It's Fixed in the Next Release - Technology

On Development Teams

nospam@example.com (Alan Langford (developer blog)) — Fri, 25 Sep 2009 10:52:00 -0500

Earlier today Amy Stephen and I had an interesting discussion on development teams, I thought it worth organizing and preserving. Because it's a bit of a threaded conversation it takes a little work to follow the flow, but there's no easy way to sort it out.

One of the most interesting things here is that even though I tend to take a bit of a hard-ass "no prisoners" approach to the problem, and Amy is fairly close to my polar opposite, we actually look at the fundamental problem in nearly the same way.

AmyStephen	Wondering about the market potential of the promise of a 1 day workshop that can turn a dysfunctional group into a high performance team. It's puzzling to watch a dysfunctional group where members keep barriers to entry high and engage in intense, private battles within.
FxNxRl	Lets see... the seminar starts with a real-time attitude and teamwork survey, then lists who should be retained and who fired.
AmyStephen	That might do it – if management would so empower. Typically, you'll find spineless leadership behind dysfunction.
FxNxRl	Indeed. I have done consulting assignments where I had to tell the person who hired me that they were the main problem. Awkward.
AmyStephen	So, how would you sort out the understandably frustrated's from those who might be, shall we say, squelching innovation?
FxNxRl	Most of the time it's pretty easy to tell one from the other by simply talking to them face to face.
AmyStephen	I used to think that I could tell quickly but now I am doubting my early instincts. It's a bit unsettling, in fact. I can't tell.
FxNxRl	What's difficult is to unmask the passive-aggressive ones. Usually high-value team members who kill things by "contributing".
FxNxRl	It is impossible to tell when there's distance involved, and it can be difficult in person too.
FxNxRl	I once managed a team where I had to use source code control metrics to track project progress. Every time a project was really doing well, the lead developer would step in to "help" and the project would nearly stop. There was no way to fire him...
AmyStephen	Yes, it's tricky when the one causing the problem has a great deal of authority. You have to control the process to figure it out.
AmyStephen	Source code control can be a great tool for lots of challenges simply because people who are traumatized can see justice/hope
AmyStephen	That is, provided they can commit to it, of course. Otherwise, it's just another situation where they have to face this barrier.
FxNxRl	Yup, and it's hard data in an environment where everyone has some emotional involvement no matter how hard they try not to.
FxNxRl	Development without revision control is art, not engineering.
FxNxRl	The very first thing is to put proven development methodologies in place. If there's strong resistance, fire the dissidents.
AmyStephen	lol - I definitely do not agree, but I understand. Many times, your skeptics are simply people who think for themselves.
AmyStephen	In fact, you can bag anyone who's onboard with change too quickly. Everyone should resist process changes if they are moving forward.
FxNxRl	I realized, at about age 45, that I had become the "asshole manager" I loathed at 25. Team results trump individual brilliance.
AmyStephen	In general, I think it's a bad idea for mgmt to plunk a set of "productivity tools" on an engineer's desk. Best to let them pick.
FxNxRl	Well yeah, you can't say "effective Monday everyone is using SVN and methodology X". The method of change is critical.
AmyStephen	I'm a HUGE believer in team. I think, though, the strongest teams are built from a complementary collection of individual brilliance.
FxNxRl	But the guys who say "never did it that way, ain't gonna start now" and then dig in? Well they can do it "their way" elsewhere.
FxNxRl	So am I... and I have seen effective teams operate in mayhem. It's all about getting complimentary characters.
AmyStephen	That's why it's important to involve them. Good engineers know what productivity aids are needed and welcome it. They resist "silly"
FxNxRl	I have seen highly effective teams with vastly different cultures. You could NEVER take a person from one of those teams and put them in the other. It's all about getting people who work well together.
AmyStephen	Absolutely! I've worked on a team like that 2 times in my life. When you have tasted it, you know what it is & why it's worth having
FxNxRl	I've also become friends with people who I've let go as a "parachute in manager/jerk". They found teams where they fit & r happy
AmyStephen	Yes - there's a chemistry that cannot be ignored. In MBTI, it's the middle 2 indicators that can sometimes predict compatibility
AmyStephen	Yes. That's best. A self-directed work team w clear boundaries and focus and empowerment. It's how "grown-ups" should be treated.
FxNxRl	Dated though it may be I'm a huge MBO fan. Here's what we need to do, tell me what you need to do it, then get it done.
FxNxRl	as long as it's legal and ethical I don't care how it gets done, just that I can measure progress and that there is progress.
AmyStephen	I don't think common sense is ever dated. Keeping a focus on "what this is really about" is always good.

