Open Source: An Antidote to Closed Source Vulnerability

Alex Hyett - Nov 19 '23 - - Dev Community

Every job I have had over the last 13 years I have been working on closed source software. I think that is true for most software developers. Companies make their money by producing value but also by creating a mote large enough that other companies can't cross.

If companies were to open source all their code then it would be very easy for a competitor to come along and make something better using their code as a starting point.

That's not the only problem, if something is available for free then there is less chance that people are going to pay for it. This is especially true in the developer space as developers have the technical skills to be able to host software themselves rather than pay someone else for the privilege.

I have a lot of software that I host myself on my home server, partly to save money but also because I want to control my own data. For example, I host VaultWarden which is the open source server for BitWarden. This gives me all the premium features for free with the added bonus of keeping my passwords out of the cloud.

There are a few companies who open source their software but still manage to have a profitable business.

  • mongoDB
  • elastic
  • databricks
  • HashiCorp
  • Ghost
  • Automattic (Wordpress)

These companies tend to do either one or more of the following:

  • Open Source Core Product - the core product is open source, but a number of features are kept closed source behind a paywall. These are usually enterprise features that individual developers have little use for.
  • Managed Hosting - companies make their money by charging for managed hosting of the product. Which is what most of the companies above are doing.
  • Support - big companies using the software tend to need additional timely support which they can get by paying for it.
  • Mixed licensing - the entire code base is open source but not all of it is licensed under an OSI-approved license. The code under the restrictive licence often includes paid functionality.

Some companies even follow this approach for free software as well. For example the code for Visual Studio Code is licensed under the MIT license. The binary application however is licensed under the Microsoft license.

The binary application includes all sorts of data collection that Microsoft use to improve the product, or their own closed source products. As the saying goes, if a product is free then you are the product.

Of course anyone can compile their own version of VS Code without all the data collection, but Microsoft have already thought of that one! Only the official version of VS Code can download extensions from the marketplace making any derivatives pretty much useless.

The dark side of closed source software

Which brings us nicely on to why open source software is so important.

If Microsoft decided to stop distributing VS Code then you could still build it yourself, but you wouldn't have access to any of the extensions that actually make the editor useful. Without all these extension VS Code is no better than any other text editor.

If this happened you would likely just move on to a different IDE rather than continuing to use VS Code without extensions. Of course, as the majority of the product is open source someone could host their own extension marketplace and keep it alive that way.

Many products however are not open source. What happens to them when the company chooses to stop support or even goes out of business?

For example, I have 5 Amazon Echo's dotted around my house. I mostly just use them for listening to music, controlling lights and getting weather updates. If Amazon decides they no longer want to be part of the smart home market then all of these devices just become expensive paperweights.

When I was a kid I had a Lego Technic set that you could control with a computer. I am pretty sure that software wouldn't run on any modern computer any more, at least you can still use the bricks.

There are so many digital products that either require an app or an online service to work. I have a few TP Smart Plugs for my lights that require an app to work. The same is true for my office lights, my watch and even my bathroom scales.

I know they don't build products to last any more but even if they did what are the chances that the company is still going to be around in 10 years time or that the app will work on the latest phone.

The same is true for our other devices as well. My MacBook Pro from 2016 no longer receives the latest MacOS updates, and I am pretty sure it won't be long before my iPhone XR stops getting the latest version too. At least with my laptop I can switch to Linux if I wanted or use the OpenCore Legacy Patcher to force install the latest version.

The situation is even worse when it comes to medical technology. More than 350 blind people were fitted with implants in their eyes to help restore sight. Unfortunately the company decided to abandon the technology when they nearly went bankrupt, leaving users with no continued improvements or help if there is an issue.

It is a chilling thought when you think about all the devices that would stop working if companies go out of business or choose to stop supporting them. I am certainly going to be a bit more conscious with how I spend money on technology going forward.

If a company goes out of business it would be good if they open sourced their code. This is what Placemark have recently done which I applaud them for. Obviously this isn't always an option, but we can dream.


❤️ Picks of the Week

📝 Article - 67 Weird Debugging Tricks Your Browser Doesn't Want You to Know - I mostly do backend development, but I do dabble with frontend for my website and other projects. There are a lot of tricks on this list that I didn't know about that are worth looking into.

📝 Article - HTML First - This is a great article on using HTML for things rather than relying on external frameworks. It reminds me a lot of an article I read a while back about using JavaScript instead of jQuery. In most cases it took the same amount of code to write in JavaScript as it did in jQuery. It also lasts a lot longer, who is still using jQuery now? At least HTML and JavaScript aren't going anywhere.

🗺️ Map - Paris space invaders map. Not something I would expect to see in Paris. It turns out that it is full of little space invader ships! They should have these in every city!

📝 Article - Archive Your Old Projects - I have a project folder on my computer that has all the code projects that I have started (and never finished). Occasionally I move them into an archive folder, but mostly they get forgotten about. There are some good tips on here about archiving your projects.

📝 Article - A Coder Considers the Waning Days of the Craft. I have been using AI more recently to help with programming. Mostly it has been small scripts that I could have written myself. When it comes to specific Linux commands it has definitely been quicker to ask ChatGPT how do something then to search for it or look in the documentation. Just make sure you test anything that it produces thoroughly. I don't believe that AI will take over a programmers job, but I can see it evolving a lot.

Programming by typing C++ or Python yourself might eventually seem as ridiculous as issuing instructions in binary onto a punch card.

📝 Article - Placemark is going open source and shutting down. As you can guess from this article it is good to see this project going open source, and hopefully it will continue to shine.

📝 Article - GraphCast: AI model for faster and more accurate global weather forecasting. Generative AI is fun, but there are more useful problems to solve than generating a picture of a cat in a tuxedo or yet more anime girls.

📝 Article - Young Animator of the Year UK. This 16-year-old has some skills! Well done Euan, this is some impressive work. I know nothing when comes to 3D rendering, but I can imagine this was a lot of work and looks as good as any Hollywood production.


💬 Quote of the Week

Let all your loves, fears, and interests saturate your work and make it memorable. Who you are is the most important part of your work - never leave it out.

From Feck Perfuction (affiliate link) by James Victore.


📨 Are you looking to level up your skills in the tech industry?

My weekly newsletter is written for engineers like you, providing you with the tools you need to excel in your career. Join here for free →

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .