Is Some Software Meant to be Secret?

Tim writes "Tim Bray and Microsoft's Joe Marini are doing a back-and forth on Open Source. Tim serves (open everything), Joe returns (secret-source is good business) and Tim volleys (the closed-source niche is shrinking)."

What happens when it's not secret anymore?

[lordkuri]

Just like the issue with MS getting source stolen. How many problems can/will arise from relying on "no one will ever see this" when everyone can see it?

Re:What happens when it's not secret anymore?

Try asking Coca Cola the same question...

Here are your options:
1. Support software patents, and Microsoft will gladly lay it all out in the open.
2. Don't support software patents, and the only way for Microsoft to protect its IP is through obscurity. ... choose one

Re:What happens when it's not secret anymore?

[INetEngineer]

Why don't we send a clincher message to people that think source code ought to be "secret", by not giving them any comments, ideas, suggestions, and/or replies, because we want to keep them "secret".

"Hey, what do you think of this software?"

"Can I see the source code?"

"No! I need to be able to sell it!"

"Oh... I think nothing of it."

"What?!"

"I'm a consultant, I need to be able to sell my opinions!"

Oh wait... then we would just be propogating the "secrets".

Re:What happens when it's not secret anymore?

[DunbarTheInept]

Software patents are not an inherently bad idea. What makes them bad in practice, and in the way they've been used in our legal system is two things:

1 - Software should NOT be simultaneously closed source and patented. They are two different protection schemes that are incompatable. Patents requires that you make your design and plans public and openly copyable so others can search on the patent archive and see what you're doing (and so that when you right to exclusivity ends, your idea is now in a public registry). In the case of software, that would be the source code, although pseudocode that doesn't actually compile, but merely teaches somoene how to write the software would probably fit the legal requirement (more akin to a blueprint than a cad/cam file)). The practice of allowing people to patent things based on vague fuzzy descriptions of algorithms should never have started.

2 - Patents in general (not just software) should not be allowed for ideas that are already known within the community of inventors (or programmers in this case). The Patent office doesn't bother checking this requirement anymore (or at least if they are attempting to do so they are obviously failing at it). When this isn't done, the owner of an idea ends up being the one with no scruples who decided to usurp ownership of the public idea first, rather than the one that thought of the idea first.

Fix those two problems first, and then you can talk about supporting software patents.

Re:What happens when it's not secret anymore?

[Quattro+Vezina]

2. Don't support software patents, and the only way for Microsoft to protect its IP is through obscurity. ... choose one

I'll choose this one, thank you very much. At least this way, some OSS project can always reverse-engineer Microsoft's stuff. Look at Samba, for example--it's actually runs better than Microsoft's own SMB implementation, and if software patents were involved, a higher-quality implementation simply wouldn't exist.

Re:What happens when it's not secret anymore?

[AstroDrabb]

Um.... I have one for you:
1. You are an idiot
2. You are stupid
...Choose one.

The choose one thingy doesn't always work very well does it.
For item #1, how do you know this? Has Bill G told you this? No. MS has patented _plenty_ of software and where is all the Open stuff from them? Item #2 is just stupid and unfounded. Copyright and/or a license/NDA agreement is _plenty_ to protect a company. How many competitors would get away with copyright violation against MS once they let loose their lawyers?

As was pointed out in the rebuttal (which you probably didn't read), just don't release _any_ source until you get your product with new features X, Y and Z out to market. Once your product is out, then release the code. You already have the head start and it will take a while for competitors to play catch up. Also as the rebuttal pointed out and that I can personally attest to as a senior programmer of 8 years is that is is _far_ easier to implement a feature for scratch then pick up someone else code. The worst projects I get are where I have to pick up someone else code and fix it or add new features.

Re:What happens when it's not secret anymore?

[steeviant]

Because software patents are to protect ideas, not inventions, like real patents.

Copyright already does what patents on real-world inventions do, in that they provide protection against direct plagiarism of someone's work for a period sufficient to commercialise that product.

Software patents protect ideas, so that if I come up with the idea of a piece of software that can find dead pixels on a CRT display by filling the screen with blue, green and red respectively, I can patent that idea, and prevent anyone else from using it. The specific implementation of that software is already covered by copyright, but idea of displaying a screenful of solid colour for the purposes of identifying display defects is not, so that's where patents come in.

Neat huh? so in a few years once all the blatantly obvious good ideas are patented, only developers armed with a bevy of lawyers and patents and prepared to grapple with other patent holders will be able to sell software in the U.S.

God bless the rest of the world where freedom is important.

Re:What happens when it's not secret anymore?

Software patents are doomed for one simple reason.

The equivalence of two Turing machines is undecidable. Turing proved this as one of the results of the halting problem. Since turing machines are equivalent to algorithms, which are equivalent to recursive functions, this is a statement in mathematics that as such should be sufficient to disallow software patents on the basis that software is a mathematical function.

Where, then, can software patents stand? By definition, patents cover a method, hence an algorithm. Since there exists no way to determine if an algorithm infringes on a given patent, the patent office must backtrack and declare that algorithms need only be *similar to* a patented algorithm to infringe. But this is also undecidable for the same reason. An incredibly complex algorithm that produces the same output, given the same input, as a patented algorithm will be intractable to compare to the patent.

The reason the patent office is spewing software patents is that it has no method for determining prior art, no method for determining functional equivalence, and no method for reasonably denying every software patent after the courts have incorrectly ruled in favor of them.

Note that if you really wish to infringe on a software patent, it will always be relatively easy.

Given a function F(x) that is patented, do the following.

Create a function G(x,y) where y is meaningless, random, or in some way constructed from x such that applying G to x,y is equivalent to applying F to x. If necessary, encode x as y and apply H to y such that H(y) is equivalent to F(x). No patent court will be able to prove the equivalence. Should they rule that simply because two functions *produce similar (not exact, that is intractable) output, despite being vastly dissimilar*, they will have contradicted the very spirit and letter of patent law. The whole point was to issue patents for *specific* methods and devices, and encourage derivations thereof by other inventors. Such is progress. Owning the result of applying a mathematical function to all possible inputs is not progress, it is the darkest feudalism.

Re:What happens when it's not secret anymore?

[theLOUDroom]

2 - Patents in general (not just software) should not be allowed for ideas that are already known within the community of inventors (or programmers in this case). The Patent office doesn't bother checking this requirement anymore (or at least if they are attempting to do so they are obviously failing at it). When this isn't done, the owner of an idea ends up being the one with no scruples who decided to usurp ownership of the public idea first, rather than the one that thought of the idea first.
Fix those two problems first, and then you can talk about supporting software patents.

The trouble is problem #2 isn't fixable.

Maybe when that patent office was created it made sense to have one organization the would claim to understand EVERY TECHNOLOGY ON THE PLANET in enough detail to decide if an invention is novel, but I submit that idea has become totally unworkable.

Instead, the patent office should admit what it has already become, a registry of "I invented this on this date." The presumption that a patent is valid because it has been rubberstamped by the patent office should be ceased immediately.
The validty of specfic patents can then be determined in court, as necessary, where both sides of the issue can call real experts from those fields.

Judging from the IIS error page in the second link

[Temporal]

I think we have a winner.

ahhh

[nomadic]

Come on, that summary doesn't tell us anything. You want us to have to read the article or something?!

