Amazing Code Repository Visualization (Joomla)

This is amazing stuff. The description from the YouTube page says it best: “This Code Swarm provides an animated visual representation of the changes made to the Joomla! source code since 2005. The names that appear are the users who have made changes to the source code. The stars/highlights represent commits made to the Subversion repository. The histogram to the bottom left displays activity. Look out for the date displayed in the right hand corner.”

That “instance” floating around in there is me. Even without the “holy cow, that’s me!” factor, this is a wonderful visualization tool.

MySQL’s Post-Oracle Future

One of the oddities of Sun’s acquisition by Oracle is that Oracle now owns the MySQL trademark. They also employ the largest concentration of developers who are familiar with the code base. What they don’t control is the code, and who they no longer employ is a lot of the key people who got MySQL to where it is. So what’s next?

From Oracle’s viewpoint, there are three likely scenarios:

  1. Ignore MySQL, let the remaining team go, hope it dies.
  2. Try selling it off.
  3. Embrace Open Source and continue to improve mySQL.

Consider each of these options.

Oracle Ignores MySQL, Hoping for a Withering Death

There’s revenue associated with MySQL. It might be a trickle from Oracle’s perspective, but it’s more than enough to keep a good medium sized company running smoothly. Tens of millions of sites have absolutely no interest in moving to a new database manager, and there’s heaps of MySQL specific expertise out there now. The MySQL revenue stream isn’t going away soon. If Oracle tries this strategy, the MySQL code will soon emerge under a different name, and the resulting business will probably be all the more nimble for it’s passage through Sun and Oracle. Not a likely scenario but good for MySQL nonetheless.

Oracle Sells MySQL

Good luck. Can you say embarrassing writedown? Sun’s billion dollar acquisition of MySQL is right up there on the “WTF” scale, ranking with eBay’s purchase of Skype and Google’s acquisition of YouTube, all for stupid money. [Side note: M&A groups should refrain from hiring people who come out of the derivatives world.] Even then, name a buyer at any reasonable price. I can’t think of one.

Oracle Embraces FOSS

Initially this looks like we’re getting into geek porn fantasies. What can Oracle actually give MySQL that aligns with it’s corporate interests?

There are some patents, well past the end of their productive life, that Oracle could release. This could give MySQL a few neat features that would improve performance. But these are small incremental gains at best. There’s also no selective release here. Once those techniques are in a GPL code base, they’re up for grabs by any open source project.

They could dump lesser versions of various core technologies into MySQL in order to set up a smooth transition to their proprietary products. This would introduce a lot of the “bloat” that made MySQL so popular in the first place. I think we’d see more nimble forks appear in no time. Not a great strategy.

Then there’s the philosophical differential. The one thing that’s evident from my work with Joomla, and my observation of other solutions in the same space, is that success in open source is all about building a strong collaborative culture around the product. While this isn’t incompatible with running a profitable business, it is incompatible with the traditional “destroy the competition” approach. On the surface, capitalism in open source is not going to mix well with the capitalism as warfare.

Then there’s the culture clash of Alpha Geek versus Alpha Capitalist. For a good example of this we need look no further than a blog post from Michael Widenius. He writes “Mr. Ellison, you are undoubtedly a master tactician. However, thinking two moves ahead in the open source world is not good enough. You need strategy. Long term, meaningful, viable strategy. You need to think years ahead, not just to the next fiscal quarter.” There’s nothing quite like a bonehead mix of arrogance and ignorance for your first move. Anyone who thinks Oracle got to the position it’s in by purely tactical moves that look “two moves ahead” is clueless. Then the icing: Widenius closes with “I’d love to speak with you about it”. Well, consider condescending to picking up the phone, buddy. If you think Larry’s going to read your blog and give you a call, you might consider getting back onto your meds (or off of them, either way a state change is in order).

Beyond Strategy, what About Mission?

If you take a step back and look at the mission behind Oracle’s numerous strategic moves over the years, you see their overarching mission: destroy Microsoft.

What’s most interesting about this is that this ethos is also deeply ingrained in the thinking of many open source developers. It’s a small step from “freedom from proprietary software” to “freedom from Microsoft” because Microsoft is the biggest, most obvious first target.

So there is a possibility that despite the cultural differential, Oracle may be viewing open source as a strategic weapon. It’s also worth noting that along with Sun, Oracle gets the services of Johnathan Schwartz, who has demonstrated a crystal clear understanding of the open source model. As Mitchell Ashley notes in “Converging on Microsoft”, Oracle is now in a good position to strike at Microsoft at a time of relative weakness.

If Ashley is right, Larry Ellison will become an active evangelist for open source, using Oracle’s position to drive at the core of Microsoft’s space. I’m sceptical of this. I don’t think the enterprise world is ready to accept the idea of mission critical applications as open source, and I don’t think Oracle’s enterprise business is served well by this just yet. That won’t slow Oracle down one bit. Johnathan Schwartz can become Oracle’s open source advocate, speaking for that part of the business. Open source is walking its way up from the bottom, from compilers to operating systems, through servers and databases. At each stage it takes a little time to gain credibility and foothold, but the value proposition is compelling. If Oracle backs MySQL and proves that it is a viable solution in Oracle’s original space, then it not only helps them advance their mission, it helps advance open source.


