All Source Code Should Be Open, Revisited

cconnell writes "In my last article, I presented the idea that all commercial source code should be open. In other words, part of the delivery package for any software purchase should be a copy of the source files. If everyone saw software vendors' design and coding, the vendors might stop shipping us such lousy programs. The article generated a fair amount of controversy. My latest piece follows up on this idea and includes a few adjustments that respond to reader feedback."

what?

[nogoodmonkey]

the cost to develop an app will always stand before cost of quality of the app. to think that every commercial app will be released as open source is very naive.

Re:what?

[nogoodmonkey]

i hate replying to my own posts, but i meant "that every commercial app should be released as open source"

Re:what?

It keeps coming to the forefront of my thoughts. As all the antitrust suits, patent battles, and digital rights management debates escalate; one idea continues to permeate my understanding. It seems simple enough. The difference between the protections required in the physical versus the virtual (or information) world is that in one you can inspect an object, hold it in your hand, and run an infinite number of tests on it; but in the other, the finished product can be like a black box, having only the properties that the creator desires. This is not profound, of course, and many people would debate the statement entirely. But the essence is true, at least if you were to follow the letter of the law. Closed source software puts limitations on what people can legally learn about it.
Given the example of an auto versus a software product, why should these two creations be treated differently? Here is a scenario that could apply to both the products. Imagine an inventor who comes up with an idea for a new product or type of product. This person spends years designing and developing their new product. Finally, they complete it and release it to the market. Now imagine another inventor who, through industry research, finds the work of the first inventor and comes up with a great complimentary product idea. Because of the second inventor's dependency on the first inventor's product, they require details of how their product can be added on or interact with the first. Here is where the paths of the physical versus virtual worlds diverge.
Let's examine the auto industry first and assume the complimentary product is a cup holder. The design of the cup holder is dependent on the design of the car. In order for the second inventor to design their product, they could use a variety of devices and methods to inspect the car (or cars) to determine the best way to make their product compatible with the car.
Now, let's assume the complimentary software product is a browser and the original invention is an operating system. What methods can the inventor of the browser use to determine the best way to make their product compatible with the operating system? For a closed source product in the current legal system, the inventor would not be allowed to inspect the code to see how their browser should interact with the operating system. They would have no knowledge of any benefits or drawbacks to a particular approach. The only remedy for the developer would be to request details from the inventor of the operating system about how they should interact with it. Furthermore, they must trust that this is the best method of interaction without being presented proof. In many cases, the inventor of the browser may be required to pay to even get that basically blind and minimal information.
Why the distinction between the two scenarios? When advocates of this system are questioned about this discrimination, they usually cite one or more of the following reasons:
Protection of intellectual property and proprietary processes against theft or duplication
Encouragement of innovation
Security against attackers
The first reason has many different variations and aspects that people endorse. Who would want to be on the supporting end of theft and piracy? But this argument is empty. Individuals or organizations that want to steal or copy an inventor's creation can always find illegal means to accomplish their objectives; therefore, the only people it prevents from gathering information about the product are law abiding citizens. To clarify using our example, pirates and copiers of the operating system are not inhibited by the fact that it is closed source. The only person harmed is the inventor of the browser who is attempting to create a valuable addition to the operating system.
All three of these lines of reasoning offered by supporters of the existing system overlap in some way, which adds to their circular reinforcement of each other. The second argument is the most general and also the one that is the most incorrect. Patents and licensing have been created to encourage inventors to take the risk and time to create something valuable for the market. Somehow, supporters of closed source see their actions as an extension of this system. But as you might have guessed by now this belief solely rests on the first argument being true. People will always be willing to innovate as long as they believe they will be rewarded and that the distinctiveness of their product shall be protected. This means that they will be able to sell or license their product and that if someone should copy their product in part or whole that their rights will be upheld in court. In the software world, patent and licensing laws obviously provide the rewards for the inventor. But what is not always clear is that they also provide protection, especially when the source code is open. It is relatively easy for someone to examine two sets of code to determine if it had been copied. These facts are the reason that innovation will always thrive in an open source market. One need only look at the current open source initiatives to see some of the most innovative technologies.
But how does closed source systems influence innovation? Under the example I described with the operating system, there is only a detrimental effect on innovation. The operating system creator will be the only entity with the proper knowledge to create truly compatible products. All others will have to depend on that entity for information on how to create products that interact in an efficient manner. That dependency creates a barrier to entry that is quite formidable. If the inventor of the operating system also creates a browser product, the situation is even more discouraging for potential inventors. While the inventor of only the browser has to blindly trust the operating system creator about how they should interact with it, the inventor of the operating system can create a browser product with full knowledge and access to the source code of the operating system. This does not seem like a situation that promotes innovation.
The last reason cited to uphold the right to keep source closed is based on the fact that it already is. The argument contends that if potential attackers had access to the source code of a product, they would be able to find possible security flaws and exploit them. Empirically, this logic does not hold up to scrutiny. Closed source software has been found to have the most and worst security flaws simply because the number of eyes that get to inspect the code. Numerous entities typically inspect open source code whereas closed source code only one gets to inspect it. This leads to less overall flaws when the software is released and also the discovery and remedy of flaws at a much greater rate after the software is in general use. When presented with this evidence, supporters of closed source do not challenge it. They only contend that since there are already people using this less secure software, the source must stay closed to protect the existing user base. Again, this logic is flawed and contradicted by empirical evidence. New security holes are found and will continue to be found in closed source software. Making the source code open only speeds the location and correction of these security issues. Is it better to know you have issues and fix them or to know that there may be many holes lingering that you will never find?

Someone once said, buying closed source software is like buying a car with its hood welded shut. People sometimes dismiss this statement by saying they do not want to worry about what is "under the hood." I can understand this desire but the customer is not the only one whose desires matter. Closed source code provides no protection against piracy, theft or security breaches. More importantly, closed products of any industry stifle the spread of knowledge and therefore innovation. There should be a measurable economic and sociological impact that can be identified and analyzed. Many laws are brought into being when the rights of the many need to be enforced over the rights of a single individual (or entity). This inequity (between physical and information industries) is one such case where entrepreneurs and inventors need to be protected from entities seeking to stifle innovation, and therefore, economic growth.

Re:what?

[mr3038]

the cost to develop an app will always stand before cost of quality of the app

I agree partially. The key concept here is the cost. Sure, I'd love to have source for all the programs I ever use. I still understand that creating that software has taken very much effort and generally companies are selling software at very cheap price. And they're able to do that simply because they can count on selling something more later on. As long as I use commercial software I'll rather use somewhat usable software that costs C bucks instead of somewhat usable software with crippled source (read the article) that costs ten times more.

Yes, it sucks that they implement some trivial changes and sell the result to their customers for full price as version N+1. I still don't understand how this differs from, for example, car manufactures: cars have had gasoline engine, four wheels and a steering wheel for god knows how long. Newer cars may have a radio with cd player, a little quieter sound, somewhat different looks and in best case the engine needs a little less fuel for the same mileage. I'd say those changes are trivial but still people aren't complaining. Yep, I'm aware that manufacturing a car requires material and stuff and should therefore cost full price even though the product is almost similar to previous one. When you buy a car, you pay for manufacturing it, but when you buy a piece of software, you pay for the design. What's the difference after all?

Re:what?

[nogoodmonkey]

You got me thinking. I could pop the hood on my car and figure out how it works, but I don't. I know people are curious as to how it works so they do, but a lot of us just take the invention for granted. Maybe if a company released source with their software, this same type of thing would happen. The "power users" would be able to see how the application works and in an end result they will know how to use the software better or be able to tweak it to be more suited for their needs. Then the regular users would just use the program, know that the source is there if they ever wanted it, but probably would never touch it.

I would just be fearful that the wrong people would look at the source and use the knowledge against others. But, I guess people do put sugar in gas tanks, cut brake lines (or worse) in a car scenario. The idea isn't too much different. Thank you for giving this analogy.

Re:what?

[why-is-it]

When you buy a car, you pay for manufacturing it, but when you buy a piece of software, you pay for the design. What's the difference after all?

Well, I can think of one big difference. I bought a car last year and it came with a warranty, and if the car turns out to be a total lemon, I can seek various remedies from the manufacturer to have it repaired, or if need be, replaced. Now, contrast that experience with your typical EULA - no warranty implied or otherwise, no guarantee of functionality, and the user absolves the manufacturer of any and all liability.

Big difference...

Re:what?

[StillAnonymous]

Get yourself a disassembler, learn assembly, and then EVERY progam you get comes with source code!

Re:what?

[sweetooth]

There is a simple solution.

Don't purchase any software that has a 'typical EULA.' Why people think they have no choice but to agree to let the vendor off the hook is beyond me. If the product doesn't work the vendor should be liable. If you buy a blender and it doesn't work after X amount of days of proper use or at all you take it back or write a nasty letter to the manufacturer. The manufacturer will then typically work to replace the defective product.

Why is software differant? Software is ending up in more and more critical locations. The new Mercedes S500 contains a ton of software controls and sensors. You think that the first time these fail and cause a fatal crash that Mercedes won't recieve a huge lawsuit? Why is software differant? Software failures and security flaws cost businesses thousands of dollars, and yet they never attempt to hold the manufacturer accountable. It amazes me.

Re:what?

[Happy+Monkey]

You got me thinking. I could pop the hood on my car and figure out how it works, but I don't.

You don't have to. There are garages all over the place that can fix your car for you. With closed source software, only one company is legally allowed to fix it. And it is not worth their time to do so if there are very few people who need it fixed in that way. I think that Ford would lose a great deal of business, and possibly land themselves a lawsuit, if they required customers to have all of their maintenance and repairs done at a Ford dealer.

Re:what?

[bcrowell]

In the early days of personal computers (Apple II, TRS-80, etc.), BASIC source code was the normal way that commercial software was distributed. (This was mainly because there were no high-quality compilers on those systems, although there were some good ones that ran on CP/M.) Believe it or not, it wasn't a problem. It was cool being able to look at the source code to a game, modify it, etc.

Re:what?

[sweetooth]

That's my point. You are aware of the problem with shrink wrapped EULA's etc, and try not to use commercial software. Thus you are depriving the corporations that use those practices of revenue which is the only way to get them to change.

BTW, the EULA useally says return it to the manufacturer not the vendor if you don't agree.

Re:what?

[ToasterTester]

You are right it is naive to think commercal software publishers are going to freely open up code. Opening up code is giving whatever secret or tricks to your competition. Also you are now cutting your own market because others will steal your code and go into business for themselve. Even with patients and copyrights they will do it because they can make money until being dragged into court. Then some code is just too ugly to release. I worked for one of the large software publishers who did release some source. People kept asked for other pieces, even after we kill off the product. Main reason it was never releaed because it was so dam ugly and imbarassing. It would of been to big a project to clean up or rewrite so it was never opened up like other bits.

Bottom line for me it is all about choice. People shouldn't be forced to open up source if they don't want to. I feel the GPL is a virus, and prefer BSD style license for things I work on. So choice is all that matters.

Re:what?

[Courageous]

"In any large software system, the truly unique code probably accounts for about 1% of the source."

In a novel, there are often less than 1% truly unique words in the composition. It is the combination of those words together, in major section and its entirety, that makes a novel "novel".

"All commercial software should include a copy of its full source..."

I suggest that you reconsider your use of the word "should". Instead, consider the marketplace in terms of delivering value. The act of marketing something is a complex activity which involves the exchange of value between parties. What value is in it for the buyer? How many consumers are how likely to spend how much on software that is delivered with source? How many consumers will see it as a purchasing discriminator? What is in it for the seller? What would motivate a seller to do this?

Lastly, I humbly suggest that you haven't had your fingers in anything other than the most exceptional of open source efforts. I have seen plenty of open source, and it is as bad and worse as the worst closed source software that I've had the misfortune of seeing. Open source is no cure for software quality; software quality happens when people care about it, open source or no.

Jedi: "This is not the magic wand that you are looking for."

You: "This is not the magic wand that I am looking for."

C//

Re:what?

[ryanvm]

I could pop the hood on my car and figure out how it works, but I don't. Maybe if a company released source with their software, this same type of thing would happen.

Yeah, but intellectual property is VERY different from physical property.

Theoretically, you could acheive a complete comprehension of your Maxima by disassembling it and studying all the pieces. Can you now go into business competing against Nissan? Not hardly.

But with open source software, as soon as a company releases the source they are potentially in the position of defending against millions of competitors. Each one capable of matching them in distribution capacity and quality of product.

In the open source world if you want to make money you must do it through services. Period.

Re:what?

[dublin]

Lastly, I humbly suggest that you haven't had your fingers in anything other than the most exceptional of open source efforts. I have seen plenty of open source, and it is as bad and worse as the worst closed source software that I've had the misfortune of seeing. Open source is no cure for software quality; software quality happens when people care about it, open source or no.

Somebody mod this up as Insightful!

There is an incredibly misguided tendency (esp. here on /.) to regard all open source software as inherently of higher quality than commercial software. In reality, nothing could be further from the truth. I fully support open source software, but the reality is that as bad as much commercial software is, most open source software is worse. There are the notable exceptions (Apache, Samba, etc.), but they are popular only because they are exceptions to the usual sub-mediocre quality of most open source software. (How many open source projects have any sort of formal testing process other than, "toss it out there and see what bug reports we get back?" Commercial software has its weaknesses, but the concept of regression testing, etc. is far more common in commercial development than it is in open source development - that's a fact. In addition, there are very few open source projects that are not primarily attractive to propellerheads - there is very little suitable for the average user, and what's there is generally of far lower quality than the usual commercial equivalents. (BTW: Star/OpenOffice doesn't count, since it was originally developed as a commercial product and opened up only through Sun's benevolence after they bought Star Division.)

Add this to the fact that most open source software is simply "me-too" functionality (best whiny voice: "See, Linux can too play DVDs, and it can sort-of print, well, to a pitiful handful of expensive printers, anyway...") rather than anything really new and innovative, and it's easy to see why we may always be chasing Microsoft's heels.

As a final for-instance, take Longhorn: Whether or not one likes Microsoft, this is a set of technologies that will have real and significant value to the users. Given the fairly fundamental nature of some of the changes (DB-based filesystem, transparent integration of information across applications, etc.), Longhorn will set open source software back another two years until its functionality has been duly duplicated in a different, fatter, CORBA-compliant way. (If you don't believe me, check out how dot-Net has thousands of open source developers tied in knots chasing their tails and adding bloat that may eventually eclipse that of Microsoft's own implementations.)

Utimately, Courageous is dead on about one thing: "Open source is no cure for software quality; software quality happens when people care about it, open source or no."

Re:what?

[mpe]

The argument contends that if potential attackers had access to the source code of a product, they would be able to find possible security flaws and exploit them.

One problem with this reasoning is that it's perfectly easy for potential attackers to get hold of the binary and work out ways to attack that. There are several groups of people who take binary only programs, remove code for dongles, registration codes, copy protection, etc. Sometimes including adding their own splash screens or credits.

Re:what?

[mpe]

Yeah, but intellectual property is VERY different from physical property.

The concept of physical property is one which has been used since pre-history. The concept of intellectual property is one was invented a few hundred years ago.

Theoretically, you could acheive a complete comprehension of your Maxima by disassembling it and studying all the pieces. Can you now go into business competing against Nissan? Not hardly.

Another company already in the car making business could use information from reverse engineering Nissan cars to improve their own products

But with open source software, as soon as a company releases the source they are potentially in the position of defending against millions of competitors. Each one capable of matching them in distribution capacity and quality of product.

Except those millions of competitors would still have to make a profit somehow. Remember that no business has a devine right to make a profit, either from a specific business model or even at all.

In the open source world if you want to make money you must do it through services. Period.

There are plenty of tertiary businesses. Including those involved in provision of infrastructure. To many people wanting software it's a business infrastructure as much as the buildings they use are.

wow

[ciryon]

Reading this and at the same time see ad for Microsoft .Net Enterprise at slashdot.

Ciryon

Re:wow

[zootread]

A lot of good open source software has been written with Visual Studio .Net.

Nonsense

[Textbook+Error]

In any large software system, the truly unique code probably accounts for about 1% of the source.

Hmm, not on any large software system I've ever worked on... The important part isn't some magic 1% of the source, it's the fact that you got a group of people together for long enough to ship the thing.

This negates one of his basic points, and doesn't really contribute much over his previous rant...

Re:Nonsense

[Twylite]

What is more, the author has drastically underestimated the importance of architecture and design as contributors to the intellectual property value of software. The larger and more complex a piece of software, the more significant the value in design; to the point that a good design with a naive implementation can outperform a bad design hand-optimised in assmebler.

Yes, I've seen a comparison of two data analysis programs where the one that used a bubblesort was faster than the one that used a quicksort... go figure.

Wow, perhaps slashdot should add a new section

[citanon]

For "things that will never ever happen in reality" type articles.

Won't benefit the users...

[SoCalChris]

If a company had to release their code for products they sold, it wouldn't do any good to the end user. The code would be way to complex for 99.9% of all users to understand. The only users who would really understand it are the programmers, and even then they would need to spend a LOT of time analyzing it (Assuming it is a decent size program) before they could even start to understand it.

