Is this webhost vilation GPL?
August 7, 2008 1:41 PM Subscribe
Is our webhost violating the GPL? Wordpress, fees and more inside.
The company I work for has a website from which we do a fair amount of e-commerce business. We use a webhost who not only hosts the site, but handles the e-commerce end of things- It passes the orders along to OrderMotion, a web-based inventory and sales program. For the most part they're okay. They can be slow and pricey, but as long as we plan out, they're fine. Recently, we decided to add a blog to the site. Our web host quoted us a 25$ installation fee, which is fine, and then a 25$/mth fee for, uh. They don't seem to know. They'd just like to charge us 25 bucks a month for having a blog.
Now, I'm okay with the 25 dollar installation fee. WordPress is pretty easy to install and while our site architecture isn't complicated, I'd rather pay a few bucks and have someone intimately familiar with the site handle the dirty work. But the 25 dollars a month is absurd, especially for free software.
My Q is this: Does this 25 bucks a month violate the GPL WordPress is distributed under? I suppose they could claim it's a "maintenance" fee and not a fee for the platform, but I'm just looking to make an argument that might have them reconsider that monthly fee.
And, yes, I'm ready to DIY this if I have to, but getting them to allow me to add a MySQL DB is going to be like pulling hair. They're generally very, very, very slow with things.
Thanks for the heads up!
The company I work for has a website from which we do a fair amount of e-commerce business. We use a webhost who not only hosts the site, but handles the e-commerce end of things- It passes the orders along to OrderMotion, a web-based inventory and sales program. For the most part they're okay. They can be slow and pricey, but as long as we plan out, they're fine. Recently, we decided to add a blog to the site. Our web host quoted us a 25$ installation fee, which is fine, and then a 25$/mth fee for, uh. They don't seem to know. They'd just like to charge us 25 bucks a month for having a blog.
Now, I'm okay with the 25 dollar installation fee. WordPress is pretty easy to install and while our site architecture isn't complicated, I'd rather pay a few bucks and have someone intimately familiar with the site handle the dirty work. But the 25 dollars a month is absurd, especially for free software.
My Q is this: Does this 25 bucks a month violate the GPL WordPress is distributed under? I suppose they could claim it's a "maintenance" fee and not a fee for the platform, but I'm just looking to make an argument that might have them reconsider that monthly fee.
And, yes, I'm ready to DIY this if I have to, but getting them to allow me to add a MySQL DB is going to be like pulling hair. They're generally very, very, very slow with things.
Thanks for the heads up!
Is the additional $25 a month for bandwidth or mysql access?
posted by bleucube at 1:47 PM on August 7, 2008
posted by bleucube at 1:47 PM on August 7, 2008
Response by poster: No, that should be covered under our regular monthly fee. We pay about 250/mth for the whole site, that includes bandwith and a fancy front-end. Well, it's actually a bloated front-end, but it's more than just an FTP.
posted by GilloD at 1:49 PM on August 7, 2008 [1 favorite]
posted by GilloD at 1:49 PM on August 7, 2008 [1 favorite]
Response by poster: And when I quizzed them on the fee, no one mentioned a possible reason being MySQL access. Which, for 250$, I hope we'd get gratis.
posted by GilloD at 1:49 PM on August 7, 2008
posted by GilloD at 1:49 PM on August 7, 2008
AFAIK they're not violating the GPL by charging you whatever they want.
posted by the dief at 1:50 PM on August 7, 2008
posted by the dief at 1:50 PM on August 7, 2008
In a word, no. They're perfectly allowed to charge for installation as long as they abide by the terms of the licence and provide source code under the GPL.
