Against DIY Licensing

Because my FOSS1 work is mostly WordPress these days, my baseline is the GPL. GPL is far from the only license out there, but — and this is the key point here — it’s widely used and (at least more or less) understood.

The GPL comes with a provision that derived works must also be GPL-licensed2, so I spend a certain amount of time hunting down whether some bit of code I want to use can legally be incorporated into such a project. And we do the same thing when reviewing themes: everything that goes in the repository has to be GPL-compatible, so all those nice textures and icons and webfonts that can really make a theme stand out have to be compatible as well.

Note: Compatible.

Not everything in the open-source universe has to be, or should be GPL. But everything that goes into a GPL project has to play well with the GPL.

There are wide swaths of the open-source world for which GPL is too restrictive, and people working in those areas tend to go for permissive licenses like BSD or MIT, or release their work into the public domain outright. And that’s awesome. For some kinds of projects, it’s way more appropriate than a restrictive license. If what you’re releasing is the code equivalent of infrastructure, it will not be useful, and will not spread, with a lot of restrictions on how it can be distributed. Permissive licenses are great for libraries, glue, shims, resets, and all that magic stuff.

Creative Commons – for content, not software – is absolutely one of the more brilliant ideas ever to come along. But remember, there are at least half a dozen such licenses, and they range from totally free, no rights reserved, no restrictions of any kind at all, all the way up to You Can’t Touch This3.  Occasionally people pop up in the theme review mailing list or IRC channel and ask “is a CC license okay”; much more often, people put things out there that just say “CC licensed”, which isn’t properly licensed at all. If anyone’s going to use the stuff, we need to know which rights you’re actually licensing.

Free-as-in-speech fonts finally seem to be standardizing more and more on the SIL Open Font License, no doubt thanks to the runaway success of Google Webfonts; the move to standardization makes things nice and easy. It’s also a nice license: quite permissive and GPL-compatible, and designed for the way fonts are actually built and used.

Notice that the above licenses are really far apart in what they allow, and (free software being chock full o’ free software people as it is) we occasionally have full-scale wars about which one is better. But also notice one similarity: they’re all well-known, widely used, documented. They’re suited to particular purposes: If you want your code used absolutely everywhere without any barriers, use a permissive license; if you want to spread the free software gospel, copyleft. The common licenses are standards, in a way. I know without having to put my project aside for a side trip to the local law library that I can incorporate MIT-licensed code in a GPL project, and also that I can’t do the same if I’m going the other direction. I know that I can package up a theme with a CC-0 photo, but not with one that’s CC-BY-NC-ND.

And ultimately, I don’t care all that much which one you choose — I’ll give you the benefit of the doubt and assume that you chose the path you did for reasons that you knew and fully understood at the time. I just want you to choose a path that allows me to understand how I can and can’t use this thing.

But instead, I keep seeing handmade and non-standard things like4 :

- you can freely use it
- you can freely distribute sourcecode
- you can freely modify it as long as you leave my copyright/author info in source code
- if you developing closesource application, you should add my name at least to “about” page of your web application
- if you create an amazing modification, please contact me… I can publish link to your webpage if you’re interested…
- if you want to use my script in commercial application for earning money, you should make a donation to me first

Or5 this one:

- All themes are free to use as long as you leave the credits links unchanged in footer.
- You cannot claim our themes or modifications of these themes as yours.
- You cannot modify our themes and distribute them on your website.
- You cannot sell our themes for others.
- We does not allow you to use our themes for websites or individuals that participate in warez, hacking, cracking, malicious computer crime or fraud, or any other material or activity that is illegal.
- We does not allow you to use our themes for websites or individuals that participate in porn, gambling, poker, insurance, forex….

And here’s the thing. After seeing untold dozens of such licenses, I don’t even bother to study them and puzzle out if they’re maybe possibly compatible any more. If the developers actually wanted their stuff to be used, they would’ve made it so, and saved themselves a lot of time thinking about exactly which page a linkback needs to be on, or what list of industries they find too icky. Having actually read a bunch of these, they’re never okay to use in projects or put in the repository, and in the current climate, there is always another library or another template out there. Always.

(And on a personal note, for doG’s sake, please don’t call your homegrown terms a EULA. That does not impress or inspire. It just makes me think of 50-page-long click-through legalese from Sony or iTunes.)