The only people who would benefit are the releasing company's rivals, who would have the time & money to sit down and reverse engineer the code, and then rerelease it as their own.

Then again, maybe I'm missing the whole point of this and should RTFA.

Re:Won't benefit the users...

[ryants]

The code would be way to complex for 99.9% of all users to understand.

This is where something like Consumer Reports comes in. 99.9% of all people don't understand the intricacies of car designs and dynamics, so we defer to experts such as those Consumer Reports hires.

And so it could be in the software world. Sure, 99.9% don't understand the code, but there's an opportunity for you to start up "Software Reports" in the same vein as Consumer Reports to translate and inform.

Re:Won't benefit the users...

[bwhaley]

The only users who would really understand it are the programmers, and even then they would need to spend a LOT of time analyzing it...

What about Open Source projects? The linux kernel, for example is a HUGE program. Much larger than many (most?) commercial products. It is constantly modified and dissected by thousands of interested users. There would be plenty of people itching to get their hands on the inside of Oracle's database engine, I assure you.

The only people who would benefit are the releasing company's rivals, who would have the time & money to sit down and reverse engineer the code, and then rerelease it as their own.

As you said, RTFA. He addressed these points explicitly with the Tom Clancy analogy.

Re:Won't benefit the users...

[abe+ferlman]

it wouldn't do any good to the end user. The code would be way to complex for 99.9% of all users to understand

So I can't use all the patches everyone else wrote for apache?

I thought that was all apache was :)

Re:Won't benefit the users...

[bwhaley]

if the source for say MS Word were included and you *could* modify it...

Who said anything about modifying it? This is simply for evaluation purposes. We can now examine the code to be sure that it is of quality before we purchase. This might be only useful for large purchases or interested parties, but I still think it's a great idea.

Re:Won't benefit the users...

[inode_buddha]

It wouldn't necessarily benefit the end user sitting at their desktop, but if your company is large enough to have an IT dept. it could possibly benefit them, IMO. Reason why? If say your custom app package gets scrapped years later, or the vendor goes under, gets merged, etc. you would still be able to reconstruct the parts you need. As I see it, having the source is almost a form of business insurance. The vendors need not fear losing their code, I think, because a lot can be done with NDA's, etc.

Re:Won't benefit the users...

[arkanes]

I ran into a bug in one of the Oracle drivers last week, one that I could have fixed in seconds if I had the source (EBDCIC to ascii conversion on number fields wasn't converting decimal points. One frigging missing line in a case statement).

Re:Won't benefit the users...

[inode_buddha]

Actually, that's a cool idea for a business to start up IMHO, that sort of thing is long overdue...

Hrmmmm.....
?????
Profit!!!

Re:Won't benefit the users...

[Lussarn]

All it takes is one programmer to find the adware in your latest app and then the word is out. Everybody doesn't need to check the sourcecode but without it released nobody can. Someone a few comments up was talking about webcam/microphone in the new flash. You have to ask if you trust Macromedia to have these things in flash. With the source someone could check to see that nothing wrong is going on. Even remove that part as it isn't the very best idea to have on the web. Could bring a whole new meaning to spyware. Some companies just do whatever it takes to serve you a targeted banner.

Re:Won't benefit the users...

[tshak]

Or, Consumer Reports could this _try the product_ instead of looking at code and claiming that there "may be a potential problem" (when really they just don't understand the code).

Re:Won't benefit the users...

[osolemirnix]

While I agree with your analysis of the users, I don't agree with your conclusion.
IMHO the mere possibility that everyone could take a look at the source would force the companies to clean it up. It's not necessary that everyone actually can understand it. I'm sure computer magazines would take over that part and we would have ratings based on source code quality, it would just be another parameter in the evaluation process of software packages.

Of course, software makers don't want others to be able to look behind their curtains, this would prevent them from selling their overhyped crappy shit. So it's never going to happen (copyright issues, IP theft, etc. aside).

So I think it's going to stay a good argument of Open Source software packages that actually do produce quality code (not all OS software is), because they give away the source anyway. IMHO, this is a good thing, since being able to say "what you get is what you see" will remain an advantage of Open Source (I don't think the author was arguing for open source, just for more transparency/visibility).

Simply Answer

[KarmaBitch]

No

If I spend 400 hours writing code for something I want to sell, I'm not gonna give it away. I'm sorry

I contribute to open source projects as well but, I have to eat. That's just the facts of life.

Re:Simply Answer

[russianspy]

You have not read the article. Nobody is asking you to give away the source code for free, but to include it with the binary. If I pay for something you spend 400 hours writing, I want the source to that as well. The source is part of the product.
The article says nothing about giving it away for free.

Re:Simply Answer

[SirSlud]

Yeah, before you know it, book authors might just let people read the words in their stories (even people who own photocopiers, gasp!) .. no wonder you cant make a living as an author!

Re:Simply Answer

[sql*kitten]

Yeah, before you know it, book authors might just let people read the words in their stories (even people who own photocopiers, gasp!) .. no wonder you cant make a living as an author!

Reproduce an author's work in your own work and you will be in violation of copyright, and liable for legal action. Furthermore, your reputation will be in tatters as a plagiarist and you will find it very difficult to find an editor or a publisher. The ideas of intellectual property applied to books long before there was a software industry.

Re:Simply Answer

[zerocool^]

If I pay for something you spend 400 hours writing, I want the source to that as well. The source is part of the product.


This is completely wrong, and I hope everyone realizes this.

If you pay for a program, you pay for the binary. You now own a program that will perform to the specified dimensions. You do NOT own the source. Presumably, you would want the source to make modifications to it. Well, depending on the licence that the program is released with, too bad. You may not get to tinker with the source. Not everything is GPL'd, and for a good reason, folks.

Like the other reply to this post, if you want to see the source, come talk to me, we'll sign a non-disclosure agreement, and then we can negotiate a price for a source licence.

Think security software - say, your intranet system. You don't want your customers to have the source to that, because 1.) they probably wouldn't know what to do with it, 2.) it might fall into the wrong hands, or 3.) if they do manage to muck through it and change things, and somehow make their secure data hackable, there's a liability issue.

There are only two other reasons you would want the source - to steal the program or to just sit and stare at it.

With a binary, or a CD, or whatever, you can add copy protection. Source code is just text. Cut, Copy, Paste, Compile. Now your friend has a working copy of a program he didn't pay for.

No, the grandparent is right. If someone spends months developing an application, they shouldn't have to release their source code. I can't think of a better way to shoot yourself in the foot.

Think the airplane business. When you buy a 757, you don't get the blueprints for the wing. That's a trade secret.

Note to new slashdot readers: This is typical thinking on slashdot. I want EVERYTHING for free. If it's not free, it's wrong. I want the source code to everything, because I feel that I could do a better job writing this software by mucking it up. What they mean is that they want to steal it if it isn't free. Don't fall into this trap. Some software should be closed source, and some people have to put food on the table.

Re:Simply Answer

[DaGrilling]

>Nobody is asking you to give away the source code for free, but to include it with the binary.

So you think that Microsoft should include the source code to Windows if you pay them 100 bucks?

>If I pay for something you spend 400 hours writing, I want the source to that as well.
>The source is part of the product

Well sure, if it's contract work and you pay for the 400 hours. But if you pay 30 bucks for the product you haven't payed to get 400 hours work, but the right to use it.

What you suggest wouldn't feasible in the real world. But if you really want the sourcecode to the products you buy/use, use opensource or something. It's your own choice.

My 0.02
Robert

Re:Simply Answer

[SirSlud]

exactly, so why do you need to protect the source to protect your IP? the laws protect your IP .. just cause the code is in the open doesn't mean you can strip & use the code.

The GPL has been used to catch stealers of code who don't follow the license its provided in. Most big companies have way more lawyers, so they'd be able to defend their IP even more successfully.

Re:Simply Answer

[SirSlud]

> If I right good code it will be commented, modular, well designed and generally perfectly well suited for being stripped and used in your projects for free..

Oh, come off it. Ask scientists how far along science would be if some guy who spent 100 hours discovering something didn't make his methods available and reproducable to the public at large.

Thats nothing but a greedy argument. Nobody is saying you should be forced to give away your code for free. You just cant profit off of it without 'giving back'. Look at patents .. you are granted legal protection for publishing your methods. Same applies to code; the copyright is yours when you create the work, and folks stealing your code can be punished. But the act of providing your source code (with the stipulation that it cannot be redistributed, thats AOK) to paying customers is not going to bankrupt you for the very reasons that:

a) you cant get/use the source without paying you (like a patent)
b) you can still seek legal resourse if you spot somebody profiting off of your work.

I'm sick of this argument, because we've concluded time and time again (via patents, copyright expiration) that if you want to profit off of an idea or hard work, you cannot 'repay' mankind by just selling the product .. you also have to set your innovations into the wild so long as you can keep earning enough to keep you earning.

Re:Simply Answer

[russianspy]

I want your source so that I can see if your code is worth the money I paid for it. A really bad code will be easily visible in most cases. Functions that are pages and pages of code for no good reason. Have you ever seen an 8 thousand lines case statement in C? I have. Bad naming conventions etc. If I see that your code is consistently bad, I'll just stop buying it.
Would you buy a car that has rust all over the body? Even if it runs well (for the moment) and has great acceleration? I would not.

Re:Simply Answer

If you pay for a program, you pay for the binary.

That's exactly the article's point. He's saying that should change.

When you buy a 757, you don't get the blueprints for the wing.

An airplane wing isn't copyrighted.

This is typical thinking on slashdot. I want EVERYTHING for free.

Who said anything about free? All the original article said is that if you pay $99 for some piece of software, you should get the source with the package. The source would still be protected by copyright just like the binaries, so you could look at it and modify it for your own use, but you couldn't distribute it.

If anyone is getting something for free here, it's software companies. Copyright is a bargain, not an entitlement, and it should guarantee that the public can create derivative works when the copyright expires. In the case of software, that means the public should have access to the software in a form suitable for modification and study. Now you can argue for practical reasons that the source should be held until the copyright expires, but you can not justify letting it simply fall into oblivion.

Re:Simply Answer

[BHearsum]

You now own a program that will perform to the specified dimensions.

Am I not allowed to modify my car? Or my computer case? Can I not add a light to my house just because it wasn't originally designed that way?

Re:Simply Answer

[Bytenik]

If you pay for a program, you pay for the binary. You now own a program that will perform to the specified dimensions. You do NOT own the source.

In fact, with many EULAs, you do not even OWN the binary. You simply own the right to USE the binary for a prescribed period of time. Sometimes this right is granted "in perpetuity", so it is, in effect, similar to ownership.

Re:Simply Answer

[LostCluster]

The problem is, if you were required to provide the source free with purchase of the binaires, the cost of the package will go up. Knowledge is worth money, so when you're forced to show people how you did everything you did, eventually some people who weren't able to competete with you before will learn how to do the same thing. You'd have to charge a higher price to get the same profit, because you'll get less sales.

So, people who have no need or use for the source will end up having to pay more to get something they don't want. There's a turkey of an idea.

Re:Simply Answer

[mangu]

good code it will be commented, modular, well designed and generally perfectly well suited for being stripped and used in your projects for free.

Exactly like good stories. But you don't see anyone stripping a chapter or a few paragraphs from Tom Clancy and using it in their own books, do you?

On the other hand, good software isn't just a matter of getting a line here or there right, good software needs a whole structure that's well done. Algorithms, tips and tricks, which are all you can get from copying parts of a program, can be gotten from books or public domain software. What makes commercial software valuable is the coordination of a large team that is needed to interlock the many functions in a large system. You cannot copy just a part of that, you must take all of it, which would be an obvious copyright violation.

Re:Simply Answer

The knowledge you describe is worth money today only because a technical quirk in the way software is constructed allows it to be artificially made scarce. Other types of copyright works essentially are their own source code. Take books for example. When I buy a book, I can study an author's writing style, word usage, characterization, whatever. I can even use this knowledge as inspiration for my own story. As long as I avoid directly copying the author's work, I'm fine as far as copyright law is concerned. All this is true today and books are doing just fine financially.

Also keep in mind that by making it a uniform requirement for copyright protection, no one has an advantage over another and no one can "steal" another's code without it being quickly found out.

Re:Simply Answer

[mangu]

when you're forced to show people how you did everything you did, eventually some people who weren't able to competete with you before will learn how to do the same thing.

There's only one condition where this is true: when you have proprietary binary formats for files. Other than that, the methods and algorithms used by commercial software companies are widely available in books and training manuals.

Re:Simply Answer

[jsegall]

Think the airplane business. When you buy a 757, you don't get the blueprints for the wing. That's a trade secret.

Bad analogy. When you buy an airplane you have a reasonable expectation that it won't break, or that if it does, it's the manufacturer's fault and they are liable.

If I buy a piece of software, I should have reasonable recourse to fix problems with it. Other than filing a bug report to a corporation that isn't liable and probably won't listen to me.

Including source code could be a solution to the problem, but doesn't have to be. A corporation should provide some means for fixing problems. This could be a highly dedicated customer support staff, but it could also be access to source code. If depends on where they want to spend their money.

Re:Simply Answer

[SirSlud]

> Why would I pay attention to your idealistic flights of fancy when there are thousands who have no intention of rewarding my "good" (and naive) nature by stealing my ideas?

Mostly because the benifit everyone receives from everybody sharing (but still legally protecting their ideas for a limited time a la royalty fee) their inventions outweighs the 'lost revenue opportunity' of those folks who dont repay you for your work.

See: Music. See: Science. See: Photocopiers. See: Radio. See ... well, just see. There is an intrinsic benifit to society from freeing up ideas; you dont have to free them for free .. just let them be free and dont worry about the 'grey market runoff' that so groundlessly scares so many capitalists.

Believe you me, I am not naive. I'm a cynic .. pretty much because of the fearmongering people dredge up when your talking about market dynamics and how intellectual content in new technologies interact with markets. People always get scared. People wait until their hand is bleeding before they realize they can unclench their hand without dying.

Re:Simply Answer

Presumably, you would want the source to make modifications to it. Well, depending on the licence that the program is released with, too bad. You may not get to tinker with the source. Not everything is GPL'd, and for a good reason, folks.

First off, noone ever said all the code needs to be GPL. Noone is asking for the code to be released under a license that permits unlimited distribution. Your assumption that the desire for source code is simply a desire to get something for nothing is moronic. The desire is for power over what you purchase, the same power as you have with buying a car and opening the hood.

Second, why shouldn't the end user be able to modify their software to suit their needs? Lets say a bug is found. I could report the bug and wait for said company to fix it, generally in an uber-patch or I could fix it myself. With the former, you are stuck with said bug until the company decides to fix it. Do we really want to wait until SP1? What if said bug is a security risk?

With a binary, or a CD, or whatever, you can add copy protection. Source code is just text. Cut, Copy, Paste, Compile. Now your friend has a working copy of a program he didn't pay for.

Another misguided statement. No copy protection works. Hardware keys can be beaten. Keyservers can be faked. Copying binaries is just as easy as copying source. In fact, if you had the binaries and source and decided to give them to a friend, why would you bother sending them many many CD's worth of text instead of the much smaller, much more useful binaries? Remember, source code for various games has wound up on the net, as have binary game alphas/betas. Tell me which one gets copied more rampantly.

Finally, how is releasing the source a shot to the foot? You still have to PAY for the source, the source is still protected under copyright. Regardless of what you want to believe, it is possible to know if your source is being used in an app you do not have the source for. Many times it has been shown that GPL code is in commercial apps in violation of the license it was released under, it would be no different with the source you release with your binaries.

Think security software - say, your intranet system. You don't want your customers to have the source to that, because 1.) they probably wouldn't know what to do with it, 2.) it might fall into the wrong hands, or 3.) if they do manage to muck through it and change things, and somehow make their secure data hackable, there's a liability issue.

To #1, your customers would probably not care for it until they needed it.

To #2, if the 'wrong hands' are people interested in exploting your system then you should be flogged for creating a system that depends on its code being closed for its security. There are many programs that are considered quite secure that the source is viewable with. Also, remember that the source and 'secret data' such as passwords, etc are seperate and if said secret data falls into the 'wrong hands' then you have more problems than you can possibly know.

To #3, if I open the hood of my car and drain the coolant, it is not Ford's fault when my block catches fire. If you change it, the changes are yours and liability is too.

There are only two other reasons you would want the source - to steal the program or to just sit and stare at it

If I want to steal the program, the source is not going to help me, I'll just fucking steal it thank you very much. Source code, to those people who can grok it, understand it and use it is invaluable. Small fixes to a program's behavior, the ability to tie a glue language into a product without any such previous bindings, the ability to audit, all of these are things that the source provides. None of them has a thing to do with stealing.

With disclosing trade secrets often comes NDA's and lawyers. There's no reason this shouldn't be a part of the source code disclosure. Your inherent assumption that it's just some GPL hippies after free code is insulting and the fact that your post was Score:4 at the time of this reply only makes me further disgusted at the quality of moderation around here.