Re:ahhh

[Eric+Giguere]

I can't say I'm too interested in the debate -- nothing new here, folks -- but I do like the reference Tim Bray made to Joel Spolsky's essay Things You Should Never Do, Part 1 about the dangers of rewriting code from scratch instead of trying to work with the existing code base. It's an old piece, but I hadn't come across it yet, and I like what he says. Go give it a read, then enjoy your weekend.

Eric
See Wiliam Shatner on my cereal box (soon to be updated)

Re:ahhh

[bongoras]

The interesting thing about Spolsky's essay -- and I think it's a very good piece -- is that its principle example is what a big mistake Netscape made by deciding to re-write Mozilla from scratch.

In fact, he calls that "the single worst strategic mistake that any software company can make."

Excuse me while I piss my pants laughing. Ok... I'm back now.

That statement sheds light on another difference between one sort of software developer and another. It's not necessarily a matter of open vs closed source; it's a matter of intent. Spolsky sees Netscape's decision as disastrous, and from his perspective, he's right -- Netscape's stock went down the toilet and they lost millions.

But from another perspective, it was the perfect decision. They through out a bunch of lousy code that Andreeson wrote as an undergrad and replaced it with a real architecture. As it stands, that architecture has allowed the Mozilla foundation to produce Firefox. There's no doubt in my mind that if they were still working with Andreeson's hacked pile of crap, Firefox wouldn't have happened, IE would be the only web browser for Windows and the rest of us would be using Konqueror. And maybe Netscape's executive would have a few billion bucks more.... more power to them I guess, but speaking for myself, I'm glad they "screwed up!"

What I'm getting at is that if you think that the reason to develop software is to make a shitload of money, there are times when closed source is the best way to go. But if you think that the reason to develop software is to make the best software you can for joy or fame or the betterment of your fellow humans, then open source is almost always the right way to do it.

Re:ahhh

[slamb]

There's no doubt in my mind that if they were still working with Andreeson's hacked pile of crap, Firefox wouldn't have happened, IE would be the only web browser for Windows and the rest of us would be using Konqueror.

Dude, you've got to read the whole article. Particularly this paragraph:

First, there are architectural problems. The code is not factored correctly. The networking code is popping up its own dialog boxes from the middle of nowhere; this should have been handled in the UI code. These problems can be solved, one at a time, by carefully moving code, refactoring, changing interfaces. They can be done by one programmer working carefully and checking in his changes all at once, so that nobody else is disrupted. Even fairly major architectural changes can be done without throwing away the code. On the Juno project we spent several months rearchitecting at one point: just moving things around, cleaning them up, creating base classes that made sense, and creating sharp interfaces between the modules. But we did it carefully, with our existing code base, and we didn't introduce new bugs or throw away working code.

He is most certainly not saying that once you've made a poor architectural decision, you are stuck with it for the lifetime of the project. Instead, he's saying that it is possible to change these things without discarding everything. (Throwing the baby out with the bathwater.)

There are also lessons here for when you are writing the first version. Here's one: if your code to open a window needs a lot of new workaround code, add a comment, for the love of God. Version control logs are often enough for fixing existing code, but a big block of code that only is important on one platform really should have a comment in front of it. And, if you have a test machine of the type needing the workaround, add a unit test. (And if you don't, maybe you should get one.) You should never get into that situation where you have that two-page long function for a tiny task and no idea what all that code does. If you do, someone will inevitably rip it out without realizing they've introduced a bug on a platform they're not using.

Then you can avoid problems like this one:

I laughed heartily as I got questions from one of my former employees about FTP code the he was rewriting. It had taken 3 years of tuning to get code that could read the 60 different types of FTP servers, those 5000 lines of code may have looked ugly, but at least they worked.

In which you're afraid to touch those 5,000 lines of code because there are so many odd situations. If you have tests for them, this isn't a problem. Can you get ahold of all 60 types of server? Maybe, maybe not. But you can at least get a good chunk of them for integration tests. And you can certainly write mocks for the behavior noted as problematic for the others.

Re:ahhh

[d'fim]

Mozilla was not "exceedingly lucky", it was open source.

Yet another example of the inherent strength of open source is the fact that Mozilla didn't *have* to release a product within a certain time frame in order to survive.

Yes

[killmenow]

My code is meant to be secret. If anyone ever saw it, I'd be ridiculed for my terrible coding style and lack of programming prowess. I don't think I could survive the shame.

Re:Yes

[lucabrasi999]

My code is meant to be secret. If anyone ever saw it, I'd be ridiculed for my terrible coding style and lack of programming prowess. I don't think I could survive the shame.

Is that you, Mister Gates?

Re:Yes

[dprust]

You can write your code in any style, it doesn't matter; some jerk will flame you for it because it isn't his style and he thinks he is god. It is particularly funny when that "god's" software is buggy and yours never crashes, is portable, and easy to read. Oh, they hate easy to read -- plain spoken code means that you just don't have the intelligence to write code that is hard to understand! It never occurs to them that communicating effectively is more intelligent than obsfucating to try to make yourself look smart. These people are hard to ignore, I'll admit, but we gotta do so. They're the kind of people where they're sitting behind their computer, afraid, and frustrated. They get off by hurting others smarter than them like the bullies that surely must have beat the crap out of them in grade school. And when that smarter person makes a mistake, like all people do, watch out! I had a collection of code I tried to port to the Amiga once that used all kinds of obscure features of GNU C++ that made it hard to port. Because I didn't know what one of them did and tried to work around it, you'd think I was dumber than a box of hair based on the flames I got back. I also treat warnings as errors -- OMG, how awful! It means I can't write optimized code (and of course, these warnings are the reason it didn't port!) Of course, to avoid it, I should have never tried, which is what they want because then they don't feel threatened.

The better your code is, the more angry they'll be. Have pity for them. They'd never talk that way to your face because they know they'd deserve a fist buried deep. And don't expect them to know context -- like putting simple example code on a posting to show a concept instead of being complete. Oh man, watch-out - it's self-worship time^2 when that happens!

PS: The more you do, the more you'll get this kind of flack, so you can turn it around and use it for a guage of just how hoopy a frood you are! After all, useless people who do nothing never gain the attention born from resentment!

Re:Yes

[grioghar]

Exactly.

My code for all my websites are RIDICULOUSLY horrible, but the function is there. I never claim to be efficient, but if anyone with a CS degree ever saw my Perl/PHP, I'd be laughed off the web...

now where's my php.ini file again? I need to go turn on global variables for this hack I'm workin' on...

Re:Yes

[matrix0f8h]

Heh. You think that people with CS Degrees know how to code? How cute...

Re:Yes

[legirons]

"My code is meant to be secret. If anyone ever saw it, I'd be ridiculed for my terrible coding style and lack of programming prowess. I don't think I could survive the shame.
-- Is that you, Mister Gates?"

No, he said that he created some software...

Re:Yes

[grioghar]

heh, modded Troll.

I was trying to be complimentary, but I just had my friend who graduated with a CS degree as me the procedure to setup a wireless network in their house.

He, however, is a classic example of getting into the market for the money, but no love of the technology.

C'est la vie. He still compliments my websites I've worked on, but I think if anyone who considers code poetry saw my work, they'd gag.

I think the point has been made. . .

[Betelgeuse]

Ha! Tim's page (the open-source advocate) is easily reachable, and is having no problems, but Joe's page seems to be experiencing a sounds slashdoting.

Excellent.

Re:I think the point has been made. . .

[imess]

because it's supposed to be "closed."

