59:56 GMT 2007

A great deal of resentment came from a variety of lobbying arms and even
academic researchers who were secretly paid by those who would suffer
the most from wide adoption of the GNU GPLv3. You are strongly
encouraged to listen to those who haven't vested interest and those
whose mind has not been 'poisoned' by the coordinated smear campaign. I
urge you to judge things for yourself rather than rely on mouth-to-hear
disinformation. The origins of misinformation are well known, but that's
a separate (and very long) story. I will gladly go into it if you are
interested.

> My disdain for the GPLv3 is that it attempts to solve problems which
> do not exist, and in so doing, it puts the freedoms of the users above
> the freedoms of the developers, who are also users, but ones that they
> discount.

This assessment is shockingly selective. Have you witnessed a variety of
threats and lawsuits whose target is distributors of Free open source
software? That happens to include companies that deploy software like
WordPress. Have you followed the Moodle situation recently? Has the
involvement of the FSF (and its sister organisations), namely that of
protecting the project, escaped your attention? I ask this politely
because I will gladly elaborate shall that be needed.

The raison detre of the GPL is to sustain the freedom of software, which
has been jeopardized by legalisation of software patents in a few parts
of the world. The GPLv3 addresses several issues, of which this is one.

> Consider the so-called problem of so-called "Tivoization". If you
> don't know the background here, I'll explain it. Tivo boxes use a
> modified copy of the Linux kernel. Tivo followed the GPL to the letter
> and released all their code changes ( http://www.tivo.com/linux/ ).
> However, after the Tivo hacking started, they modified the code in
> their actual hardware to check for a signature on the copy of the
> kernel before booting it. This was to protect them and their service,
> they didn't want people hacking the boxes in ways such that they did
> not require the Tivo service. In other words, Tivo boxes can only run
> kernels actually signed by Tivo.

Tivoization, as it is used by Tivo, might be a practical solution that
even Linus Torvalds has endorsed. Tivoization, however, is a loophole,
which can be further misused in the future. It represents a feature to
some, but it is also a weakness. Imagine a scenario which involves not
the razor blade analogy, but one which involved locking down one's
machine for the purpose of control, eavesdropping, and so forth. Have
you heard about IBM prototyping Trusted Computing for GNU/Linux?

What if an installation of a CMS ever forbade you from changing its
behaviour, essentially leaving you imprisoned by a highly undesirable
set of constraints? What does that mean to free software? Hardware can
be used to limit use and to impose limits on modification. That hardware
could, for instance, be Blade servers (no pun w.r.t. razor blazes intended).

> Somehow this offended Stallman and the FSF. They think that the user
> should be free to modify the code on the purchased hardware, despite
> the fact that the hardware is not actually end-user modifiable by
> normal people (just hackers) and also despite the fact that Tivo was
> selling the boxes at a loss.

The box is not just modifiable by hackers, but it is seen as
*programmable* to just a few. End-users can alter the behaviour of the
box given an alternative pre-prepared image (reflashing, patching, et
cetera). One of the issues that are commonly explored in this context is
Tivo's need to receive payments that cover the cost of the hardware
(Apple has similar issues when it comes to media players), but rarely
does not tell you about all the data Tivo harvests about you and can use
in a variety of ways (even selling it).

> And that is Tivoization. Wrapping the code into a black box that can't
> be modified.

This defines proprietary software, from the perspective of another
'layer'. Of course, one can just avoid buying Tivo. Mind you, I do not
defend or criticise Tivo; I present other overlooked aspects of this
issue. I fear that your message explores just one side of this debate,
so it lacks balance.

> What Stallman and crew

Is that really necessary? Without RMS et al, it's unlikely you'll have
the /option/ of Free software (shall you require it).

> are failing to see is that there's nothing
> wrong with this. Tivo isn't selling hardware. Tivo is selling a
> service.

Yes, but Tivo also /receives/ a service. Tivo's supplier is the
thousands of programmers, most of whom worked for free just so that the
fruit of their labour secures their freedom. Many of us FOSS programmers
have a goal in mind, one which is to escape digital lockdown. You can
read about some digital prophecies or watch how software has /already/
devolved to grant no rights to its respective user while permitting
merely everything to those who produce products. There's no conspiracy
theory here, but anyway, I don't want this to become a 'political' argument.

> They leveraged open source code to create this service, and
> they created an unopenable black box using that code. They released
> their changes to that code back to the public, and anybody else who
> wants to do so can create their own hardware and run Tivo's changes.
> In other words, the GPL fulfilled its function, the changes were given
> back. Tivo's only "crime" was in doing the razor blade service idea
> and then trying to protect themselves from unscrupulous people.

