the truth about hacked software

I want to get something out in the open.  It’s not illegal to hack your software.

This is probably contrary to what you might assume when you hear the words “hack” and “software” used in the same sentence, but there is an important distinction to make: hacked software is not the same thing as pirated software.

Let’s throw out a couple examples.

The OSx86 Project

OSx86 is a project whose goal is to allow people to install the Apple OSX operating system on Intel-based PCs.  (Actually, allow isn’t quite the right word…you can already do it, it’s just not made very easy – the OSx86 project is to provide tools (and documentation) to make it easy (or easier, anyway)).  The theory here is that now that Apple is using Intel chips to power their computers as opposed to Motorola chips, the hardware infrastructure isn’t a completely different animal the way it used to be.  PCs and Macs are much more closely related.  This is amplified by the fact that OSX is a BSD-based system, which is a Unix variant that shares a lot of similarities with current popular Linux distributions like Ubuntu, particularly with the ‘sudo’ element (a commandline argument that allows a user to take on the roles of the system administrator without the need to log in as the root user/sysadmin – much like the User Access Controls that exist in Windows Vista and 7).  It is a violation of Apple’s terms of use to install OSX on a PC.  However, this is not a violation of the law.  (They might like you to think it was, but just last year Apple was overruled in a case against the ‘jailbreaking’ of iPhones while they were under contract with AT&T.  Installing OSX on a PC is similar to said jailbreaking, just applied to an actual computer.)

Ripped Music

You may not think that ripping music from a CD counts as software, but the theory holds and mp3s are nothing if not digital files to be manipulated by another software application.  You may also assume that ripping a CD to create mp3s is not violating any terms of anything.  The RIAA, however, would have you believe that you are violating copyright law by ripping mp3s from a CD that you own.  The reason here being that the record company may also sell those mp3s themselves and just because you can create your own mp3 copies doesn’t necessarily mean you should.  On the other hand, we’ve all come to accept the common terms of property law which states that, once you purchase something, you can do pretty much whatever you want with it.  (This is why it’s no more illegal to copy a record onto a blank cassette than it is to sell the record to a used vinyl shop for cash.)  In this, the recording industry really has no bite since we’ve already established that copying music to a tape doesn’t violate any law (although they tried to disallow that in the 80s), so there’s no reason why creating a digital copy should be any different (they would disagree again, pointing out that it is possible to create digital copies of music with today’s technology that are a direct facsimile of the original – to which we all say “…so?”). 

Windows Genuine Advantage Validation Hacks

This is what lead me to start writing this post in the first place.  When Windows 7 was in beta, I signed up and was using Windows 7 for almost a year in it’s early beta and release candidate forms.  I was so impressed that I decided to actually purchase a copy for each of our computers.  Of course, according to Microsoft, Windows 7 beta/RC was not for use on any machine you actually use (which sort of defeats the purpose IMO) and there was no direct upgrade path to a retail version of Windows 7 from the RC.  It wasn’t long before someone found a way around this, which even worked for me, who bought Windows 7 Home Upgrade (the RC had the featureset of Windows 7 Ultimate).  But fast forward to both hard drives on both my computers failing (at different points).  Though you are allowed to do a format and install with an upgrade version of Windows 7, the license key is not valid for a full install,  I had to find a way to workaround the Windows Genuine Advantage Validation to use the copy of Windows that I purchased.

Commercially-Supported GPL Software

This one is close to home because not only do I write commercially-supported GPL software (in the form of Museum Themes), but I also support commercially-supported GPL software (in the form of Event Espresso). In this instance, hacking may not be anything more malicious than taking the code and modifying it for your own purposes (something that is allowed by the software license). But what if the means by which you obtained the software wasn’t one of the “official” channels? By the terms of the GPL, anyone, anywhere, for any reason has the right to take GPL software and distribute it in kind as long as they do not alter the GPL license itself. This means that you could take GPL software that you purchased and post it on your website for people to download.

However, with most commercially-supported GPL software, what you are actually paying for is not the software itself, but rather the support (and the knowledge that the software is being maintained, tested, and the developers will presumably fix any bugs you may find – all things that may be harder to come by when you are working with free – as in beer – GPL software). If you took the example above and posted your commercially-supported GPL software on your site, you would likely earn the ire of the developers if not violate the terms you agreed to when you purchased the software, and they would more-than-likely deem you invalid for receiving any further support or updates.

Common threads

At this point you should be seeing a pattern.  “Hacked” software is making the software do something that wasn’t the intended use by the manufacturer.  The consequence isn’t death, the FBI won’t come after you over your illicit VHS copies of movies you rented from Blockbuster, and you won’t go to jail.  You will not, however, be able to get support for whatever software it is that you are hacking.  The EULAs that you click through without reading, though they sound like legalese, are at the end of the day just license agreements and generally not a basis for legal action.  We have become so used to clicking through EULAs without reading that, as a result, we only follow the terms of them as far as it resembles common sense or, at the very least, supports what we were already intending to do with it.

Breaking the rules

I was going to end this post here, but I’ve recently been made aware of something that is making the rounds in the Warrior Forum.  For those of you who don’t know, the Warrior Forum is basically where spammers and black hat internet marketers are made.  It is to scammy online money-making schemes what 4chan is to griefing.  Recently, some brilliant member of the forums realized that because the terms of the GPL allow you to redistribute the software (even repackage and resell the software) that you could potentially make a lot of money stealing other people’s code and selling it.

Here’s the problem with that.