Amazing Code Repository Visualization (Joomla)

nospam@example.com (Alan Langford (developer blog)) — Sat, 30 May 2009 08:55:34 -0500

This is amazing stuff. The description from the YouTube page says it best: "This Code Swarm provides an animated visual representation of the changes made to the Joomla! source code since 2005. The names that appear are the users who have made changes to the source code. The stars/highlights represent commits made to the Subversion repository. The histogram to the bottom left displays activity. Look out for the date displayed in the right hand corner."

That "instance" floating around in there is me. Even without the "holy cow, that's me!" factor, this is a wonderful visualization tool.

Let's Just Call it the Canadian Conference Board of Incompetence

nospam@example.com (Alan Langford) — Mon, 25 May 2009 21:05:30 -0500

In The Conference Board of Canada's Deceptive, Plagiarized Digital Economy Report Michael Geist attacks the Conference Board for a variety of faults that call its claims of objectivity into question. Subsequently, in Conference Board of Canada Responds, Stands By Its Report he comments on their inadequate response.

What is perhaps most informative is this quote from the response "The Conference Board regularly produces custom research. Our guidelines for financed research require the design and method of research, as well as the content of the report, to be determined solely by the Conference Board." [Note to conference board: that is how you cite sources.]

This quote suggests that they take full responsibility for the incompetence, sloppy methodology, poor fact checking, and many other faults in their work. They appear to either be completely disconnected from reality or to be fully aware that they have no credibility whatsoever.

I suppose it doesn't matter which.

MySQL's Post-Oracle Future

nospam@example.com (Alan Langford (developer blog)) — Tue, 21 Apr 2009 08:29:06 -0500

One of the oddities of Sun's acquisition by Oracle is that Oracle now owns the MySQL trademark. They also employ the largest concentration of developers who are familiar with the code base. What they don't control is the code, and who they no longer employ is a lot of the key people who got MySQL to where it is. So what's next?

From Oracle's viewpoint, there are three likely scenarios:

Ignore MySQL, let the remaining team go, hope it dies.
Try selling it off.
Embrace Open Source and continue to improve mySQL.

Consider each of these options.

Oracle Ignores MySQL, Hoping for a Withering Death

There's revenue associated with MySQL. It might be a trickle from Oracle's perspective, but it's more than enough to keep a good medium sized company running smoothly. Tens of millions of sites have absolutely no interest in moving to a new database manager, and there's heaps of MySQL specific expertise out there now. The MySQL revenue stream isn't going away soon. If Oracle tries this strategy, the MySQL code will soon emerge under a different name, and the resulting business will probably be all the more nimble for it's passage through Sun and Oracle. Not a likely scenario but good for MySQL nonetheless.

Oracle Sells MySQL

Good luck. Can you say embarrassing writedown? Sun's billion dollar acquisition of MySQL is right up there on the "WTF" scale, ranking with eBay's purchase of Skype and Google's acquisition of YouTube, all for stupid money. [Side note: M&A groups should refrain from hiring people who come out of the derivatives world.] Even then, name a buyer at any reasonable price. I can't think of one.

Oracle Embraces FOSS

Initially this looks like we're getting into geek porn fantasies. What can Oracle actually give MySQL that aligns with it's corporate interests?

There are some patents, well past the end of their productive life, that Oracle could release. This could give MySQL a few neat features that would improve performance. But these are small incremental gains at best. There's also no selective release here. Once those techniques are in a GPL code base, they're up for grabs by any open source project.

They could dump lesser versions of various core technologies into MySQL in order to set up a smooth transition to their proprietary products. This would introduce a lot of the "bloat" that made MySQL so popular in the first place. I think we'd see more nimble forks appear in no time. Not a great strategy.

Then there's the philosophical differential. The one thing that's evident from my work with Joomla, and my observation of other solutions in the same space, is that success in open source is all about building a strong collaborative culture around the product. While this isn't incompatible with running a profitable business, it is incompatible with the traditional "destroy the competition" approach. On the surface, capitalism in open source is not going to mix well with the capitalism as warfare.

Then there's the culture clash of Alpha Geek versus Alpha Capitalist. For a good example of this we need look no further than a blog post from Michael Widenius. He writes "Mr. Ellison, you are undoubtedly a master tactician. However, thinking two moves ahead in the open source world is not good enough. You need strategy. Long term, meaningful, viable strategy. You need to think years ahead, not just to the next fiscal quarter." There's nothing quite like a bonehead mix of arrogance and ignorance for your first move. Anyone who thinks Oracle got to the position it's in by purely tactical moves that look "two moves ahead" is clueless. Then the icing: Widenius closes with "I'd love to speak with you about it". Well, consider condescending to picking up the phone, buddy. If you think Larry's going to read your blog and give you a call, you might consider getting back onto your meds (or off of them, either way a state change is in order).