Again, that's /one/ way of looking at that. This is Tivo's "we're a
victim" stance, but you totally neglect several other sides (there are
several, not just one). The definition of freedom comes into place. If
they wanted to leverage code the way they did, BSD-licensed code is out
there. As it stands, one of the 4 freedoms is being compromised, owing
to a loophole. This is not a violation of GPLv2, but nonetheless,
control is taken away from the programmer and can in turn be used to
harm some users (see discussions about privacy, for instance).

>> Some guy called Stallman seems to think you disagree with the goal of the
> GPL:

He does indeed. I've faced similar resistance in other forums and
usually it turns out that those who resist adoption of GPLv3 are
inherently against its long-standing philosophy of the GNU project. I've
seen a lot of this in discussions which revolve around GPUs. Some people
still look for new ways of profiteering from the retraction of freedom,
capitalising on the fact that ownership rules are altered. Have you seen
the number of companies that come under fire for GPL violations recently?

> Yes, I absolutely disagree with Stallman and virtually everything he
> says nowadays. He's gone from genius to socialist zealot.

I spoke to Stallman in the past (I even published an interview with him
last week) and charactering him as a "socialist zealot" (emphasis on thw
word zealot, which has a negative connotation) is something I take
offense in. By this definition, human/animal rights activists might be
zealots as well. How dare we say "no" to the (Pat)riot Act? How dare we
say "no" to DRM, which virtually forbids backup and leaves us having to
buy the same stuff over and over again?

> The goal of the GPL, in my opinion, was to preserve freedom by keeping
> what was released under it free for all to see and use. When the code
> is free, everybody benefits. You can all use the code. You can all
> modify the code. If you modify it and sell it, you have to give those
> modifications back. Tivo did this. Hell, I've done this.

Tivo contains GPL-licensed code. Tivo contains unique components. With
its firmware, availability of the code might be worse than useless. It
also gives a lesson for other companies to follow -- primarily companies
that sought new way to develop things quickly without divulging trade
secrets. In the case of Tivo, replace "trade secrets" with total control.

How would you feel if a company began selling WordPress appliances that
use unique hardware (e.g. special type of clusters) and are being
developed by a group of 500 full-time developers (>Automattic+developer
community)? How would you feel if you were left behind because of those
that took your code and 'enhanced' it are using uber-hardware with all
kinds of disablement technologies? This is all far-fetched and
hypothetic, but Oracle comes to mind (Linux and MySQL forks possible).

> However, this freedom does NOT give you the freedom to take advantage
> of other people's schemes. This does NOT give you the freedom to steal
> service. This absolutely does not give you the freedom to set terms on
> USE of that code. The GPLv2 focused entirely on redistribution. If I
> redistribute the code, then I have to give away my changes. The GPLv3
> adds a new one. Now, if I redistribute that code in a product, I have
> to not only make the changes available, but I have to let the end-user
> modify the product. I cannot protect my product and my business plan
> through technical measures. I cannot give away razors while trying to
> sell razor blades.

It would be trivial to change the business plan. It's akin the a
transformation from a proprietary software business model to one which
is similar to Red Hat's. Companies never like letting revenue drop. It's
business nature, especially when investors are involved. Ask Sun
Microsystems about it. Talk to Simon Phipps and see why selling servers
and balancing that with services and software acquisition costs isn't
what it used to be.

> In other words, I cannot use GPLv3 code in any sort of actual
> non-end-user-modifiable product that I sell. If I use GPLv3 code, I
> must take extra steps to make the product modifiable by end-users.

That's correct.

> And why? Because Stallman and the FSF think that's a good idea? Yes, I
> disagree with them. I do not think that it is a good idea. I think
> it's restrictive of freedoms for the developer. I want to use the open
> source code to create new cool products, but this sort of ridiculous
> restriction only limits the use. It takes away the freedoms of the
> developer. It is far, far less free than the GPLv2 was.

Only if by "free" you go by the definition of the BSDs, namely "I do
what the f* I want". GPLv3 does a better job than GPLv2 when it comes to
"free". It protects the freedoms. It prevents mistrust and possible abuse.

>> Is he wrong?
> 
> Yes. Richard Stallman is absolutely, 100% wrong in everything he has
> said for at least the last 3 years. He can no longer be trusted on any
> subject of any kind.

Translation: "I don't like Richard Stallman's definition of freedom. I
like something different."

[CG:]

> You know, I started to reply earlier, and my sentence (and I quote) is
> almost the same as your opening statement :)
> "The problem with GPL v3 is that it gives extra rights to users, but in
> exchange puts additional burdens on developers."