GPL software is released without any warrantee that the software even works.  No guarantee is made for support of any kind.  As discussed previously, that’s what you’re paying for.  How likely is it that the guy you got a free copy of a WooTheme from is going to help you out when you have a problem with the theme or want to upgrade it to the latest version?  Not at all.  Go to WooThemes for support?  Sorry, if we don’t have a record for your purchase, you’re SOL.  This hurts not only the customer trying to use the theme but, ultimately, becomes a big headache for the guy trying to redistribute it because he probably didn’t realize that he’s going to have to help (or ignore) the people he gave his theme to.  For someone out to make a quick buck, this was probably not part of the plan (however, for anyone actually in the business of selling GPL-licensed commercial software, this is precisely the plan).

The moral

Hacking software or using hacked software is not illegal.  Once it’s (legally) in your possession, you ultimately have the right to do whatever you want with it.  However, doing so means you should at least be aware of the consequences, namely: you’re on your own.  If you break anything after hacking your software (or using someone’s patched version of commercial software), you can’t go back to the developer and ask for a refund, or support, or much of anything, really.  Hacking is not piracy and shouldn’t really even imply piracy (though pirated software often requires a hack in order to bypass the built-in protection against just that).  Hacking is just code, which, broken down are just words, which are protected by article one in the constitution allowing free speech.  That said, there are many cases when the forces in place guiding you toward actually purchasing or using the software legitimately have benefits that outweigh whatever benefits of the hacked version.  Maybe this is in the form of support from the developer or maybe you just believe in the product and want to help them keep writing good code.  As a free-thinking individual, it is up to you to make the choice for yourself and understand the consequences of either decision.

WordPress isn’t a commercial success…wait, what?

Read this.  Then come back.  It’s okay, I’ll wait.

WordPress.com Blogs Garnered 23 Billion Pageviews in 2010

It’s the last paragraph the bugs me.

The five-year-old company may be experiencing remarkable growth, but it has yet to become a commercial success. The startup reportedly makes around $1 million per month from premium and hosting services, an inconsequential figure for a company that plays such a central role in web publishing.

Automattic makes $12 million a year spending most of their time developing free software and yet, they aren’t a commercial success?  What? Seriously, what? Matt & crew are some of the biggest and most public advocates for open source and the GPL.  Monetization, while obviously a concern, is not a focus, the focus is creating a great application that millions of people use daily for free.  $12 million a year for a team of maybe a couple dozen full-time employees?  Sounds successful to me.  The fact that they aren’t raking in the dough like Microsoft or Apple is a choice not a byproduct of failed marketing, and were they to go that route, I doubt they’d have the market share that most of that article reveals.

Developing tabletop games like software

I’ve been working on The Long Con in my free time, and when I haven’t been working on it, I’ve been musing over the development philosophy.  I don’t know if what I’m doing is that much different than other open source role playing games.  I haven’t really explored the open source RPG community, I just know that it exists.  So, at the very least, I can say that I haven’t been influenced by any of those ideas.  I’ve probably said it before, but I’ll deign to repeat myself: I’m modelling the development of the game after software development, particularly open source software projects.  What does that mean exactly?  Well, I’ve had quite a bit of time to think about it.

Get the 1.0 out as quickly as possible

Despite the wave of betas and user-previews that we’ve grown accustomed to, from our email software to our Twitter clients to our online timesucks, a beta version is what it is: incomplete.  It’s beta because it hasn’t yet fulfilled the requirements of an official release.  And while we’ve settled with Good Enough for years, particularly with Gmail, in other cases, a pre-release version of the software can be damaging to the inevitable release of the final version.

Let’s take Wine as an example.  Wine is a Windows emulator for Linux, able to run Windows binaries as Linux-native applications.  The goal for 1.0 was to make Wine a workable environment for most major Windows desktop applications like Microsoft Office, Adobe Creative Suite and other apps that people use most frequently.  The theory was that when those apps could install without any problems, they’ve reached their 1.0 landmark.

This would have been great when we were looking for a viable Windows alternative operating system.  It would have thrown Linux right out there for its inherent cost-effectiveness, frequent, integrated updates, and ability to get things done right.  However, the world that needed Wine 1.0 was not the world that finally greeted Wine 1.0 when it was completed.  We needed Wine 1.0 when we were trudging through Windows ME or hanging onto the buggy Windows 98.  When Windows XP came around, it was a minor improvement, but still we had no other revolutionary options — Mac OSX wouldn’t be released for another year.  By the time Wine 1.0 was complete, we had two actually really good operating systems to choose from with an OSX well into its development cycle and Windows Vista and then 7 a year later.  The time when Wine could have turned Linux into a powerful alternative for the masses in the operating system market was passed — we already had pretty good options.

Matt Mullenweg, founder of Automattic and one of the major forces behind WordPress said in a presentation a few years ago

Get out of version 1.0 of your product as soon as possible.  Even if it sucks.

The idea is that you want people using the software, breaking it, trying it in new ways that you didn’t think of when you were writing it.  Get the 1.0 out so real people, not just coders, developers, and nerds are the ones actually using it.

One of the core ideas of development for The Long Con is to build a simple, solid, usable system as quickly as possible.  Much like the structure of WordPress itself, the core Long Con system will contain only as much as is absolutely necessary or beneficial for the enjoyment of the game.  New features, rules, add-ons can be added and expanded later.  What I have now — I think — is a solid beta.  It’s rough around the edges.  It’s untested.  But I believe it’s a usable system and even has some flourishes for advanced and (what I deem to be) unique rules and features.  After we run our seminal test game and clean up some of the documentation, it should be ready for a 1.0 release.