Re:Simply Answer

[Anarchofascist]

If I spend 400 hours writing code for something I want to sell, I'm not gonna give it away. I'm sorry

You're not giving it away, you're selling it. You're selling source code availability as an added extra. It's an added feature that a certain class of consumers will see as a bonus. You can charge more for a product with included source code, with no extra effort on your part.

How often do we have to say "free as in freedom" before people understand? Just because it's software libre does not mean that you can't charge money for it! It's not free as in beer!

The message is clearly not getting through. Let me try again.

You can charge for free software. You can offer the source code, with a price tag attached to it. I can charge you for the source to a software product. You can sell free software. You can license the source code in whatever way you wish, and charge people for the use of the software. A product with source code can be more expensive than a similar product with no source code, because the source code adds value to the product. Programs with source code can be sold to people. Software's value to the customer is improved by having the source code available, and you can charge for this added value. People are willing to pay more money to get your software if the source is included. The cost of software production does not go up, and the price goes up, when the source is included, increasing your profit margin.

Re:Simply Answer

[slayer99]

"If you pay for a program, you pay for the binary"

Wrong. In most cases, you pay for the right to use the binary.

Re:Simply Answer

[SirSlud]

> these Slashbots actually think they can justify pirated MP3s

Exactly. Yes, and the mainstream music industry has been destroyed because you _can_ copy mp3s. (Sarcasm, of course.)

Just like how programmers will be destroyed because you _could_ copy their source. (Although I'm sure *you* would never steal anybody elses code .. hehe, too bad such an assertion would run counter to your fears of everybody else (oops, sorry, *but you*) stealing your work.)

Its not naive. I'm just not willing to fuck our scientific gene pool and knowledge base for self gain. Its that simple. You take the selfish position, I take the selfless. Because yes, people will abuse welfare, but I'm not prepared to fuck those who benifit legitimately from it just because I'm too greedy to allow a small percentage of my wealth to fall into the hands of those who dont deserve it.

Thats what makes me a naive selfless (but ultimately employed, well paid person who gives away 'ip' all the time .. funny nobody yet has changed what they were doing in life just to focus on copying and selling my hard work) person and thats what makes you a world wary, selfish (and gullible) person.

The downfall of western culture (since were #1 now, we can know we wont be forever) will be because we refuse to deal with the rest of the world on *anything* but our own terms. ("Hey, we made this propserous land ... we deserve to ditacte the terms of our relationships!" goes the reasoning, right?)

Thats the exact attitude that lets the pressure build up longer and longer before the fault inevitably gives way. Have fun.

I just wanna know how we got from the Boston Tea Party, a revolt against tea makers who protected their position at all costs to increase their wealth, to today, where protecting your position at all costs to all people to increase your wealth is the very core of modern American values. The only reason you think a majority out there will willingly steal your ideas is because thats exactly the kind of paranoia and worldview that plays straight into the hands of those seeking to strengthen their position furthur (ie, the market leaders.)

This isn't a tin foil hat, its an appreication that history is just a pendulum; those who honestly think it progresses in a line are just the ones who get left behind when the self-correction mechanisms kick in.

Which isn't to say you'll suffer from your position. I'm sure you'll profit nicely. Just understand that your logic is completely self serving, and pray you dont end up in the way of a more 'fit' self server. Eshewing altruism (the act of giving without being garaunteed repaying) is a dangerous game to play unless youre willing to bet youll never be in a situation of need yourself.

Re:Simply Answer

[mangu]

So if I use well documented file formats, you won't care if I don't give you the source?

That's right. There are zillions of jpeg encoders around, I don't care to see the source for each of them, because I can get the jpeg standard any time I want. On the other hand, whenever someone reverse engineers things like ActiveX, and that binary format becomes widely known, they impose on the market a new proprietary monopolistic standard. If you have been following the acronyms, it started as DDE, then it was COM, huh, well, I can't remember right now, but I'm almost sure there was something else between DDE and COM, then it became ActiveX, now it's .NET, which I'm not quite sure if it's binary or text, I believe it's xml-like, but I don't care anymore, I've joined the Open Source side.

I certainly don't recall writing a book about the algorithms that set my software apart from the competition...

Do you care to elaborate what software is that? I've been following the software market for the last 25 years or so, and I don't remember ever seeing any software set apart from the competition by a secret algorithm. Sure, there have been products that gained market share from innovative algorithms -- Doom with it's binary space partitioning is an example that comes to my mind -- but those algorithms have been known to the research community long before any commercial product implemented them. Right now, I can't recall any single commercial software product that dominated the market thanks to a secret algorithm in the last quarter century. Is your company an exception? Can you prove that?

Re:Simply Answer

[nathanh]

Note to new slashdot readers: This is typical thinking on slashdot. I want EVERYTHING for free. If it's not free, it's wrong.

This is NOT "slashdot think". The reality is that there are 100s of 1000s of slashdot readers and they all have their own opinions. This isn't the borg and there isn't a consensus across all slashdot readers. I'd bet a huge percentage of the slashdot readers don't agree that all code should be open but you won't ever find out because you're too busy telling slashdot readers how stupid they are rather than listening to the diversity of their opinions.

Re:Simply Answer

[bigdavex]

Think security software - say, your intranet system. You don't want your customers to have the source to that, because 1.) they probably wouldn't know what to do with it, 2.) it might fall into the wrong hands, or . . .

You realize you're suggesting security through obscurity? Security software should not depend on a secret algorithm. Someone will find out eventually.

Re:Simply Answer

[zerocool^]

Also keep in mind that by making it a uniform requirement for copyright protection, no one has an advantage over another and no one can "steal" another's code without it being quickly found out.


Don't hide under the pretense of the protection of the law. If I write a wham-bam piece of software, and some big software company steals it, what recourse do I have? Sue them? With what time and money. Remember, I write software, my time is money. If they throw a team of $400/hr lawyers at me, and I have only myself to wade through the mountain of paperwork, then I'm farked.

Re:Simply Answer

[zerocool^]

You realize you're suggesting security through obscurity?

Yes.

Yes, I am suggesting security through obscurity.

Security software should not depend on a secret algorithm. Someone will find out eventually.

Yes, but with the source code, someone would be given a map. Without the source, someone would have to fly over and do their own reconnissance, have someone on the inside, and try a number of things.

Re:Simply Answer

[cpt+kangarooski]

The problem is however, you are being greedy.

I don't care if you don't want to release your source. That's fine. Enjoy.

But you have not earned a copyright on the binary in that case. Because the binary isn't as useful to the public (inclusive of all other developers) as the binary + source is. Or as a book, or a movie is.

Copyright was predicated on the assumption that all creative works would be as useful in their released form as a book, map, song, painting, etc. was back in 1789.

Software presently breaks that. Thus, because the public isn't benefitting as much as we expected to, we shouldn't be granting a copyright to you until you have earned it.

Re:Simply Answer

[cpt+kangarooski]

That actually IS ownership. EULAs are not worth the paper they're printed on. Don't assume that they actually mean anything in the vast majority of cases.

Re:Simply Answer

[sql*kitten]

There's only one condition where this is true: when you have proprietary binary formats for files. Other than that, the methods and algorithms used by commercial software companies are widely available in books and training manuals.


There is a big, big difference between learning and implementing a piece of code yourself and cutting and pasting from someone elses code. Not least is that you are getting the original author's testing and debugging time for free. As I said in another post, the value-add in software is the time taken to do it.

To reuse the car analogy, iron ore is just sitting their in the earth waiting to be dug up, but that doesn't mean that cars should be free.

Re:Simply Answer

[cpt+kangarooski]

Uh huh. Tell me how a license to use something in perpetuity, for a one-time, up-front payment differs in ANY way from a sale?

Courts are quite capable, and often do, look at the true nature of the transaction. Regardless of what the parties involved are calling it.

Re:Simply Answer

[cpt+kangarooski]

Selling software for a term of years clearly is not a license in perpetuity. I'm talking about Windows, or Photoshop. I have no problem with licensure that is distinguishable from a true sale -- provided that complete and disclosed copies are deposited so that when the copyright term expires the work can properly enter the public domain.

However, there are strong antitrust concerns in such a market as you describe, which should not be taken lightly.

Competitive advantage.

[IdleTime]

I really see several reasons why source code should NOT be shipped with a commercial product:

Support of user modified code is impossible

Competitors may take advantage of reading the source

It's "my money" that went into developing the source and "I" want to reap the benefits of "my" work

Bug handling would be a nightmare

There are several other reasons too. I'm not sure why all source has to be open source. Sometimes I feel that a lot of people just want a system to be Open SOurce just because it is The Right Thing (Tm), not because it would give them anything.

I have no problem with non-commercial software beeing open-sourced or even to a certain degree commercial software. But is it really necessary that ALL software is open source? I fail to see the need in all cases or the reason for it to be so.

Re:Competitive advantage.

[jmu1]

I'm sorry, but it sounds to me like you either didn't read the article, or you just don't comprehend.

He's gone back and made amendments stating that code that would be thought of as 'the money maker' could be removed from the distributed code, remove constants and the likes as well. This would produce code that you could, for the most part, audit(or have audited) rather well. Basically speaking, this isn't just about the right thing as you put it. It is about responsibility.

It's like the saying goes, if you lived in a glass house, you'd behave better.

Re:Competitive advantage.

[astar]

The company I work for, TOM Software, ships essentially all its code in source. The exception is some security copy protection stuff. So we end up with a three-tiered system: security, framework software without comments, and application code, with comments. We protect the framework software stuff with NDAs and copyrights that prohibit modification.

I do not know if we have a mission statement, but what money we make comes from the rapid development aspects of the software and the ease of customization of application code.

We sell through a network of dealers (you can be one) who usually deliver the source to the client. The client signs a NDA too.

People do manage to steal from us, and we do not like it, but it is not a day to day concern.

We do accounting software. The application code is called by the framework to do its business, like accept user input for a file maintenance design. The application code tends to be pretty much just business logic that is executed by our framework software. This probably all works for us because we use a third party language product that ties to the server.

So I conclude that shipping source *can* be a viable business model, even with proprietary software. But it is true that the user base is relunctant to upgrade, and this often is because of customization issues. So our new versions have to be pretty compelling to generate an upgrade.

Customization of application code is not otherwise a big problem for us. Usually, we can just talk our resellers through a customization bug. In some cases, we need a copy of the system.

This approach has a history back into the '70s. Application code and designs from that period can still be automatically converted to our current gui system. I think this history merits consideration.

A script kiddies dream?

[Keick]

Now imagine every script kiddie having the full source to W2K or XP, or heck even Office. Lets say, following the rules of the article, MS removes the 1% of intellectual property and replacing them with stub routine. There is still enough there to determine the weaknesses, and maybe even enough to create a new trusted OS that really isn't trusted?

I understand the benifit is to be able to determine the weaknesses and report them back, but as fast a MS is at getting patches out, this would become insane really quick.

Honestly, it would never fly.

[cybermace5]

If this was an industry requirement, you wouldn't have developers shipping tight, well-planned code.

You would have no developers and no applications. Technological progress has always centered on riding the bleeding edge, where the programmers themselves barely have a clue what the heck they're doing. If people knew how much of the stuff they use was designed under impossible time requirements by bleary-eyed schizophrenics, we'd still be riding in horse carriages.

Look at how today's technology compares to NASA. They sit and pore over every detail, examine and re-examine; approve and check. What are they using in the space shuttles? 386's for main computers still?

Requiring open code would put many companies out of business. A lot of customers have their own businesses depending on applications, and they don't care if the code is nice; they just want something that works most of the time and keeps their business running. That and a support contract keeps them happy, and the developers can gradually issue fixes to reduce the twinges of sloppy-code guilt.

Re:Honestly, it would never fly.

[sconeu]

\i{Look at how today's technology compares to NASA. They sit and pore over every detail, examine and re-examine; approve and check. What are they using in the space shuttles? 386's for main computers still?}

BZZZT! And thank you for playing. They don't use '386s because they spent so long checking the code.... They use 386s Because they've been proven reliable. They spend hours and months poring over the code, providing traceability and working on correctness because if they fuck up, people die.

You can't compare NASA to today's "Ship it now! If we ship an hour later we'll lose $1M" business world. Totally different set of requirements.

Re:Honestly, it would never fly.

[cybermace5]

Idiot.

That was my point. If you want massively checked and proven code, as would be required when baring the source for everyone to see, you pay the price of slowed development.

You can compare NASA to the business world. If the business world had to do it the way NASA does (yes they HAVE to do it that way), development would be slowed to the point of being financially unfeasible.

This is 100% stupid

[swissmonkey]

99% of the people absolutely don't care about the sources, why should they have to spend 20 more minutes downloading a bigger package if they absolutely don't care about it ?

Who do you think you are to require people to open their code ? If you don't like closed source software, don't buy it, it's as simple as that.

Authors also have a right to freedom, it's not only for the users.

Re:This is 100% stupid

[Night+Goat]

The downloads could be broken up into binaries and source code. Nobody's saying the public would be forced to get the source, the author's only saying that the companies would be required to make the source code available to people who bought the software. If it was shipped on a CD-ROM, it would be on the CD. If it was bought over the web, there'd be a link for the source code. No mega-zipfile.

Re:This is 100% stupid

[joyoflinux]

Hmmm. Good point -- it might be better if the company was required to provide the source, but not necessarily on the regular disc, as long as it was available on their website or on another CD.

Re:This is 100% stupid

[JohnnyCannuk]

Well, your average user won't want it...you're right.

So I suppose it shouldn't be part of the "download" or cd distribution.

But I do agree that the software should be "publicly" available for inspection. If the source to Windows or IE were available, people who would want to know such things could actually see all those security holes and exploits before they are "exploited". MS might not produce such shoddy software then.

Think of it as peer-review of code. Where I work, our code is always peer reviewed and heavily commented before it goes to a client, so some poor shlep can come along in 2 years (and it might even be the same shlep that originally wrote the code!) and change or maintain it. If your code is consistantly crappy, uncommented or uses poor practices and standards, you don't work here long.

The same should be true of major commercial software. I, or anyone else with the knowledge, time or desire, should be able to review the code to IE to see if all those security issues result from design or programming flaws. I can get the code as uneditable, uncopyable, unprintable PDF if "code stealing" is a concern.

Many of these programs get hacked, stolen or dissasembled now, without the source code available. Making source available will not make it worse. It could arguably make it easier to enforce "copyright"...It will be crystal clear who "borrowed" the BSD code and used it in their own commercial implementation of the TCP/IP stack ;)(etc).

Companies may want to have their own or "hired gun" experts inspect the code as a condition of purchase. Would you buy a house without having a home inspector go through it an tell you if the furnace was old, if the roof leaked or if the back porch was about to fall down? Buying commercial software for many medium to large companies is an investment on the same magnitude as buying a house is to individuals. Why shouldn't they have the same ability to protect themselves?

The only other way would be to make all existing EULA's null and void and hold software companies finacially liable for any "harm" caused by security breaches or bugs in their software...

Re:This is 100% stupid

[sql*kitten]

If the source to Windows or IE were available, people who would want to know such things could actually see all those security holes and exploits before they are "exploited".

I'm sure you believe this, but source code availability didn't stop people from exploiting security holes in bind and sendmail and sshd and so on (review bugtraq and CERT archives if you require convincing).

The problem is that everyone repeats the mantra that many eyes make all bugs shallow, but everyone also assumes that everyone else is doing it so doesn't bother. There's little evidence that open source software actually is any more secure than close source.

Re:This is 100% stupid

[JohnnyCannuk]

Well, those exploits were also fixed quickly becasue the source was available.

How many IE exploits are there right now that are either known and unpatched or just unknown to most people?

And since those exploits happened, if you were expert enough to know the coding problem that caused them, you could certainly recognize the same mistakes in the source code of another mail or shell implementation? But of course, you don't have the chance to even look in the source to Exchange etc to see if the mistakes were made there becasue you can't see the source....

If a company is going to shell out a few million for an enterprise mail system, they may not think much of spending another $20k or so and hire you to go over the source to make sure BEFORE they buy.

Maybe jsut sue them if something goes wrong. But then money goes to lawyers not developers ;)

Re:This is 100% stupid

[sean23007]

Opening the code does not force people to download it, it allows them to download it. It only takes 20 more minutes if the person wants to download 20 minutes of source.

Re:This is 100% stupid

[Slashamatic]

If I don't care about performance, I can download the latest binary package for Linux. It is fast and easy to deploy. If I do care, then I can grab a source package and rebuild for my system. As I don't own an Intel 386 anymore, it is fairly ceratin that the new binary will perform better.

I have to ask

[greechneb]

how many people really would look at the code anyway? Most people don't understand coding enough to make it worthwhile. The people that need to look at the coding probably already have access to it through their software contracts. It sounds like a good idea, but not many people really care to look at the source of their programs in real life (other than the slashdot crowd)

open source

[chunkwhite86]

While I think the _quality_ of the code, when released as open source will certainly improve; a corporation would not want the image of having sloppy code, I think this could be a bad idea in certain areas, particularly for propriatary military and defense department systems.