Beyond Strategy, what About Mission?

If you take a step back and look at the mission behind Oracle's numerous strategic moves over the years, you see their overarching mission: destroy Microsoft.

What's most interesting about this is that this ethos is also deeply ingrained in the thinking of many open source developers. It's a small step from "freedom from proprietary software" to "freedom from Microsoft" because Microsoft is the biggest, most obvious first target.

So there is a possibility that despite the cultural differential, Oracle may be viewing open source as a strategic weapon. It's also worth noting that along with Sun, Oracle gets the services of Johnathan Schwartz, who has demonstrated a crystal clear understanding of the open source model. As Mitchell Ashley notes in "Converging on Microsoft", Oracle is now in a good position to strike at Microsoft at a time of relative weakness.

If Ashley is right, Larry Ellison will become an active evangelist for open source, using Oracle's position to drive at the core of Microsoft's space. I'm sceptical of this. I don't think the enterprise world is ready to accept the idea of mission critical applications as open source, and I don't think Oracle's enterprise business is served well by this just yet. That won't slow Oracle down one bit. Johnathan Schwartz can become Oracle's open source advocate, speaking for that part of the business. Open source is walking its way up from the bottom, from compilers to operating systems, through servers and databases. At each stage it takes a little time to gain credibility and foothold, but the value proposition is compelling. If Oracle backs MySQL and proves that it is a viable solution in Oracle's original space, then it not only helps them advance their mission, it helps advance open source.

Predictions

Either way MySQL – or at least the code that is currently MySQL – is going to come through this just fine. That's the GPL in action: it's simply not possible acquire and kill good code.

I think we're going to see the third scenario. Oracle's support of Sun's open source technologies will be strong and unconditional. But this support won't extend to their enterprise applications. Not until the market is ready.

Whether I'm right or wrong, we'll see something happen quickly, within two quarters of the closing of the acquisition.

Social Media: Why Facebook; Why Twitter?

nospam@example.com (Alan Langford) — Wed, 11 Mar 2009 14:37:11 -0500

As either a younger member of the boomer generation, or an older member of Gen-X, I'm a member of a big demographic that seems to have a hard time understanding social media. The most common reaction I get to mentioning something on Facebook is "I will never have a Facebook account!"

I realize now that part of the bad reputation that social media has with middle-aged adults is due to the fact that most of these people are parents, and everything they know about social media sites has come from their kids.

This led me to a great insight. Good social media sites are malleable to individual users, and that's what makes them so powerful. I am certain that my Facebook experience is vastly different from that of your average teenager's, and that's a good thing.

A middle-aged friend recently asked me about Facebook and Twitter, with the subtext "I don't 'get' either of them." I've reworked my response a bit in hope that it will be helpful to others:

The main purpose of Facebook is to get found by people you already know but have lost touch with, think of the people you would invite to a high school reunion. Simple as that. It's also good for keeping up on the big stream of small things that winds up being news in a nominally mundane life. It works well if you're not "always on" the net. You can pop in every week or so and catch up. If you ignore the clever little time-wasting applications and notification noise, it's a useful tool. In short, Facebook is good at making an electronic link to people you already know.

Twitter is much more geared to making new connections and is really something for those of us who are "on the 'net" most of the time. What it's best at is finding new clever people, and getting breaking news. Information travels very quickly in Twitter, and to a large extent it's filtered to the interests of the people you follow, which means you get more information about the things you care about. As a writer, it's also superb at making you edit things down. The 140 character limit is brutal, but it enforces the practice of a clarity that can carry into other writing.

So how did I do? Is there anything else that "defines" these sites?

A List of Twitter Types

nospam@example.com (Alan Langford) — Tue, 03 Feb 2009 07:36:38 -0600

I've been "hanging out" on Twitter for about three weeks now. My interactions with it have evolved quite a bit over that time.

When I first got on, my attitude was "what's the point?" That became "okay, so this is the best part of Facebook minus the dumb applications and a lot of FB's cool-but-useless user interface." But along with this functionality came a challenging signal to noise ratio. How can you decide who to follow? It's certainly not by popularity. Some of the most followed accounts are little more than posts of the form "(hook text) (external link) more on (topic) at (posters_site)." In other words, "Here's something vaguely interesting on a topic we cover. Hopefully the first link will generate the expectation that our site has even more useful information, and you'll start using us as a source."