Re:I think the point has been made. . .

[killmenow]

Yes, that's it! I bet the routers moving those packets between you and Tim's web site are all XORP. And all those routers between you and Joe's site are Cisco...That proves it!

Re:I think the point has been made. . .

[wildwood]

"All right, where is the answer? The battle of wits has begun. It ends when you click and we both serve pages, and find out who is right, and who is slashdotted."

Re:I think the point has been made. . .

[ad0gg]

Its not getting a slashdotting. He's running win2K workstation instead of server and is only allowed 5 connections on IIS. Thats why IIS error message is very responsive and says forbidden and not a Server 500 error.

Re:I think the point has been made. . .

[Mmm+coffee]

Please note that the 2K Workstation's EULA states that you can not have more than five network connections to your machine at once. Failure to do so voids the EULA, and thus makes your paid for version as illegal as a copy downloaded off p2p.

All Free Software/Proprietary Software discussions aside, the Freedom aspects of Free Software alone makes it more valuable to me than closed software. At least I can do what I want with my hardware and still be legal.

Open/Closed

[yetdog]

I am a huge proponent of open-source, but... Writing code isn't a trivial process. Writing good code is extremely difficult, and I feel is a skill that should be well compensated for.

Re:Open/Closed

[Camel+Pilot]

Indeed however let the coding individual who has rights to their the code determine the means they wish to be compensated

Re:Open/Closed

[cmowire]

True.

There's some responses to that, however.

First, most of the bigger open-source projects have some sort of funding and support structure. People pay for somebody to do things that *they* want to do and pay for the ability to have somebody come over and fix stuff.

In a sense, if there's enough people who need the same thing, they can cooperate in much the same way as standards are constructed. Remember, open source projects don't have many of the expenses as a pre-packaged concern.

But, also, I think there's a fine line between open-source and you-get-the-source that people sometimes skip over. Meaning, there's not necessarily as much harm in QuarkXPress's source code being on the CD that you purchase as people would like to think.

Re:Open/Closed

[Apathetic1]

I've written a few contracts. I'm not a professional developer by any means (I'm a student at the moment) but when I sell software, the code is included. I don't license under the GPL but I do stipulate that they can use it, modify it and distribute it internally as they see fit, making it clear that they can only expect free support if they are using an unmodified version. My customers were happy because they could make changes if they needed to and I was happy because I've still been well compensated.

It's not Open Source in terms of OSI or FSF but it's better than giving them nothing but a black-box binary.

Re:Open/Closed

[Camel+Pilot]

sorry I was terse and not clear.

McBride wanted to somehow classify the GPL as anti-copyright since there is no payment exchange or financial gain by the holders. Of course a monkey could see thru McBides twisted logic.

Linus adroitly pointed out that the term 'financial gain' that is used in us copyright includes receipt, or expectation of receipt, of anything of value, including the receipt of other copyrighted works. this means that some coders prefer to be compensated by getting access to a larger body of code in exchange for contributing their code.

Re:Open/Closed

[RealAlaskan]

Writing code isn't a trivial process. ... I feel is a skill that should be well compensated for.

True. I can think of two replies.

First:

Given that you've written a useful program for which you should be compensated, why would you assume that open source licensing would prevent that? Most programmers (everyone says) work for companies which use their work internally. Only a small minority work for companies which sell shrinkwrapped software, and some of those companies are selling (among other things) shrinkwrapped GPLed software, e.g., Novel, Suse, Mandrake, IBM and RedHat.

So, even if the GPL were the only legal way to distribute software, most programmers would keep on getting compensated about the same way they are now. The others would probably wind up getting compensated in a different way for the same work.

Second:

I just dug a hole in your yard. I worked very hard. Pay me.

The point? Hard work isn't enough to justify compensation: it has to be useful. Of course, you knew that already. I just wanted to make that point because that other guy who's reading this post hadn't thought that part through.

Closed source?

No problem. Here's a decompiler for you. Have fun!

Seriously though, if the only advantage of closed source is expressly to avoid someone from "stealing" ideas and to keep hackers from finding defects, it's a failure.

Half-and-half

[b1t+r0t]

Apple is doing pretty good by taking the middle road. Kernel, BSD utils, and compiler are open-source; graphics, window manager, IDE and apps are closed-source.

Re:Half-and-half

[Desert+Raven]

Apple's doing well with it because they didn't have to *pay* to have it developed. I'm not saying that's wrong, but you certainly have to agree that taking something someone else wrote and modifying it is a whole load cheaper than paying umpteen developers to write the whole thing from scratch.

Note that the parts of OSX they *did* write from scratch, they didn't open the source on.

Apple's a good example of how a company can succeed by taking advantage of other people's generosity. But they are *not* a good example of how a company can succeed by *being* generous.

Re:Half-and-half

[neosake]

What I find funny is that the closed source guy is using php for his pages, even if it's running on IIS

Re:Half-and-half

[0racle]

They paid for NeXT. NeXT is the basis for OS X, not BSD. Apple, NeXT and just about everyone else wrote really important parts of the mach kernel, and instead of taking damn near forever to write everything from scratch took advantage of the microkernel architecture and turned some BSD networking into a subsystem.

Incidentally, using BSD licenced code in this way is not 'taking advantage of' in the negative sence that that phrase implies, but it is making use of it in the way the programmers intended. They have also given back many improvments they have made, something that is not required with the BSD licence.

Re:Half-and-half

[finkployd]

In fairness, apple contributes quite a bit back into the open source community. khtml is a good example, darwin is another.

Finkployd

Cashe of Martini's response

[shogarth]

http://216.239.63.104/search?q=cache:bHfNvjS0VKcJ: www.joemarini.com/articles/notOpeningEverything200 41121.php+&hl=en&client=firefox-a

XML Comparison

[xetaprag]

I am fascinated by the XML comparison made in Tim's argument. If there are similiar market forces between the move to XML and the move to Open-Source, why is Microsoft Embracing one and attacking the other? What exactly is the similiarities between these two forces?

If everyone agrees to pump the same water through their pipes it is one thing. Getting everyone to stop building their own proprietary piping systems and contribute to a centralized piping system design, it another thing. Apples and Oranges.

Re:XML Comparison

[Jason+Earl]

Microsoft is pushing XML for two reasons. The first reasons is that pushing XML for Office documents means that they can force their customers to upgrade to the newest version. Right now Microsoft's biggest competitor in the office suite race isn't OpenOffice.org or Corel's PerfectOffice. Microsoft's biggest competitor in this space are old versions of their own MS Office suite. Microsoft is desperate to move folks that are currently using Office 97 or Office 2000 to their newest offering. The easiest way to force people to migrate to the newest version of MS Office is to monkey with the document format. If older versions of MS Office can't open the newer files, then the folks on the old versions have a problem. When Office 97 came out Microsoft simply changed the binary format. This made enough of Microsoft's big customers upset enough that Microsoft can't really pull that trick again. By mixing the document format change with something that some people actually want (easily integratable XML formats), Microsoft can introduce a new document format without upsetting their big customers.

Microsoft's reasoning behind embracing XML as a format for their web services initiative is similar. Microsoft saw that Java was running away with the enterprise application market, and the execs at Microsoft knew that they had to do something to compete in this arena. One of the easiest ways to do this was to adopt some of the same standards that folks like IBM were adopting. Microsoft knew that unless their .NET servers could talk to Java application servers that they didn't have a chance, and so they opted for compatibility. For similar reasons Microsoft also opened up the specs for large portions of their .NET architecture (which is what spawned Mono). Microsoft knew that customers like standards, and since Microsoft was having to compete with Java for developers it realized that one of the cheapest ways to differentiate .NET from Java was to make it an open standard.