On the other hand, it could be a very Good Thing (tm) for those same systems because the Many Eyes concept would certainly "harden" the code. In the meantime however, more exploits and bugs would certainly be found, and DoD is not the type of establishment that wants to have known visible security flaws.

Where's the money?

[Flamesplash]

The problem with OSS is that there is no money in it.

Some have said that the money is in tech support / documentation, but that is just as bad.

If your product generates enough tech support revenues to support a large project then you simply wrote horrible software, and chances are if you did write horrible software it won't be used. It's a paradox, so it probably won't actually happen. And people aren't that stupid - I hope.

And if you charge people for documentation, then I simply call that bundling. You are paying for a bunch of documentation that just happens to come with some software.

The way to make companies produce good software is to stop buying crappy software. It's pretty simple. If people stop paying for expensive tickets to go to professional sports then guess what, they will lower the price. It's simple economics of backlog.

Re:Where's the money?

[TheAncientHacker]

Very simply, including the source code (or, for that matter open source) merely removes the economic incentives to pay technical people. The differentiators between products become how much they pay their marketing, sales, support, packaging, documentation and executive staff. The only one who gets screwed in the equation are programmers. Funny thing, I kind of feel that the work of the people actually inventing a product is actually worth more than the people piggybacking on top of it.

Re:Where's the money?

[Flamesplash]

2) Just because something is OSS doesn't mean you can't sell it -- read: copyright law.

True, but exactly how much Commercial software sold is OSS?

3) Just because something is free doesn't mean people won't buy it. You can download Red Hat for free. Red Hat as a company is profitable these days.

I don't think I agree. Their stock has gone from $150/share to $7/share in 3 years, and they have negative earnings projected. And again one of the things redhat banks on is that linux is obfuscated and people will need help. Also Redhat is not commercial software last I checked.

4) Many companies are based on solutions. Like the one I work for. Clients ask for custom programming, and we do it.

true, but I don't really consider that commercial software, and surely the client is not going to make the code they buy OSS to others. And I don't think that was what the article was targeted at either.

Re:Where's the money?

[TheAncientHacker]

Which at least steals from the marketing, sales and management people as much as from the techies.

Re:Exhibitionary Code

[nogoodmonkey]

I have been wanting the source for this wonderful program for years. ;-)

He kind of has a point - but not.

If we take source to mean the building materials of a program, everything else is open.

Words of a novel can be yanked off a page. You can order enough parts, individually, to make your own car rather than purchasing it from a dealership.

You can always order wood and build a desk yourself. Got enough heat? You can make your own wine glasses that are exactly the same as those ones off the shelf. Everything, in reality, is pretty much open.

There's a difference with code, though. If I write a program, a person with the source can compile it and use it without having any sort of skill. Whereas someone lacking skill can *not* write Lord of the Rings. They can't build a car for themselves that I'd wish to ride in. Their desk would likely fall apart. Their glasses would end with them receiving severe burns.

If you wish to compare source code to everything else that's open, then, by the Gods, compare it fairly - compare the compilers, the availible libraries, etc.

The tools and materials are there. The skill? The skill is why source is often closed, and in many cases, should be closed.

Re:He kind of has a point - but not.

[plierhead]

For some reason I'm left with the strong impression you're sitting at a wooden desk driking a glass of wine, with LOTR on your desk or bookshelf ??

Re:He kind of has a point - but not.

[Twylite]

You're comparing apples and !apples. The "source code" for a book would be the author's notes, including the plot outline, characters sketches, additional details about the settings, and so on. For music, getting the "source" would be access to the individual tracks (voice, lead guitar, drums, ...), a description of when and how effects are applied to them, and how they are mixed together.

How does this help piracy?

[Billly+Gates]

Believe it or not piracy is the reason why most apps remain closed source. If the code is freely available then its compilable and no the pay for support option does not work. China is evident of this. Since they do not pay for software, chinese bussinesses only pay for support and have their own IT shops to do that and not the vendor. If the vendor does not recieve financial compensation for support then they need to charge for there apps.

Re:He's right, in more ways than one

[AlgUSF]

No profit to be had in selling software? Tell that to MSFT!

Sorry, this is just wrong.

[rdmiller3]

No, bridges are not "open" in the sense that you seem to think they are. Looking at a bridge will give you a similar level of understanding of the engineering behind it as you'd get from a block of object code.

What kinds of steel were the supports and cables made of? What was the mix of the paving materials and how thick are their layers? Did the contractors skimp on the re-bar? How deep were the foundations sunk?

Just try to get this information about any big public bridge. They'll say, "We can't tell you for security reasons." ...just like certain software vendors we know.

-Rick

Re:Why open source software sucks

[Shamanin]

...and the closed source version of a car wouldn't work, but you can pay for support to give you the run around and try to convince you that YOU must be doing something wrong.

Good Code vs. Good Products

[Swanktastic]

If Raytheon, IBM, Microsoft, Oracle, and so forth are producing good software products (as they claim), let's see the code.

Is it possible to have good products without "good code?" Depending on the product, I think yes. Do great videogames necessarily have "good code" or whatever the author decides is good code? Maybe, maybe not. For games, the distinguishing factor is not as much the coding (ie fulfilling the designer's vision) as it is establishing a good vision.

YES, maybe it makes sense for security related products, but don't get greedy and claim that EVERY product needs to release its code.

Re:Good Code vs. Good Products

[plierhead]

Is it possible to have good products without "good code?" Depending on the product, I think yes

I agree with this. It is possible to write good software that has somewhat lousy code inside it. For exampe, an inefficient sort algorithm that is only used when a rarely-accessed administration screen is displayed. The code may be inelegant but practically speaking it does not matter and there is no reason for the vendor to be called up on it (which some smart-arse certainly would "ha ha Microsoft used the Breighton-Whirst Bubble sort when the Langer-Turston would have been 100 times faster ! What dipsticks !").

Much more important to quality of apps are "bigger picture" items such as schema designs for any RDBMS-based product (readily available now without the source code) or external interfaces (which, to use MS Word as the extreme example, it is made clear by the vendor that they do not intend to adopt any industry format nor to even be bound even by their own published formats).

Re:Walking on a bridge

[monadicIO]

Umm.. I'd disagree with the parallels you draw. For example, how do you find out the tensile strength of the metal, the thermal properties (how much it expands/contracts), the stress limits for the bridge? To give another example, how many cars engines could be easily inspected to get enough information for an educated analysis?

Another error in drawing similarity is that giving away code would beequivalent to giving away another bridge for free. (I'm myself not against that idea; I just think we cannot draw reasonable parallels).

Articles like these ones...

[Cap'n+Canuck]

belong in National Enquirer, along with pictures of two headed babies and Michael Jackson.

The article itself is just blatant flamebaited advertising. I fail to see how he addressed any of the points in his previous article (which I also thought was codswallop).

Did anyone ever see films of the Verrazano Narrows bridge collapse? There's an example of a bridge that looks fine on external viewing, (even by TRAINED experts), but doesn't work for real. Joe Average knows squat about bridges, and won't recognize a faulty design unless he's falling into the river with it.

As for the 1% of "real" code in a product - what a load! If your key code is buried deep in some subroutine, then how can you "remove" it from your product and still make it functional?

Feh!

Re:Articles like these ones...

[CaseyB]

Did anyone ever see films of the Verrazano Narrows bridge collapse?

No. When did that happen? Was it anything like when the Tacoma Narrows bridge collapsed?

Re:Articles like these ones...

[Cap'n+Canuck]

How do you spell it - "D'oh", "Doh", or "D'o"? I'm leaning towards the first one...

Although there is a Verrazano Narrows bridge, I was thinking about the one in the Pacific Northwest, but had a brain fart.

Re:Articles like these ones...

[CaseyB]

In fact, there isn't even a bridge with that name.

Was it too much damn trouble to do a simple Google search?

Re:Articles like these ones...

[Yunzil]

I've never seen a film about the Verrazano Narrows bridge collapse.. In fact, there isn't even a bridge with that name.

Really?

Re:Articles like these ones...

[binaryDigit]

Wouldn't expect less from a "Canuck" ;)

Re:Articles like these ones...

[Software]

If your key code is buried deep in some subroutine, then how can you "remove" it from your product and still make it functional?

The code would not be functional, as the article states: "Customers could even compile and link the source files, but the resulting executable would not operate in a meaningful way without the key routines".

And somewhat OT, but I was unaware the Verrazano Narrows fell down! What a mess that will cause for holiday traffic! Or did you mean the Tacoma Narrows? Your point on bridge design being non-obvious is noted, but software design is usually (or should usually be) easier to inspect, if you know what to look for. And Joe User doesn't have to know how to inspect it, but a software professional should. Well-designed software can still fall down under load testing or other types of tests, but good design is at least a good start.

Re:Articles like these ones...

[Cap'n+Canuck]

Sorry, but I had to respond.

The article seemed to say that anyone can do bridge inspections, because the bridges are there for everyone to see. In actual fact, not even a Civil Engineer can do a bridge inspection, because he needs to look at the design, the materials, the entire building process. He can inspect for signs of wear, but he has no idea whether or not the piers are firmly anchored.

The authour tried to make an analogy between bridges and software, and in my mind, he did not bridge that gap (*groan*). You mentioned that software design is usually (or should usually be) easier to inspect. I bring it back to who is supposed to be inspecting this available code. Which company does it? some Ralph Nader agency? Or, as the authour seems to suggest, anyone off the street? There are few people off the street that I would say can do the job.

Like Houses...

[tbonium]

To beat a dead horse - If we built houses like we build software, .....

When you buy a house, it is either pre-existing or soon-to-be-existing. In the case of the former, you can only know as much as the owner tells you, and the builder's reputation and the packaging. In the case of the latter, you can visit the site as often as you want (just don't be shocked if you see some beer cans sitting around).

I agree that most software sucks, but to say that you need to take the walls down to inspect the plumbing both trivializes a nontrivial problem, and tells one no-more-than 'next house on the list' inasmuch as they know what they are looking at.

Re:Like Houses...

[rdmiller3]

You wrote:

just don't be shocked if you see some beer cans sitting around [at a home construction site]

Beer cans would be pretty tame.

For those who are thinking about building, here's a clue: have one of those outdoor public toilets placed on the site, at least until the indoor commodes are working. That way the subcontractors won't be so likely to use your basement sump.

-Rick

Ability of users to judge code quality

[Ryu2]

For mass-market products like Windows, Office, etc, (ie, those where the users themselves are not computer science people), I'm sure 99% or so are absolutely unqualified to look at the source code and make informed decisions about code quality, so they'd have to trust some third party. And even if there is some software "Ralph Nader", how much influence it would have over those users who haven't got any idea of the importance of "good" code is doubtful.

Incidentally, the mass market products are those most likely to cause a security risk like worms or viruses, because of the very fact they are used so much by clueless folks.

I'm not saying it won't work, but it may not be as effective as it seems.

Re:Ability of users to judge code quality

[LostCluster]

When a white hat discovers a glitch first, the public is first told about it when a patch is available. When a black hat discovers a glitch first, the public is first told about it when an exploit is in the wild. Opening the source makes it easier for the white hats to do their thing, it also does the same for the black hats.

Right now, we're in an asymetric situation where there are more white hats looking at Linux because they can look at Linux but not at Windows, but there are more black hats trying to break Windows because those hacks are more vaulable because there are more Windows systems to use them against.

If Linux and Windows were to switch situations, Windows would get the secure reputation because less people would be trying to knock down the gate and therefore almost nobody would get through, and more people would be trying to knock down Linux's gate.

I really like the concept

[fredrikj]

Packing the source code along with commercial distributions of software is an excellent idea, and it's really a shame that it doesn't happen. It looks to me like the company would benefit the most from such a solution - for one thing, they could leave patch-making to the community and needs for support would possibly decrease.

GPL and things alike aren't the whole truth, either. If the source code is licenced such that it may only be modified in private and not get distributed, this will of course not promote OS, but it will be a great thing for the users, as they can fix bugs and add features for their needs.

As a fine example of OS commercial software, look at the editing communities for id Software's games. Granted, Doom, Quake and Quake II don't really have any great commercial value any more. Case is, though, that the release of these games' source codes have sported heaps of enhancements to the game engines and helped preserved the communities, resulting in a fantastic respect for John Carmack and id Software.

If a company can read the code...

[Mantrid]

If a company or customer has the resources to fully and properly analyze your code then why wouldn't they just use those resources to write their own software; fully customized and programmed for their needs?

Posterity

[kscd]

The biggest benefit I see to having it be open is history. We should establish an organization where people "check-in" the source of their commercially realesed product. That way, 20 years from now, when we desperately want to get at a document from said product, we might actually have a chance.
then again, by that point copyright will probably prevent us from looking at anything interesting...
-kscd

Hasn't stopped them so far

[burgburgburg]

The lack of MS source has not in any way slowed the discovery/exploitation of Windows flaws. But because the only peoples looking that intently at the poor design of MS products are a) the people who poorly designed them and b) the exploiters and the kiddies who use their tools, the vicious cycle continues. Opening the source code could allow others with a more positive inclination in to help fix the problems and point out the potential future points of trouble.

Re:Hasn't stopped them so far

[tshak]

The lack of MS source has not in any way slowed the discovery/exploitation of Windows flaws

This can not be said absolutely by anyone, one way or the other. It may be your opinion, but you then need to substantiate it.

OS Isn't always the best tool for the job

[tarpit]

As interesting as it would be to be able to see the source code behind such programs as Windows or Office or even ICQ, is it even that important?

Windows runs like ass, and therefore it's a pretty safe bet it wasn't coded very well. I don't need to see the source code to figure that one out. And quite frankly, even if it was coded badly, as long as it were to run well, I don't think most people would care anyway. Hell, it DOESN'T run all that well and a lot of people still don't care anyway.

The only nice thing would be maybe if the source were available a few people would be nice enough to fix it up or something. Other than that, it's not too important, except for anti-trust reasons, so we can get a decent .doc handling program that's free, for example. But even that can be effectively remedied without complete open source. Even a behemoth like Microsoft could be made much friendlier through some well placed stubs, open protocols, etc.

As for everything else, source code just isn't always the best idea, or even very necessary. The government or other high security needing people should have source code, and experienced hackers to audit it. That makes sense. But other than that, to have everything done ONE WAY is usually not the best idea. That's the beauty of being able to choose a license or just make your own up-- you can choose the best tool for the job.

Re:Exhibitionary Code

[sconeu]

Error 2: printf undefined.

You forgot "#include <stdio.h&gt"

The biggest, buggiest program ever

[surprise_audit]

Think Microsoft will ever provide all the source?

Yes, it's possible to get certain specific bits of the code after signing Non-Disclosure Agreements and/or handing over large amounts of money. Get the whole of Windows source? Nope. Understand it all in any reasonable amount or time? Nope. Get busted by Microsoft for using part of their code in an OSS project? Almost certainly, and if in the process of trying to prove you didn't, you have to show Microsoft your code, expect to see a competing product soon after.

Let's open it, but not really...???

[jerdenn]

This article is pretty confusing, actually. Chris Connell claims that vendors should "Open Source" for transparancy, but then obfucascate the code by adding or subtracting code to keep it from being truly functional. Well, there goes the end user's ability to compile and test the code, to debug the code, and to really be certain that what you've got in the binary version is the same as what was shipped via source distribution.

He goes on to suggest that vendors withhold crucial functions or methods, and 'stub' them out in the source code. Well, those are easily enough to reverse engineer from the binaries and the debugger, so that's no real solution from the vendor trying to protect IP. And it doesn't help the 'customer' at all, because your still stuck with not having the full tranparency that Open Source is supposed to provide.

I'm actually not pro- or anti- open source. I kinda sit on the fence on this issue (Though I do like the BSD style license). However, I think that Mr Connell is trying to stand on both sides of the fence at the same time. It doesn't really work.

-jerdenn

RTFA

[ryants]

You couldn't have read the article.

Support of user modified code is impossible

You don't support code, you support the binary you shipped.

Competitors may take advantage of reading the source

Only in the same way that Tom Clancey's competitors can take advantage of reading his books. The code is still under the full protection of copyright law, and since competitors would be required to disclose source as well, violations would easily be detected. Just like in the world of books.

It's "my money" that went into developing the source and "I" want to reap the benefits of "my" work

This proposal doesn't change that one bit.

Bug handling would be a nightmare

Er, wot?

I'm not sure why all source has to be open source.

That's not what this author is proposing. He is proposing the source be available for inspection, just like bridge blueprints are available for inspection, but they still can't be copied, because they are still copyrighted. To quote the original article:

Note that I am not advocating open source licensing for commercial software. This is an important point.

In short, RTFA.

Re:RTFA

[zerocool^]

That's not what this author is proposing. He is proposing the source be available for inspection, just like bridge blueprints are available for inspection, but they still can't be copied, because they are still copyrighted...