If that's all Twitter had to offer, I'd be gone by now. But despite the noise, there's quality in the signal when you find it. I have interacted with people with unquestionable intelligence, people with expertise in interesting areas, and people with humour and insight. Twitter is also undeniably a superb source for news, both global and local.

The other problem is that few of us are consistently brilliant, so even on an individual level there's no telling how many mundane posts you'll have to read before encountering the gem that makes it worthwhile.

So I have developed a list of user types for Twitter that I use as a guideline when deciding who to follow:

The "I am a Channel" type is interested in their follower count above all else. Every post they make returns to a gateway on their site, so they can pump up their traffic stats. Some are more subtle, but the ultimate goal is to make their web properties a destination.
The "monetize" type is intent on convincing you that they know how to monetize your online presence. Inevitably this leads you to a pitch for their e-books and/or training courses. Somehow I get the feeling that these people are all modern equivalents of the "Make $1 Million from Classified Ads" artists. why do I get the feeling that the way you monetize is by selling e-books telling people how to monetize?
The "I am a social media maven" type — which is distinct from an actual social media expert — is a variation on "monetize". All you have to do is buy/subscribe, and they'll show you how to get to the top of the social media heap. By and large, these folks would fare far better if fewer of them appeared to be laid off auto workers living in their mother's basements. The ones who seem to have some class wind up being the ones who value connections above all else. As I've said before, there's something unsettling about "hook up with me on LinkedIn as a trusted source, even if I don't know you from a serial killer".
The "random link" type finds purportedly interesting information and tweets it with a useless explanation, as in "wonderful (link)". I suppose that somewhere out there, the simple act of posting makes the link worthwhile, but in my experience so far, 85% of the links go to stuff that is old, dull, boring, or just plain not interesting. A complete waste of time. Explain what's interesting about the link, please.
The "topic feed" type usually picks a well-defined topic to post about and either relates facts about that topic or posts links with information relevant to the topic. Focus is the key to success here. If the topic is pig farming, it no good can come from posting random comments on abstract art.
The "expert" type goes one better than the topic feed. These are people with a real interest and some expertise in their field, and they regularly post observations and insights along with the "topic feed" fare. A significant number of posts from these people reference original content that hey have compiled or authored.
The "personality" type is someone who has a real world profile and is using Twitter as another channel for communicating to their audience. Think Obama.
The "community" type is a member of a smaller community that uses Twitter to keep up to date. This is what Twitter seems to have originally been designed for. Some of these communities have "personality" types, who have a significant profile in within the scope of that community.
The "shared mundanity" type posts nothing but tidbits from their life. As in "listening to x while doing y". There's a fine line here. Much of the charm of Twitter is getting a snapshot into other people's lives, but we don't need the whole film; odds are that you're just not that interesting. If none of these posts have any meaning, if they don't transcend mere observation, then the unfollow button is not far away.

The real challenge here is that most people exhibit a mix of these types, and probably a few more that I haven't identified yet. Twitter is all about constructing your own community and becoming a part of it. It's social media at its most fascinating.

Newspapers are Dead. Expect a Very Long Funeral.

nospam@example.com (Alan Langford) — Thu, 29 Jan 2009 17:42:22 -0600

Writing on ojr.org, Getty Storch asserts that "Papers must charge for websites to survive". There is a lively debate in the comments that follow, most of them are in disagreement with Storch's analysis.

This includes mine, which I reproduce here.

Anyone who thinks newspapers can survive on local content needs to spend a few weeks on Twitter. Here is a medium where news arrives in near real time, is reliable (since misinformation is rapidly corrected by others), and relevant. This applies just as well in a global environment. I have seen real reports from people on the scene of demonstrations in Thailand and Athens, and learnt about the supply of gas from Russia to Slovakia from people in cold buildings. Twitter and similar channels tell me about traffic jams on my route downtown, about power outages and emergencies in ways that no newspaper or even television station can ever dream of achieving.

Twitter has merely brought something that has been happening for a very long time into the mainstream. As a case in point, I learnt about the death of Princess Diana via an international online chat almost three hours before the local media picked it up. This is a decade ago. Times have changed.

Information is now free and it will remain so. Any attempt to charge for access to it is absolutely doomed. The only hope that news media, particularly "print" media have for survival is by adding value. This means aggregating sources, adding perspective, and performing astute analysis. Even so, most of the revenue from these activities will be derived from online advertising, and those revenues will be orders of magnitude below what the industry currently sees as normal.