Either way MySQL – or at least the code that is currently MySQL – is going to come through this just fine. That’s the GPL in action: it’s simply not possible acquire and kill good code.

I think we’re going to see the third scenario. Oracle’s support of Sun’s open source technologies will be strong and unconditional. But this support won’t extend to their enterprise applications. Not until the market is ready.

Whether I’m right or wrong, we’ll see something happen quickly, within two quarters of the closing of the acquisition.

On the Enforcability of the GPL

A comment from my last post asked me to back up the claim that settlements have lent weight to the validity of the GPL. I got some feedback from a friend and did a little research of my own and here’s a summary of the stuff that’s easy to find.

The developers of Busybox have been busy indeed:
March 6, 2008 BusyBox Developers and High-Gain Antennas Agree to Dismiss GPL Lawsuit
March 17, 2008 BusyBox Developers Agree To End GPL Lawsuit Against Verizon
July 23, 2008 BusyBox Developers and Supermicro Agree to End GPL Lawsuit
October 6, 2008 BusyBox Developers Settle Case With Extreme Networks

The GPL Linux Kernel has been defended in a European court verdict.

Many other successful settlements in favour of the GPL are available at

Groklaw’s article “A GPL Win in Michigan” discusses how the US courts have found the GPL enforceable.

Sun Microsystems gets the GPL, even if it doesn’t suit them. in a CNET article from 2005, Jonathan Schwartz is quoted as not liking the GPL because of “the GPL provision that says source code may be mixed with other code only if the other code also is governed by the GPL”. Sun’s rather formidable legal team gets it: you can’t mix non-GPL code with GPL code and still comply with the GPL.

This is just the beginning. The SFLC has launched a suit against Cisco on behalf of the FSF. SCO descends further into bad joke status by attacking the GPL, with IBM on the other side. Any bets on who will take that one?

On the flip side, there’s nothing I could find where a challenge to the GPL was successful.

More Controversy: the Joomla Extensions Directory (JED) and the GPL

Back in June of 2007, the Joomla project generated a community firestorm by announcing that, based on legal opinion, it felt that all Joomla extensions were required to be released under the GPL and that it would start to encourage third party developers to comply with that interpretation.

Detractors tried to paint this as some sort of policy decision. Somehow they never quite grasped what was being said, so I think it bears being repeated. Open Source Matters, Inc. (OSM), the non-profit charged with protecting the interests of the project, sought and obtained an opinion from legal experts well qualified in this area. Their opinion was specific, clear, and — this is critically important — while not based on precedent set by court decision, was based on several lawsuits that were settled just before going to court.

This needs some elaboration to make it as clear as possible: businesses who thought that this interpretation of the GPL was wrong, and who distributed proprietary attachments to GPL products, backed down when faced with going to trial. In my opinion, the only reason why a commercial enterprise would elect to settle a case of this nature just before going to trial is because they knew that they were likely to lose. When several suits get settled this way, all in favour of the GPL, they begin to carry significant legal weight.

So OSM had two choices: communicate the requirement that extensions be GPL or adopt another license. Considering that Joomla formed as a direct result of the actions individuals who believed in the GPL, there was really only one alternative.

Free Software — as defined by the GPL — may embrace open source, but it is not the same as open source. It is designed to give users rights and freedoms that go well beyond access to the code. For developers the interpretation is simple: get on board or use code that has a different license, period.

At the time of the GPL announcement, I had decided that Joomla was the best CMS for my web development business. I had just begun to get involved with the project, and had at best contributed a patch or two. As a small business, source code is our biggest asset and I will admit I had some concerns about giving up the ability to protect that asset. But at the same time I am not so hypocritical that I think somehow we have the right to protect our code, while using hundreds of thousands of lines of code written by others without compensation.

A few days ago, the project announced that the Joomla Extensions Directory was only going to list extensions released under the GPL (JED to be GPL Only by July 2009). Predictably, this has created another round of controversy.

The difference here is that while the original position was based on legal opinion, this decision is more one of policy. The project is choosing to not promote extensions that violate the terms of the GPL.

When the first announcement was made, my Joomla involvement had just begun. Now, I’m one of the more active members of the project and part of the Development Team. While not part of the Core Team or OSM Board, which are the bodies responsible for the governance of the project, I have made some significant contributions. Every time someone downloads and installs Joomla, they benefit in some small part from my work.