Not all blueprints are available. Bridges are (usually) public works. Try and get me the blueprints for the wing on a 747. What? Not available? I wonder why that is? Oh, *trade secret*.

Lawsuits don't solve everything. Yes, if everyone's code was open, you could spot similar pieces of code. But, come on, code plagarism isn't hard. Also, what if several people accidentally wrote the same code at roughly the same time and sued each other.

Plus, what about Johnny Gifted-teen in his basement. What happens when he writes a brilliant piece of code that MegaCorp snatches up and puts in their BigSoftware? Johnny sues them? With what resources? Do you know what it costs to sue a fortune 500 company? Hell, the government can't even do it successfully.

If all source is open but copyrighted, in theory it would all be a happy world. In practice, it's a simple way to screw the little guy and for the lawyers to make a mint.

Think before you kick in the automated slashdot responder, please.

Re:RTFA

[ryants]

Nothing would stop some idiot from making a mod, distributing it wildly, and then have every one calling *your* tech support for help.

Nothing but a little thing called "copyright law".

Wrong, wrong, wrong.

You completely missed the point of my analogy, and I don't think I can make it any simpler.

Hey, free engineering for a weekend of changing variable names and the odd alogrithm?

When I was a TA I wrote tools to catch cheaters like this. Very easy infringement case.

Re:RTFA

[Elladan]

You don't support code, you support the binary you shipped.

Nothing would stop some idiot from making a mod, distributing it wildly, and then have every one calling *your* tech support for help.

Nothing would stop some idiot from making a binary patch to your app *cough* crackers do this today to every app *cough* and distributing it wildly, and then have everyone calling your tech support for help. Your point?

Only in the same way that Tom Clancey's competitors can take advantage of reading his books.

Wrong, wrong, wrong. The only way I can take advantage of a Tom Clancy book is if I: A) Tear the cover off and try to sell it anway or B) Retype the whole damn thing from scratch Software is much easier to copy - a bit of compiling, and bingo - there you go.

Ever heard of a Xerox machine? A scanner? Having the source or not having the source has absolutely no effect of any kind or form whatsoever on the meaning of copyright.

And you're right, software is easy to copy. Exactly how is software in binary form harder to copy than in source form, again?

And since competitors would be required to disclose source as well, violations would easily be detected.

Hey, free engineering for a weekend of changing variable names and the odd alogrithm? Geez, thats too much for me to handle. I better give up this source code and pay somebody else for the binaries.

I see you've never taken a CSE class at a university. Software exists which will take two code bases, possibly with completely different names and formatting, and decompose them into structural parse trees and compare those for signs of copying.

It's a lot easier to do this if you have the source code, of course.

Re:RTFA

[LostCluster]

Only in the same way that Tom Clancey's competitors can take advantage of reading his books. The code is still under the full protection of copyright law, and since competitors would be required to disclose source as well, violations would easily be detected. Just like in the world of books.

If somebody lifts the plot of a Clancey book, and then rewrites it with different character names and different names for the setting, that's plagiarism. Now for the hard part: Prove it.

That's one problem the software industry would rather not have.

Re:RTFA

[jc42]

Bug handling would be a nightmare

Er, wot?

My reaction exactly. Some years ago (20 of them to be fairly precise) I worked in a place with a big IBM mainframe, and the engineering staff brought in Amdahl's UTS (a version of unix) to run on top of VM. When I asked the Amdahl people about source, their answer was "Oh, that's not an option; you get it whether you want it or not." The install tapes in fact included the source to everything.

A couple of weeks later I diagnosed some problems due to some incorrect configuring that our VM guy was doing, which UTS couldn't handle. A day later I had a fix, and I emailed it to the folks at Amdahl. They sent back a nice message of thanks, my patch was added to their source, and my name was added to their list of contributors.

This was exactly why they sent out the source to all their customers. True, not many could use it, but they really liked customers that had people on staff who could read the source and help them fix problems.

I worked on it a couple of years, during which time the question occasionally came up of whether they had any theft of the code. Their answer was "Not that we know of". They also added that they really wouldn't mind if a few of their improvements were to find their way into the general body of shared unix code. They thought that it was to everyone's advantage to have good code, and having pieces of code identified as coming from Amdahl could only be good advertising.

I have no idea whether they still have this policy. Considering how management attitudes have changed, they probably aren't doing this any more.

It might also interest some to hear that at that time, IBM also supplied a lot of source with their systems. I know the VM support guy had full source. I saw some of the CMS and MVS source, though I don't know if we had all of it. But there was a lot of IBM source available from IBM in the 70's and early 80's, and they seemed to do pretty well commercially.

Re:RTFA

[tshak]

Tom Clancy's book is the Binary, not the source code. The source code is his creative process, which is why after reading 10 TC books you still can't write like he can. However, you take the source code the dynamic occlusion culling from Doom3, you can have that great algorithm for your next gen game engine.

Re:RTFA

[ryants]

Now for the hard part: Prove it.

That problem already exists.

If somebody lifts the look and functionality of some closed-source app, and you suspect infringement, how do you prove it?

Have the source out there would actually make things easier, not harder. As a TA I had tools to check for "copy and replace variable names", all nicely automated and such.

In your book example, the proof is actually kind of easy... give a judge a copy of one book and a copy of the other, and point out all the similarities, demonstrating how to transform one work into the other with the appropriate substitutions. Simple.

Re:RTFA

[zerocool^]

Plus, what about Johnny Gifted-teen in his basement. What happens when he writes a brilliant piece of code that MegaCorp snatches up and puts in their BigSoftware? Johnny sues them? With what resources? Do you know what it costs to sue a fortune 500 company? Hell, the government can't even do it successfully.

You don't think that happens today with open source software?


Oh, i imagine it happens. I'm just suggesting that distributing all source code everywhere is not the answer to the problem. Knowing it is happening isn't necessacarily going to change the practice.

Re:He's right, in more ways than one

[nogoodmonkey]

To put it simply, there is no profit to be had in selling software anymore.

Please tell me you are joking. Microsoft makes a lot of money off of software. How about Adobe? Macromedia? Real Networks? Symantec? The hundreds of game companies? Should I keep going?

I believe that source code should be released when the product is out of support (the source for Windows 95 should be release, for example). To release the source for commerical applications with many users (Windows 2000, Windows XP, even antivirus software) would just be insane because of the amount of hacking that would take place.

I do contribute on a few open source projects, but I do not believe that everything should be opened just because a few of us write code that is opensource. What is the percentage of OSS coders compared to programmers that code closed source applications. Might be a good /. poll.

Constructive comments on the article

[GoofyBoy]

... I really don't have because its just so dumb.

1. How many people would understand/follow the code? How many people would even be able to find anything of interest?

2. If it is really of life/public safety/importance, then the big bucks would have paid for the code/testing/standards already.

3. Seeing code != perfect end product

You're joking

[Un+pobre+guey]

1) except for a few crucial algorithms Why open it up at all? Those are the parts the customer would want to inspect the most!

2) the resulting executable would not operate in a meaningful way without the key routines. Why bother? How would the customer test or debug it, or suggest extensions?

3) Shame on the designers; their indiscretion should be on display for all to see If you have the rare privilege of working in an organization that doesn't need it yesterday, is understaffed, and has to scale up very quickly, then I can see your point. The rest of us have to deal with a competitive marketplace.

I agree that open source has an important role to play in many types of commercial software, but this article is a trivial discussion of the problems involved.

escrow

[nettdata]

I'm the CTO of a software development company called Intellinger.

We're young, new on the block, and competing against some big fish in the performance monitoring space.

One of the biggest issues we have is trying to placate potential customers that are worried about us going out of business and leaving them with un-supported code.

To get around this, we've put copies of source code, with docs, build environments/scripts, etc., in escrow. This way, if we DO go down in flames, all registered license holders of our software are entitled to complete access to EVERYTHING required to support the software themselves.

This keeps our investors happy, our customers happy, and us, the developers, happy. There's NO WAY IN HELL that our investors, or me, for that matter, would condone or support making our entire product OS. We've spent a couple of years working on this thing, and we'd like to get some benefit out of it.

There is an infrastructure (that we call Brazil) that will probably be put into open source in about 6 months, but the customized/specialized modules that plug into it that we've developed will NOT be made OS.

Obviously, our position could change in the future, but for now, it's not an all or nothing proposition.

Re:escrow

[jerdenn]

Well, as far as escrow goes, apparently it isn't always everything it is cracked up to be:

Read what Bruce Perens has to say on the issue in another thread:

Escrow contracts are voided by bankruptcy

-jerdenn

Re:escrow

[nettdata]

Luckily, we're in Canada, so the rules are slightly different.

And, there ARE restrictions as to what the end-user is allowed to do with that code.

They can support/develop all they want for their own uses, but can't resell anything to do with it.

Both our and the customer's legal teams have gone over everything and are happy with it, so it seems to work.

Re:escrow

[nettdata]

Luckily, we're in Canada, so the rules are a little bit different.

See reply elsewhere in thread. :)

Re:escrow

[plierhead]

One of the biggest issues we have is trying to placate potential customers that are worried about us going out of business and leaving them with un-supported code.

To get around this, we've put copies of source code, with docs, build environments/scripts, etc., in escrow. This way, if we DO go down in flames, all registered license holders of our software are entitled to complete access to EVERYTHING required to support the software themselves.

We went through a similar discussion at my company with a very very large software company (OK, the largest) that licenses our Java technology. Their view was that escrow was no good for several reasons. One was that there was no guarantee that the escrow actually contained "everything". A true escrow service that guarantees this would have to do a complete build, and then release the result to the customer for them to check it is complete. Further, some skilled and independent authority would need to verify that the build was truly done from source and there were no binaries in it.

After considering these and other objections for a while, they did seem reasonable and escrow is not as simple as it looks to be.

Re:escrow

[Snork+Asaurus]

This doesn't only happen with small companies. Years ago, I worked for a Very Large company that had 60% of the world market in their particular field (no, not MS :-). We had a $150 million contract with a Very Large customer to provide systems that were critical to their business.

Despite the fact that we were very large, and insolvency was highly unlikely, part of the contractual requirement was to provide source code to be held in escrow along with the development tools, all build info, doc's etc. It was up to the customer to keep and maintain the host equipment on which to build (melange of VAX's, PC's and other development systems). At the end of the project, when all deliverables had been met, we were required to do builds with the customer from the stuff in escrow to verify that it could be built. The source code "container" (yes, a strong box) was then sealed.

The customer had no right to open the container for any reason other than insolvency of our company AND surviving that, no right to disclose, transfer or assign the source code or knowledge gained therefrom to any outside party AND no right to use it for any other purpose than the support or enhancement of their own systems. We reserved the perpetual right to inspect and audit the container with no prior notice. What was known and clearly understood then was that at the rate of technology obsolesce, the source code would have quickly diminishing value to any of our competitors.

It's an uneasy arrangement all around, but sometimes necessary and from the customer's perspective, understandable.

But what the article(s) suggest appears to be the unconditional provision of source code at the time of sale or release.

Re:escrow

[nettdata]

The other thing we have going for us is that the cost of the software is less than $10,000 so that means that it's not THAT big of a deal if support for it goes away. It's not like a company is likely to base their entire business around our product.

At the end of the day, escrow is reasonable risk management for the situation.

Non-trivial code for banks ALL has source

[crovira]

Apart from word processors, spread-sheets and other "untrusted" apps, banks and anybody else who spends upwards of six mil a year for development and maintenance, will damn well make sure that they get the code.

For some of their stuff on mainframes and PCs they HAVE to to comply with banking commission and/or SEC and/or government regulations. Its more than just a good idea, its the law.

They have to be able to TOTALLY reassure the auditors and inspectors that NOBODY is 'skimming' pennies from each transaction. When you're talking a trillion transactions a day, week, month or year, it adds up to big time fraud damn quickly.

You CAN'T do that with a "pig in a poke." They get the source code to keep the baddies who can shut 'em down from shutting 'em down.

It should be a requisite for copyrights

[mangu]

The need for copyrights comes from the necessity to protect something that's open for all to see, such as a book, for instance, or a music. Anyone with a trained ear can listen to a music and reproduce every detail of it.

However, for things that have other forms of protection, such as encrypted DVDs or executable source, there should be no copyrights, because, for such works, there's no guarantee at all that they will be available to the public when the copyright period expires.

Judgement of whether source is good?

[Shadow+Wrought]

I am not a programmer, and have minimal programming abilities, so this is an honest question out of ignorance.

What makes code good or bad?

Is it the resultant way in the program runs? Is it the effeciency of the code?

Finally, is it possible for two different programmers to look at the same source code and have strongly differing opinions about its quality, or is it a pretty much agreed upon criteria?

While I honestly do not think that an idea such as this will ever come to fruition, I cannot help but wonder at what the standard of judgement will be should it occur. If code is deemed to be good or bad based solely on subjective criteria, then I think the whole idea is doomed from the get go.

Re:Judgement of whether source is good?

[sql*kitten]

Finally, is it possible for two different programmers to look at the same source code and have strongly differing opinions about its quality, or is it a pretty much agreed upon criteria?

What matters is the elegance of the thought behind the code. Simply put, it is code that transforms its inputs into its outputs using the fewest possible number of operations, variables, etc, and correctly handles unusual or unexpected inputs without behaving unpredictably. Coincidentally elegant code tends to be easy to maintain and efficient to execute, but these two factors alone are insufficient to make a piece of code elegant.

If you are interested in this sort of thing, I recommend reading Knuth, generally reckoned to be the greatest authority on such things.

Re:Exhibitionary Code

[Shamanin]

Well, yes and no. If you compile it as straight C code (with a .c extension) it will work without the include (using gcc or cc). If you compile as C++ (with a .cc or .cpp extension) it will give the error you stated.

I agree on part of it

[aepervius]

If you pay for a tailored product , then you should get the source code. Point.

Now if this is a comercial distributed product , this is another kind of problem and what you said above apply.

Unique code

[sql*kitten]

In any large software system, the truly unique code probably accounts for about 1% of the source.

In an academic, Computer Science research sort of way, you're probably right. And there is a lot of common code in many applications, it's true - but that's what vendor-supplied and third party .so and .dll files are for.

The #1 cost in most software is time - to design, to code, to test and to document. That's what adds value. What you are saying is like saying that "houses should cost no more than the bricks they're made of, or that cars should cost no more than what the iron ore cost to mine. Hell, iron ore should be free, right, it's just sitting there in the ground waiting to be dug up!"

Here are the facts:

• Software costs money to write. Even open source software isn't written for free; everyone involved has a day job, and invests the money from that into the product. Even prominent figures such as Linus Torvalds (works for a chip designer) and Richard Stallman (funded by the MacArthur Foundation/MIT) don't pay their bills with open source.
  
• Software is a risky business. An organization can invest literally tens of millions of dollars in a software project, only to see it fail. This could be because it doesn't do what it's supposed to, or because too few customers buy it, but either way they don't get back what they invested.
  
• There needs to be a mechanism by which people who write software get paid - assuming that you want software to be written at all, of course. Further, there needs to be a means by which this cost can be spread amongst many people, so that commodity software can be written.
  
• Therefore, until the cost of food, housing, transport, energy etc tends to zero because these things can be reproduced at near-zero cost (not going to happen anytime soon) software must be a product like any other product.
  

People like you will continue to say that software should be free, and you'll keep coming up with ways to justify your belief. That's fine, because you're fighting the laws of economics, and they're just as implacable as the laws of thermodynamics.

Re:Unique code

[sql*kitten]

Marx's Kapital.

This economy is an unnatural mode of pseudo-slavery. It's rules and mechanics are entirely derivative. Stop regurgitating and start thinking.


How amusing. You do know that the Marxist economic system was a complete, abject and utter failure, don't you? That the people of the Soviet Empire, Cambodia, Cuba and North Korea live(d) in poverty?

I suggest you read some Ludwig von Mises, Adam Smith or Ayn Rand.

Re:Unique code

[sql*kitten]

"Abject Poverty" might be a good description at first glance, but take a look at the underlying quality of life, and how happy people are.

It would indeed be enlightening to visit an area of Cuba not under the control of the secret police and the communist party.

Makes you wonder

[Subcarrier]

They spend hours and months poring over the code, providing traceability and working on correctness because if they fuck up, people die.

I wonder if people expend the same effort on the embedded software that controls traffic lights. Seems to me that borking traffic lights are a lot more likely to kill large numbers of people.

This guy cracks me up

[DougJohnson]

If 1% of the source were to have the magic, then if that part is hidden, basically all you have left is gui and i/o. So What's the Point of releasing it?
Furthermore, this guy somehow thinks that removing the #define is an effective barrier to piracy? I think I heard of something called a symbol table at some point.... maybe that would help black-beard?
This guy is just trying to stir up shit so that he can make a mark. The only customers that would be dumb enough to hire him, are the same ones that would believe his inane ramblings.
Good luck Mr. Connell, if you ever have a good idea, feel free to share it.

Re:This guy cracks me up

[Wavicle]

Furthermore, this guy somehow thinks that removing the #define is an effective barrier to piracy? I think I heard of something called a symbol table at some point.... maybe that would help black-beard?