The newspaper as we know it is dead. There is no model that will resuscitate it, period. Rigor mortis has set in, the patient just doesn't fully realize it yet.

Quick Rant: Animated Favicons

nospam@example.com (Alan Langford) — Fri, 23 Jan 2009 10:12:33 -0600

For those who don't know, a favicon is the graphic that shows up in the location bar and bookmarks of modern browsers. They're great visual clues that help you remember what's on a page.

It is possible to have this icon animated, at least for some browsers. DON'T DO IT.

Animated graphics are designed to catch your eye. Once your attention is caught, you're supposed to understand a message and respond. That response takes you to a web site. If a favicon is up, then you are already on the site, so animation just catches your eye and distracts you from the site. Anyone who thinks distracting viewers from paying attention to their site should get out of the business and consider a career as a utility pole.

The other possible thought behind an animated icon is that in a sea of tabs and bookmarks, the animation calls attention to your site. That might work, but if every icon is animated, then the result is a sea of irritation, so it's not a strategy that will work for long. As far as tabs are concerned... I just visited these sites, I can recognize your icon without having it wave at me. In fact, the second time it interferes with my attention, your tab will get closed.

Summary: Animated favicons have lots of drawbacks and little upside. Just say no.

Social Media: Stripping Meaning from Connections

nospam@example.com (Alan Langford) — Wed, 21 Jan 2009 08:08:56 -0600

I've been hanging out in Twitter for a couple of weeks now. It's generally amusing, and in some ways I can see it as useful. In a way, it's simply the most interesting part of Facebook (status updates) without the lame and cloying attempts at "fun". But one thing that's irritating about it is the "social media experts" and the "u 2 cn get rich" crowd. I would go on about this, but Michael Pinto has done a great job already in his post Social Media “Experts” are the Cancer of Twitter (and Must Be Stopped).

Instead I want to focus on a subset of Twitter users, the "Friend Troll". These people post multiple tweets, encouraging everyone to connect with them on other social media sites, usually LinkedIn. Now the premise of LinkedIn is that people use it to build connections between people that they know and trust. Obviously someone who gets the bulk of his or her connections from random Twitter followers is not adhering to this principle, which debases the entire concept.

I'm pretty sure that LinkedIn introduced the "Recommendations" feature as a way to combat this, but there's nothing to stop a savvy user from trolling for those, so it's of limited usefulness.

So what's required is some way to measure the level of respect that someone has for the sites that they inhabit. I have decided that, at least for sites like Facebook and LinkedIn, that the friend count / number of connections is a good metric. Unfortunately, LinkedIn generalizes the connection count, so "500+" is the best we have to work with. Let's run with that for a moment. Assume the person is 40 years old, and has been working for 20 years. That's just over two friends per month, for every single month. Roughly two weeks per person.

Maybe I'm a poor judge of character, but two weeks of accumulated interaction with a person is, in my experience, not enough time to build a stable trust relationship. By contrast if I take as an example a very personable fellow who I have worked with, who I trust, and who is CEO of a publicly traded software company, I see just under 100 connections.

So after surveying my connections profiles, I have developed the "LinkedIn Connection Credibility Metric".

1-10 Connections: You are either antisocial, or don't "get" social media.
11-100 Connections: You're "regular folk" and consider your connections before making them.
101-250 Connections: Difficult. If you have a customer facing job, your connections could be credible. If you don't, then you probably include anyone you've met in business and thus your connections are questionable.
251-500 Connections: If making connections with people is your only full time job, then this is possible, but still your connections are met with scepticism. If there are solid, meaningful recommendations to back up your connections, then maybe.
500+ Connections: Give me a break. If I connected with you, either I knew you before you went over to the dark side, or for some reason I thought you might be useful as a portal to someone I want to work with. Yes, I'm using you. But then again, you probably think that's what social media is about.

Assisted Suicide: YouTube Helps Music Goliaths Become Irrelevant

nospam@example.com (Alan Langford) — Thu, 15 Jan 2009 11:58:32 -0600

A few days ago, YouTube began muting the audio tracks of videos that contained "unauthorized" copyright material. Some videos will now have the notice “This video contains an audio track that has not been authorized by all copyright holders. The audio has been disabled.” displayed beneath them.

This is a good move for YouTube. It will help absolve them from any liability for "broadcasting" content that the RIAA cabal deems worthy of protection.

It's not such a good move for the RIAA and similar groups. A music track is an essential part of many videos, and we can be pretty sure that not many people who produce them are going to go to the trouble of obtaining copyright clearance. Instead, they're going to seek unencumbered music. This is going to drive up the demand for "open" music, which will in turn cause more musicians to provide the same in exchange for some small promotional credit on the video.

