More Controversy: the Joomla Extensions Directory (JED) and the GPL

Back in June of 2007, the Joomla project generated a community firestorm by announcing that, based on legal opinion, it felt that all Joomla extensions were required to be released under the GPL and that it would start to encourage third party developers to comply with that interpretation.

Detractors tried to paint this as some sort of policy decision. Somehow they never quite grasped what was being said, so I think it bears being repeated. Open Source Matters, Inc. (OSM), the non-profit charged with protecting the interests of the project, sought and obtained an opinion from legal experts well qualified in this area. Their opinion was specific, clear, and — this is critically important — while not based on precedent set by court decision, was based on several lawsuits that were settled just before going to court.

This needs some elaboration to make it as clear as possible: businesses who thought that this interpretation of the GPL was wrong, and who distributed proprietary attachments to GPL products, backed down when faced with going to trial. In my opinion, the only reason why a commercial enterprise would elect to settle a case of this nature just before going to trial is because they knew that they were likely to lose. When several suits get settled this way, all in favour of the GPL, they begin to carry significant legal weight.

So OSM had two choices: communicate the requirement that extensions be GPL or adopt another license. Considering that Joomla formed as a direct result of the actions individuals who believed in the GPL, there was really only one alternative.

Free Software — as defined by the GPL — may embrace open source, but it is not the same as open source. It is designed to give users rights and freedoms that go well beyond access to the code. For developers the interpretation is simple: get on board or use code that has a different license, period.

At the time of the GPL announcement, I had decided that Joomla was the best CMS for my web development business. I had just begun to get involved with the project, and had at best contributed a patch or two. As a small business, source code is our biggest asset and I will admit I had some concerns about giving up the ability to protect that asset. But at the same time I am not so hypocritical that I think somehow we have the right to protect our code, while using hundreds of thousands of lines of code written by others without compensation.

A few days ago, the project announced that the Joomla Extensions Directory was only going to list extensions released under the GPL (JED to be GPL Only by July 2009). Predictably, this has created another round of controversy.

The difference here is that while the original position was based on legal opinion, this decision is more one of policy. The project is choosing to not promote extensions that violate the terms of the GPL.

When the first announcement was made, my Joomla involvement had just begun. Now, I’m one of the more active members of the project and part of the Development Team. While not part of the Core Team or OSM Board, which are the bodies responsible for the governance of the project, I have made some significant contributions. Every time someone downloads and installs Joomla, they benefit in some small part from my work.

It is in this context that I’m going to respond to several reactions to the JED announcement:

ReactionResponse
Joomla needs commercial extensions in order to survive and gain acceptance from business customers.
  1. Similar dire claims of the project’s demise were made when the GPL compliance announcement was made. Not only have they not come true, Joomla is more active and vibrant now than it has ever been, so FUD to that.
  2. The vast majority of extensions are already GPL, including some of the best extensions for 1.5.
  3. I successfully use the argument that the GPL protects a business from the failure of a small development shop without introducing new risks. Any business that backs away from GPL software as a user simply hasn’t been sold to properly.
I can’t make money if my extension is GPL.
  • Leaving aside the fact that there are many companies that disprove this, anyone making this argument is saying that they can’t make money without ripping me off! Start paying me and others for our contribution to your success and then I might be slightly sympathetic.
  • Maybe we need an alternative licensing model. Pay OSM US$50,000 to $100,000 for a Non-GPL Joomla site license and feel free to install as many commercial extensions as you like. Don’t install one single third party GPL extension without paying them, though!
  • Find an extensible commercial CMS and go write proprietary code for it. If your business is capable of paying for the development licenses and the training and certification courses you’ll need to get started, then you might in fact have a viable proprietary software company. If not, stop whining.
  • If you’re that great, you don’t need Joomla. Go write your own CMS.
Policy makers in the Joomla project are out-of-touch idiots and something should be done!
  • Fork it. Go on, I dare you. Everybody who is currently working on the code base understands and supports the GPL. The people who didn’t left shortly after the 2007 announcement. If you like the code, but don’t like the policies, go do it your way.
  • Personally, I think people who think they can get fair value for their work without also giving the project similar value (say, based on revenue per line of code) have ethical problems. So not only do you want to rip off the users who buy your extensions by denying them their legal rights under the GPL, but you want the Joomla project to help you do that. Good luck.
  • The site www.extensionprofessionals.com (running Joomla 1.0 (snicker) way to innovate, guys) offers proprietary extensions. This site is sponsored by the “Joint Commercial Developers Association” (jcd-a.org), comprised mostly of people who found Joomla’s GPL interpretation unacceptable. In a year or two, we’ll be able to measure the success of this extension site by comparing it with the JED. Should be good for a laugh or two. Take a look at the frantic activity on jcd-a.org for a peek at the future. The word joint comes to mind, but not in the context of a collective effort.
Someone will fork my code and release a better version three weeks later.
  • If your business model is predicated on code that’s so weak that someone can make significant improvements on it in three weeks, and that someone isn’t you, then maybe you should consider either a different business model or another career.
  • Let’s make it very clear: the GPL makes it difficult to earn a living by flaunting mediocre code without some other kind of value add. If you can’t come up with a proposition to add value, consider another business. Really. It’s just not going to work.