Basically Microsoft is only open to the extent that being open is good for business. Microsoft knows from long experience that closed source and opaque formats generally produce higher profit margins, but in certain key areas Microsoft is so interested in enticing buyers that it is willing to sweeten the deal with a bit of open document formats and network protocols. Think of XML as Microsoft's 0% financing or two-for-one sale pricing and you won't be too far off the mark.

Is Some Software Meant to be Secret?

[JohnGrahamCumming]

This discussion was interesting but it ends very unconvincingly. Tim argues that Quark shouldn't have been closed source without much justification but then says that it's ok for iChat and Aqua to be closed.

One alternative is that a company that's developing code could decide to release their old code after some time has elapsed. For example, surely it wouldn't hurt Microsoft if they GPLed Windows 95. No one's going to create a competitive product from it, and if they removed their trademarks from it, they could free it and allow others to maintain it.

Perhaps Quark could have waited until competitors caught up and then released the special code under the GPL. They could even use the GPL to undermine a competitor. e.g. once feature X is no longer their big advantage, release it, let an open source solution implement it and then they can bash their competitors by saying: we've got feature Y which no one else has and feature X, that's just a freebee, what you need is Y.

John.

Nothing new

[garglblaster]

This discussion has been going on for ages..

Yes, closed source is generating business opportunities in the first place
however, open source will generate better software in the long run..

And it's more sustainable / better quality

you know what I'm talking about..

(?)

Re:Nothing new

[danheskett]

Some things can never be open sourced.

I've written software before that is used by state government to determine who gets audited. If that software was public and open there wouldn't be a single audit flagged by anyone. Accountants could pre-pare returns in very cleverly different ways with different numbers here and there to craft an audit-proof return.

There is no way for this application to be GPL'd with the source out in the open. The utility of the program is that no one knows the exact criteria.

The code are the rules in this system. And if everyone knew every rule, there would be no enforcement possible!

Re:Nothing new

[sqlrob]

That says the algorithm is flawed, not that the software shouldn't be open sourced.

And there's no reason the rules couldn't be put into a configuration file that *isn't* open sourced for the simplest possible way to do it.

Re:Nothing new

[myowntrueself]

"The code are the rules in this system. And if everyone knew every rule, there would be no enforcement possible!"

I don't mean to sound rude, but maybe you should learn about something called 'seperating code from data'?

It seems to me, that the data -- configuration details about how to determine whether someone gets audited -- can be kept secret, while the code -- how the configuration is used -- can be opened to public scrutiny.

IE; the souce code of your program should never have contained those secret details in the first place.

This has impact in other areas than security as well; what happens if the client wants to adjust the audit parameters? You have to change the sourcecode and recompile?

Re:Nothing new

[cetialphav]

People could say the same thing about anti-SPAM software. I could definitely imagine a closed source vendor saying how if the software was open the spammers would have a field day. But in spite of that, spamassassin still works marvelously. A good algorithm should be able to withstand examination.

Re:Nothing new

[Minwee]

Shhh... You're thinking too hard.

That kind of thing will only cause discontent.

Re:Judging from the IIS error page in the second l

Right, 'cause servers running Apache are never Slashdotted? C'mon dude...

the closed-source niche is shrinking?

[shawn(at)fsu]

Is it fair to call closed source a niche market? I mean closed source software is big business, when I think niche I think small, not many players, limited use, etc

Re:LOL

If the floor is laughing, you might want to stop rolling on it

Text of joemarini.com link

Some Things are Meant to be Secret

I was reading an interesting post by Tim Bray today about how he thinks everything should be open.

Now, most of my experience is in the packaged software world and not that of IT departments in big companies, so my view is somewhat different than his. I can understand why a customer company that is basing its business of a piece of software might want the right to look inside it to see what is going on, but that doesn't necessarily mean that it's a great idea across the rest of the software industry.

Here's why - when you develop a piece of packaged software, sometimes you only have a short amount of time to establish your product as a viable entity in the marketplace. If your competitors could just look inside your source code to see how you accomplished a certain feature that their product doesn't provide, then your fledgling product would be neutralized almost instantly.

When I worked at Quark, we had a heated rivalry with Aldus Corp (now Adobe) and their product, PageMaker. Quark introduced several key desktop publishing features in version 3.0 that essentially cemented our lead over PageMaker in the DTP market. Had Aldus been able to get a hold of our source code, Quark's trade secrets, along with the enormous amount of money we had invested in R&D to develop QuarkXPress 3 would have been for naught. Aldus would simply have copied our algorithms and updated their product to match ours.

I can go on and on with these examples - Dreamweaver, for example, had a fantastic feature whereby it would preserve the source code formatting that an HTML developer typed in. FrontPage didn't have it. GoLive didn't have it. PageMill didn't have it. NetObjects Fusion didn't have it. We spent a lot of time and money developing that feature, and it ended up being a key competitive advantage for us.

Now imagine that you're the one competing with somebody like Macromedia, or Adobe, or IBM. You have a great idea for a product, you've done your market research, and you want to make a go of it. Now imagine telling potential investors and customers that yes, because your product is Open Source, anybody can read the code and see how you solved a particularly prickly problem that up until now nobody else has tackled well. How much investment capital do you think you'll get? How many customers?

Tim says that "the days when the recipe for success included wrapping the engineering in a veil of secrecy, those days are gone". I don't agree - I think that this is one area where the very idea of Open Source just falls flat on its face. Tim, how do you protect your competitive advantage when your competitors can just look at your source code and cherry-pick the best ideas? Not every company in the world can just become a services company and compete on price. There's a reason why it's called "intellectual property."

Re:Text of joemarini.com link

[thephotoman]

The way you keep your competitive advantage is by being at the leading (not bleading, leading) edge. Besides, if they don't have the rights to access your binaries, they cannot see the source. That's one of the things about the idea of open source software. Sure, they'll eventually get a copy of the binary through legal means, but that can take a while if you charge a reasonable price for the binary.

The problem isn't that you've got to keep your software secret, it's that you've got to support it better than the other guy and be reasonable about your pricing scheme. Sure, if Quark was open-sourced, I could download it myself without paying, but your large contract companies want support, results, and reliability. If you deliver on those three things, and do so better than your competitor, you should dominate.

Of course, if you were really paranoid, you could write your own license that gives you exclusive rights to the source for a brief period of time after the software is released (say, one year), and then after that the license converts to a free license. This can help recoup the losses to R&D, get mindshare out there, and general respect for the product.

If your company cannot compete based on price, then the laws of economics dictate that your company should fail. It's okay to charge more if you're providing more, but if you provide an equivalent product, you shouldn't expect to be able to charge twice as much as your competitor.

Granted, it's not true freedom, but at the same time, it'd be a step to allow people to better appreciate the freedom given to them by free and open source software.

Re:Text of joemarini.com link

[dgatwood]

Now, most of my experience is in the packaged software world and not that of IT departments in big companies, so my view is somewhat different than his. I can understand why a customer company that is basing its business of a piece of software might want the right to look inside it to see what is going on, but that doesn't necessarily mean that it's a great idea across the rest of the software industry.