The GPL doesn't contain anything against selling software. The Free Software Foundation used to charge a lot for tapes containing GCC, Emacs etc some years ago. Many commercial Linux vendors such as Red Hat charge for their software. The "free" is to do with freedom rather than cost.
posted by HaloMan at 1:51 PM on August 7, 2008
The GPL doesn't contain anything against selling software. The Free Software Foundation used to charge a lot for tapes containing GCC, Emacs etc some years ago. Many commercial Linux vendors such as Red Hat charge for their software. The "free" is to do with freedom rather than cost.
posted by HaloMan at 1:51 PM on August 7, 2008
Response by poster: I understand that they're allowed to charge for installation and to even charge for the software. I'm wondering about that mysterious "fee" just for having it.
posted by GilloD at 1:52 PM on August 7, 2008
posted by GilloD at 1:52 PM on August 7, 2008
Best answer: Under the terms of the GPL, your webhost can charge you a billion dollars or so to host your blog and install wordpress.
What they CAN'T do is put restrictions on what you do with the actual Wordpress code that's on the server once they do. I.E., you can take it and give it away to someone else to use somewhere, etc. But they are within their rights to put restrictions on the use of their servers or to charge so-large-they're-silly fees for hosting and installation.
posted by verb at 1:54 PM on August 7, 2008
What they CAN'T do is put restrictions on what you do with the actual Wordpress code that's on the server once they do. I.E., you can take it and give it away to someone else to use somewhere, etc. But they are within their rights to put restrictions on the use of their servers or to charge so-large-they're-silly fees for hosting and installation.
posted by verb at 1:54 PM on August 7, 2008
IANAL, and I haven't read the GPL in a long time, but I don't see how it'd be a violation. They're charging you for the service of hosting it, not trying to "sell" you the software itself.
In fact, I could make a good case for them: WordPress is fairly notorious for being a resource hog (because 95% of people don't set it up right, but I digress). In return for the potential 'added load,' then, they're charging more.
They could also argue that the $25/month is for "maintenance," as you say: perhaps monitoring for security updates?
That said, if you can try to snooker them into saying that they're charging you to use the code, not for the resources, you might have a case. (But I really doubt it would go anywhere.)
That said, "They're generally very, very, very slow with things" + arbitrary fees = spend some time shopping for a new host? I don't know busy of a site you're running, but $25/month can pay for a decent hosting package at a decent place. (And not one of those "$5 for 500 GB of disk space" oversold places, but a 'real' host.)
posted by fogster at 1:55 PM on August 7, 2008
In fact, I could make a good case for them: WordPress is fairly notorious for being a resource hog (because 95% of people don't set it up right, but I digress). In return for the potential 'added load,' then, they're charging more.
They could also argue that the $25/month is for "maintenance," as you say: perhaps monitoring for security updates?
That said, if you can try to snooker them into saying that they're charging you to use the code, not for the resources, you might have a case. (But I really doubt it would go anywhere.)
That said, "They're generally very, very, very slow with things" + arbitrary fees = spend some time shopping for a new host? I don't know busy of a site you're running, but $25/month can pay for a decent hosting package at a decent place. (And not one of those "$5 for 500 GB of disk space" oversold places, but a 'real' host.)
posted by fogster at 1:55 PM on August 7, 2008
Response by poster: Interesting. So, a sort of new Q: Provided we're paying for them to host us, is there any precedent for preventing me from DIY'ing the whole thing? I suppose it's within their rights to say, "Uh, no, we have to do it", but just looking for guidance.
We're really trying to trim costs and 25 bucks a month for a free platform with simple installation seems. Gross.
posted by GilloD at 1:57 PM on August 7, 2008
We're really trying to trim costs and 25 bucks a month for a free platform with simple installation seems. Gross.
posted by GilloD at 1:57 PM on August 7, 2008
Best answer: No GPL violation there, any more than if they'd made an ssh option available (implemented via openssh) for $5 a month. Their platform, they can charge a fee for it if they want to. This falls into the category of "if you don't like it, get a new host." Nothing mysterious about this, they're just trying to make money.