From my viewpoint, a great part of Joomla’s success has been as a direct result of its commitment to empower the end user via the GPL. Moreover, the principles of the GPL have attracted much of the talent that the project currently has. I see companies that don’t embrace these values but who continue to earn a living thanks to the project as nothing more than parasites. I’m certain that once the leeches have been pried from the JED, it will grow more quickly and become more vibrant than ever before. Time will tell.

Simplifying Joomla Template Layouts

Since the early days of Joomla 1.5, component layouts have bothered me. First there’s the problematic nomenclature (which I’m probably using incorrectly). Layouts are component-specific snippets of HTML and PHP logic that generate the actual code (usually HTML) that goes to the target device. A template can override the default layout, which is just one of the many powerful features that give Joomla sites so much flexibility.

My biggest problem with layouts is that they typically embed too much logic. Why should a layout be determining what to do if a category description isn’t present? Worse yet, why does it have to check access to see if an article body should be displayed or not? Surely the actual view should be responsible for this sort of thing, and the layout should be strictly concerned with how to present the information that’s available.

The other problem is that layouts are ugly beasts. Most layouts need to flip between HTML and PHP dozens of times, just to do the most simple thing.

I’m not exactly a patient person. Maintaining the existing layout code in the Joomla core components is bothersome enough, but recently I started doing extensive work on a third party component, adding my own view in the process. That’s when that familiar snapping sound resonated in my head. Always a sucker for diversions, I decided to follow the tangent and see if I could improve Joomla layouts.

It took about triple the expected effort, largely because the initial results were pretty exciting, and I decided to do more than a hack job. The result is JTML, and the results are described in the white paper Simplifying Joomla Template Layouts.

Every once in a while, the idea of creating a simple language for creating Joomla extensions comes up, but that is a very big job indeed, and there are many, many other things to do in the project. So it remains a bit of a dream. I’m hoping JTML is one small step in that direction.

How to: Ubuntu PHP Remove Suhosin

One of my projects for the “holidays” is moving one of my servers from Gentoo to Ubuntu. During planning for this, I noticed that the Ubuntu version of PHP5 includes Suhosin. That’s a problem.

The problem with Suhosin is that it’s designed to stop sloppy applications from doing bad things. I’m sure it does a reasonable job of that, but in the process it can interfere with good applications (see examples for Joomla). Since I’m in the business of writing good applications, Suhosin is a bad idea. Worse yet, it can provide a false sense of security, since it can’t deal with anything except typical PHP errors. As far as I’m concerned, this class of “security blanket” provides false comfort and is no replacement for auditing and testing.
(more…)

Joomla 1.5.8 is… is what??

Shortly after the release of “Joomla!” 1.5.8, I found myself in this release announcement on techcebu.net. It appears to be a bad case of double-translation, from English to Italian (or perhaps Hebrew) and back to English again. The text was just too hilarious to not repost.

11Nov JOOMLA 1.5.8 RELEASED

Joomla 1.5.8 Released

The Joomla Project is entertained to foretell the unmediated availability of Joomla 1.5.8 [Wohnaiki]. This promulgation contains a sort of fault fixes and digit moderate-level section fixes. It has been around digit months since Joomla 1.5.7 was liberated on Sept 9, 2008. The Development Working Group™s content is to move to wage regular, regular updates to the Joomla community.
Download
Click here to download Joomla 1.5.8 (Full package) »
Click here to encounter an update package. »

Instructions

* New installation and technical requirements
* Upgrade from an existing Joomla 1.5 version
* Migration from Joomla! 1.0.x

Want to effort intend Joomla? Try the online demo. Documentation is acquirable for beginners.
Release Notes

Check the Joomla 1.5.8 Post-Release Notes to wager if there are essential items and adjuvant hints unconcealed after the release.