Here's why - when you develop a piece of packaged software, sometimes you only have a short amount of time to establish your product as a viable entity in the marketplace. If your competitors could just look inside your source code to see how you accomplished a certain feature that their product doesn't provide, then your fledgling product would be neutralized almost instantly.

There are three problems with that argument:

1. All software can be trivially recreated. If a company wants a feature, they don't need to steal your company's code. It wouldn't do them a bit of good because the time to integrate your code into theirs for almost any feature is almost always greater than the time needed to write it from scratch. The rare exceptions are large features that are almost completely stand-alone tools, in which case even then, the amount of trouble they would get into for stealing it costs far more than writing it themselves.
2. There is no such thing as a product that businesses don't depend on. And even individual users want some control over their software---at the very least, some assurance that the company won't just abandon it after they've spent hundreds of their hard-earned dollars to buy the program only to find a dozen bugs that they can't work around.
3. There are very few "particularly prickly" problems anymore outside of the academic world. Commercial software development is difficult because of the difficulty of debugging such large pieces of code. There probably hasn't been a "really prickly" algorithmic problem solved (with the possible exception of game development) in the general-user commercial programming world in two decades, and algorithmic problems are the only ones that closed source really protects. For any other features (like "ooh, that's a cool way to integrate those tools" or "ooh, it keeps the line formatting when parsing HTML") can be trivially rewritten by a programming team of sufficient competence simply looking at what it does and coming up with a good architectural design that supports all of the desired features... usually in a matter of hours or minutes unless it's a really large feature.

The only place where your argument would be valid -might- be in areas like 3-D modeling/animation, audio/video/data compression, and audio/video effects processing, since there's still some algorithmic work being done in those narrow fields. That said, those things make up only a very tiny percentage of software development, and most of it will never be used by the general public (outside of games).

Re:Text of joemarini.com link

I want all the features found in Microsoft Office, in AbiWord and others. Go and do it.

Your arguments are more like, I don't like the other argument so it must be false, arguments. The real world data shows that you are wrong. Amount of code in Office is far more than you can afford to replicate in a meaningful time. The best option is actually to look at the source code, learn how it works and then implement your own.

Re:Text of joemarini.com link

[Rinikusu]

1. Then why don't they do it? The GIMP still does not have all these "trivial" features that Photoshop has, and likely will never, either. If it's so "trivial", then why aren't we seeing feature and ease-of-use parity between Open Source products and their closed source counterparts? In some software segments, yes (Apache, Tomcat, etc). In others, you don't. Maybe it's simply a matter of time and money vs. the ability or desire of a particular person to give away their work for free, but obviously, it's by no means a trivial problem. Programmatically speaking, maybe, but in practicality, getting someone to do all that hard work for basically "nothing" (except pride?), well, you've got a long row to hoe.

2. It completely depends upon the software, as well. But being Open Source does not guarantee that software will be well-supported or abandoned by the developers, either. See sourceforge. Yes, by having the source code, you might can take over and make your changes, if you have the technical know-how or even the desire to do it. Or you have to pay someone to do it. If you're paying for someone else to do it, really, why does a company care if the solution is open source or closed source? $600 for photoshop, one time license (depends upon how many artists you have) vs 65k/year for house programmer/contractor to produce work that you cannot really profit from (sell it once, but give away the source, that's the last sale you'll probably make).

3. Again, who's paying for that programming team? You seem to think there's an infinite supply of interested people working on these type of problems. There's not. I've found that even WITH the incentive of a great salary that I still couldn't bear to write software that I wasn't interested in. But the point it, to get that team of programmers, you have to assemble of group of interested, technically proficient programmers, and for many problems, that's going to cost you money because only money makes them interested. :P

Re:Text of joemarini.com link

[carlislematthew]

"All software can be trivially recreated".

Your comment was interesting up until that point.

You're right that most software is not very tricky but that doesn't mean that it's trivial to produce. It can take months or YEARS to reproduce a software system that someone else has created. If you're 12 months ahead of the competition then you're set. If it's going to take a million dollars and 2 months to get staffed up before you even START development, then you're going to be releasing your beta version while your competition is releasing their second version with a bunch of features that all the users requested. It can take years to catch up, if the money continues to flow of course.

The comment that you argued against has it exactly right. It's about being ahead of the competition and attempting to stay ahead.

Open source is a wonderful thing, for some projects. Arguing that it would be appropriate for something like Dreamweaver is naive at best.

Re:Text of joemarini.com link

1. You're missing the point. Features are trivial to implement in that they're "just work"; sometimes they're less fun work, and there's less people willing to do it, but that's beside the point - having the source code to a competing product with a feature doesn't make the feature the slightest bit easier to implement (like is claimed by Joe Marini's article), because transferring the feature is usually just as much or more work than implementing it from scratch.

There are only a couple of cases where having the source code would be valuable for a competitor:

a. When the source code implements an undocumented protocol or file format and the competitor wants to be compatible.

b. When the source code implements a genuinely hard (and unpublished) algorithm. Non-programmers tend to assume that programs are full of such "magic formulas", while programmers (at least good ones) know that most programs contain none. These algorithms are usually "pure math" making them more easily transferable to other programs. Photoshop may have a few such algorithms (image manipulation is an area where genuinely hard algorithms for automatic image enhancement can be useful), but they're most likely not related to usability, and I don't know how well-published the field of image manipulation is.

Neither of these cases is, in my opinion, a valid reason to consider the source code a secret. For case a., it's anticompetitive to make interoperability difficult, for case b., researchers really should be advancing the state of the art rather than selling programs implementing their secret formulas. They should publish, and use patents if their inventions really deserve protection.

Re:Text of joemarini.com link

[symbolic]

Quark's trade secrets, along with the enormous amount of money we had invested in R&D to develop QuarkXPress 3 would have been for naught.

I worked with a company who used Quark for their primary workflow (one of their departments anyway). If ALdus could have gotten ahold of the source, I think the primary reason Quark would have been in trouble was their attitude toward their customers- a kind of "You owe us" mentality. It was quite annoying. I haven't had to deal with anything Quark for quite a while, so I don't know if the attitude has changed.

That having been said, everyone assumes that it's ONLY the technology that will make or break your success as a company. Technology is only part of it - unfortunately, it's the part that keeps customers locked into using your pruduct even when they despise you as a company. I think there's a lot to be said for good customer service- spreading some goodwill will go a long way toward retaining customers that might otherwise consider a competing product.

Re:Judging from the IIS error page in the second l

It's also PHP.

Some secrets are counter productive...

[DeVilla]

Take Joe's web page. It's so secret that I can't even read it. To many people are trying to veiw it right now. Of course, the secret would be better served if he had been more selective about who he let's in, instead of just setting a number of people who would be in on what he had to say.

More seriously, if a company can't beat a competing product by releasing open source, then I would assume the microsoft web server would be better and more popular than any open source web server. However, that doesn't seem to hold. Perhaps Joe has a response to that on his page. I'll have to wait until his (closed source) web server recovers to see.

Too black-and-white.

[k98sven]

I don't think there is any question. Open and closed source will both be around for the forseeable future.

To what extent is a different matter.

As long as there are people (and this would be the vast majority today) who care less about what license their software has than how well it does the job, then there will always be a market for closed-source software. On the condition that it is better than the available OSS solutions.

I think OSS will play this kind of role in the future, providing everybody with a basic set of software, and upping the ante for the quality of commercial software.