If they won't waive the fee, you might consider looking into a different place to host your blog; you can point www.foo.com and blog.foo.com to two different hosts.
posted by davejay at 1:58 PM on August 7, 2008
If they won't waive the fee, you might consider looking into a different place to host your blog; you can point www.foo.com and blog.foo.com to two different hosts.
posted by davejay at 1:58 PM on August 7, 2008
Response by poster: Fogster- I'd love to shop for a new host, but my boss is fairly deadset on sticking with them for the interim. They redesigned our site (Badly.) and integrated all of our e-commerce stuff, so swapping horses right now would be difficult and costly.
I need to double check the plan we're on, but I think we're paying for way more than we're using.
posted by GilloD at 1:59 PM on August 7, 2008
I need to double check the plan we're on, but I think we're paying for way more than we're using.
posted by GilloD at 1:59 PM on August 7, 2008
A host that doesn't allow you to create your own MySQL databases is pretty rare these days. Your company probably ought to consider relocating the hosting somewhere that gives you more control. If you want to go all the way, you can get a virtual server these days for about $25 a month, and with that you can do basically whatever you like (including being your own mini hosting company). Unless you need a lot of hand-holding or have some other special requirement, there's no need to stay with a host that's being obstructive and charging you for things that are normally free.
posted by le morte de bea arthur at 1:59 PM on August 7, 2008
posted by le morte de bea arthur at 1:59 PM on August 7, 2008
Best answer: There's nothing in the GPL v2 about charging monthly fees. That fee could be additional maintenance cost associated with WP; cost to upgrade your site when new versions come out; support cost; maybe they have a wpmudev premium account to pay for... doesn't matter.
They aren't charging you for WordPress. They're charging to run WordPress for you. There's an important difference there.
What the GPL does say is that you have a right to their WordPress code, for a reasonable distribution fee (cost to make CDs and mail them to you, for example). If they didn't modify the base install at all, then they could just say "Here, get the code at the main site".
posted by sbutler at 2:00 PM on August 7, 2008
They aren't charging you for WordPress. They're charging to run WordPress for you. There's an important difference there.
What the GPL does say is that you have a right to their WordPress code, for a reasonable distribution fee (cost to make CDs and mail them to you, for example). If they didn't modify the base install at all, then they could just say "Here, get the code at the main site".
posted by sbutler at 2:00 PM on August 7, 2008
Best answer: I think this is a conversation you should be having with your web host and abandoning them if they don't meet your requirements. As I say, there's nothing in the licence against them offering it and claiming a service charge. If there was, it would stop many legitimate business models (think: charging for support).
An alternative is to use a subdomain and host the blog elsewhere. Change your DNS settings with your domain name provider and changing the CNAME record to point there - Wordpress.com offer this for a small charge.
posted by HaloMan at 2:00 PM on August 7, 2008
An alternative is to use a subdomain and host the blog elsewhere. Change your DNS settings with your domain name provider and changing the CNAME record to point there - Wordpress.com offer this for a small charge.
posted by HaloMan at 2:00 PM on August 7, 2008
Response by poster: Davejay- Good idea. My concern is mostly to maintain brand identity. I'd love to have the blog at "brand.com/blog" or "blog.brand.com" rather than "bloghost.com/brand"
posted by GilloD at 2:01 PM on August 7, 2008
posted by GilloD at 2:01 PM on August 7, 2008
Aha... the company that designed the site is hosting it. A decent web design/development firm never hosts sites; likewise a good web host doesn't do design.
posted by le morte de bea arthur at 2:04 PM on August 7, 2008
posted by le morte de bea arthur at 2:04 PM on August 7, 2008
Best answer: Gillo, every webhost is different but yours sounds terrible. There are hosts with the "here's all your access, go to town, and please don't call us unless a hard disk fails" attitude, and host with the "I am the gate keeper, you are not the keymaster, and all your base are belong to us" attitude. You've got the later.
On a normal host, you can absolutely log in, set up your database, install WP, log in as admin and torture your CSS to death. It sounds like the chances of your host allowing you the access to do this are slim to none. It is their box and that is their right, but that's not how it works in the normal world.
Instead, I would simply go get myself some hosting on something like DreamHost but cheaper, and get your host to simply move blog.yourdomain.com to your new host. Just cut your current host out of this transaction and take back some control here.
posted by DarlingBri at 2:09 PM on August 7, 2008
On a normal host, you can absolutely log in, set up your database, install WP, log in as admin and torture your CSS to death. It sounds like the chances of your host allowing you the access to do this are slim to none. It is their box and that is their right, but that's not how it works in the normal world.
Instead, I would simply go get myself some hosting on something like DreamHost but cheaper, and get your host to simply move blog.yourdomain.com to your new host. Just cut your current host out of this transaction and take back some control here.
posted by DarlingBri at 2:09 PM on August 7, 2008
Response by poster: DarlingBri- I think you're absolutely correct. However, our current webhost integrates really well with our warehouse/inventory backend. Additionally, we're starting to roll out some new websites for international efforts and there are generally five-hundred other things of slightly more immediate importance.
I work with really talented people, but I'm pretty much the only person who knows anything about technology. As a result, the kind of "locked box" approach taken by our web host was really appealing at one point. But it took 3 weeks before I had FTP access to upload a PDF. I think in a few months I'll have to have a frank discussion about where we're headed, but right now a transition would be chaos.
posted by GilloD at 2:21 PM on August 7, 2008
I work with really talented people, but I'm pretty much the only person who knows anything about technology. As a result, the kind of "locked box" approach taken by our web host was really appealing at one point. But it took 3 weeks before I had FTP access to upload a PDF. I think in a few months I'll have to have a frank discussion about where we're headed, but right now a transition would be chaos.
posted by GilloD at 2:21 PM on August 7, 2008
As others have said, the GPL doesn't say anything about how much, or little someone can charge to redistribute GPLed software. It only says something about your rights to modify or redistributre GPLed software you've received, and what conditions you can put on the recipients use of GPLed software that you have redistributed.
However, it is far from clear that what your web host is doing even constitutes distribution, since they are arguably only offering your Wordpress as a service. In those circumstances, they would be within their rights to deliver that service using a modified version of Wordpress and not provide you with access to the source of their modified version.
The AfferoGPL (or AGPL) extends the GPLs virality to software offered as a service. Wordpress isn't under the AGPL, and even if it were, your webhost could charge you for the service of hosting a blog running on Wordrress.
posted by Good Brain at 2:46 PM on August 7, 2008
However, it is far from clear that what your web host is doing even constitutes distribution, since they are arguably only offering your Wordpress as a service. In those circumstances, they would be within their rights to deliver that service using a modified version of Wordpress and not provide you with access to the source of their modified version.
The AfferoGPL (or AGPL) extends the GPLs virality to software offered as a service. Wordpress isn't under the AGPL, and even if it were, your webhost could charge you for the service of hosting a blog running on Wordrress.
posted by Good Brain at 2:46 PM on August 7, 2008
Instead, I would simply go get myself some hosting on something like DreamHost but cheaper
I use DreamHost, I love DreamHost, and I would rather light myself on fire and roll through a minefield than trust DreamHost with anything even close to critical business functions.
posted by Shepherd at 3:04 PM on August 7, 2008
I use DreamHost, I love DreamHost, and I would rather light myself on fire and roll through a minefield than trust DreamHost with anything even close to critical business functions.
posted by Shepherd at 3:04 PM on August 7, 2008
I'm very familiar with the GPL and this is not a GPL violation in any sense.
The GPL is based on these four freedoms,
After you'd paid the billion dollars and received the GPL software you would however have the right to distribute it to anyone, and removing the scarcity of the software.
By the way: lots of people do this but calling the GPL "viral" is ridiculous and a double standard... it's no more "viral" than any website with terms of use or any proprietary software. Imagine for example if you gave away modified copies of Microsoft Windows and tried to claim that your modifications didn't have to obey the Microsoft Windows license... or that you made a web-service version of Microsoft Office (home edition) and made it available freely to the world wide web. Would we call that "viral" or just the licensing conditions?