Thus a win-win is born. Video creators will have access to more music they can use, musicians will have a showcase for their work with a potential for global profile that would otherwise be difficult to obtain. How long will it be before this exposure results in a musician who "makes it" in the mainstream? It will only be a matter of time.

How will these musicians feel when a big label comes along to offer them a contract that pays a fraction of the revenue they actually generate while insisting that they turn their backs on their roots by joining the copyright cartel? Some will buy in to the promises and sign up, but some won't. Instead they'll seek new methods and revenue models for distributing their work. Perhaps they will make the bulk of their money from live performance, or maybe they'll find other ways to do it, but they will eventually succeed at it.

Once a successful formula has been found, those who seek to maximize revenue by controlling distribution will have lost the final step in their battle. They will have successfully spawned a revitalized industry that makes them irrelevant. This has always been inevitable, but YouTube's move will certainly accelerate the process. To me it is amazing how, blind to reality, this industry continues to find ways to kill itself off with ever greater efficiency.

Kudos to YouTube; still yet another dunce cap to the established music distribution business.

On the Enforcability of the GPL

nospam@example.com (Alan Langford (developer blog)) — Fri, 02 Jan 2009 15:49:32 -0600

A comment from my last post asked me to back up the claim that settlements have lent weight to the validity of the GPL. I got some feedback from a friend and did a little research of my own and here's a summary of the stuff that's easy to find.

The developers of Busybox have been busy indeed:
March 6, 2008 BusyBox Developers and High-Gain Antennas Agree to Dismiss GPL Lawsuit
March 17, 2008 BusyBox Developers Agree To End GPL Lawsuit Against Verizon
July 23, 2008 BusyBox Developers and Supermicro Agree to End GPL Lawsuit
October 6, 2008 BusyBox Developers Settle Case With Extreme Networks

The GPL Linux Kernel has been defended in a European court verdict.

Many other successful settlements in favour of the GPL are available at gpl-violations.org.

Groklaw's article "A GPL Win in Michigan" discusses how the US courts have found the GPL enforceable.

Sun Microsystems gets the GPL, even if it doesn't suit them. in a CNET article from 2005, Jonathan Schwartz is quoted as not liking the GPL because of "the GPL provision that says source code may be mixed with other code only if the other code also is governed by the GPL". Sun's rather formidable legal team gets it: you can't mix non-GPL code with GPL code and still comply with the GPL.

This is just the beginning. The SFLC has launched a suit against Cisco on behalf of the FSF. SCO descends further into bad joke status by attacking the GPL, with IBM on the other side. Any bets on who will take that one?

On the flip side, there's nothing I could find where a challenge to the GPL was successful.

More Controversy: the Joomla Extensions Directory (JED) and the GPL

nospam@example.com (Alan Langford (developer blog)) — Thu, 01 Jan 2009 13:49:33 -0600

Back in June of 2007, the Joomla project generated a community firestorm by announcing that, based on legal opinion, it felt that all Joomla extensions were required to be released under the GPL and that it would start to encourage third party developers to comply with that interpretation.

Detractors tried to paint this as some sort of policy decision. Somehow they never quite grasped what was being said, so I think it bears being repeated. Open Source Matters, Inc. (OSM), the non-profit charged with protecting the interests of the project, sought and obtained an opinion from legal experts well qualified in this area. Their opinion was specific, clear, and — this is critically important — while not based on precedent set by court decision, was based on several lawsuits that were settled just before going to court.

This needs some elaboration to make it as clear as possible: businesses who thought that this interpretation of the GPL was wrong, and who distributed proprietary attachments to GPL products, backed down when faced with going to trial. In my opinion, the only reason why a commercial enterprise would elect to settle a case of this nature just before going to trial is because they knew that they were likely to lose. When several suits get settled this way, all in favour of the GPL, they begin to carry significant legal weight.

So OSM had two choices: communicate the requirement that extensions be GPL or adopt another license. Considering that Joomla formed as a direct result of the actions individuals who believed in the GPL, there was really only one alternative.

Free Software — as defined by the GPL — may embrace open source, but it is not the same as open source. It is designed to give users rights and freedoms that go well beyond access to the code. For developers the interpretation is simple: get on board or use code that has a different license, period.

At the time of the GPL announcement, I had decided that Joomla was the best CMS for my web development business. I had just begun to get involved with the project, and had at best contributed a patch or two. As a small business, source code is our biggest asset and I will admit I had some concerns about giving up the ability to protect that asset. But at the same time I am not so hypocritical that I think somehow we have the right to protect our code, while using hundreds of thousands of lines of code written by others without compensation.

