GPL defense issues

A friend sent me a link to this email from Linus Torvalds to the Kernel Summit Discussion mailing list.  The subject of the conversation is the General Public License (GPL) and whether or not it should be enforced in courts.  Read the whole thing – it’s quite interesting.  Here are a few snippets just to get you started:

Let’s be clear about this: lawsuits destroy. They don’t “protect”.

Lawsuits destroy community. They destroy trust. They would destroy all the goodwill we’ve built up over the years by being nice.

And then this:

Because lawsuits – and even threats of lawsuits – makes companies way less likely to see you as a good guy. Even when you’re threatening
somebody else, everybody else around the target starts getting really
really antsy.

I talked to an Oracle lawyer a few months ago, and told him their
lawsuit just makes Oracle look bad. The lawyer was dismissive, and
tried to explain how it’s silly how people take lawsuits personally,
and talked about how layers _understand_ that lawsuits aren’t
personal, and that they are still friends outside the court.

I’m sure a lawyer can “understand” how lawsuits aren’t actually
something personal at all, but lawyers really seem to be the *only*
people who “understand” that.

The fact is, lawsuits (and threats of lawsuits) do not make for
friends. You just look like a bully.

GPL : Matt Mullenweg and Automattic vs. Wix

The General Public License (GPL) has been the source of many discussions since it was created in 1989 (with a few versions in following years) and applied to numerous Open Source Software projects.

Currently, there is one more such discussion going on.  It was kicked off by Matt Mullenweg, the founder and CEO of Automattic, the company behind WordPress:

Anyone who knows me knows that I like to try new things — phones, gadgets, apps. Last week I downloaded the new Wix (closed, proprietary, non-open-sourced, non-GPL) mobile app. I’m always interested to see how others tackle the challenge of building and editing websites from a mobile device.

I started playing around with the editor, and felt… déjà vu. It was familiar. Like I had used it before.

Turns out I had. Because it’s WordPress.

He proceeds with the open letter to Wix:

Dear Wix,

This explicitly contravenes the GPL, which requires attribution and a corresponding GPL license on whatever you release publicly built on top of GPL code. The GPL is what has allowed WordPress to flourish, and that let us create this code. Your app’s editor is built with stolen code, so your whole app is now in violation of the license.

What does Matt want Wix to do?  Very simple:

Release your app under the GPL, and put the source code for your app up on GitHub so that we can all build on it, improve it, and learn from it.

Did Wix respond?  Yes, they did.  First, one of their lead engineers, Tal Kol, wrote this blog post.  I think it’s quite sensible and boils down to a misunderstanding.  Or so I read it:

I apologize if I appeared to take credit for somebody else’s work. This was definitely not my intention. I think you guys are doing a great job.

Second one though is a bit less so, written by Wix CEO Avishai Abrahami.  While trying to appear friendly and casual, it does dodge the whole issue of the GPL violation, misrepresents the facts on the branding, and ends with an awkward invitation for a coffee.  WP Garage has a good summary of why this response is weak.

Here are a few more resources with commentary that help to understand the issue:

Personally, I am a big fan of GPL, Automattic, WordPress and Matt Mullenweg, who I had the opportunity to meet and talk to back a few years ago.  But as a CTO of a startup (and not for the first time), I have to admit that Open Source Software is difficult when it comes to business.  It requires a huge effort to make a company understand what Open Source Software is, what are the intricacies of the major licenses, and what are the consequences of using Open Source Software for different kinds of projects (internal tools, client projects, company products and services, etc).

Here are the important points that I want to highlight in regards to this conversion:

  • If you are using Open Source Software, make sure you understand the licensing and the culture behind it.
  • If you made a mistake, admit to it and figure out a way to resolve it.  Dodging or finger-pointing is not a resolve.
  • Legal action is not the only option.  Often, it is not even the most preferable.
  • Be nice to people. :)

I’d like to finish with this tweet, which I think highlights the most important point.

P.S.: Some people say that GPL has not been enforced in courts.  This page lists a few cases in several countries, which provide examples of the contrary.