Does this mean it’s done?  Absolutely not.  There are several major components that are missing, including GM-less play, that I have planned and still want to include.  However, I’ve decided that those can and should be added at a later upgrade.  Plugins weren’t added to WordPress until 1.2, and themes weren’t added until 1.5.  Now entire businesses are built on custom plugins and themes, and the official WordPress plugin repository stores over 10,000 unique plugins.  Which leads into the next point:

Never stop developing

What the hell happened between Dungeons and Dragons and Advanced Dungeons & Dragons?  There was, like, an epic gap, and AD&D only marginally resembled the original D&D.  Times, trends and ideas change.  I co-wrote a system called Goth: the Corruption — a sort of goth-centric take on Vampire: the Masquerade — somewhere in the neighborhood of 15 years ago.   It hasn’t been touched since.  Is that system topical and relevant?  Probably not.  Could it be?  Absolutely.  Even Vampire, which it was inspired by, has gone through some pretty revolutionary changes since the time GtheC was written, including two major revisions and a rebranding.  The difficulty of tabletop game systems is that once the game is printed, that’s it, it’s set in stone.  The current edition of Dungeons and Dragons sort of gets around this by releasing updated rules for .5 releases, but there’s still a lot of time in between a 3.0 and a 3.5 and when the 3.5 or the 4.0 is released, that means your players and storytellers need to go out and buy a whole new stack of books.

Software doesn’t have to work that way.  Sure, when the new version is released you need to — in some form or another — download the updated copy.  By making your software free-as-in-beer, you make it easier for your user by taking out the cost concern of getting the upgrade.  Keeping frequent updates and keeping your users informed of them — and why they should care about the updates — encourages users to grab the most recent version even if there’s a minor inconvenience.  If we applied this to gaming, it’s the equivalent of Wizards of the Coast coming up with an awesome new system for the next version of D&D but it would otherwise need to wait for the next official release.  You could wait, or you could download a “patch” that you could keep as an e-book (or in some other form) and print out or email around to your players and start using this Saturday.  Who wouldn’t want to be using the most updated version of the rules if they added cool new things you could do and you could get it delivered to your inbox automatically for free?

One of the key elements of getting the 1.0 out as quickly as possible and delaying important features or milestones to later releases when you can focus more attention to them is that it keeps you focussed.  Complete this task right here and don’t worry about feature x over there, that’s scheduled for 1.3.  It doesn’t matter when 1.1 and 1.2 come out, and it doesn’t matter if they come out in short succession if that’s the way it works out.  What matters, as a game (and software) developer is that you remain focussed on only what’s in front of you and that what’s in front of you is the most important thing you need to be working on for the project right now.

Along with that is to set a goal to have tangible results in a set period of time.  WordPress’ goal is to release 3 major version updates each year.  This holds you accountable to continuing development and making sure your project doesn’t stagnate.

Allow for modding

One of the most transformative features added into the Dungeons & Dragons system after Wizards of the Coast took over from TSR was making the D20 system open source.  AD&D was great, and the plethora of expansion sets and storytelling resources were far-reaching.  Sets like RavenloftPlanescapeForgotten Realms and Dark Sun changed the whole landscape of the type of story you could tell.  But even so, you were still confined to those systems, those worlds.  And some of us like to tinker.  Others of us wonder what it would be like to play a game set in an obscure TV show for which a standalone game hasn’t been built.  Enter D20.

My first exposure to the D20 system was through the Babylon 5 game.  I knew of the major changes in D&D 3rd ed. after Wizards of the Coast took it, but I didn’t realize the D20 system had become open property.  The idea that you could take the core gaming system and overlay any scenario or world you could think of on top of it was brilliant, and allowed independent publishing houses and armchair game developers the opportunity to build a game without having to worry about the system.  It enabled players to enter into a brand new game without having to re-learn core rules and systems (since it’s fairly likely that you would have played at least one D20 game in your lifetime).  In short, it made tabletop RPGs more like what PC games had been doing for years, since the very first Doom mods put you in Homer Simpson’s shoes as you ate donuts and beer through Doom’s maze-like levels.

In The Long Con, there are three major ways the game can be modded and further developed without touching the core rules; Plugins, Modules and Extensions.  Each takes a page from open source software developing.  Plugins are add-ons that add new features or rules to the core system.  Developing a LARP system around The Long Con might be a plugin (albeit a really big plugin), as would adding or replacing Skills to make the game more action-packed.  Modules are sourcebooks that contain NPCs and bad guys.  Modules are crucial to GM-less play, since to play without a GM you would be relying solely on material from modules.  Extensions are full scenarios or worlds.  Extensions can contain plugins and modules (in fact, they probably should), and might also have unique world information and data.  One of the things that appealed to me about The Long Con as a game concept was that it’s not time period-centric.  I think it’s fairly safe to say that since the dawn of man, there have been con artists.  So you can run the game in any time period or world scenario you can think of, from steampunk to space opera to gritty war dramady.  I envision extensions expanding the game system almost indefinitely.

Engage the community

The reason I wanted The Long Con to be open source was to encourage community involvement.  (And once the 1.0 is done, I’ll start fencing it around the greater gaming community to see if there’s any interest.)  The last thing I want is to be the only one playing or writing for The Long Con, but I see it as being appealing to an audience far greater than just me.  Not just in the playing aspect, but in the building and developing aspect.  I had no idea, going into this, that open source gaming even existed, I was just going off of being really passionate about the GPL and what we were doing over on Museum Themes under the GPL.  The idea struck me — hey, this doesn’t have to apply to software.  Building a community of fellow passionate users reinforces all the other points and keeps you going when you otherwise might throw the project along the wayside.