Commercial software on the other hand, will increasingly be for those who need and are willing to pay for the improved quality it offers.
(and will per definition be forced to offer in order to exist)

Scientists (open) vs Businessmen (closed)

[GillBates0]

Open Knowledge, Free Information, Sharing of Ideas, Open Source....call it what you want to....has been around since the longest time, and is responsible for the scientific progress, technology and advancement that we're enjoying today.

Closed Source, Trade Secrets, Intellectual Property, etc are an outcome of relatively recent business practices and have been artificially created in order to promote innovation through monetary profit and other forms of compensation for individuals and additionally competitive advantage in the case of corporations.

To sum it up, Open knowledge is essential for overall, longterm technological progress, while Closed knowledge is useful in promoting short term business gains.

Talk to a scientist, and they'll support Open knowledge...talk to a businessman, and they'll argue for closely guarded trade secrets

Re:Scientists (open) vs Businessmen (closed)

[matrix0f8h]

Good point.

In the same way that religions filtered their "secret" information to the public based on what they wanted them to hear; businesses filter their "secrets" to the public through PR.

Unfortunately it turns out that the secrets that both of these organizations were/are keeping were/are insidious.

uh, tennis anyone?

[e.m.rainey]

I'm not an aficionado but at some point in this metaphor it'll be Tim love Joe, right? You know that's not legal here anymore, right?

Re:Is Some Software Meant to be Secret?

[saintp]

I think the difference between Quark and iChat -- which, I agree, was not very well stated -- is that iChat contains some magic that no one has figured out yet. When a new version of Quark is released, competitors might sit up and say: "Hey, that's a neat feature. Let's duplicate it!" There's essentially no advantage to closing the source, since people will clone it anyway.

When iChat was demoed at MacWorld, competitors sat up and said: "J.C. on a pony. How the fuck did they do that?!?" They can't clone it, because there's too much black-box magic, which is maintained by the fact of being closed.

That's how I understand it, at least.

Uh... was it wise to say this to Microsoft?

[Realistic_Dragon]

(The point about incompatible architecture is right, by the way; by analogy, if the OpenOffice guys could download all of the Microsoft Office source code tomorrow, it would probably slow them down more than help them.)

You heard it here first folks, Office 2k4 source code leak on Kazaa tomorrow from 'unknown source'...

Re:Judging from the IIS error page in the second l

[LurkerXXX]

Right, because we know both websites are hosted on hardware with equal processing power and available bandwidth.

What? We don't?

"Code is hard to read" is NOT a good answer

[Chemisor]

Good code is not hard to read, and even the worst code is a million times easier to read than the output of a disassembler. So the argument is really not valid at all. If you have some copyable secrets, the only answer is to keep the code closed. Not everyone wants to use the open source development anyway. A company is much more likely to want to only take code from its employees, and so will derive no benefit from opening the code. Back to the drawing board, OSS advocates! Come up with a better argument.

Re:"Code is hard to read" is NOT a good answer

[erikharrison]

Good code is not hard to read

The main point was code is harder to write than read. That doesn't change based on quality level.

And nothing is like six thousand lines of code. Or, say 3 million (MS Office).

Re:"Code is hard to read" is NOT a good answer

[Eric604]

even the worst code is a million times easier to read than the output of a disassembler

So what you're saying is, assembler is not code? Weird. I guess these old skool coderz weren't coders after all.

Simple solution

[YouHaveSnail]

The simple solution to this problem/debate, and really the only solution, is to let the market decide in each case. There are many markets where a proprietary solution may in fact be the best solution, and there are others where open source, communally developed software is more likely to succeed.

A good example is the games market. Developing compelling games is a lot of work (just ask the poor schlubs over at EA). Some games are written as a labor of love and may be released as open source projects. Far more often, though, games are produced like movies, using expensive resources and labor. And they often have to be produced on a tight schedule for marketing reasons, so that their release coincides with the release of some movie or holiday buying season or whatever. For these reasons, there are few if any open source games out there, and I don't see that changing anytime soon.

Obviously, there are also many areas in which open source products are kicking the proprietary competition's collective ass. These are usually products which work best if they can run on multiple platforms, meet the needs of lots of different people in different situations, and provide enough value that smart people are willing to spend their time improving and customizing them. Linux, Apache, PHP, etc.

So lets stop worrying about whether open source software is better than proprietary software in all cases or vice versa. It's pretty clear that both bring value to our society and to our economy. Lets instead keep improving the ways we develop products under both systems, and make sure that we maintain an infrastructure that works for both. Software patents are a dumb and harmful idea, but copyright is important and should be respected and protected. Open standards are essential to vibrant markets and useful tools, and we should insist on vendor-neutral bodies to develop and maintain them.

On the contrary

[eobanb]

But they are *not* a good example of how a company can succeed by *being* generous

How do you figure? Apple's given a lot back to the open source community, especially in terms of user interface and networking. Yes, Apple used to be very unfriendly to open source, but now it's just as easy to dual boot a Mac with Mac OS X and Linux as it is with a PC. And Apple even directly controls the hardware. But back to software; Apple basically re-wrote KHTML for Safari, and then gave it all back to KDE. Rendezvous is also an important project, largely under Apple direction, that probably wouldn't have otherwise caught on.

And don't even get me started on user interface. Apple might not have contributed to this directly, but have you ever stopped to think how much of Gnome and GTK+ is influenced by the Mac OS? Cosmetically, the two are becoming more alike all the time. Example: GTKFileSelection really really sucked. But then Gnome took an idea straight from Mac OS X and brought us GTKFileChooser, which is way more intuitive and easy to use.

In the future, it'll all be even more prevalent. Jabber is coming to iChat in Tiger, for example. It seems like most, if not all, improvements Apple makes to open source libraries/programs all gets given back to the open source community, which is way more than can be said for a lot of other companies.

So stop bitching.

Re:On the contrary

[zurab]

Apple has given a lot back to the OSS, but you misrepresent several points:

Yes, Apple used to be very unfriendly to open source, but now it's just as easy to dual boot a Mac with Mac OS X and Linux as it is with a PC.

And what, exactly, did they give out as open source with that? Yes, you can boot Linux on a Mac; you can also do it on a mainframe, Sparcstation, and everybody's microwave. i.e., at the most they are on par with everyone else - not hindering != being generous and giving, unless that's your definition of the word.

Apple basically re-wrote KHTML for Safari, and then gave it all back to KDE.

They didn't rewrite anything. Apple chose KHTML as their rendering engine for their new Safari web browser and contributed their fixes and modifications back. Yes, they could have chosen Gecko, or written another one from scratch, but they chose KHTML because they liked it better. KHTML is licensed under LGPL - anyone who receives the Safari binaries has a right to ask for the modified KHTML source. Apple is contributing their bug fixes and additions that they are required to disclose under LGPL.

Presumably, they are being very nice and collaborative about it and I am not in any way trying to portray them in a bad light for the way they are doing this. But it's nowhere close to what you claim about rewriting the whole engine and giving back out of generosity.

And don't even get me started on user interface. Apple might not have contributed to this directly, but have you ever stopped to think how much of Gnome and GTK+ is influenced by the Mac OS?

I don't know how this relates to generosity - would they start suing GNOME developers or users if they were not acting "generous?" MS Windows has also influenced KDE and GNOME and various application GUIs - you could then argue that MS has been just as, or even more generous with the OSS in this regard.