How Google Uses and Contributes to Open Source

Here is a good Open Source story – “How Google Uses and Contributes to Open Source“, which goes into some detail and history of how Google is working with Open Source community.

I’ve seen this before:

“There are companies and people who just take the software and say, “I didn’t have to pay for it. I can do anything I want. The license file is a big blob of text. I’m not going to read that,” Merlin said.

And I’ve this (quite a few times actually):

Back in its early days, around 1998, Google was a small company. It was using open source just like any other small company. While Google was abiding by licences, they were not giving back much due to several reasons. “Some of it was just run fast and make sure that we have money next month to pay everyone’s salary,” said Merlin.

Having been involved in open sourcing companies’ projects new and old, this is what I firmly believe now is the best strategy:

Go open source from the beginning

Google changed that by writing a lot of things from the ground up as open source or to be open source ready. That was a good lesson that they learned, and that’s a problem many companies face when they want to open source their stuff but can’t because the code was not designed to be open source from the beginning.

This, I think, is an interesting approach too (if  you are too small of a company to have research papers and algorithms, consider blog posts, tips and tweaks, case studies, and the like):

Even if Google can’t open source certain code, they found a way to bring that work to the public. “We wrote papers talking about the magic algorithm that we used. We can’t give you the code for the reason I just explained, but we’re giving you the way they work so you can rewrite them,” said Merlin. Google has published hundreds of such papers and people are using it to create projects based on those ideas.

This bit on Android is mind blowing:

Now virtually all of Google’s open source code is on GitHub, except for Android. “The Android distribution is so big and it gets released in big chunks. So, when it gets released, everyone wants to sync that,” Merlin said. “It’s so huge that if we put it on GitHub, it would completely kill GitHub. We use our own mirrors for that, to help out.”

A word of caution for the companies using Open Source software:

Companies have to be extremely careful when using open source. Different projects use different licenses, and you need to be in compliance with them.


Things become complicated when you have projects that you ship. In the case of open source, you need to list the projects that you use and their licenses. In the case of BSD and MIT, you need to list the name and the copyright of the person you got that project from.

You’ll probably need a set of tools to deal with issues like this.  For PHP-based projects, composer is indispensable.  You can run “composer licenses” command and instantly get information about the project’s license, as well as licenses for each and every dependency in use (thanks to this blog post).

There is a good section on Contributor License Agreements (CLAs).  I am slightly familiar with the subject (I signed a few myself), but my experience is limited, especially from the company perspective.  I found this part useful, for that distant time when I’ll need to set it up:

Google uses the Apache foundation ICLA, without modifying it or putting anything special in it. CLAs ensure that companies like Google “can re-license your code under a different open source (license) if we need to. Sometimes we need to merge with other projects and that’s what the CLA allows us to do,” said Merlin.

These are just bits and pieces which I found interesting.  I wish more companies shared their practices and experiences – in particular those larger businesses, with years of history and a wide variety of challenges.

FormSwift – create and sign legal documents for free


More and more paper work is moving into the digital domain, including legal documents.  I’ve previously linked to Docracy – a service that provides a collection of legal documents, as well as tools to negotiate and sign them.  Today I was made aware of another service – FormSwift. Some might find it to be more comprehensive, up-to-date and user friendly than the alternatives.

Have a look at the FormSwift’s collection of the free legal forms, which cover such categories as business, family, financial, life planning, real estate and other.  Their tools are pretty sweet too, with support for Word and PDF files, and an online editor for PDF – not something you see every day.

Google vs. Oracle : API vs. implementation

Slashdot is running the story about the Google vs. Oracle court case.  I thought this bit was rather brilliant:

Schwartz’s second attempt at the breakfast menu analogy went much better, as he explained that although two different restaurants could have hamburgers on the menu, the actual hamburgers themselves were different — the terms on the menu were an API, and the hamburgers were implementations.”