View instance release notes for Joomla 1.5.7 or release notes for Joomla 1.5.6.
Security

* Two moderate-level section issues were immobile in this release:
o Default filtering for content
o Filtering for Web Link descriptions

For additional information, visit the Joomla Security Center.
Components

* Articles: Remove brackets around Last Updated fellow and time, Start Publishing fellow corrections for another than UT1 00:00, impact counts precise for Articles, adding a expanse after a draped telecommunicate address
* E-mail addresses: Correctly draped when presented in Section and Category descriptions
* Categories: Edit picture aright shows for Articles without Title links, Print picture precise today on prototypal tender for Blog Layout
*
Sections: Plural and signifier modify correction, Category unification right ended, Router changes reverted to edition 1.5.6 so Article ID does not attach to the Article slug
* Frontpage: Article naming correction, rectified sort of Links
* Contacts: Image pass rebuke when Image Directory is configured
* RSS Feed: Corrected spelling of Category in Category feed
* User: Added isInternal checking on referer values
* Weblinks: Language strings

Modules

*
Feed: Target concept validation, module progress correction
* Login: ItemID is cured on redirect
* Menu: Changing Menu Link Type today functions properly, Section Language string, Article Reset fix working
* Related Items: Keyword matched functions aright and filters characters appropriately
* Stats: Corrected Time
* Sections: No dominance constant entireness correctly
* Search: Form validates aright for Transitional xHTML

Legacy

* Return evidence additional for Legacy Menu Check

Templates

* Beez: Lengthened E-mail Content Popup, Search fix today entireness when pressed, countersign set entireness correctly, corrections to Beez HTML folders, User info tender corrected
* JA_Purity: Added absent module strings

Administrator

* Console: Added “Welcome to Joomla!” aggregation and Joomla Security RSS feeds to Administrator Console
* Installation: Proper redaction of factor directories, choice entries for Templates and Languages are today precise for uninstall
* Media Manager: Changed choice for newborn sites to alter Flash multi-file uploader cod to contradictoriness with Flash 10
* Installation: Remove unclear nonachievement communication most module files for spreading installations, Administrator Modules today aright uninstall INI files
* Sample data: Updated programme feeds to saucer to liberated code accord sites, comprehensive corrections and updates to distribution content

System

* API: JFolder::files and JFolder::folders corrections for Search, absent Method additional to JRecordSet, Database Class aright quotes obloquy not using extend notation, JTableUser matches using the precise sort of fields
* Cache: Correct undefinable uncertain in Cache Class
* Language file: Corrected wording, precise artefact of PDF fonts autarkical of module choices, individual module progress corrections in en-GB.ini
* Menu: Performance improvements for sites with some schedule items
* Users: Temporary Users are today healthy to logout, bonded prescript crapper today be utilised when redaction statement details
* Added PHP 4 sympathy for isInternal checking

Statistics

Statistics for the 1.5.8 promulgation period:

* Joomla 1.5.8 contains:
o 71 issues immobile in SVN
o 26 commits
* Tracker state resulted in a gain modification of 4 astir issues:
o 65 newborn reports
o 130 closed
o 66 immobile in SVN
* At the instance the 1.5.8 promulgation was packaged, the tracker had 114 astir issues:
o 44 open
o 44 confirmed
o 24 pending

Joomla! Bug Squad

Thanks to the Joomla Bug Squad for their sacred efforts work reports, sterilisation problems, and applying patches to Joomla. If you encounter a fault with Joomla, find discover more aggregation here on how to inform the bug.

Active members of the Joomla Bug Squad during this terminal promulgation wheel include: Ian MacLennan and Mark Dexter co-leads; Airton Torres, river Zijlstra, Akarawuth Tamrareang, Alan Langford, suffragist Ferrara, Amy Stephen, saint Eddie, Elin Waring, Ercan Ozkaya, Charl camper Niekerk, Gergo Erdosi, Hannes Papenberg, Jennifer Marriott, Jens-Christian Skibakk, Jonah Braun, carpenter LeBlanc, Kevin Devine, Marijke Stuivenberg, Mati Kochen, Mickael Maison, Robin Muilwijk, prophet Moffatt, Shantanu Bala, Toby Patterson, and Wilco Jansen.

A hearty recognize to the newest members of the Joomla Bug Squad: Dan Walker, Eduardo Diaz, and Tibor Toth.

“IBM May Quit Technology Standards Bodies” WSJ Screams

Some days I wonder about the entire field of journalism. The quoted phrase above is from an article headline in the Wall Street Journal (September 23, 2008, they don’t deserve an actual link). The headline is not inaccurate, but it is close to the most ludicrously sensational interpretation of the facts that is possible.