Again, I have no idea if applying an open source software philosophy and approach to building a role playing game is an original idea.  But it feels right.  More than that, it feels like it might benefit the development of the game in a way that a traditional, linear approach wouldn’t.  It’s easy to find yourself overwhelmed by the amount of work or to just put a project like this on hold and then forget about it.  I believe that applying this kind of approach can seriously combat that, put your idea into a framework, and potentially transform it from an idea to an actual completed and viable work.

Going Google-less – A Week Without Google

A week ago on my blog, I posted my pledge to go one week without Google.  It was inspired, in part, by the Google/Verizon proposal for the future of high speed and wireless internet that was devised in closed-door meetings, in secret, while the same discussions were being had with the FCC and other major players that Google and Verizon were also a part of.  This sort of self-serving duplicity, as well as serious concerns about the end result for consumers this proposal would have if enacted, put a serious damper on my ongoing Google-love.  How dependent on Google, specifically, was I really, and could I actually live without using a single Google service?  As more and more concern about Google and their agreement with Verizon poured in, I wanted to find out.

I actually started early in my week without Google.  Friday night, after deciding to do this experiment, I set out right away to converting the stuff I use on a day-to-day basis to be without Google.  The first step was Gmail/Google Apps.

I use Google Apps for my primary email address.  While I have a Gmail account, I haven’t used it since getting my own domain name for my blog at jazzsequence.com, and I just forward everything sent to my Gmail address to my jazzsequence address.  (While, technically this could be considered still using Google, I’m not considering forwarded email from an unused email address to be really “using” Google services).  The process of switching my email away from Google Apps was pretty easy, so I had to go one step further to make it more complicated.

I’ve also played with the idea of migrating away from Microsoft Office products in favor of open source projects that support collaboration and open standards.  Switching to OpenOffice is easy (although I am skeptical now that Sun (and, in turn, OpenOffice) was acquired by Oracle).  In fact, last time I had to reformat my computer, I tried to install Thunderbird and use that for email but for some reason I couldn’t get it to play nice with my Google Apps email.  I didn’t have the patience for it and Outlook picked up the right settings right away, so I just gave up reluctantly and have been using Office ever since.  This time I stuck it out, since the Gmail/Google Apps problem wouldn’t be an issue and managed to get Thunderbird to play nice.

The other reason I’ve avoided moving away from Outlook is because I’m hopelessly dependent on the Calendar and Tasks features.  We use these internally at Arcane Palette to send each other projects or tasks for projects to work on and manage our workflow that way.  We’ve tried other project management applications, but using the one built right into Outlook it so much easier than having to log into a third-party application, especially when said application doesn’t necessarily send said emails.  Thankfully, Thunderbird has Lightning, the new Calendar and Task extension by Mozilla.  That’s two down, and that takes care of my email.

Next was switching from Chrome to Firefox.  I’ve been using Chrome since the late beta period, and have grown so accustomed to it that it’s second nature.  The web developer tools have become an invaluable resource when I’m working on a website, and I’ve foregone heaps of integrated functionality in favor of bookmarklets, plastering them all over my bookmark bar.  However, migrating to Firefox was relatively painless as well.  I just needed to export my bookmarks as an .html file and was able to import said .html file directly into Firefox and then move all my bookmarklets to Firefox’s bookmark bar.  I then focused on making Firefox more lightweight by uninstalling some plugins I wasn’t using and installing a couple plugins that would add some of the Chrome functionality I had grown used to, in particular, Taberwocky, which I use primarily to be able to duplicate tabs.  Since I’ve been using Glue, I finally got to install the Glue plugin and experience the web the way Glue wants you to, and I installed Firefox’s personas just for fun (which is Firefox’s version of Chrome’s visual styles).  I use Hootsuite for Twitter, and with Chrome, I was doing this by creating an application window for it, so it runs as its own standalone app.  Mozilla has this, too, in a project called Prism, and I actually like Prism more because it allows you to customize the icon, which Chrome’s application shortcuts don’t do.

I also switched search engines.  This was harder than it sounded.  You don’t realize how used to typing google.com into an address bar you are until you try to do something else.  I also realized I’ve become dependent on Chrome’s auto-fill technique of allowing you to search a site by typing the domain and hitting TAB.  I’ve yet to find something like that in Firefox.  On the other hand, Firefox has Search Engine add-ons for a variety of sites (including Wikipedia, which, along with YouTube and Amazon – both of which have Search Engine Add-Ons – was what I was using most frequently), which made it easy (easier, anyway) to switch over to Bing as my primary search engine.

The setup took me through the weekend, so by Monday I was ready to start my work week without Google.

YouTube was difficult to avoid.  It’s so ubiquitous for video sharing that you can choose to not watch viral videos, or you can suck it up and watch things on YouTube.  YouTube was acquired in 2006 by Google for $1.65billion from a couple of ecstatic developers who built it, and since then, Google has both added advertising to videos and started doing video ads with their AdSense service.  This was one thing I cheated on my Google-less week for, although that’s more a result of the decision of content creators to use YouTube rather than another service like Vimeo.

On Tuesday, I needed to send an invoice to a client.  I paused and thought hard.  PayPal has a higher processing fee, plus I have a bias against them since they screwed me once.  That said, in a lesser-of-two-evils decision, PayPal, at least, isn’t trying to take over the world (or, if not the world, gain more control over the future of the Internet than the government organizations assigned to regulate it and keep it free from corporate interests).  So I put my boycott on PayPal aside and sent out an invoice with a PayPal-linked button rather than a Google Checkout-linked button.  This was probably the hardest switch to make not because PayPal is inherently more difficult but because both companies, in my opinion, are crooked.