So, yes, Apple has contributed Darwin and Rendevouz when they didn't have to, they are being helpful with providing fixes in KHTML (which they would eventually have to), but you don't want to blow some things out of proportion.

Re:LOL

And amazingly that comment is insightful.

Lets watch this one be also, I will never understand some mods.

Re:Is Some Software Meant to be Secret?

[Dorothy+86]

Which features of iChat are "magic?"

I use iChat daily, but i don't really know anything "magical" about it...

Re:LOL

[Couldn'tCareLess]

That's the funniest thing I've read in a long time.

That it's been modded insightful... well, the carpet and I can't stop giggling.

Re:Competition

[Quill_28]

'but yet is free and more reliable.'

I didn't know open source was always more reliable?

Re:Is Some Software Meant to be Secret?

[saintp]

I don't think the magic gets released until Tiger. Did you see the MacWorld when Tiger was unveiled? One of the improvements was to iChat, to let you video-conference with up to four participants in split-screen. It was pretty crazy.

Closed Source for External File Formats

[Sheepdot]

One of the biggest problems with the closed source model is that you have to be a big player in order to maintain the format(s) for your external files being used. For example, the .WPD format lost out to .RTF and so has .DOC to a certain extent.

An open source gaming engine will eventually surpass a closed source one, however the issue right now is that there is so much more money to be had developing one closed source. But even that cannot delay the inevitable.

Some exceptions do occur. Adobe's PDF format is one that has simply been reverse-engineered instead of replaced.

I realize that my comments focus mainly on external "save files" and that not doesn't apply directly to the argument, but IMHO the shift in external formats being closed to more open is a good indicator of what the "end game" will look like in the future.

Microsoft can push the closed source model all they want, but the reality is that they essentially killed it by buying out all the other closed-source solutions in the marketplace. Now all that remains is for them to eventually succumb.

Re:Closed Source for External File Formats

[eweu]

Adobe's PDF format is one that has simply been reverse-engineered instead of replaced.

The PDF Reference is available for all to see. No need to RE it.

But this gives weight to your argument. Adobe has been remarkable successful with PDF simply by encouraging others to use it. They happen to sell the most full featured PDF creation tools, but others have been able to take advantage with still more success.

Re:Is Some Software Meant to be Secret?

[BrynM]

For example, surely it wouldn't hurt Microsoft if they GPLed Windows 95.

It would hurt them for a couple of reasons:

• Everyone could see where they may have cut corners, written needlessly redundant code or were just plain sloppy. Not good PR. Especially in their eyes.
• They still have patents (and other IP) pertaining to lots of stuff in Win 95. In their view, GPLing such code would be exposing those patents to unnecessary risk of infringement.
• People would fork it and not get the next release of their products. They would rather see you buy a copy of XP or 2K.

You may want to scream FUD at me, but I think in some ways they would be justified in believing these things. You may think differently (hint), but their legacy code is part of their legacy business model.

Win 95 was a multi-layered beast with parts of DOS and Win 3.x, so saying "GPL Win 95" is actually saying that they should GPL a combination of things. Perhaps it would be easier to hope they would GPL bits of it, like say the FAT driver.

can't we just get along

[jonathanduty]

I've been reading open sources vs closed source arguments for a long time now. I guess my question would be why does it just have to be one or the other? In business school they teach students many different business models because different markets call for different models.

Microsoft has a model that works for their market (that is if the measure for a good model is not the quality of software but the about of sales and market ownership). The JBoss Group also seems to be doing well in their market so they have also found a model that works.

Why can't we just all get along??

Re:Is Some Software Meant to be Secret?

[Moofie]

OK, they skew two video feeds and put all three in a frame. I don't really see how crazy that is. I mean, it's neat and all, but it doesn't seem "magical".

I love my Powerbook, and I'm going to buy Tiger as soon as I can get my grubby hands on it. But the iChat thing is just kinda neat, not "magic".

Re:Judging from the IIS error page in the second l

[BrynM]

Right, because we know both websites are hosted on hardware with equal processing power and available bandwidth.

<sarcasm>Maybe he just needs to buy more client licenses...</sarcasm>

super sekret sorce

[geoff+lane]

The problem with secrets is that they rarely last.

If your business model is based on a secret then you end up spending more on protecting the secret than developing new products.

Google Cache/Mirror

[swiftstream]

http://66.102.9.104/search?q=cache:http%3A%2F%2Fww w.joemarini.com%2Farticles%2FnotOpeningEverything2 0041121.php

Re:Is Some Software Meant to be Secret?

[Apathetic1]

One alternative is that a company that's developing code could decide to release their old code after some time has elapsed. For example, surely it wouldn't hurt Microsoft if they GPLed Windows 95. No one's going to create a competitive product from it

Microsoft's biggest OS competition right now is their own obsolete versions. I have no intention to upgrade to XP or Longhorn on my Windows computers (information for the curious: I have two Windows machines, an OpenBSD machine and a dual-boot Win/Lin laptop) because Windows 2000 does everything I need.

None of the commercial closed source software that has been Open Sourced has relied on control and vendor lock-in in the same way that Microsoft's products do. The worst thing that could happen to Microsoft is loss of control and that's exactly what an open Windows 95 would do. I'd be willing to bet that Microsoft would be happy if every obsolete version of Windows were to spontaneously self-destruct because it would mean continued revenue and furtherance of control.

Software or Code?

[Barumpus]

Should code be secret? That is debatable and, in my opinion, would fall to an individual per code basis.

As for software. Yes, some of that should have been kept secret. WinME, Daikatana, and the Deer Hunter series all come to mind in this case.

Relationships, relationships, relationships,...

[plopez]

What makes a successful company? Good customer relationships.

I too have work for large organizations, and the traditional B2B relatioship was to give the open source to the client. It was licensed, patened, copy righted etc. but we still had the source which our in-house staff (I was one of them) could modify to meet our customized needs. With the understanding that we would have to support our own mods.

If our mods were good, the vendor would essentially buy us out by giving us discounts, free training classes etc. and take over the supporting the modfication, which was then rolled out to other clients. Sure we could have ripped off their code, but it was in our own best interest not to. The vendor, by licensing the code over a broad number of clients created a cost sharing situation. And they were pleasent to work with.

How did the vendor succeed? By building a good working relationship with the customer. It is all about relationships. This is something MS and other closed source vendors never understand. Especially when they have a monopoly and they can abuse the customer with impunity.

The closed source approach really did not start until the 80's when world+dog thought that the path to fortune was in building proprietary closed source software. It is an anomoly which is slowly shrinking.

Closed source is also product based, which really does not make sense for software as it is an industrial paradigm. Software is more of a service, and open source is more service oriented than closed source (IBM understands this). It is the level of service on which you will win in the long run. Anything else is a short-term anomoly.

Re:Beautyfull...

[Moofie]

linkg

BALEETED.

One of us should re-read the essay

[ccoakley]

Nothing Spolsky says in his essay would have prevented Firefox, nor the better Mozilla codebase. He simply says not to rewrite from scratch. He never says anything about refactoring or improving the existing codebase. Version 2 may not have any code in common with Version 1, but throughout the development process there were feature improvements, architectural improvements, etc. The point is that by starting with a working version 1, even an ugly version 1, if the decision was made to release early, it would have been possible. Once you have something running, don't throw it away.

Of course, there is an old adage, "All absolute statements are wrong, including this one."