This is what the actual IBM press release has to say on the point: “The tenets of IBM’s new policy are to: Begin or end participation in standards bodies based on the quality and openness of their processes, membership rules, and intellectual property policies.”

Thus an equally useless headline might be “IBM May Join Technology Standards Bodies.” I thought Journalism was supposed to add value for the reader, but it seems that even for otherwise reputable organizations, it’s really all about sensational headlines that add value to the advertising department. “Reputable” in this context is now officially meaningless. Sad.

I’ve noticed a lot of general criticism of standards processes over the past few weeks, and I think this release from IBM is largely responsible for firing up the discussion. For the most part, the criticism is justified. It seems that standards processes are either needlessly academic and somewhat out of touch with reality, or deeply buried in corporate politics and patent complications, which has a tendency to result in crappy standards. IBM’s policy release sort of touches on this with another tenet: “Collaborate with standards bodies and developer communities to ensure that open software interoperability standards are freely available and implementable.” The problem with this is that IBM seems to want to set itself up as some benign intermediary between the standards process and the people who need to use the standards. Call me silly, but it seems more appropriate that the developer communities should be an integral part of the standards process, not some second-hand “collaborative resource”.

The essence of the problem is funding. Participation in the standards process isn’t cheap. Not only does membership cost, but participants typically absorb the costs of time, travel, and communications. Standards bodies need a funding model that ensures accessibility based on merit and relevance, rather than dollars. I don’t know what that model is, but is can’t be based on revenue from selling standards documents, either. The prospect of having to pay real money in order to ensure compliance with a standard is, in most cases, equally ridiculous and stupid.

In Search of an Application Framework: PHP GTK Python XULRunner

Lately I’ve been thinking about starting yet another project. This one needs a rich GUI that runs as a thin client, as well as more limited support for a web browser (or so I thought initially). I’ve gone through a bit of an eye-opening exercise while looking at the implementation, and I thought I’d record the line of exploration just in case someone else is looking at the same sort of problem. Maybe this will save a little time.

The original idea was to replace an interesting but quirky application that will remain nameless. It’s a fairly large project that implements its own thin client. As I started looking at it, I realized that a lot of what it does is more related to providing the application framework than the application itself. Sometimes I still suffer from the closed-source way of thinking, and I soon began listing requirements for my own framework. A few minutes into defining my XML markup for laying out simple interfaces, I remembered that there is already a pretty good standard for that: XUL.

At the time I was thinking of using GTK+ for the GUI. I’ve grown somewhat fond of various GTK+ applications that I’ve installed over the years. These applications have offered nice rich interfaces and have been pretty reliable. A lot of them are written in Python, and the bridge between GTK+ and Python, >PyGTK seems stable and well documented. On the other hand, Python is a little quirky and at this point I can churn out PHP code faster than anything else, perhaps PHP-GTK is the way to go.

The search is for something that lets me bridge XUL and GTK, be it in PHP or Python. This leads me to Gul, a fairly complete implementation of XUL for PHP-GTK.

Let’s try adding the GTK to PHP. I go to the PHP-GTK site and try to figure out whether to download the binary package or the binary extensions package, read confusing and incomplete install notes, search about a bit, and as best I can tell, the easiest way to run PHP-GTK on Windows is to install a complete copy of PHP with the GTK extensions. This truly fails the cross-platform and easy-to-install tests — I can manage it, but an end user? No way. Then I take a look at Gul 2.0: lots of procedural code that relies on passing things through obscure globals with two characters. Next!

On to Python. Searches for XUL and Python lead, at best, to half-developed projects dating from 2004. Not good. Now the thinking is that maybe a fairly basic XUL module for Python won’t be that much work. I look more deeply into XUL. Obviously, it’s pretty capable, after all it’s the base for Firefox and Thunderbird. But this makes the scope of a full implementation quite a lot bigger than I’d like.

Maybe there’s something in XULRunner. Wow. It doesn’t take much looking around to realize that XULRunner is pretty compelling. It’s obviously got the GUI with a full XUL implementation. It’s got scripting in Javascript, Python, even Java. It has network interfaces and support for XML-RPC and SOAP. It’s extensible: all the features that make it easy to plug extensions into Firefox are part of XULRunner. It’s got localization and custom skins. It’s got an integrated web browser. That’s about 90% of the core requirements and several bonuses right there.

Now the kicker: if you have Firefox 3.x installed, then you have XULRunner installed. Firefox knows how to do its own updates, which means the framework updates seamlessly too. Perfect.

So that’s it. Forget GTK+, nice as it is. XULRunner is a fantastic way to do GUI application development.

Now all I need is a good way to map objects back to a relational database…