I suppose it should be said that I’m addicted to the web developer tools built into WebKit (and therefore Google Chrome), in particular the Inspect Element context menu.  I use it every day and I knew going into this experiment that this would be something I was missing.  I’ve become so accustomed to using Inspect Element that I’d completely forgotten how to use the much more elaborate Web Developer Tools plugin for Firefox (though I still had that installed).  In the end, for web development, I used Safari so I could get the benefit of the Inspect Element option.  To be honest, there was no specific reason for choosing Firefox over Safari as the browser of choice and by Wednesday I started considering just switching.  Most likely it was simply ubiquity and the fact that Firefox was what I was using before switching to Chrome, though, in retrospect, Safari is just as solid.

On Thursday, I realized that the database backups I schedule to automatically send every week to a specific email address weren’t coming.  After a second, I realized why; I never set up the email address when I was moving my mail over to my webhost.  While it’s just as easy to set up mail through your host as it is to set up Google Apps to handle your mail, it’s worth remembering that if you do decide to switch back (or switch any host or email provider), any email addresses you have set up will need to be recreated on the new host.  It’s a simple enough task, but just as easy to forget, especially if you have forward-only addresses like I do.

Another thing you forget about Gmail is how good the junk mail filter really is.  It’s been years since I really thought very much about junk mail.  I get so little of it, that I don’t even notice the problem.  Only after moving my email away from Gmail did I start to notice the junk come in, many times it was the same piece of junk mail.  Outlook has some built-in controls for that (which, of course, I’d forgone in favor of Thunderbird), and Thunderbird does as well, although, for the most part, it relies on you to mark things as spam to learn what to filter and what not to.  Thankfully, many webhosts have server-side spam filtering (using SpamAssassin or something similar), which I was happy to find on my host when I realized that was what was going on and looked for the possibility of a server-side spam filter (note: it wasn’t turned on by default, as they often are not, so if you find yourself inundated by spam, it’s a good idea to see if your webhost has the option and turn it on, if necessary).

The point of this experiment was not to take my one-man boycott and stick it to The Man.  I knew I relied heavily on Google services, and wanted to see how deep the ties were and how difficult it would be to avoid them.  Most people use Google by default, without thinking.  Are we wrong to do this?  Google has not made a secret of taking our information and using it to supercharge their other apps, like AdSense and search.  Facebook does this too.  But the difference between Facebook and Google is that Google is also asking you to host all your documents with them, to use their phones (bundled with their services) with your mobile service, to take control of your calls with their VOIP service, to own your conversations with their messaging service.  Does this mean that behind every corner, with everything you do online, you have a Google bot reading your messages, your emails, your documents, and assimilating that information into their vast grid for future use?  Are we okay with that?

Even putting Google and Verizon’s recent bid to determine the future of broadband and wireless internet aside for a minute, it can’t go without noting that Google is a huge corporation.  They may have started out as two guys in a garage, but those days are long gone.  Have we forgotten that Apple and Microsoft had similar beginnings?  Google isn’t the underdog anymore, they are the behemoth, and they want your data.  Internet pioneer, Richard Stallman, has some choice words on the sorts of cloud computing technology Google has led us toward with Gmail and Apps.

The real meaning of ‘cloud computing’ is to suggest a devil-may-care approach towards your computing. It says, ‘Don’t ask questions, just trust every business without hesitation. Don’t worry about who controls your computing or who holds your data. Don’t check for a hook hidden inside our service before you swallow it.’ In other words, ‘Think like a sucker.’

We can choose to not be a sucker.  We can look for a hook.  There was a time when people distrusted large businesses simply because they were large.  In this economy, where many of the little and smaller companies have crumbled, we should be even more wary of those left standing, not less.  When a company starts making rules for the government, that’s when I start tuning out.

The answer to the main question of the experiment, can you survive without Google, is: yes, of course you can.  Gmail is great, but by no means is it the be-all end-all email solution, and by no means is Gmail’s junk filtering the only answer, either.  Other cloud computing apps should make you wary at the very least – if the world ended tomorrow and those servers went down, would you be okay with loosing that data?  Neil Gaiman mentioned that some documents from 2007 stored in Google Docs were missing and that he may have lost a story.  I find this, for a writer – a bestselling one, at that – to be absolutely unacceptable, and proof that your data is not guaranteed.  And the only way to truly secure your data is to don your tinfoil hat and start keeping hard copies.

We’re so reliant on the web we don’t even think about it.  I don’t retain a printed copy of my tax return unless I absolutely need it.  Why should I?  Printer companies gouge consumers on ink refills for cheap printers enough that I no longer own a printer.  I have a pdf copy and I file electronically.  Personally, I retain all important data on a home server that maintains weekly backups on an external NAS server, but most people don’t.  The point is, we’ve become so used to going paperless that the idea of going back makes us sound like some relic from the 1950s (no offense to relics from the 50s).  Likewise, distrusting cloud computing, Google, Facebook, any company that hordes our data, makes us sound paranoid.

The answer to the followup question to the experiment, will I continue to live without Google services is: probably.  I was dissatisfied with using Firefox for all my browsing, and enjoyed using the Glue extension for Firefox that I was never able to use in Chrome, but as an experiment, I went to Glue in Safari and found an extension there as well.  Which implies there may be other extensions available for Safari that I didn’t know about (although, really, there weren’t many I use daily in Chrome, and one of them is a Google Voice extension).  Moving forward, I plan on switching over to Safari for my browsing as a replacement for Chrome rather than Firefox.