I don't mean to debate the accuracy of what he said, just that the interpretation you have is different than my interpretation. However, I do know that my productivity is higher when I modify a working program than when I start over. If the architecture is *really* bad, I could see where it might actually be beneficial to start over, but I think programmers have a tendency to overestimate how unworkable the current system is when the chance to rewrite from scratch appears.

Secrecy OK in short term, terrible in long term

[davidwr]

Some projects, notably security-sensitive ones, are improved by being "below the radar."

If I were selling an intrusion-detection device, I'd probably base it on a well-proven open-source program (probably a BSD- or similar license), but I'd audit every line and include my own "secret sauce" to make it beefier. Over time I'd return SOME of my tweaks to the community, but not all of them. As a matter of practice, I'd probably return anything that I introduced more than a year ago, more frequently if it was important that all vendors impliment the code immediately.

Why not all of them? If an attacker had access to my source code, it makes the job much easier. By keeping at least one "trap" he doesn't know about, it makes it much harder for him to sneak in undetected.

Re:Oher areas

[DuckofDeath87]

Well, it already has, to a small degree.
In music, there is the Creative Commons.
And, in books, there is WikiBooks.
So, yes, it does seem to want to expand to other things.

Re:Screw IIS; I use WinApache on my desktop PC

[SCHecklerX]

Indeed. You can also run Bind on windows, yet people insist on using Microsoft's buggy, standards-be-damned DNS instead. They'll argue that this is necessary for Active Directory to work properly. Incorrect. (I'm fighting that battle at work right now).

We can only hope...

[DaveAtFraud]

That Microsoft keeps the source code for some of their products secret:

1) Visual Basic
2) Access
3) Bob
4) Outlook Express
5) IIS
6) Internet Explorer

Preferably, they would keep the source code a secret by destroying *ALL* copies and starting over again.

Re:Is Some Software Meant to be Secret?

[radish]

Hmm. So +1 again for CuSeeme :)

MS source got much better recently

[roystgnr]

Sure, you would have been correct in May 2002, when Microsoft exec Jim Allchin testified that releasing their source code would endanger national security. I mean, surely there's no way a Microsoft executive would perjure himself to try and keep his company from being penalized for its crimes!

However, Microsoft fixed all these security problems by January 2003, when they had their source code cleaned up enough to show to 60 countries including China. So you shouldn't spread any more of these scurrilous rumors; why, that would imply that Microsoft would commit treason just to try and increase foreign revenues!

First mover advantage and Intellectual Property

[Kris_J]

There are some industries where copyright and secrecy isn't an option. Any financial product in Australia has to be fully documented and publicly available, yet companies continue to come up with new financial products, because if you come up with a good one you benefit simply from doing it first. Since ultimately, Intellectual Property laws are a construct designed to encourage development, and their necessity in relation to processes (rather than physical products) is seriously questionable, I don't see any need for software to be especially secret. Not that I'm demanding that Google be forced to write a manual on how to copy them.

Yes

[andreyw]

Interesting post, but I want to point out that writing optimized code does not mean going beyond the boundaries of C89/C99. I treat warnings as errors - in fact, 99% of all warnings are quite reasonable - sloppy code or runtime errors. It pisses me off that so many programmers think that just because it (barely) compiles, its worthwhile to put their abortions out into the world. For one thing, there is a high chance of the code chocking on newer versions of or different compilers.

Why are there so many OSS projects out there with incredibly sloppy code that no one bothers to fix?

I personally always compile everything with -Wall --pedantic.

You can't keep the competitor out

[Skapare]

Joe Marini said:

Here's why - when you develop a piece of packaged software, sometimes you only have a short amount of time to establish your product as a viable entity in the marketplace. If your competitors could just look inside your source code to see how you accomplished a certain feature that their product doesn't provide, then your fledgling product would be neutralized almost instantly.

If you're talking about a sophisticated and innovative algorithm, maybe this will be the case. But it can be reverse engineered quite easily by simply following the basic flow of the machine instructions and producing work-alike high level code. Of course you lose valuable comments ... maybe. Too often this rush-job commercial code doesn't even have such comments.

I did reverse engineering of a competitor's product once and succeeded in easily reproducing their proprietary compression algorithm (I needed to decompress it to build an import module for their data files to allow customers who switched to our software to use their old data). A few months later, the company I worked for bought out that competitor. When their software team found out we had an import program for their data files, their first question was how we did the decompression. It turns out they had lost the original source code when they were porting it from the mainframe to the PC, and were trying to figure out how to change to a new data format instead of reverse engineering their own code.

Now imagine that you're the one competing with somebody like Macromedia, or Adobe, or IBM. You have a great idea for a product, you've done your market research, and you want to make a go of it. Now imagine telling potential investors and customers that yes, because your product is Open Source, anybody can read the code and see how you solved a particularly prickly problem that up until now nobody else has tackled well. How much investment capital do you think you'll get? How many customers?

Under the GPL, I can give it away for free, but my competitors still can't integrate my code into their code (unless they want to GPL their own code). They'd have to understand the solution in a clean room scenario, and re-implement it (something they can do with the binary, anyway). So it is not actually an instant handover to your competitor. Then my business model will be free code, and paid for technical support. In the mean time, my competitors are struggling to debug their re-implementation, and making only one time sales. I'll be taking in incremental revenues from support.

Not every product is going to be able to benefit from this model. But more and more products will, and many do already. Some very specialized software will still be best kept closed source for now. But once it has been developed as open source, the days are numbered for the closed source version. Making the open source business model work depends on understanding that developmental thinking (e.g. intellectual property) is no longer the value commodity it once was. Just look at all the effort so many big software developers are making to get lower development costs by hiring people in lower cost of living countries. Thinking is cheap, and getting cheaper. Working for your customer or client is where the value is, and that's support.

The intellectual advantage does work, only when your competitor is using the same business model and doesn't have that particular innovation in their product. But when you are comparing business models, between one time software sales with mediocre support, vs. free software and paid for support from a vendor that gets its revenue only if it does the support job right, we will be finding that the latter model has more business advantage to business customers, and this in turn means a better market for the free software paid support model.

Re:What is the business ADVANTAGE of open source?

[Tsu+Dho+Nimh]

"Most business customers are not developers. They are no more able to benefit from open source than the average person would benefit from a set of engineering blueprints of their dishwasher."

If I had the engineering plans for my dishwasher, I could FIX it when it broke. Or I could hire someone who could read the plans and have them fix it or modify it for me. If it was in a sealed module, I'd have to .... buy another one!

"A novel device for..."

[Doc+Ruby]

No, patents protected only devices, for a long, profitable, sensible period of centuries. If you make a patented paperclip by casting molten steel, rather than twisting steel wire, and the paperclips are identical, you're violating the patent. That patent need not identify the machine that makes the patented paperclip. The paperclip-making machine itself might have a patent, but if it makes a paperclip already covered by another patent, running it is illegal.

Believe me, a substantially rich branch of my family started in the cardboard box sales business, grew into the box-manufacturing biz, then made (& patented) machines for making the boxes, and expanded into supplying machines (tools, assembly lines) to make the machines that make boxes. All shipped around the world in cardboard boxes. Every step of the way they innovated, and licensed any device in the "process" already protected, but necessary to their new process. They probably have now obtained a patent on the process, though it's worthless, except to protect themselves from a frivolous claim by another with that patent to interfere with their process. If someone had done that first, in the early 20th Century, they would not have had room to innovate, the US would have had a lot less boxes made, and we'd all be speaking German.