Symbol tables usually only include references to things you are setting memory aside for (variables and functions) - #define's would generally not show up. It's debugging information that is usually not included in a production build anyway. It would still be relatively easy to recover whatever the #define was anyway, regardless of the build.

Flawed argument.

[crandall]

The entire point of his article is flawed. It seems he wants to open source just so that people can point out the 'bad design' or 'coding gaffes'. Now, I write a lot of code in a day, some good, some bad, and probably even a bit brilliant, but if it gets the job done properly and well, nitpicking over 'bad design' is just that.

I'd imagine a lot of really great code is fugly as hell, and just because code is design well doesn't mean it will do its job well. The two are relatively independant, unless you like to take a holier than thou stance, which it appears this article is doing.

In Other news

[halo8]

In Other news today Molson and Labbat both changed long standing policies and decided to give away their recipes in every two-fer purchased

Canadian Geeks everywhere cheered Free.. as in Beer

Thinking along these lines

[joss]

I agree that something like this is needed. I could not think of a good name but something like Community Source might work. I had even started writing a proposal for it with a view towards creating a site to extoll the idea....

The benefits of Open Source or Free software to its users are undeniable. If the software has a bug, or the software does not do something you want it to do, you can change it. There are many advantages, and they have been explained at length by various people. If you are going to be using software, you are definitely better off if you have access to the source code.

Trust

The fundamental difference between open source software and closed source software is the level of trust required. For a business to use closed source software, the level of trust required is enormous. It is not simply a question of whether the money spent purchasing the software is a good investment. The time invested using the software is far more significant. Almost inevitably your own business information becomes tied up in a format that is specific to the software you are using. In order to buy software from a closed source company, you have to take the following on trust:

• They have not left gaping security holes in the code.
• They will fix bugs in a timely manner.
• They will eventually add the features you want.
• They are not using your computing resources to do things which are not in your interest.
• They will not increase the price unreasonably once you depend on them.
• They will not go bust.

In fact, when you consider all the things that people are expected to take on trust when they purchase closed source software, it is amazing that anybody ever does so. The truth of the matter is that very few organisations properly considered these factors before they bought the software. They bought the software because they needed it and although there are terrible dangers involved in relying on closed source software, there is often no alternative. Companies and other organisations are only just starting to wake up to the dangers of closed source software.

Business Models Having access to the source code makes good sense to the users. However the business case for the software vendor is far less convincing. In fact, the dangers of closed source from the user's perspective can be considered opportunities from the vendor's perspective.

The open source foundation proposes "4 ways to win" which is reproduced here: Four Ways To Win

Now for a higher-level, investor's point of view. There are at least four known business models for making money with open source:

1. Support Sellers (otherwise known as "Give Away the Recipe, Open A Restaurant"): In this model, you (effectively) give away the software product, but sell distribution, branding, and after-sale service. This is what (for example) Red Hat does.
2. Loss Leader: In this model, you give away open-source as a loss-leader and market positioner for closed software. This is what Netscape is doing.
3. Widget Frosting : In this model, a hardware company (for which software is a necessary adjunct but strictly a cost rather than profit center) goes open-source in order to get better drivers and interface tools cheaper. Silicon Graphics, for example, supports and ships Samba.
4. Accessorizing: Selling accessories books, compatible hardware, complete systems with open-source software pre-installed. It's easy to trivialize this (open-source T-shirts, coffee mugs, Linux penguin dolls) but at least the books and hardware underly some clear successes: O'Reilly Associates, SSC, and VA Research are among them.

In fact, the number of companies that have had success with any of these models is miniscule. This is hardly surprising, they are simply not very good business models for software companies.

Taking each in turn... Selling Support The better documented and more reliable the product is, the less support it needs. A business model where the more perfect your product, the less money you can make has got something fundamentally wrong with it. Loss Leader The very fact that this can be advanced as a viable business model for OpenSource shows desperation. What it comes down to is an admission that the best way to make money from software is by selling it. Widget Frosting This makes perfect sense if you are a hardware company, or when the software is a side issue. However, its no use at all for a business whose main product is software. Accessorizing Selling accessories is fine, but there is no pressing need to actually develop the software when one is in the accessories business.

There are of course other business models for Open Source. For instance, the one adopted by the Perl foundation and several others is begging. This is not a business model that many companies would find appealing though.

The basic problem is that for a business whose primary function is to make software, then the primary reward has to come from selling the software. We need a business model that actually works and we have one, it's called capitalism. It works like this: make something that people want and sell it to them. This model works for software too, and there is no reason why this model cannot work even when source code is available. Closed source vendors are relying on something a little closer to the business model of a heroin pusher. It starts off like capitalism, but there is the added feature that the user gets addicted and has to carry on buying the same thing even if he does not really want to. The more he uses the same vendor, the more reliant he is upon it.

The Solution Community software is software where the vendor can be paid a fair price for the software he creates, but where the buyer does not end up in a similar position to a junkie.

Community Source is software that guarantees the following:

1. The right to see what the software is doing, ie access to unobfuscated source code.
2. The right to add enhancements.
3. The right to fix bugs.
4. The right to sell his enhancements to other companies. This does not mean the right to the sell software without the original vendor receiving any money. The buyer still needs a license from the original vendor, but he does not have to rely on a single vendor for upgrades and enhancements.
5. The right to buy enhanced versions from 3rd parties.

Together these provide a guarantee that the buyers investment in the software is protected. The benefit to the software vendor is that he can sell to larger companies without them being scared of buying from an outfit which might go bust or be unable to properly support them. It is better for the client than software escrow since the client knows that if the original vendor does not maintain the software well, then someone else can do so.

open source != more time/money to make it better

[sevenoftoine]

The assertion is that peer pressure will create better code. That indeed may cause some corners to get smoothed out, and some blatantly bad coding practices to get exposed. But fundamentally, it's not going to give the devlopers an extra three months, etc. to make it better! If a company has X dollars to put out a product, then you get whatever it is that X dollars will get you. Showing the code post-delivery will not have changed what you got in the first place. But back to the bridge: if there's only one bridge to cross, you're taking it, even if it's poorly built! But, if there is a choice of bridge to take, then the result is obvious.

I think it was wrong the first time, and I still..

[Midnight+Ryder]

Ok, I thought the first one was pretty off base and utopian in it's thinking, and I don't think this one-page update to the artice does anything to improve matters.

Now, before someone decides I'm an anti-Open Source type o' guy, forget it. I'm not - I use Mozilla (1. 2 - woohoo!) for my browsing and mail, and Open Office as a most-of-the-time replacement for MS-Office (*SIGH* I still have office loaded for a few oddball things OpenOffice doesn't do right.) I've got a nice firewall (linux) and fileserver (linux) all running open source operating systems.

So, consider that before markin' it as troll when I say... Oh, PUHHHLEEZ!

Look, makin' an application Open Source does not garantee quality. It does not reduce code bloat (in fact, I'm starting to believe that at it's core, the Open Source way of doing things is starting to increase code bloat. However, the really slick thing is bein' able to fix that on a personal level with a simple recompile most of the time! But, that's a totally different article to write...) It does not garantee an increase in quality - just because you can LOOK at a bridge's construction, do you fully inderstand the architect & engineer's design methodology? Would adding another bolt hole here and throwing a bolt through it increase or decrease stability of the bridge. You have to be a specialist in the field to truely understand (just being an engineer doesn't cut it - you need to understand BRIDGES before you work on a bridge :-)

Same applies to software engineering - while anyone could look at the source, and start hackin' at it, that does almost nothing for other people in the first place. You've got to redistribute the improvements, get it back into the source tree, and convince other people to re-compile before you do it. Most of the steps above require specialized knowladge of one form or another. (Before someone debates that point - no, not people don't understand how to run a compiler. I'm not talking about the /. crowd - we all know GCC or compiler of choice like the back of our hands. Or, for some, the palm of thier hands ;-)

But, even then, some of this stuff is way above 75% of the /. crowd's heads part of the time (picking an arbitrary number here) So what point was it in handing the source for a accounting system to someone who who is a systems administrator? Parts and bits of it make sense, but, without the background in accounting systems, there's parts of it that could cause more grief than it's worth for a simple change.

There's also somehow the impression that this would "change things". That somehow, because of magically having the source code available, this would make products better. Well, it's not going to increase the quality of the code from the original company who released it. And unless there's a clearing house for everyone to update thier application, what's the point? Overall quality doesn't improve, only single installations (or corporate installations where someone made the nessisary change and distributed it on the desktops - which to be honest, DOES indeed provide some promise to the concepts he presents in his article. Corporate licensing would be handy.)

Tech support becomes a nightmare too - "Oh, sir? You changed that bit of code? Sorry, can't help ya..." Let's face it, it's hard enough to support an application and all it's versions - it's hard to support it when someone can make a simple change. Add a public code repository to it, and man it just gets worse. Once the code is touched, there's no support anymore. (But, of course, if you know enough to mess with it, is it a downside? *SHRUG*)

Licensing would become an even deeper nightmare. If companies are putting horribly restricting EULA's on compiled products, imagine what they are going to want to do with the source? Sure, he talks about how to protect it with copyrights and excluding certain modules (more on that in a moment), but, companies aren't happy with copyright now, how will that improve with source code involved?

And of course, there's this interesting idea that you could just exclude some modules. Well, that does a couple of interesting things. 1, it defeats part of the purpose (but not all of it.) So there's still parts of the code that's buggy and unreleased. Whoo... what exactly did we fix there? 2, it would be an absolute Haven or Hell for Open Source developers. Companies would fall very quickly prey to people who simply replaced that core module, and suddenly have a working application - no need for the original developer anymore, just release a new open source core for the program. Open Source developers are going through a lot of effort to copy the current functionality of an application - if there was an even shorter route to gettin' the job done, someone would end up doin' it. Of course, given the paranoia level of some companies, Open Source developers could end up having to deal with ELUA's that prevent you from having looked at another company's source tree and writing your own. MS is already attempting this with a couple o' items. Why would the situation improve?

While it's an interesting set of thoughts, to me it comes down to a combination of personal choice, and company motivation. If you want the source code to an application, then choose your application wisely - use Open Office over MS Office. Linux over Windows. Etc. Almost anything out there has an Open Source equivalant (almost, not quite.) Use it.

As for companies - it's up to them to decide what resources become available to the end user, and under what license. If I can get one more feature out of Mozilla (contact synching with Windows CE... er.... PalmPC machines, not just PalmOS machines) I'll begin moving everyone in our offices to it - the combination of MS's licensing and features -vs- Mozilla's Licensing and features will make it a logical choice. Companies are now starting to have to take that sort of thing into account already - I'm not the only commercial developer out there deciding how much of my application (games, in particular) source I'm going to be providing to the end user. If Collaborative Source, Shared Source, Open Source, or model of choice where the user gets the source code, is truely of importance to end users, we'll see it happen. And the companies that didn't follow that path will have a hard time - adapt or die.

I personally choose to have applications that have the source available, as long as everything involved fits my needs. And, not including the "Everything should be free" crowd, I think that' show most users will have to make thier choice anyway.

Attacking the Problem from the wrong direction...

[trims]

The original article (and the subsequent followup) attempt to solve a problem using a desired tool, rather than looking for the right tool for the job. A lot like the old saying "If all you have is a hammer, everything starts to look like a nail."

The base problem that I think he's trying to solve here is that software quality is abysmal. That is, all commercial (and most free/open) software is riddled with bugs, many of which are well-known at ship time, but haven't been fixed.

Making source code available (whether as Open Source, Free Software, or a eyes-only copy-restricted) is orthagonal to this problem. yes, maybe, it could help. But that's incidental to the Free/Open software movement. And (as many people have pointed out), there are many problems with providing source with all programs, most of which are massive barriers to any help with quality of the software.

The fundamental flaw here is that commercial software's quality is the producer's responsibility, not the target audience's. In Free/Open software, the developers and audience have significant overlap, so it can be truly said that the audience can help quality. This is patently untrue for closed-source programs: the development community is very tightly controlled, and the user community has no real method of influencing quality (other than by not buying the product), even if provided with the source code.

So, this leaves us with the case of how to make the developer's produce better quality software. Fundamentally, we do this the EXACT SAME WAY all other industries insure minimal quality control: LEGISLATE IT. There are oft-quoted sayings about "if the car companies built cars like software companies build software..." and others to that effect. They all point a massive discrepency in the legal status of software: it doesn't play by any of the traditional product-liability and quality-control laws that every other product industry abides by. Yes, that will change the nature of the software industry: that's the point. And NO, it will not harm Free/Open software (as gifts - i.e. giving away something - are not coverd bty under the various product-liability laws)

You really want to fix the software quality problem? Require that software companies have a warranty of fitness. Require them to refund money for defective products (opened or not). Make them liable for damage caused by known defects. In short, treat them like anybody else. Software isn't special. It's time the software industry grew up.

See my previous post on why the software industry should quite being treated like a spoiled teenager.

The problem is real. The solution provided by the article is wrong. I'm right.

:-)

-Erik

No...

[Midnight+Ryder]

The source is part of the product.

Hm. I think you missed part of how the market works. The Product is definied by what they throw in. It's thier choice - if they throw in the source code, it's part of the product. If they don't throw in the source code, it's not part of the product. The end user does not determine the extent or limitations of a product, the producer of the product determines those things.

Now, the issue of if it SHOULD be part of the product - that's a different story. Putting it into the analogy of real-world products - What you want in this case is a set of blueprints, architectural drawings, etc. that went into producing the product. (Ok, VERY loose analogy - maybe what you want is the CNC code that went into running the machines that made the molds, and the automation code that went behind creating the product.)

On the flip side...

[blackwizard]

If everyone saw software vendors' design and coding, the vendors might stop shipping us such lousy programs.

An interesting idea, but:

• Software vendors need to be on time, on budget. Software contracts are often sold to the lowest bidder. With cramped schedules and tight budgets, some design shortcuts, kludges, and hacks are bound to make it into the final product. Good software costs a lot more money, and takes more time.
• Not everyone is a software engineer, and could tell you just by browsing the source code how well a program was designed. In fact, I think it would take an experienced software engineer, (and a lot of analysis effort) to figure this out. (Unless it's quite obvious -- admittedly, sometimes, it's quite obvious.)

That said, I agree that it would be great if more vendors shipped the source with your product. However, people just want software that works. They don't want to have to hire someone to fix the bugs in the software they bought that was supposed to 'just work' in the first place. Where it would be more useful to have the source is if you've got a system that has been around for a very long time, and it needs to be extended in some way -- especially if the original people who designed the system are not around any more. Anyway, I just wanted to point out the big 'might' in your statement.

Thousands of eyes (was Re:Won't benefit the users)

[binaryDigit]

The linux kernel, for example is a HUGE program. Much larger than many (most?) commercial products. It is constantly modified and dissected by thousands of interested users

OK, I hear this over and over, so I ask you, the average /. reader, how many of you have ever taken a look at the kernel source? How many have actually tried to understand any piece of the source (vs a casual browse)? Like the person said, there is a lot there, how much coverage does the "kernel" really get. Somehow I think that the "thousands of eyes" effect is quite overstated when it comes to OS, but I would be curious to see a show of hands and opinions.

Reverse engineering

[mangu]

If you have the source code, you aren't doing reverse engineering, you are doing derivative work.

What must be realized is that, with a decent debugger/decompiler, it's possible to reverse engineer executable applications without the source code. It has been done for ms-windows, by Andrew Schulman et.al. some ten years ago, when they published a series of books on windows and ms-dos internals.

It can be done for hardware too, there are methods for dissolving chips layer by layer to photograph the lay-out, from which a schematic diagram can be recovered. It may be even simpler, if off-the-shelf chips have been used. I was once given a circuit board from which the manufacturer had scraped the chip part numbers. After removing the chips and reading the printed circuit connections with a multimeter, I put each chip in a test jig. Without much effort, I found they were all 4000 series CMOS chips and easily found the part number for each. It took me less than a half day to reach the exact circuit schematic, which wasn't very orignal, nothing that a patent could be applied for.

He missed the most valid point

[geekoid]

He forgot:
"I don't want to show the source because we make a ton of money from crappy code and the maitaince fees we get for fixing our bugs."
You laugh, but I've heard statment very similiar.

Of course if people would stop paying companies to fix broken code.

We just bought some code, it had some bugs, the company wanted 200.00 an hour to fix bugs in there code. Outrages.

Intellectual Property

[argmanah]

I find the article somewhat lacking. The points from the other side which he addresses are ones which the open source movement has addressed from day 1.

Anyone who understands the open source movement already knows that peer review is superior to any internal QA process. Despite what the FUD claims, there is little question that the quality of open source software has been higher than that of closed sources software. I think the fact other people might see their software as "lousy" only accounts for a very small % of the reason why most software companies are not open source.

Intellectual property is a much bigger issue, one which the article's author failed to address properly. Right now, I may have no clue what the best way to design a piece of software to do some particular task. If some other vendor has already designed that piece of software and released the source, I might not understand the details of what exactly is going on, but it would not be too hard to get a high level understanding of how the software works.

