First, I know many of you are waiting desperately for the next revision of the Autopoke script. I will say that the newest version of the script does work (albeit in a limited capacity) and very reliable. So if that's all you care about, you can skip this post. But if you're interested in the release date, read on!
Here's the "TL;DR" version: 4.1 will be released when the GPL violations from copied scripts are cleared. This could be as much as 3 months from now.
Back in September, I found a user who was in violation of the GPL. Four out of his give scripts were removed via a DMCA notice. Since then, the same user has moved to copy someone else autopoke script. I've seen many of these users on userscripts. They take a wildly popular script, copy it, and then change the authorship to state that they wrote it. The common mistake these "authors" make is they fail to update the code. My guess is that they don't know how to program javascript and thus they are afraid to change anything.
The problem comes when there is a security vulnerability, as was the case in version 3.5 and 4.0 of my Autopoke script. The vulnerability is actually based on a browser vulnerability. But because these violators weren't updating the scripts, it meant that the users who installed their version of the script would continue using software that was unpatched. Furthermore, they would not be notified of the vulnerability and could not make an informed choice whether to continue to use the script or disable it completely.
I try to assume good faith whenever possible. It's impossible to determine someone's motives without talking to them. And since this particular user declined to communicate with me, I'm left with the impression that this user, at the very best, simply copies scripts without understanding completely what the scripts did.
Yesterday, I spent a few hours finding more GPL violators. These users seem to have the same MO: just copy the script.
Allow me to be clear so that there is no confusion: I completely support the open source movement. I HIGHLY ENCOURAGE the improvement of my code. There are a few scripts who have taken my code and translated it into different languages. This is completely acceptable. You do not need to ask me for permission to do this. I prefer that you let me know, simply so that I can inform you of any security problems the script may have and so that I can keep track of the statistics. I personally believe that the GPL is the best license since it requires attribution as well as continued use of the license in all derivatives. It is one of the reasons why I chose the GPL over the other licenses. I believe that the open source licenses must be actively defended.
If you copy the code and remove the copyright notification and replace your name as the author, then you are ruining it for everyone. Instead of improving my code, I have to spend the time to send you a letter. It takes time out of my schedule and makes things much more complicated than it has to be. If you fail to respond to my letter, you take time out the admins of userscripts since they need to respond to my DMCA letter and they need to disable your script, all while keeping lawyers on retainer.
If you are new to userscripts and still learning javascript, feel free to download my code and look at it. That's what open source is all about! If you have questions, don't be afraid to ask. But please, do not plagiarize and claim my work as your own.
My concern is not so much about copyright violations but about security vulnerabilities. This wouldn't be as much of a problem if the authors communicate with me. Seeing that they don't do this, it leaves me in a very uncomfortable position.
To make the script more secure, I will be obfuscating parts of it. This decision has nothing to do with the perceived edit war between myself and Facebook. The point of obfuscating is to limit the exposure of security vulnerabilities in my script when GPL violators copy the script verbatim. Since mose of these violators usually don't modify the script in general, I can safely say that the obfuscated code will be left untouched.
This, however, now limits those who use my code for completely legitimate purposes. First, I'm sorry to say that these violators ruined a good thing for you. Second, I'm going to make this as easy as possible. To received a clean version of the code, simply go to my google code page. I reckon that most of the GPL violators won't go through the trouble of finding the clean versions of the code. If you are familiar with git or mercurial, grabbing these should be easy. If, for some reason, this is difficult for you, please feel free to contact me and I'd be more than happy to provide with you with a copy. It will be under the same license so no worries on this side.
The obfuscated code will display a nag screen when autopoking. The point of the nag screen is to inform the user that they may be using code that has security vulnerabilities and they should consider installing my version instead. The code will continue to work, but will prevent autopoking until the nag screen is satisfied. Users who are familiar with javascript can hack through the obfuscated code and disable the nag screen, if they so choose. But this hacking proves that they know what they are doing and they accept the responsibility that comes with it.