Developers are users too and many of them operate based on the
assumption that their code ensures a liberal use of tomorrow's PCs.
There are not many open systems, but anything we do in collaboration can
ensure that we, as users -- along with our friends and families -- can
enjoy products that evolve quickly and respect us more than they respect
just revenue. There are many lessons to be learned from history about that.

> Like you said - that's all the problem now. When I write open source code,
> I'm choosing more and more to steer away from GPL because I find it makes
> life harder for me as a developer rather than easier.

It depends on your goals as a developer. You need to define them in
order for this to be seen in the appropriate light.

> Look at most linux distros - in an attempt to protect the "integrity" of
> open source, you can't distribute open source with free source (in FSF's
> *INTERPRETATION* of the GPL and not the word of the GPL) so Linux distros
> force users to manually "unlock" drivers and codecs which is one of the
> biggest things that newbies don't understand: "Why doesn't it work out of
> the box?"

Hybrid systems are an interesting dilemma. Where would we be today if it
were/were not for compromises? Where would WordPress be if it were not
for b2? Would it be built upon a _truly_ open stack? Will you be able to
get WordPress running for $0+hosting bill? There's an attempt to
encourage people not to be tempted to take shortcuts.

> Sure, it preserves the code - but in doing so, it places additional
burdens
> and restrictions on the _developer_ instead, which is just bull.

Developers can sell/deliver products to users who like them. If the
software does not respect its prospective user, the user is less likely
to find appeal in it. It's a reciprocal and symbiotic relationship. If
you, as a developer, take extra steps to bring benefits to user, users
will come running to you. The Linux kernel did not mature thanks to a
single man. Its users became its developers too. The same applies to
many WordPress hackers and even people who offer free support.

> GPLv2 had the huge distinction between "the letter of" and "the spirit of"
> the GPL - but for those of us developers disinclined to follow the FSF's
> developer-limiting spirit, we could still take advantage of the GPLv2 as a
> license that protects both our rights as developers AND our user's
freedoms.

See the previous two paragraphs. Additionally, things will change as
time goes by. WordPress has a big target painted on its a**e because it
has been exceptionally successful. Other than patents, consider a case
where Drupal and its new 'parent company' choose GPLv3 as a
distinguishing factor (MT has already taken a first step). Did you know
that Linus Torvalds would consider GPLv3 for his kernel if OpenSolaris
went that way? That's the way it works.

> With the GPLv3, the FSF tried to do away with the separation between
letter
> and spirit - which was a wholly unnecessary and totalitarian move.

You could speak about 'spirit' in the context of Novell, which has done
a _lot_ of damage by betraying it. The spirit -- although the term
sounds kind of abstract and 'hippie' --- is very important. It's about
he trust that keeps developers going.

> Basically: GPLv2 gives developers more freedom _and doesn't start off with
> the assumption that all developers are evil, greedy bastards who just want
> to take GPL'd code and make money off of it_ whereas the GPLv3 limits
> developer's rights and makes that ridiculous assumption.

No. GPLv3 assumes that programmers work for MBAs. Many decisions that
are made which are not necessarily harmonised with the assumptions that
we have, trust included. How many FLOSS programs do you know that also
act as spyware? RealPlayer? Well, it's not FLOSS, it's controlled by a
major company (with investors), and it's also considered the mother of
spyware.

The GPLv3 gives ammunition to a programmer whose understanding of the
problem doesn't align with that of a pointy-haired boss. Programmers can
give CEOs like Ron Hovsepian a warning in advance. Jeremy Allison (of
Samba), for example, needn't explain about that 'spirit' (*Hovsepian
chuckles*) of the GPL, but simply talk about /legal/ implications.

> There is nothing to be gained by moving from GPLv2 to GPLv3 except trading
> the right to interpret open source in the way that best suites the
community
> in exchange for the FSF's interpretation of those rights.

The mindshare advantage make a good start. There are other defenses
whose effect is yet to be fully misunderstood. Remember what I said.

> I have yet to see a compelling argument to get developers to switch TO the
> GPLv3 - and when you say it'll make your code fully compatible with people
> already using the GPLv3; well, perhaps they should consider switching back
> to v2 and saving face.

I suggest that you read the following.

http://www.groklaw.net/articlebasic.php?story=20060118155841115
http://tieguy.org/blog/2007/06/26/gpl-v3-the-qa-part-1-the-license/

Automattic must not rely on hearsay.

With kind regards,

Roy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHcvkMU4xAY3RXLo4RAl+ZAJ9nEe/yftlvv3lcup/EAMGRi0uAJgCdG4ka
+6bpOxjS6hCe4nGK5fSnd7Q=
=ivGC
-----END PGP SIGNATURE-----