From there, creating the better mousetrap becomes a much easier task. The design of the software is often as time consuming or more time consuming than the implementation.

Sure, if I used their work in the creation of mine, I have created a derivative work. However, copyright law is a very grey area. If I kept my work closed source, how could anyone prove that I didn't steal my design from their product? They could sue me, but it would be at great cost to them, and if enough of the implementation was changed, they may not even win.

Managing any company successfully is not a trivial task. Executive board meetings are not filled with people who want to create poor software and hide that fact from the consumer. However, when someone presents a concept that could a) help competitors get into their market and b) result in a huge loss in revenue (directly and indirectly), what do you expect them to do? If you were a developer at that company, what would you want?

Regardless of how good you are, there's always going to be someone better out there. Most companies are realistic and realize this. Why give them an edge on your company's business? Do you really want to be out on the street that bad?

It used to be that way...

[m11533]

Long ago in a galaxy far far away... ... it used to be that ALL software was distributed in source code form, and then built by the customer prior to installing and putting it into production. The industry would have left things that way were it not for the fact that we were increasingly running into a number of big problems not solvable in that model:

- Customers didn't follow directions, so they always were screwing up the build and/or install. These were very simple tasks back then, much simpler than they are today. And in theory customers were far more educated since they were the very few who could afford those multi-million dollar machines and the huge costs of the rooms and facilities they required. Somehow, though, they still were able to find ways to screw things up, and support organizations spent much of their time walking
customers through these processes.

This would be worse today given many software users have no clue how to program.

- Support was a total nightmare as you never knew what source code customers were using.This was because customers would choose which patches to apply, and would add their own, leaving each customer with a totally unique piece of software. When something went wrong in it, it was impossible to know what the code was supposed to be doing, and what it was doing wrong.

While this might not be quite as bad today, since we no longer must rely on "core dumps" to diagnose bugs, there still is the basic problem of being asked to diagnose problems when you really don't know WHAT source code that customer might be using.

- the intellectual property problem... there were plenty of lawyers back then, but there really is a big problem with investing lots of money to build something, a unique set of code, and then making it easy for people to lift it. A variety of methods to secure it while still distributing it to all customers were attempted as there was tremendous cost associated with changing from a source distribution technique to a binary distribution technique, but none ever worked. If anything, today there is far more sophistication on the cracking side, so it seems even more doubtful that it is possible to secure code from mis-use when its considered IP. And there ARE valid arguments against giving away all code.

SO...

There were good reasons the computer industry turned away from distributing their software in the form of source code. I don't think they have been addressed, and thus I am unconvinced the equation has changed.

sort of a rant

[3ryon]

It seems to me that the actual code behind a program isn't all that important. Sure, you might come up with a beautiful algorithm, but for most problems that a programmer deals with the most efficient algorithms have already been discovered...and published.

What's impressive to me is that someone saw a need and designed a program to solve the need. If anything should be patentable, it's the general solution. For example, the chair I design might be patentable, but the way I put the bolts and the nuts together is well understood.

No to take anything away from the programmers. It's not that putting everything together is easy. But, even if you write an elegant solution to a problem there are 500 other programmers who might very well have solved the problem in the same way you did.

IMHO the real challenge is finding the need.

I don't happen to agree. . .

[kfg]

at least in the whole, with the author's premise, although I do believe the background philosophy to be sound. There are certainly cases where it is not to the advantage of the code *producer* to open their code.

However, those that claim the availability of code is worthless to 99% of the users are missing a key point. It isn't important, per se, that certain code is available to *me.* It is of great importance, however, in certain cases, that source *be* available to all comers.

I've never hacked a kernel and have given the code nothing more than a cursory glance out of pure curiosity. However, I *personally* benifit from the code being openly available nonetheless.

The same goes for emacs and vi. I use both. I've never so much as glanced at the code for either, even out of curiostiy, but I *personally* benifit from all the people who *have* looked at the code and contributed. I benfit from the features they add, from the bugs they squash and the support they provide.

What's more it *is* a benifit just to know that if the projects are ever abandoned I *can* get the code myself and learn my way about it.

You may not fix your own car, may in fact be mechanically "all thumbs," and yet *you* derive great benifit from the fact the Chilton publishes freely available workshop manuals.

Open Source is just such a workshop manual and its availability always benifits the greater populace of users.

The code producer is another story.

KFG

The money's not in closed source either...

[EvilTwinSkippy]

Judging by the dessicated remains of the software industry, I would like to pose the question back: Where is the money? The money is in licenses, exclusive arrangements, and monopolistic tendencies. I am a big fan of Fractal Poser. Only, Fractal was bought out by Metacreations, who spun the product off to ... who is it this week ... Curious Labs. Look at the canibalization of the game industry.

Hell Evian sells water in bottles. We all know the flipping chemical formula. Hell, it comes out of the taps in most of the industrialized world. What they are actually selling is the packaging.

THAT is where the money is.

Re:The money's not in closed source either...

[Flamesplash]

The money is in licenses, exclusive arrangements, and monopolistic tendencies.

The money is from licensing, the other two are ways of making people buy your licenses. And what is wrong with licensing per sey? If you like the product and want updates you pay the maintenance fee, if you don't you move on. Hopefully you are smart enough to only license a product after doing an evaluation of it. I know of very few companies that don't offer and eval version of their product.

Whether it's licensing fees or begging for donations, the people that write the software want people to pay them. One group gaurantees the money, the other doesn't. Are you a risky business person or do you like hard numbers to report at the end of the year?

I don't think OSS is bad. I like it, I just don't really think there is hard money in it. And this is mainly due to the end users. Why would you pay for something you don't have to? I'm sure we all have something better to do with the money an OSS dev wants us to donate.

What they are actually selling is the packaging.

Actually Evian is selling the mentality that the person is drinking safer water. Though this claim is largely different for everyone. Some people have very good tap water, others do not. Likewise some bottle water sources are good and others are not. It's mainly piece of mind for some people, which is objectively important.

Where's DRM when we need it?

[LostCluster]

As much as I hate DRM as a user-limiting technology, when it comes to programming code, you at least need something.

If your source was Open-yet-Copyrighted, the law of the land is on your side to protect you, but the laws of physics are not.

What if somebody was to take the critical for loop from your program, change the variable names, and then release it as their own. That's a definite copyright violation if you can prove that it happened that way, but if the other guy's claiming otherwise, it's gonna be one hell of a lawsuit.

Why?!

[Vinnie_333]

So, you want them to ship MILLIONS of lines of code so you can glance over it and say, "Oh, right here. I would have done that with a nested while loop," thereby making your assertation that the program is a lousy piece of crap regardless of how it works!

Maybe the performance of the software might have something to do with how you rate it. I'm not against making software open source, but I can't honestly say that I've heard any argument for it that made any sense. Do you also want a complete parts lists and break down of the engine theory for your car?

I assure you that NO ONE has seen ALL the source code for Excel or Word (or any other of the "too big for our own good" line of MS products).

I think this is foolish

[iamdrscience]

Freedom is a sloping mountain and everybody wants to get to the summit, forcing all software to be open would be climbing up over the top and then starting down the other side. Nobody should have their creations FORCED away from them, it's THEIR creation, so THEY should get to deside how to distribute it to people. Ideally all people/companies would open their software, but that doesn't mean that they shouldn't have the right to refuse to open it.

Richard Stallman has talked about how all software should be open and that's always been where I start to disagree with him. Again, I agree that it would be beneficial to the world if all software were open, but I still think that people should be given the right to choose whether or not they want release it as "open".

Oh well, it's not something I really need to take a whole lot of time thinking about and defending against because it's really an unpassable law (and pretty unenforcable too). Just think about it, it'd be about as unenforcable as anti-piracy laws ;-)

The article is confusing and appears contradictory

[Nailer]

Saying "All source should be Open" implies he means Open Source. He doesn't - he just means the source code should be available. See later in the original article when he tells readers to "Note that I am not advocating open source licensing for commercial software. ".

Re:Attacking the Problem from the wrong direction.

[NineNine]

You're exactly right. When I buy a piece of software, it should work, period. I shouldn't have to look at source code at all, just like I don't have to ask Honda who makes their starters, and in turn as the starter manufacturer who they buy their windings from, and check out the winding manufacturers, and check the quality of the copper. That's bullshit. Software should be warrantied, and if it doesn't work as sold, it's fraud. Period. Software license agreements that say "we don't warranty this product" need to be challeneged in court because they are simply illegal. Just like those truck on the highway that say "we aren't responsible for damaged windshields". That's bullshit. They're carrying gravel, it's uncovered, gravel flies out and hits your car, they're liable, regardless of what the back of the truck says.

We need to see some civil cases in which software companies are challeneged based on nonperformance of their products. It's not my responsibility to check the source code. My responsibility ends when I pay someone for the product. Period. I don't want to see the source code. I want the product to work.

How do you know?

[mindstrm]

What are you comparing against? How do you know it hasn't slowed it, the source has never been available.

It's fair and reasonable to assume that if everyone had the windows source, a great many more flaws would be found, quickly. It's a thousand times easier to find buffer overflows when you can analyze the source than it is without it.

Why the book analogy fails

[TeknoHog]

The text of a novel is not directly comparable to the source code of a program. As an amateur writer I know there can be a lot of detailed planning ("blueprints") behind a story or an article. Those plans are not usually meant to be public. It is often desirable to leave some things undisclosed and let the readers draw their own conclusions.

On the contrary, software should have no secrets, trapdoors or hidden features (excluding games). An operating system should not be like a conspiracy novel. Even if the source were not 100% open, the system should be fully documented. Of course the source is the best possible documentation you can have, in terms of not lying or hiding.

Why not?

[russianspy]

I do not see why source cannot be an integral part of the product. Yes, I am a developer. Yes I do want to be paid.
Let's look at the problems described in the article:

1. Piracy.
How is having the source making it easier to pirate things? People have been swapping microsoft binaries for ages. It is actually easier to just copy the installation disk (whether floppy or cd) than to recompile the program from sources.

2.Copyright laws.
Wouldn't it make it actually easier to check if people conform to copyright laws? If I release all of my source code and you are required (by the marketplace perhaps, not as a law) to do the same than it is quite easy to see if you copied some stuff of of me. How many people have wandered whether Microsoft has copied some code from GPL licensed programs (I doubt it personally). How many have the opportunity to CHECK if they have?

3. National Security.
I do not have a lot of confidence in a nation that bases its security on the ability to sweep them under the rug. The idea is to avoid having those problems in the first place! Maybe if this practice became accepted we would not have destroyers being run on windows.

4. Safety-critical applications.
Even if there is little to gain from having this code available to the users - not having it is worse. What are you trying to hide? If this is a safety-critical application then the answer should be "nothing, have a look".

Nobody is asking to release the source code without compensation. It's just that the source becomes part of the application. IF most people will not use it - then fine. What are you worried about? Is your code really that bad that you could not write good code if forced to?

It does happen.

[mindstrm]

It happens in cases where the source is part of the product.

Giving away source is adding value to a product; you not only get the product itself, but the ability to completely modify it to your own needs however you want.

Many companies WILL give you source, for a price, and a contract to protect them.

Some products DO include source, where it makes sense.. my favorite example being Starbase's Codewright. Codewright is a wicked cool programming editor, it's not cheap, and you pay per-seat, but they provide full source by default, so you can extend the editor to meet the needs of your development environment.
This makes sense, as the product is geared towards programmers themselves.

My mom, however, does not need to pay for the added value in the Office source, were it available; it means nothing to her.

no other product ships 'source' with it

[hpulley]

Does your car come with blueprints and CAD design CDs? Does it even come with a parts list? No. Does your computer? Does your washing-machine? If they are really nice, your washing machine will have a little schematic in it for the repair guy to plug in his multi-tester and have a clue which overly expensive part to replace but you get nothing more.

Just because we currently get LESS out of software, ie. a guarantee only that the media is readable not that it actually works, doesn't mean we should expect more out of it anywhere else.

What I think

[verbatim]

Typically you would use proprietary formats to lock your users in to your solution. That is, what good is a file if you are unable to open it?

And while lock-in, tie-down, etc, is all well and good for business NOW, it is horrible for business in the future. What if the vendor goes out of business? What if the vendor no longer supports that app (and assume that you don't have a contract) - nothing short of a pre-signed service agreement could force the vendor to do anything about your obsolete files (although a good company would do it anyway to keep the client).

Tie-ins also keep your competitors from competiting on features. That is, if you have invested thousands (or even millions) on a particular solution, you'll probably think twice about moving to another solution if that means you loose all of your data.

I believe in giving clients access to source code for nothing simpler than letting them customize it to their absolute needs over time. Something like "here's the code, we're here if you need us (and it'll cost you) or you can do it yourself, have fun" - is much better than the closed way of "here's the program, if you need anything done we're here (and it'll cost you)."

But you must respect the IP in business. It's not nice to expose your blueprints to potential competitors. So if giving your code to your clients is not an option, an escrow service would be much nicer ("if we ever go out of business, you'll get the code") than simply abandoning the code to the annels of reverse-engineering.

Sorry for wasting your time, there was no point to this.

Theres a saying about this sort of thing

[myowntrueself]

something like
"Be sure your sins are born in secret!"

Meaning that you are FAR more likely to do *naughty* things, if you feel that your naughtyness is secret and won't be found out.

Its an old saying and it damn sure applies to programmers!

heh

[StandardDeviant]

So you think that Microsoft should include the source code to Windows if you pay them 100 bucks?

Then I might actually be inclined to pay for a copy, just for the hours of comedic value inherent in reading their source. (Hungarian notation, now that's just a barrel of monkeys wearing spandex [ the monkeys, not the barrel ].)

Commerical Software

[Citizen+of+Earth]

Commercial software sucks because there is very little direct profit to be had from refactoring your code base. In the general case, you're lucky if your company survives a major refactoring.

More generally, commercial software sucks because users demand that it suck.

Let's go back to square one

[Waffle+Iron]

Put your mind back in the 18th century when copyrights and patents were first instituted in this country. Back then, there was no such thing as software, and I believe that if there were, binary-only releases would have been specifically excluded from copyright protection.

Why? Because it is clear that the original lawmakers were aginst the extensive use of trade secrets as a form of competetive advantage. This is the entire reason that patents were conceived. If you have a secret formula, you get a patent on it and reveal the secret in return for a limited time monopoly on the use of that formula. The public benefits because your innovation doesn't disappear when you die, and they can build on your knowledge as soon as the patent is published. You benefit because the risk of somebody reverse-engineering your formula is eliminated.

The other major form of IP, copyrights, applied to literature and music, which by its nature is non-secret. In addition to stimulating production of new works, copyrights also encourage people to openly publish works they might otherwise only release under NDA.

Notice that both forms of IP, as originally conceived, are intended to reduce secrecy. Somehow, though, when software came along, people forgot the original principles under which IP protections were created. Software binaries are naturally a secret formula. The founding fathers wanted to discourage secret formulas by granting IP protection. However, binary-only releases were given full copyright protection with no requirement that the secret formula ever be released.

The public never gets the benefit of the secret knowlege that is protected by the government force that is handed out for free to the creators of binary software releases. Software patents are often of little use to the public because they usually detail only a tiny detail of the entire system. Enough to block competetitors from building a competing product, but not nearly enough to reveal in detail how all of the APIs and file formats work.

At any rate, I don't think that either copyrights or patents are a good match for software, which is a product unlike any physical good or work of literature. They should have invented a third form of protection just for software that balances the interests of the creators and consumers. Kludging patents and copyrights (simultaneously) onto software, then letting the creators keep it all secret anyway, has created huge distortions in the marketplace which tends to create monopolies, buggy code and noninteroperable products.

Re:A number of naive mistakes...

[Wavicle]

Can you back that up with any kind of evidence? Even anecdotal?

A person who believes that removing constants from your source code imparts protection from international copyright hijacking, probably can't back up anything. I'm going to take a wild guess and say this guy hasn't written any real assembly source code in his life, or he'd know just how stupid his assertion is. If you're cutting out constants (not macros), I'm betting that in 30 minutes I could be set up to recover one of them, and each one after that would take about 30 seconds. Why can't we moderate articles as -1 Troll??

How much do you want to pay for this?

[LoRider]

I don't think this is necessarily a stupid idea, but it's wrought with problems.

Providing source code should be left up to the individual person or company who wrote the software. The market would dictate whether you provide source or not. If your competitors all provide source and you don't; you will probably have to provide the source or adjust your price.

Providing source that has functions and constants removed sounds like a simple thing to do, but it requires effort on the part of the software maker. The amount effort depends on the types of things you will have remove and how well your software is designed. Having to take into consideration the aspect of providing a stripped down version of the source during the design of the software would seemingly increase the cost of the software. Having to maintain a separate source that gets shipped with the product and the one you develop with would increase the cost of the software.

I write code that I release under the GPL and I write code that no one gets to see but me. The code that is mine and mine alone is my bread and butter and the GPL code is for fun.