Cyprus Tax, Facts & Figures 2016

PricewaterhouseCoopers (PwC) published their annual Cyprus tax, facts and figures brochure for the year 2016. It is a handy document to send to friends abroad who are interested in moving to Cyprus or starting a business here.

One thing that I found ironic in this document was the example they used for personal taxation (page 7-8 in the English PDF).  The example is for someone with a monthly salary of 5,885 EUR and additional income from rent, etc – a total income of 75,620 EUR per annum.  Looking at the average salary in European Union, Cyprus shows 1,833 EUR per month in 2014 and 1,574 EUR per month in 2015.

I hope PwC predicts a huge spike in average salaries in 2016.  That would be nice …

Non-Electronic Document Management System

ITAR-TASS: MOSCOW, RUSSIA. SEPTEMBER 30, 2014. Russia's State Courier Service officials deliver documents for draft federal budgets for 2015, 2016, and 2017 which are to be delivered in the State Duma. (Photo ITAR-TASS/ Sergei Fadeichev) Россия. Москва. 30 сентября. Сотрудники Государственной фельдъегерской службы России во время доставки документов проекта закона "О федеральном бюджете на 2015 год и на плановый период 2016 и 2017 годов" в Государственную Думу РФ. Фото ИТАР-ТАСС/ Сергей Фадеичев
ITAR-TASS: MOSCOW, RUSSIA. SEPTEMBER 30, 2014. Russia’s State Courier Service officials deliver documents for draft federal budgets for 2015, 2016, and 2017 which are to be delivered in the State Duma. (Photo ITAR-TASS/ Sergei Fadeichev)
Россия. Москва. 30 сентября. Сотрудники Государственной фельдъегерской службы России во время доставки документов проекта закона “О федеральном бюджете на 2015 год и на плановый период 2016 и 2017 годов” в Государственную Думу РФ. Фото ИТАР-ТАСС/ Сергей Фадеичев

With all the hype around Electronic (or Digital) Document Management Systems, I thought I’d share this photo, from this article (in Russian).  Nanotechnology…


This website uses cookies

I’m running Google AdSense on this website to help me get a few cents for the hosting bill (it’s literally cents, not millions of dollars, like some of you apparently think).  Google now in compliance with EU Cookie Law requires publishers to have the cookie warning.

Please ensure that you comply with this policy as soon as possible, and not later than 30th September 2015.

If your site or app does not have a compliant consent mechanism, you should implement one now. To make this process easier for you, we have compiled some helpful resources at

Usually, I don’t care about these things, or avoid them all together.  But since we are facing similar issues at work, I decided to run with it and see how it works and if it has any affect at all.

Gladly, I didn’t have to do any work at all.  The good folks have already implemented the Cookie Law Info plugin for WordPress, so that’s what I have now.  You have the choice to either accept the cookies, or leave the site.  I’m not going to fish out each cookie one by one and explain what it does.  Nobody cares. And if you do, you are probably here by mistake anyway.

On software liability laws

I came across this interesting opinion on software liability.  Just to keep them here for the context, the suggested software liability rules include the following:

  1. Consult criminal code to see if any intentionally caused damage is already covered.
  2. If you deliver software with complete and buildable source code and a license that allows disabling any functionality or code by the licensee, then your liability is limited to a refund.
  3. In any other case, you are liable for whatever damage your software causes when used normally.

Which sounds reasonable from the position of “let’s sort the security issues”.  Even though I’m not a big believer in legal system when it comes to technology issues.  But then, there is this:

The software houses would yell bloody murder if any legislator were to introduce a bill proposing these stipulations

with which I personally disagree.  I think software houses that do quality work wouldn’t mind at all.  The people who would mind are the clients of software houses.  Quality always comes at a cost.  And raising quality of software immediately means rising the cost of software.  And the majority of clients (in my experience) don’t care about quality to the point where they would pay for it.  And there are plenty of examples in other industries – food, automobile, furniture, clothes, etc.

Basically, this all just reiterates my points of security and privacy are mythical and/or dead.  Mostly, because most people don’t care enough.