It is in this context that I’m going to respond to several reactions to the JED announcement:

Joomla needs commercial extensions in order to survive and gain acceptance from business customers.
  1. Similar dire claims of the project’s demise were made when the GPL compliance announcement was made. Not only have they not come true, Joomla is more active and vibrant now than it has ever been, so FUD to that.
  2. The vast majority of extensions are already GPL, including some of the best extensions for 1.5.
  3. I successfully use the argument that the GPL protects a business from the failure of a small development shop without introducing new risks. Any business that backs away from GPL software as a user simply hasn’t been sold to properly.
I can’t make money if my extension is GPL.
  • Leaving aside the fact that there are many companies that disprove this, anyone making this argument is saying that they can’t make money without ripping me off! Start paying me and others for our contribution to your success and then I might be slightly sympathetic.
  • Maybe we need an alternative licensing model. Pay OSM US$50,000 to $100,000 for a Non-GPL Joomla site license and feel free to install as many commercial extensions as you like. Don’t install one single third party GPL extension without paying them, though!
  • Find an extensible commercial CMS and go write proprietary code for it. If your business is capable of paying for the development licenses and the training and certification courses you’ll need to get started, then you might in fact have a viable proprietary software company. If not, stop whining.
  • If you’re that great, you don’t need Joomla. Go write your own CMS.
Policy makers in the Joomla project are out-of-touch idiots and something should be done!
  • Fork it. Go on, I dare you. Everybody who is currently working on the code base understands and supports the GPL. The people who didn’t left shortly after the 2007 announcement. If you like the code, but don’t like the policies, go do it your way.
  • Personally, I think people who think they can get fair value for their work without also giving the project similar value (say, based on revenue per line of code) have ethical problems. So not only do you want to rip off the users who buy your extensions by denying them their legal rights under the GPL, but you want the Joomla project to help you do that. Good luck.
  • The site (running Joomla 1.0 (snicker) way to innovate, guys) offers proprietary extensions. This site is sponsored by the “Joint Commercial Developers Association” (, comprised mostly of people who found Joomla’s GPL interpretation unacceptable. In a year or two, we’ll be able to measure the success of this extension site by comparing it with the JED. Should be good for a laugh or two. Take a look at the frantic activity on for a peek at the future. The word joint comes to mind, but not in the context of a collective effort.
Someone will fork my code and release a better version three weeks later.
  • If your business model is predicated on code that’s so weak that someone can make significant improvements on it in three weeks, and that someone isn’t you, then maybe you should consider either a different business model or another career.
  • Let’s make it very clear: the GPL makes it difficult to earn a living by flaunting mediocre code without some other kind of value add. If you can’t come up with a proposition to add value, consider another business. Really. It’s just not going to work.

From my viewpoint, a great part of Joomla’s success has been as a direct result of its commitment to empower the end user via the GPL. Moreover, the principles of the GPL have attracted much of the talent that the project currently has. I see companies that don’t embrace these values but who continue to earn a living thanks to the project as nothing more than parasites. I’m certain that once the leeches have been pried from the JED, it will grow more quickly and become more vibrant than ever before. Time will tell.

Simplifying Joomla Template Layouts

Since the early days of Joomla 1.5, component layouts have bothered me. First there’s the problematic nomenclature (which I’m probably using incorrectly). Layouts are component-specific snippets of HTML and PHP logic that generate the actual code (usually HTML) that goes to the target device. A template can override the default layout, which is just one of the many powerful features that give Joomla sites so much flexibility.

My biggest problem with layouts is that they typically embed too much logic. Why should a layout be determining what to do if a category description isn’t present? Worse yet, why does it have to check access to see if an article body should be displayed or not? Surely the actual view should be responsible for this sort of thing, and the layout should be strictly concerned with how to present the information that’s available.

The other problem is that layouts are ugly beasts. Most layouts need to flip between HTML and PHP dozens of times, just to do the most simple thing.

I’m not exactly a patient person. Maintaining the existing layout code in the Joomla core components is bothersome enough, but recently I started doing extensive work on a third party component, adding my own view in the process. That’s when that familiar snapping sound resonated in my head. Always a sucker for diversions, I decided to follow the tangent and see if I could improve Joomla layouts.

It took about triple the expected effort, largely because the initial results were pretty exciting, and I decided to do more than a hack job. The result is JTML, and the results are described in the white paper Simplifying Joomla Template Layouts.

Every once in a while, the idea of creating a simple language for creating Joomla extensions comes up, but that is a very big job indeed, and there are many, many other things to do in the project. So it remains a bit of a dream. I’m hoping JTML is one small step in that direction.

How to: Ubuntu PHP Remove Suhosin

One of my projects for the “holidays” is moving one of my servers from Gentoo to Ubuntu. During planning for this, I noticed that the Ubuntu version of PHP5 includes Suhosin. That’s a problem.

The problem with Suhosin is that it’s designed to stop sloppy applications from doing bad things. I’m sure it does a reasonable job of that, but in the process it can interfere with good applications (see examples for Joomla). Since I’m in the business of writing good applications, Suhosin is a bad idea. Worse yet, it can provide a false sense of security, since it can’t deal with anything except typical PHP errors. As far as I’m concerned, this class of “security blanket” provides false comfort and is no replacement for auditing and testing.