There are rarely solutions that work for an entire industry. Remember when everyone said, "Everyone's switching to Microsoft, that's why I am." Well now everyone is not switching to MS; there are very few absolutes (other than I take a shot at MS in every /. post). Saying that the entire software industry should start distributing source with their applications is ridiculous. On the other hand those folks out there that are making really kick ass apps with really clean and beautiful source might benefit from releasing their source. They can say, "Hey, look at our code it's beautiful. Our competitors don't let you look under the hood, ever wonder why?"

But what's good for one business may not be for another. It's a business decision that is mostly dictated by the particular market the business is working.

Finally �

[Snork+Asaurus]

... a magic bullet. Never seen one of those before.

Tomorrow, I going to my boss and I'm going to tell him "we can solve all the software quality issues. No more worrying about underfunding, time to market, sudden mid-development directions changes due to marketing stupidity, expensive yet crummy dev tools, poorly spec'd requirements, weird hardware, lousy host o/s's that are chosen for the sole reason that "that's what everyone uses", unrealistic expectations from senior management, competitive pressures, ridiculous stock market and share holder expectations, etc., etc. We'll just release all the source and the developers will be shamed into fixing those issues from the bottom up. Let's go out on a limb and be world leaders here!"

The following day, I'll go to the employment office.

No argument that there is a lot of bad software out there. No argument that some things have to be done. Yes, developers could do a better job, but that is only a very small piece of the problem. Whole books with a multitude of recommendations have been dedicated to the subject. But no more magic bullets, please. This is not a simple topic and requires a top-down re-think (that I don't see hapenning).

Note: I am not against open source - I quite like the concept and I'm trying to find the time to get involved. But that is not what this is really about.

What people want is likely not what they want

[beej]

Being able to peruse the source and design for a program might allow you to determine the validity of the design, but that's about it. (Unless you want to pay your employees to line-by-line audit someone else's code.)

Like the bridge analogy, you can see that the bridge is sturdy and will hold a sherman tank. That's swell. What you don't see are the misplaced rivets that will cause the bridge to fail in unanticipated ways.

In other words, this is a kick-ass design, and I didn't notice that off-by-one bug until it was too late.

Another thing to ask is what do people really want? Bug-free software? Of course! And you know what they say they really want on airlines? More legroom and good meals!

Unfortunately, airlines that provide more legroom and good meals are running in the red. Unsurprisingly it turns out what people meant is they don't care about legroom and actually want the cheapest possible tickets and on-time flights. They complain that Southwest Airlines sucks, but everyone still flies with them!

My point is that people want the cheapest possible mostly-working software. Let's say, for the sake of argument, that there somehow existed some kind of free operating system for which anyone could look at the source. Would it have fewer bugs than closed-source OSs? Possibly. Is that really important to people?

No--really. Is it?

Fair enough

[nagora]

Basically, if I pay you to impliment something in software for me you can bet I'll want the source code. No NDA's, no "no distribution" clauses; that code is mine. On the other hand, I wouldn't expect to prevent you to not use the code too.

Code produced internally is a different thing and I wouldn't expect companies to publish in-house code to the rest of the world but I would never accept a binary again unless I had no choice.

Yes, this means that a whole bunch of business models from the dawn of time are obsolete but that's life. I'm not going back to gaslamps and I'm not going back to closed-source.

TWW

Re:Walking on a bridge

[paradesign]

yes, but is it required that they post there blueprints for the world to see? you could take your own measurements walking across it, but youd never know what their material specs are, how much rebar density in their concrete pilings, what alloy coats the inner walls of the tube steel.

your walking analogy makes better sense when paired with reverse engineering, which should not be illegal.

Lets compare this to other products...

[Morgahastu]

when you buy a radio do you get the schematics for how it was built and with what parts?

When you buy a painting does it come with an instructional video starring a hippy with an afro on how to recreate it?

I don't care how you guys think, not everyone else is into open source. You think source should be open, alot of developers like to keep their work secret.

Does David Copperfield show you how he does his tricks? I don't think so.

To say that everything should be open source is absolutely ridiculous. Why should any company be forced to go the extra mile and clean up their source and make it available and ship it and support it when it gives no extra income, or 99.9% of the population doens't give a rats ass about it.?

Re:Lets compare this to other products...

[Eric+Smith]

when you buy a radio do you get the schematics for how it was built and with what parts?

For many years you did. In the 1970s this stopped happening. So perhaps it's reasonable for software to come with source code for the first seventy years or so that the software industry exists. The software industry originated in the 1960s, so by this argument we should get source code until at least 2030.

Binaries are modifiable too

[apsmith]

Is source code really equivalent to blueprints? Blueprints to me means more the high-level design and architecture. Now that may be included in what the author here means by "source" - certainly in some cases it is included as comments. But really software is something that exists on many levels: machine code (binary), source code, algorithms and design patterns, requirements and specifications, etc. Having source code allows the user to re-compile with various optimizations; even to debug, and to compile for other platforms, but it doesn't necessarily give the whole farm away...

Would it satisfy the question here if the source code were run through a munger that removed all comments and randomly changed all variable and method names?

Anyway, I feel all this would be a lot clearer if the copyright law on electronic files was a little more widely accepted and understood...

Re:Attacking the Problem from the wrong direction.

[NineNine]

Actually, yes, I am willing to pay for good, solid software. Being a former developer, I understand the time and effort that goes into software, so I know that it would be a good bit more expensive. That's why I chose W2K over Linux. It "just works". That's why I chose my expensive POS system over a freebie. It's extremely critical to my business (and me being able to support myself). It works. But, I still don't feel like I have legal recourse to go after a company with software that doesn't work as advertised. I don't have the time & money to set a legal precedent, but I wish that somebody would. I'd also pay for a hard drive that worked for a long time and had a good warranty. I also pay extra to buy Japanese cars that last longer, and have better warranties.

So many software buyers feel like they're at the mercy of the software companies. Software quality is just abyssimal compared to other products. Then, they all try to claim that "our software may or may not work as advertised, and we absolve ourself of any liability". I know of no other product on the planet that is sold this way.

You're thinking on the wrong level

[Anonymous+Brave+Guy]

If somebody lifts the look and functionality of some closed-source app, and you suspect infringement, how do you prove it?

If it's closed source, it's very unlikely to be infringement, and there are different rules covering behaviour anyway. Not that the US patents office is much to be proud of, but that's a different issue.

Have the source out there would actually make things easier, not harder. As a TA I had tools to check for "copy and replace variable names", all nicely automated and such.

You miss the point completely.

The problem is not some guy doing a quick search and replace across the source. The problem is when your code embodies trade secrets, such as algorithms you've researched and developed yourself. If your competitors can just read off your algorithms, reimplementing them in some completely different form, or even in a completely different language, is easy. No five-minute tool by a TA is going to help with that. In fact, none of the points addressed in either of the original articles really picks up on this, which to me was the first big stumbling block that came to mind.

I definitely agree

[global_diffusion]

Well, at least the comments won't nearly be so bad. All those
// igregious hack
comments will have to go. Other than that I don't see much change.

Very good point

[Anonymous+Brave+Guy]

Darn, where are my mod points today? ;-)

You hit the problem there pretty much head on. Good code is subjective, at least to an extent. There's probably no such thing as perfect code, but most good programmers would probably agree fairly consistently on what is good code and what is not. However, their benchmark may not be the same as a user or their manager.

To me, good code is simply the input that makes a good product, and a good product is simply one that helps me to do something. The more it helps me, the better it is. That may mean running faster, or covering more different cases, or intercommunicating with other products, or any number of other things, depending on my requirements. Furthermore, those requirements may change over time.

Now, from a software developer's point of view, in order to write such good code, you have to follow certain basic rules. You need the code you write to be correct (giving the right answer, with no bad output, and usually with graceful handling of bad input as well). If you're going to keep up with changing requirements, or fix bugs that come to light, you also need your code to be maintainable (so that a developer can find his or her way around it, and adjust it to meet new requirements or fix deficiencies, without compromising the overall standard of the code or expending undue amounts of effort in the process). Correctness and maintainability in turn lead to various typical rules of thumb about commenting well, having a clear design, using meaningful names for things, etc.

I rather suspect, though, that if anything like this ever came to fruition, the holier-than-thou L337 developers would look at things backwards, and see those rules of thumb as indicators of code quality. Lacking any insight into the processes and people behind the code, they will try to do the impossible by reading everything from just those rules of thumb, and judge accordingly. Sadly, this would lead to what are actually quite good and well-managed projects being criticised because the code output does not meet Joe Public's Handbook of Rules of Thumb, page 173, paragraph 2. The fact that that code might correctly and efficiently implement the best algorithm in the world for medical research would be lost on many of them, and the damage would be irreparable for years.

Re:Simple Answer

[mangu]

You're not paying for the source code. You're paying for permission to use a binary copy of the program and there is a big difference.

That's why the binary copy shouldn't be copyrighted. The seller is being benefitted by the strongest protection available, but is giving nothing in return. If the seller chooses to use secrecy as protection, the product should be ruled by trade secret laws, not copyright laws.

Your analogy to the writer's notes is not valid. The right analogy for software would be to make public the annotations the programmers wrote while creating the program. Source code is the final product of a programmer's creation. Binary executable code is created by a machine, not by the programmer. What copyright protects is the fiunal fruits of human creation, i.e. the text of a book or the source code of a program, not the metal types used to print the book or the binary code generated by a compiler.

Re:Attacking the Problem from the wrong direction.

[shut_up_man]

I agree - making good software is a difficult task, but most of the reason why general quality is so low is because producers can get away with it. It's such a magical fairyland - crank out some code as quick as you can, distribute the binary, tell people it does something (which may be true, partially true or an utter lie) and then you make them click through an unintelligble agreement which frees you from all liability, while enforcing your rights of ownership. The crowning glory is that anytime anything goes wrong with your software, you can blame everyone else: the operating system vendor, the hardware vendor, code libraries, driver software, other installed applications, virus writers and script kiddies. Extra credit for charging the customer a large sum when your software breaks down. There's no proof anywhere, it's all guesswork and lies, smoke and mirrors, marketing and salesmanship.

Forcing people to release their source is a kneejerk reaction. It might clear up some of the lies, but the real problem is that the industry is doing whatever the hell it wants, and getting away with murder. I agree that legislation (refunds, real guarantees and codes of conduct) would be a better path.

Re:I think people misunderstand...

[Wavicle]

I think the fourth sentence in the article was:

In other words, part of the delivery package for any software purchase should be a copy of the source files.

I don't think he was limiting it to work done for hire. I think it was open to any software purchase.

Re:Simple Answer

[mangu]

The producer should have copyrights protection to stop you from in turn giving out copies for free.

No, that's certainly not why copyrights exist. Copyrights are NOT about protecting the seller. Copyrights exist to assure that the results of creative work will be available to the community after the creator has amassed some profit from it. Trade secrets are good enough to protect the seller's interests; the Coca-Cola Co. for instnace, has survived for a hundred years on trade secrets. The recipe for Coke is not copyrighted, it's a trade secret.

Should buying a pepsi bottle entitle you to the recipe as well?

Certainly, if it was copyrighted! Since they, just like Coca Cola, chose to protect their intellectual property by means of a trade secret, I don't get the formula, but, on the other hand, I'm free to reverse-engineer it, if I want.

By your logic copying movies should be legal because you're not copying the people just some mechanical product.

Yes, I believe I can copy freely anything that's protected by a secret, like the CSS encoding in DVDs, for example. However, if the creator of an intellectual work chose to publish his work openly and let it become public property after a certain period, under copyright protection, then I respect the spirit of the law and I won't copy those works as long as the copyright period holds.

I believe the spirit of copyright law should be, as stated in the US Constitution "To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the eclusive Right to their respective Writings and Discoveries".

As for making money? If anybody wants to make money, fuck them, why don't they get a job?

child abuse

[axxackall]

Yeah, you're right - and all people should have their pictures in their passports and driver licenses fully naked, from feet to the head.

Something reminds me the bad word "pornography"...

Wait, how about software from startup companies? That would be certainly a case of child abuse!

So, what you suggest is wrong.

And Mrs. Fields could sell her cookie recipe, too.

[fmaxwell]

You can charge more for a product with included source code, with no extra effort on your part.

And Mrs. Fields could give charge extra for cookies that include the recipe. And then she could wonder why a competitor's cookies started looking and tasting so much like hers.

The cost of software production does not go up, and the price goes up, when the source is included, increasing your profit margin.

And what do you do when you find your source code posted on a warez site or a Usenet newsgroup? What's your course of action when you suspect that your competitors have started to look at your code for "inspiration"?

A license isn't worth squat if you don't have a way to audit it and enforce the terms. And that's the problem with selling source code. It's like letting your customers hold a gun to your head so long as they promise not to pull the trigger. It only takes one dishonest customer to ruin everything.

I am so sick of

[G00F]

I am so sick of people accociating having source code avaliable the same thing as free.

I personaly feel that no software should be considered copyrighted unless it is sold with its source code.

Just because the source code is open doesn't mean they can't charge for the product, sure, the linux/gnu comunity don't do it now, but they should. If I buy MS office, there should be a cd or two with source code. I shouldn't be able to get redhat for free, but if I pay for it, I should get the source code.

I don't care for free, paying other people to do things that I don't want to do, or that I can't do, is how society works. What I want, is the source code avaible to prevent abuse such as what we have seen from many vendors besides just microsoft. Also, I like the ability to control things that are mine. Weither its to tweak it, fix it, or even break it.

Free bah, I want open. And I vote with my money.

Re:Fair enough - YOU ARE RONG

[nagora]

You are RONG. Go dig out the Berne copyright conventions and talk with a lawyer.

I know all about the Berne convention and I don't need a parasite lawyer to tell me about it, thanks.

I never said that the copyright is transferred automatically during work for hire, but I was implying that I make sure that it is when it's an issue.

The reason for this is...

The reason is that this what governments, after serious bribery by vested interests, have decided. Don't go trying to read any deeper logic into it. Your example of the carpenter demonstrates this: the nail gun is the carpenter's yet the house isn't? There is no logic to that; it's just the way the rules are written and nobody in government gives a shit what you or I think about it unless we have a few million bucks in the bank.

There has been a lot of litigation in this area. Anyone affected _should_ run (not walk) to a good IP attourney.

Getting advice from an attourney is like asking for dating tips from a whore: all the answers seem to involve you paying them money.

TWW

WRONG!!!!!

[Slashamatic]

Think the airplane business. When you buy a 757, you don't get the blueprints for the wing. That's a trade secret.

You are misinformed and very wrong. When a company buys any major piece of technical equipment, being an airplane or a chemical plant they get very extensive technical documentation. Airbus and Boing ight not ship the detailed calculations that produced the wing, but they certainly tell you exactly what types of material are used and where, how to replace parts and so on. Neither of those companies hold the customer hostage. If they want to do it themselves, they can.

Interestingly enough, when a design is revealed, engineers take more pride in their work. It doesn't matter whether you pop the hood on your automobile or open up some piece of professional equipment, you see that someone tried to design it properly.

I'm not accusing you of holding your customer's hostage with poorly designed code, but it is quite possible that someone else is trying to do this.

Sorry, you a user but not the customer.

[Slashamatic]

The customer, i.e. the state or county authority comissioning the work would have full details on the construction of the bridge. As a matter of safety, the supervising construction engineer must have the static design (the force model) approved by the responsible authority.

If as a member of the public, you tried to get details of the bridge's construction then you may get a few goons interested. If you had a good reason, i.e. you were a qualified engineer concerned about load-bearing, then it would be quite hard for the authorities to stop you.

Re:Sorry, you a user but not the customer.

[Slashamatic]

The direct customer of the bridge construction company is your local highway's dept. They are the ones who pay the bills.

Of course they may do it with your money, but you are only indirectly involved. Your real relevance is as the user of the bridge. That I'm making a difference is intentional and it applies in many other areas too.

There are many such cases where limited disclosure is made in the public interest but detail disclosure isn't.

Good reason for commercial source to be closed

[TekPolitik]

There is one very good reason for commercial source code to be closed - patents. A commercial organisation in the software development industry is almost certain to have inadvertently infringed on a large number of software patents. In most cases, a competitor who possesses software patents will not be able to tell there has been an infringement without source code.

The result is that, even where a commercial software company would like to open their code, they will not, particularly if they have competitors with few ethical constraints and many patents

Comment removed

[account_deleted]

Comment removed based on user account deletion

Almost right

[jelle]

"the vendors might stop shipping us such lousy programs"

Actually, probably a lot would stop shipping any programs. If they didn't, they would see their market suddenly swamped by remarkably similar 'clones' of their software... The lawyers of course would love something like that, more work for them...

If you want to get higher quality programs, get a good support contract with the software maker so that they fix bug on the double when you report them.

If that is not possible with the software make you're eyeing, then switch vendor or accept the software as-is.

Support and warranty for the product that you're buying, that's how it works. There are too many 'release and run away' software releases out there, but that's the 'AS IS' sale, as clearly stated in the license. You can buy a car with a warranty, or buy it off a lot 'AS IS', same for software. You choose.