  1. Fuck it. I’m saying “open source” from now on. Because it’s English words. Feel free to substitute your terminology of choice.
  2. Leaving aside all connotations of good and evil, this is exactly the replication mechanism of a virus, or more precisely a meme (using the original definition). Cool!
  3. AKA No-Derivatives.
  4. Hey, pay me and I might give you a linkback!
  5. Don’t use my stuff for pr0n!

This site is going dark

Like a lot of webheads, I’m deeply concerned by the proposed bills working their way through Congress right now. As a community and an industry, we must oppose SOPA (House) and PIPA (Senate).

This site and my main business site will go dark from 8:00 am to 8:00 pm (US Eastern time) on Wednesday January 18. Client beta sites, support, and the like will not be affected. If you own a website, consider doing the same; if you’re not in a position to go dark, please voice your opposition to SOPA/PIPA in other ways. My combined page views are nothing compared to the vast empire that is I Can Has Cheezburger, but the more sites are united against the proposed laws, the greater our impact.

If you’re not in the US, please speak up anyway. Yes, these are US laws, but they’re designed to hurt the internet outside US jurisdiction: needless to say, this is one of the really reprehensible things about these laws, but it’s not the only one.

    • Ipstenu has a tutorial on how to go dark using the WordPress .maintenance file. See the note at the bottom for blacking out selected sites in a multisite installation.
    • Or use a plugin. This one will let you set your time zone and the blackout interval you want, as well as customizing the page that’s displayed.
    • If you’re already using a scheduled maintenance plugin, keep in mind that most of them will let you customize your away page — you may already have the tools you need.
    • Add a “STOP SOPA” ribbon to your site now. You can see it in action at the top of this page.

UPDATE: New resources!

UPDATE 2: For hosted sites (, Blogspot, Tumblr, etc.)

  • is a snippet that will work on most hosted blogs. Special hint for users with the 2011 theme: put this in one of the widgets in the footer, since the side widgets don’t appear on pages!

UPDATE The THIRD: It’s Tuesday Night, Time To Get Your Blackout On!

  • A nice-looking javascript solution from estelle.
  • Another WordPress plugin: Go Dark
  • And a big announcement: is joining the protest along with big players like Wikipedia, Reddit, Mozilla, and (sorta) Google!
  • users now have an option in their settings to add a ribbon or black out their sites. (From what I can tell, they appear to be based on the Stop-SOPA Ribbon and SOPA Blackout plugins mentioned above.)

“Without a plugin” considered dangerous

Like a lot of devs, I’m sadly addicted to all the many tips and how-tos and tutorials that float around in the WPverse. Some of them are utterly brilliant. A very few of them open my eyes to new ways of doing things that I couldn’t even have imagined doing the old way. But far more often, I follow a link that leads to the other kind of tuts. The ones that promise that by just copying a few lines of code, you can do magical things without needing to use any plugins at all!

There’s just one problem with this. Plugins exist for a very good reason: to add non-core functionality 1 to your site without hosing up the whole lot.

Much more importantly, a plugin is the right way to do it the great majority of the time. There’s a whole Plugin API that exists just to make it possible to hook your code to WordPress with minimal fuss! Those really cool new features you love were first tried out and gained traction as plugins! And anyway, there are really only two other choices:

  1. Edit your theme’s functions.php. This works just fine, because code in functions.php will be included just the way a plugin would be2. Except for the small fact that now you — and more importantly, your users and clients — are stuck with that theme. Wanna change themes as your mood strikes you? Or just update to a newer version? Say goodbye to all that new functionality. As one friend of mine puts it, when you repaint the bathroom, you don’t normally expect the toilet to vanish…
  2. Hack core. Congratulations, you have now fucked your site. At best, you’re now unable to upgrade WordPress (including security updates) without losing your tweaks. At worst, you’ve introduced entirely new issues: because if you’re hacking core just to add a new widget or dongle or gizmo, you probably didn’t read the code all that carefully, now did you?
To sum up:


  1. By “non-core” I don’t mean “unpopular” or “not useful” or even “not something I might need to build an entire site around”. Just… not in core.
  2. Please take this fact as a hint that a plugin is a perfectly normal and acceptable way to do things