My email is already switched and I have no intention of switching back.  I’m now using free software (free as in freedom as well as free as in beer) to manage my email via Thunderbird, and I’m quite happy with it.  I was already growing apart from Google after my new mobile carrier (Sprint/Nextel, via CREDOMobile) doesn’t support Google Voice entirely, and text messages sent to my Google Voice number forward to my phone even when the setting is disabled to forward texts (as a way to save on individual text messaging charges).  Bing is not as good for search as Google, but it’s passable, and in many cases where I was looking for something specific, a site search gave me the result I wanted.

When I started this experiment, Nico, from Ten Times One, commented on my blog, saying, “Google is good for business.”  As a small business owner, sure, Google helps, but the only Google service I was using as a business was Checkout.  We experimented with AdWords only to find that it was a lot of money for no real result.  I haven’t used up the rest of my $100 credit, and we currently advertise via BuySellAds.  Google will always color how we think about search engine optimization, but Google is trying to enter an enterprise market with Apps where Microsoft has dominated for more than a decade and those types of markets aren’t often subject to radical change.  It will be a steep hill for them to climb to try to sell their wares to corporate businesses.  Even for business, Google is not the only answer, nor, in many cases, the best answer.  And increasingly, their dominance over the advertising market will decrease as Apple, Yahoo, and Facebook become more relevant players.

The first step in changing the world is to change yourself.  I’m not trying to change the world, but it’s also terrifying to me that we let ourselves be subjugated by corporate interests without being aware of it.  So, I encourage you to think about the online services you use, whether they’re Google, Facebook or other, and think about the data you’re giving them.  Could you live without that data?  Could you live without that service?  Could that data be used against you?  Do you trust a multi-billion dollar multi-national corporation with that data, whether it’s a search query or sensitive medical documents?  Does it make any sense at all for a multi-national, multi-billion dollar corporation to truly have your interests at heart?

___________________

Chris Reynolds is one half of the design team at Arcane Palette Creative Design. He writes in his personal blog, jazzsequence, on subjects like music, technology and social media and shares links, videos, and posts various personal music and writing projects. You can also follow him on Twitter.

That Thesis Thing

Update 7/22/2010: Thesis adopts the GPL!

Over the last few days, the WordPress community has exploded into debate over one thing: Thesis and it’s restrictive, non-GPL-compliant license.  If you’re already familiar with the particulars of what Thesis is and what the debate is, you can skip the summary (to be honest, I’m sick of reading people rehashing the whole thing in order to provide enough background for casual visits, but I understand it’s necessry). I’ve taken the last several days absorbing all the information, the arguments on both sides, and held off writing anything about it until there was more information available.  As GPL-supported commercial themes developers, we’re a bit biased on which side of the fence Chris Pearson — the author of Thesis and DIYThemes — should be, the question is whether it is accurate to require him to comply with WordPress’ GPLv2 license.

What is Thesis?

Thesis is a WordPress theme, plain and simple.  What separates Thesis from some other commercial themes is its’ fairly exhaustive options pages which allow you to control various aspects of the front-end layout and design, as well as its claim of “airtight SEO.”  You have several pages of options allowing you to customize just about every aspect of the layout and colors of your site with an option to use custom-coding to expand it even more.  It promises “lightning-fast” page loads and encourages you to “just add killer content.”

Our initial bias

When we first started doing web design, particularly design based on WordPress, the internet was littered with requests to “customize Thesis theme.”  We took one look at what it was, and made a decision then to never work with it.  Our decision was based on this: if you have a theme that is built to offer unlimited customization options what’s the point of hiring a designer?  The entire point of Thesis is that you shouldn’t need a designer, and if you still do need a designer, obviously the theme isn’t doing its job.  At the same time, it’s easy to  understand without even looking what the pitfalls of a theme like that would be: the very fact that it offers unlimited possibilities is, in fact, more limiting than if it did not.  The typical user is not going to be able to look at a color wheel and say “yep, I want #EAFF63.”  They’re going to look at the range of 16 million colors, maybe pick a combination that looks horrid, and then ask someone else who knows what they’re doing to tell them what they want.  The entire point of hiring a designer to build a custom WordPress theme is that you don’t want to deal with the design elements or the coding, and would rather put your trust and faith in a professional who makes it their business to create attractive websites.  To us, customizing Thesis represented a conflict of interest.

What is GPL?

As stated on our GPL page, the GPL is a software license.  WordPress was forked from an earlier blogging platform that was no longer being developed, called B2.  B2 was released under the GPLv2 license.  Under the terms of the license, any derivative software, modifications, or forks must be released under the same license (or a later version of the license).  So, for example, WordPress could potentially be released under the GPLv3 license, but it could not be released under a more restrictive, proprietary license (like Thesis), or even an alternate open source license like a  Creative Commons license, BSD license or MIT license.  This is an important point, as there has been some discussion of WordPress simply adopting a less-restrictive license: they can’t.  By the terms of the GPL under which the original code was written for B2, WordPress cannot legally adopt another license.  Period.

