Help Derek Allard with his open source licensing concerns

fuzzy copyright

My friend Derek Allard, of CodeIgniter fame, is concerned about the GPL licensing he chose for his open-source web application BambooInvoice:

Around February of this year, a CodeIgniter user contacted me privately to point out that someone was re-distributing BambooInvoice as their own work. I’m not going to use any names or URLs (no point in adding any publicity to them), but they essentially called it “their business”-Invoice. So they offered it for download under a different name, and claimed it was their invoicing software. They offered a “demo” (identical in every way to Bamboo) and it was apparent to me that all they really did was a giant search and replace of the word “Bamboo” with “their business”. No credit to me. No mention of Bamboo, no CodeIgniter license (that was visible), nothing - just a wholesale search and replace.

Derek has clearly thought about this issue a lot, but I bet he could use some sage advice from people who have been through similar situations. If you have, please consider reading his post and offering some input. Derek’s given a lot to the OSS community via CodeIgniter, and I think we should help him out here.

  • Derek Allard
    http://www.derekallard.com
    10/12/2007 02:46:54 PM

    Thanks Ed. Appreciate the added thoughts. I’ve gotten lots of feedback, mostly very helpful - but it is a tough choice…

  • Daniel Errante
    http://bizwidgets.biz/blog/
    10/13/2007 01:02:04 PM

    The only bad thing about PHP is it’s not compiled…Of course we can learn a lot more from having open source applications, but commercially this is a concern for companies that develop web applications to make money!

  • funkatron
    http://funkatron.com
    10/13/2007 02:28:28 PM

    @Daniel: There are PHP “encoders” that compile the PHP to bytecode and allow for redistribution of the result. IonCube and Zend Encoder are a couple products that do this.

  • Daniel Errante
    http://bizwidgets.biz/blog/
    10/13/2007 03:47:38 PM

    I looked into ioncube and zend encoder. they seem like expensive options. are there any alternatives that are under $100, or maybe even free?

  • funkatron
    http://funkatron.com
    10/13/2007 05:27:44 PM

    @Daniel: PHPShield is $75, but I can’t say anything about the quality of the product. If price is a major issue, you might look at an obfuscator instead of an encoder, or rethink whether blocking access to source is something you want to do. Personally, I would never purchase a web app that didn’t give me source access.

  • Daniel Errante
    http://bizwidgets.biz/blog/
    10/13/2007 05:32:36 PM

    I don’t know if this is the best place to talk about all of this, but as long as we are I have a few more questions then!

    I like open source because I usually like to customize an application to what I need it to do, but if my company’s purpose is to deliver ‘boxed’ web solutions such as an e-commerce package: 1. What’s stopping someone from buying the software once and redistributing it like the BambooInvoice software. 2. What is the best way to keep track of people using your software, in case they purchase one license but use the software on more than one domain name?

  • funkatron
    http://funkatron.com
    10/13/2007 05:57:14 PM

    @Daniel,

    I can give a couple opinions, but I’m not an expert on the issue of selling open-source software. Mind if I make a blog post out of it?

  • Daniel Errante
    http://bizwidgets.biz/blog/
    10/13/2007 06:01:23 PM

    Sure, I will keep researching and look forward to your new article :)

  • Alex Vargas
    http://www.a--optic.com
    10/16/2007 10:40:02 PM

    Daniel Errante, Open-source can be used to leverage a well defined and constructed business. What I think you have overlooked is that hiding code only stops people for a short time. Any software can be reversed engineered, eventually. A good business can adapt quickly before some competitor will put them out of business. Open Source like the GPL can help in many ways like TiVO, they use the linux kernel and repurpose it. With many programming hours and the proper hardware one could recreate that and sell it (those who have see the technical side not the business side of ow to get clients and distribute the product, but that is beside the point). In the case of BambooInvoice (way different case) , I think he should prosecute the company for stealing not repurposing his code. Making a business of more than 80% that was not developed or planned from that company is downright stealing!

  • Daniel Errante
    http://bizwidgets.biz/blog/
    10/16/2007 10:48:55 PM

    I am hesitant to encrypt my code first because it seems costly and second, I agree that the code can be broken. Apple spent a long time locking down the iPhone only to have hackers break in two months later. It seems like a wasted effort, however with PHP, I can’t tell if someone is using my code, selling it or re-writing it. I would just like to know! At least Apple knows when they are breaking in to the phone. They are actually profiting more from the hacker’s purchase of the iPhone!

  • Derek Allard
    http://www.derekallard.com
    10/16/2007 11:48:31 PM

    Just to be clear, my goal is NOT to prevent people from seeing code, customizing, or using BambooInvoice… my concern mostly was that they could take the work, and essentially claim it as their own. When I saw it I thought “darn, what actual recourse do I have here… doesn’t look like they’ve broken the GPL I distributed BI under”. So really, I just want something that explicitly says “hey, modify to your hearts content, but no pretending this work is your work”.

  • Tarique Sani
    http://sanisoft.com/blog/author/tariquesani/
    10/20/2007 08:06:17 AM

    As far as my understanding goes Copyright notices cannot be removed under GPL - removing them is a violation of GPL itself - and even if I am wrong there Section 7b of GPL V3 allows you to place additional terms which require preservation of any reasonable legal notices or author attributions.

    for further reference I guess you can also contact http://gpl-violations.org/

    HTH