A few days ago, the project announced that the Joomla Extensions Directory was only going to list extensions released under the GPL (JED to be GPL Only by July 2009). Predictably, this has created another round of controversy.

The difference here is that while the original position was based on legal opinion, this decision is more one of policy. The project is choosing to not promote extensions that violate the terms of the GPL.

When the first announcement was made, my Joomla involvement had just begun. Now, I'm one of the more active members of the project and part of the Development Team. While not part of the Core Team or OSM Board, which are the bodies responsible for the governance of the project, I have made some significant contributions. Every time someone downloads and installs Joomla, they benefit in some small part from my work.

It is in this context that I'm going to respond to several reactions to the JED announcement:

Reaction	Response
Joomla needs commercial extensions in order to survive and gain acceptance from business customers.	Similar dire claims of the project's demise were made when the GPL compliance announcement was made. Not only have they not come true, Joomla is more active and vibrant now than it has ever been, so FUD to that. The vast majority of extensions are already GPL, including some of the best extensions for 1.5. I successfully use the argument that the GPL protects a business from the failure of a small development shop without introducing new risks. Any business that backs away from GPL software as a user simply hasn't been sold to properly.
I can't make money if my extension is GPL.	Leaving aside the fact that there are many companies that disprove this, anyone making this argument is saying that they can't make money without ripping me off! Start paying me and others for our contribution to your success and then I might be slightly sympathetic. Maybe we need an alternative licensing model. Pay OSM US$50,000 to $100,000 for a Non-GPL Joomla site license and feel free to install as many commercial extensions as you like. Don't install one single third party GPL extension without paying them, though! Find an extensible commercial CMS and go write proprietary code for it. If your business is capable of paying for the development licenses and the training and certification courses you'll need to get started, then you might in fact have a viable proprietary software company. If not, stop whining. If you're that great, you don't need Joomla. Go write your own CMS.
Policy makers in the Joomla project are out-of-touch idiots and something should be done!	Fork it. Go on, I dare you. Everybody who is currently working on the code base understands and supports the GPL. The people who didn't left shortly after the 2007 announcement. If you like the code, but don't like the policies, go do it your way. Personally, I think people who think they can get fair value for their work without also giving the project similar value (say, based on revenue per line of code) have ethical problems. So not only do you want to rip off the users who buy your extensions by denying them their legal rights under the GPL, but you want the Joomla project to help you do that. Good luck. The site www.extensionprofessionals.com (running Joomla 1.0 (snicker) way to innovate, guys) offers proprietary extensions. This site is sponsored by the "Joint Commercial Developers Association" (jcd-a.org), comprised mostly of people who found Joomla's GPL interpretation unacceptable. In a year or two, we'll be able to measure the success of this extension site by comparing it with the JED. Should be good for a laugh or two. Take a look at the frantic activity on jcd-a.org for a peek at the future. The word joint comes to mind, but not in the context of a collective effort.
Someone will fork my code and release a better version three weeks later.	If your business model is predicated on code that's so weak that someone can make significant improvements on it in three weeks, and that someone isn't you, then maybe you should consider either a different business model or another career. Let's make it very clear: the GPL makes it difficult to earn a living by flaunting mediocre code without some other kind of value add. If you can't come up with a proposition to add value, consider another business. Really. It's just not going to work.

From my viewpoint, a great part of Joomla's success has been as a direct result of its commitment to empower the end user via the GPL. Moreover, the principles of the GPL have attracted much of the talent that the project currently has. I see companies that don't embrace these values but who continue to earn a living thanks to the project as nothing more than parasites. I'm certain that once the leeches have been pried from the JED, it will grow more quickly and become more vibrant than ever before. Time will tell.

Simplifying Joomla Template Layouts

nospam@example.com (Alan Langford (developer blog)) — Tue, 23 Dec 2008 17:40:30 -0600

Since the early days of Joomla 1.5, component layouts have bothered me. First there's the problematic nomenclature (which I'm probably using incorrectly). Layouts are component-specific snippets of HTML and PHP logic that generate the actual code (usually HTML) that goes to the target device. A template can override the default layout, which is just one of the many powerful features that give Joomla sites so much flexibility.

My biggest problem with layouts is that they typically embed too much logic. Why should a layout be determining what to do if a category description isn't present? Worse yet, why does it have to check access to see if an article body should be displayed or not? Surely the actual view should be responsible for this sort of thing, and the layout should be strictly concerned with how to present the information that's available.