Our bias towards the GPL

I’ve been a fan of open source for years, ever since I discovered that you could find a free, open source alternative to just about any application you were looking for.  I’ve dabbled more than a little with Linux and used a variety of different open source web software applications for different tasks.  When we finished building our Museum Themes and started getting the site ready for distribution, we were forced to think about licenses.  When Museum Themes was just an idea, licensing wasn’t something we thought about much.  We considered doing a user license and a developer license and a multi-use license.  But when it came closer and I was building up the site, I did extensive research on WordPress, the GPL, and the pros, cons, and debate about whether it’s even applicable (or whether that matters at all).  In the end, we embraced the GPL not because we believed, as derivative software, we’re required to use the GNU Public License or a GPL-compatible license ourselves, and not because StudioPress, WooThemes and many others have embraced it.  It came down to what we wanted to do with our themes and what we wanted our users to do with our themes.

I can — without question — understand not wanting people to steal your code.  We worked long and hard on these themes.  The last thing we’d want is someone else to sell them cheaper than what we are (or put them somewhere for free) after spending so much time on them and losing our fledgling business before it’s even had a chance to spread its wings.  So I can understand Chris Pearson putting a restrictive license on his software; he wants to protect his investment and his intellectual property.  On the other hand, we asked ourselves: what do we want our users to be able to do?  Do we want our users to take our themes and modify them to their heart’s content? Yes.  Do we ever want to limit or restrict how our users use our themes or in what context or otherwise prevent them from using it in any way they see fit? No.  We really don’t.  Do we want to be compensated for putting in weeks and months of hard work designing and coding and then maintaining this site and all future updates? Yes.  Would we be willing to fully offer support to users who purchased our themes through official channels? Absolutely.  Broken down into those terms, adopting the GPL seemed like a no-brainer, and a perfect fit for us.

So we have a partial bias towards the GPL, although we did explore all avenues when we were considering licensing for Museum Themes.

The argument

The debate comes down to this: Matt Mullenweg, founder of Automattic and WordPress, believes themes are derivative works, and therefore require a GPL-compatible license if you are planning on distributing your theme.

Chris Pearson, founder of DIYThemes and Thesis, believes the GPL doesn’t apply to themes, or to him, and doesn’t feel right about releasing his work under any license that requires you to provide the source for free.

There is no precedent in any United States court on this topic, though a some related cases have been tossed around.  According to Matt, in the United States, any time the GPL came into question on an issue like this, the major companies have backed down and settled out of court.

Chris Pearson cites a Florida lawyer’s analysis on the GPL as it relates to WordPress themes, and ultimately determines that themes are not derivatives, fall within the scope of “fair use” and, therefore, the GPL not only does not apply, but doesn’t matter.

Matt Mullenweg asked the Software Freedom Law Center (a pro bono consortium of legal experts with regards to the GPL) to analyse the way WordPress used themes and provide their analysis.  They determined that themes, based on how they interacted with the core WordPress software, were derivatives and therefore fell under the scope of the GPL (although images and CSS files didn’t need to be GPL explicitly since they had no direct relationship with the core WordPress functionality).

And so the debate has been.  Now we’re all caught up to right about where we were last Wednesday when two things happened almost simultaneously: 1) Bill Erickson, a WordPress developer and consultant was dropped from the list of WordPress consultants on the official WordPress site for endorsing Thesis and 2) Thesis 1.7 and 1.8-beta downloads were injected with malicious code.  This started some heated comments to get thrown back and forth on Twitter by both Pearson and Matt Mullenweg and their respective legions, culminating in both appearing live on Mixergy to duke it out (figuratively).  (You can listen to the replay, watch the whole thing, or read the transcript on Mixergy.)

As much as I’d like to, I won’t get into the actual debate and some of the classic comments that will likely be tossed around the internet for months, if not years to come.  The Reader’s Digest version is this: it amounted to nothing.  Both parties were pissed off (though Matt did a much better job of handling it diplomatically while Chris seemed to be verging on hysteria for the last half of the interview), but in the end, Chris Pearson said he would be “personally fraudulent” if he adopted any sort of license that went against his own personal beliefs (in adopting the GPL).  Furthermore, he said the GPL was one of those laws that wasn’t enforceable, comparing it to a Georgia law that prohibited blowjobs.

Despite claims of “character assassination” that Chris made on Twitter, really, the only character assassin by the end of the interview — if there was one — was Chris himself.  However, anyone who’s followed him for any amount of time would know that this is not a new thing.  He’s always been brash and argumentative, verging on nonsensical at times with his perpetual habit of getting lost in tangents and forgetting the question.  Here he is bullying a poor Thesis fanboy into pulling down the theme he created that was designed to emulate (at least in appearances) Thesis.  Here he is going ballistic about Matt Mullenweg giving credit to the open source community for the 7 year anniversary of WordPress.

Chris Pearson’s personality does not prove or disprove the issue of GPL violation.  It doesn’t look good, and certainly explains (at least to some extent) his resistance at adopting the GPL, but it doesn’t matter no matter how much his attitude seemed similar to a person walking into a grocery store and saying “I don’t really feel like paying five bucks for these apples, here’s one, which is what I feel they’re worth.”  At this point in the story, that’s where things would sit.

Discussion

Various theories and arguments have been tossed back and forth.  The, now standard, defense that themes are not required to be GPL and it doesn’t matter anyway by Mike Wasylik continued to be Thesis’ main defense.  He contends:

It’s just not enough to say that themes running on top of, and using function calls from, a piece of software are “derivative” of that software. If that were the case, then any software application would be a derivative work of the operating system it runs on – such as Windows, Linux, or OS X – which in turn would be a derivative work of the software hard-coded into the chips running the computer. For that is the way all software works, down to the bare iron – it sits on top of, and makes function calls to, the software layer beneath it, until to get down to the silicon pathways in the chip itself. No software could run without those lower layers, and nothing is truly independent of them. But “dependent” and “derivative” are not the same thing.