The "viral" term for GPL is, I think, a smearing of the name of the GPL in that people don't use the "viral" term for websites with terms of use or any proprietary software.
posted by holloway at 3:54 PM on August 7, 2008 [1 favorite]
The GPL is based on these four freedoms,
- The freedom to run the program, for any purpose (freedom 0).
- The freedom to study how the program works, and adapt it to your needs (freedom 1). Access to the source code is a precondition for this.
- The freedom to redistribute copies so you can help your neighbor (freedom 2).
- The freedom to improve the program, and release your improvements to the public, so that the whole community benefits (freedom 3). Access to the source code is a precondition for this.
After you'd paid the billion dollars and received the GPL software you would however have the right to distribute it to anyone, and removing the scarcity of the software.
By the way: lots of people do this but calling the GPL "viral" is ridiculous and a double standard... it's no more "viral" than any website with terms of use or any proprietary software. Imagine for example if you gave away modified copies of Microsoft Windows and tried to claim that your modifications didn't have to obey the Microsoft Windows license... or that you made a web-service version of Microsoft Office (home edition) and made it available freely to the world wide web. Would we call that "viral" or just the licensing conditions?
The "viral" term for GPL is, I think, a smearing of the name of the GPL in that people don't use the "viral" term for websites with terms of use or any proprietary software.
posted by holloway at 3:54 PM on August 7, 2008 [1 favorite]
If they really do keep up with the security updates, that's a good thing. Are you used to (or interested in) keeping up with the security updates yourself? If not, paying someone to maintain them for you is a good thing, assuming they really stay on top of it.
This is doubly true if you use a lot of plugins, which can be more difficult to upgrade promptly (the plugin authors tend to be less dedicated to the task than the core authors). There seem to be 140 CVE-listed vulnerabilities which mention wordpress published to date (most of which are related to plugins, not core) since September 2004. That's 48 months, so it's something like one every 11 days or so (did i do that math right?). Not every CVE vulnerability will be relevant to your site, but you have to review them to know whether they're relevant or not. And for the ones that are relevant, you need to figure out how to resolve them (sometimes easy, sometimes involves doing things like adjusting the database schema, upgrading to a new version, or disabling a plugin and finding a workaround).
None of this is rocket science, but maintaining a public-facing webapp properly is actually not insignificant work. Of course, if they just do an initial install and then charge you 25 bucks a month while they sit around doing nothing and your site gets hacked and defaced, then you'd have some legitimate beef.
Oh, and i agree with everyone else above that there's nothing about this situation that is a violation of the GPL as far as i can tell.
posted by dkg at 12:27 AM on August 8, 2008
This is doubly true if you use a lot of plugins, which can be more difficult to upgrade promptly (the plugin authors tend to be less dedicated to the task than the core authors). There seem to be 140 CVE-listed vulnerabilities which mention wordpress published to date (most of which are related to plugins, not core) since September 2004. That's 48 months, so it's something like one every 11 days or so (did i do that math right?). Not every CVE vulnerability will be relevant to your site, but you have to review them to know whether they're relevant or not. And for the ones that are relevant, you need to figure out how to resolve them (sometimes easy, sometimes involves doing things like adjusting the database schema, upgrading to a new version, or disabling a plugin and finding a workaround).
None of this is rocket science, but maintaining a public-facing webapp properly is actually not insignificant work. Of course, if they just do an initial install and then charge you 25 bucks a month while they sit around doing nothing and your site gets hacked and defaced, then you'd have some legitimate beef.
Oh, and i agree with everyone else above that there's nothing about this situation that is a violation of the GPL as far as i can tell.
posted by dkg at 12:27 AM on August 8, 2008
« Older Conditional search engine selection in Firefox? | Transparent .PNGs under Supersleight Newer »
This thread is closed to new comments.
posted by GilloD at 1:43 PM on August 7, 2008