The other problem is that layouts are ugly beasts. Most layouts need to flip between HTML and PHP dozens of times, just to do the most simple thing.

I'm not exactly a patient person. Maintaining the existing layout code in the Joomla core components is bothersome enough, but recently I started doing extensive work on a third party component, adding my own view in the process. That's when that familiar snapping sound resonated in my head. Always a sucker for diversions, I decided to follow the tangent and see if I could improve Joomla layouts.

It took about triple the expected effort, largely because the initial results were pretty exciting, and I decided to do more than a hack job. The result is JTML, and the results are described in the white paper Simplifying Joomla Template Layouts.

Every once in a while, the idea of creating a simple language for creating Joomla extensions comes up, but that is a very big job indeed, and there are many, many other things to do in the project. So it remains a bit of a dream. I'm hoping JTML is one small step in that direction.

How to: Ubuntu PHP Remove Suhosin

nospam@example.com (Alan Langford (developer blog)) — Wed, 10 Dec 2008 07:54:54 -0600

One of my projects for the "holidays" is moving one of my servers from Gentoo to Ubuntu. During planning for this, I noticed that the Ubuntu version of PHP5 includes Suhosin. That's a problem.

The problem with Suhosin is that it's designed to stop sloppy applications from doing bad things. I'm sure it does a reasonable job of that, but in the process it can interfere with good applications (see examples for Joomla). Since I'm in the business of writing good applications, Suhosin is a bad idea. Worse yet, it can provide a false sense of security, since it can't deal with anything except typical PHP errors. As far as I'm concerned, this class of "security blanket" provides false comfort and is no replacement for auditing and testing.

Continue reading "How to: Ubuntu PHP Remove Suhosin"

TD Bank Tries an End Run Around Site Tracking Blockers

nospam@example.com (Alan Langford) — Fri, 21 Nov 2008 14:21:26 -0600

I'm well aware of the value of site analytics. Most of my sites make extensive use of them. But at the same time I'm aware of a user's absolute right to not be tracked, be it anonymous or not. When it comes to my personal information, I'm usually happy to let most sites drop in a statistical tracking cookie, but I almost always set the lifetime of those cookies to "session only".

Basically, I'm happy to let someone know how I navigate their site, because that information is likely to result in improved usability. What I don't like is disclosing how many times I visit a site over a period of time, and what my multi-visit user patterns are like.

With browsers like Firefox and now even Internet Explorer providing easy tools to manage cookie acceptance and lifetime, more and more users who don't want to be tracked are limiting cookies. This is giving marketers a more challenging time and skewing their statistics. Poor babies.

Some marketers are fighting back. What's not commonly known is that Adobe's Flash Player lets sites store cookie-like information as well. Now Adobe hasn't quite caught up with the concept of individual liberties, so the default configuration of the Flash Player is to allow local storage without any explicit user permission. Adobe pretty much has a monopoly when it come to this sort of thing, so there's little incentive for them to change.

So now marketers who claim to seek to improve customer service have a method where they can gather data even if their customers have taken explicit steps to prevent it. News Flash: That is NOT good customer service! It's really rather offensive customer abuse.

Some time in the past few months, TD Bank decided to join the ranks of companies who have elected to bypass their customer's wishes. I recently connected to my online banking site, and got asked for permission to allocate local storage to an invisible bit of Flash. So I cranked open the page and found this link: https://easyweb46w.tdcanadatrust.com/dojo111/dojox/storage/Storage.swf?baseUrl=/dojo111/dojo/. At least its name reflects its purpose.

Anyone familiar with the big Canadian banks has become accustomed to dealing with these arrogant behemoths, protected from significant international competition by legislation, and reading from some version of a dictionary where the meaning of "service" is very different from the commonly accepted definition. Really the only surprising thing is that they haven't found a way to charge me 25 cents per byte of information that they want to store on my computer.

But you don't have to be subject to corporate whims. These things are configurable. Don't go looking through your browser, plugins or program settings for the control panel, though. Follow this link to your Flash Player control panel. This looks like a screen shot of what a control panel might look like, but don't be confused: it's a live presentation of your current settings. Click on the second tab, "Global Storage Settings". There's a reasonably good explanation of the settings below the panel, but if you move the slider to the left until it reads "None", then every site that tries to save data in flash will have to get your approval first. If you don't want to be asked, set the "Never Ask Again" check box. Then go to the last tab, "Website Storage Settings" to take a look at which sites have left tracking codes on your computer. Delete all the ones you don't trust.

Now you have control of your information again.