Programmer Drew Blas sums it up this way:

The long and short is that SFLC’s opinion could be applied to any software that runs on Linux. Meaning you could never have a closed-source software product running on the linux kernel (“Oh, your code calls fork()? GPL!”). It is commonly accepted that simply integrating with an existing product does not produce a derivative work. If your code is totally your own, the GPL has no say over how you license it.

However, WordPress’ lead developer Mark Jaquith has a well-written counter-argument to that the thesis to which is that “themes interact with WordPress (and WordPress with themes) the exact same way that WordPress interacts with itself.”  ”They do not run separately,” he says.  ”They run as one cohesive unit. They don’t even run in a sequential order. WordPress starts up, WordPress tells the theme to run its functions and register its hooks and filters, then WordPress runs some queries, then WordPress calls the appropriate theme PHP file, and then the theme hooks into the queried WordPress data and uses WordPress functions to display it, and then WordPress shuts down and finishes the request. On that simple view, it looks like a multi-layered sandwich. But the integration is even more amalgamated than the sandwich analogy suggests.”

I’m not a software developer, or a legal expert (this much should be obvious), but it seems to me, using the same Linux comparison, that this would be less like a single application running on the Linux platform (which would be allowed under the GPL if the application didn’t call any GPL-specific libraries or functions or include any GPL code) and more like an entire distribution of Linux (Ubuntu, RedHat, Slackware, Gentoo, etc).  Sure, for the 5 seconds it takes to boot up to GRUB, you’re free and clear, but everything after that is touched by the specific distribution, from the loading screen to the desktop environment.  Saying that could be released under a non-GPL license would mean that all the software used in that distribution would need to be proprietary — no GPL software could be used as part of the closed-license distribution.  It’s like booting up Linux and getting a Windows desktop instead.  (In recent history SCO attempted to claim copyright over Linux code, which would have resulted in Linux users and developers being required to pay a royalty fee to use it.  They lost.)

But then the plot thickened…

See, the derivative (or not) argument is an interpretation.  Now, granted, it’s an interpretation that Joomla! and Drupal both stand by, but still, it’s an interpretation, and whether it would stand up in court is the subject of much debate.  However, after a couple WordPress developers (Andy Peatling & Andrew Nacin) started picking through Thesis code, they found lines that were literally copied and pasted from WordPress into Thesis — a clear GPL violation.  That prompted a programmer, the aforementioned Drew Blas, to write a script that compared Thesis source code with WordPress and identified each bit of substantial code that was obviously lifted from core WordPress.  And that lead to the discovery of what has come to be known as the “copy pasta,” a chunk of code deliberately lifted from WordPress that included this comment:

/**
* This function is mostly copy pasta from WP (wp-includes/media.php),
* but with minor alteration to play more nicely with our styling.
**/

This was added by Rick Beckman (aka KingdomGeek) when he was working for DIYThemes, which he acknowledges on Matt’s blog.  Even the liberal “fair use” argument would no longer apply if large chunks of code were lifted from WordPress.  And this throws a major wrench in Thesis’ operation.  Because even if Chris Pearson removes the offending code (which he says he is working on), all previous versions of Thesis are still GPL.  And arguably, any subsequent versions of Thesis would be considered derivative works and therefore the GPL would still apply.  The only way to avoid the issue entirely would be to rewrite all of Thesis.  Good luck with that.

The thing is, Thesis isn’t even all that fantastic.  From a design standpoint it’s okay, but nothing phenomenally groundbreaking.  As a designer who has worked very closely with users, though, I can guarantee that putting a color wheel and allowing your users to choose the colors for their site is a monumentally bad idea (it’s why we don’t do it).  The problem is that all those options, all that unlimited possibility is overwhelming.  It’s why people buy Thesis and then hire a designer to customize it for them.  It’s failing to do its job.  Other themes, or theme frameworks, can do similar things without as much headache: ShiftNews by WPShift has a lot of the same sorts of customization options and Thematic by ThemeShaper has a solid framework upon which to build child themes.  For that matter, we took all these things into account when we were building Museum Themes, and provided ways to allow you to customize your blog design without making it look like this.  It was sort of the point behind Museum One.  Even then, though, we were careful not to put too much stuff so as to overwhelm casual users, and I think that’s Thesis’ main failing.

Honestly, I can’t see Thesis continuing to be a lasting one-trick-pony.  Increasingly, free and other GPL-compatible premium themes are able to match any level of originality or innovation Thesis may once have had.  And if 1.7 (and many previous versions) are GPL from the code that was copied from WordPress, then Chris Pearson’s worst fear may come true — someone re-releasing it for free, protected by the GPL, or else using it as a framework for another competing theme.  Chris Pearson was right about one thing: users don’t (generally) care about the GPL.  But that’s fine, because they don’t have to; the GPL only really applies if you intend to distribute your theme.  Additionally, it gives you permission to modify the code as much as you please (compare that to a typical Microsoft EULA which defines the terms under which you can use the software, and manipulating any core systemic functions or hacking the software to add customization options or additional functionality is expressly prohibited).  However, a look at Matt’s Twitter stream over the days since he and Chris debated on Mixergy gives evidence that people do care about software licenses, and they care if their theme violates the license under which the software it uses was released.  The cat is out of the bag, and there’s no way to shove it back in.  It will be interesting to see how this progresses and what effect it has on WordPress themes in general, and Thesis in particular.

You might also be interested in these:

  1. Gee, there’s a thought…
  2. How to upgrade your Museum Theme to the most current version after you’ve made changes to the files
  3. 12 Free WordPress Themes I Like (and you should, too)