A lot of my friends work at companies with legacy code, a lot of which have libraries that they bought where the company isn't even around anymore and it was locked on to a specific system by license, they can't transfer it, can't fix it, can't update it.
I won't use a language that isn't open source, I don't trust companies enough, there is a chance they could die, revoke a license or do some other stupid thing that makes it unreliable in the future.
I'd never use a closed source programming language because it makes me dependent on the vendor. With FOSS, if the original company goes away I can pay someone else to keep the software running on a modern computer. With closed source software I don't have that option.
I almost had an heart attack last week when I noticed that a library I've used for work in the last year wasn't open source, but rather source available.
Thankfully, my employer had some licenses for the library without my knowledge, but it ain't fun to break licenses at work, especially when you don't notice until months later.
You are right, but in practice that's not what happens. Companies do not rely on open source libraries, the developers working for such companies do.
I can give you a realistic example. If you want to use Kafka and Go, your probably only option is to use https://github.com/confluentinc/confluent-kafka-go. Its LICENSE explicitly says "no warranty". Now, what if I find a bug in the library? Only two realistic solutions from my side:
1. I submit the issue and hope for the maintainers to fix it
2. I dig deeper and try to fix the issue. I submit the PR
None of the above scenarios are guaranteed to have a happy ending. The issue could be ignored, or piled up among thousand of other (maybe higher prio) issues. My solution may not be optimal and could be rejected (or if it's optimal, nobody is taking a look at it, and it could remain open for weeks/months).
> If that is a problem for you, negotiate a different contract up front - with the maintainer or someone else willing to do the work. That probably means paying them.
In the real world that would mean that I go to my manager and asks them to pay money to the maintainers of confluent-kafka-go to fix the issue I found. I don't think my manager would approve that, but let's imagine he does. The guys at confluent-kafka-go may not want money to fix the issue. These guys have probably already jobs that pay them well, and they work on the library at will.
Note: I'm talking about confluent-kafka-go, which I know is behind the Confluent software company. But I could as well be talking about libraries maintained by individuals like https://github.com/edenhill/librdkafka
I haven't seen a viable commercial programming library in decades, but that may just because I'm not doing corporate-centric platforms like C++ / .NET / Java . Beyond that, if there is an open source library, I don't see how a corporation steals that and sells it, as developers would just find the open source one and use that. It's also very difficult / impossible to not have the source available if the library is written in a scripting language.
This is so, so true. So often when people ask questions like this, they seem to be overestimating the value of having access to the code that they're interested in, and underestimating the expense and risk of open sourcing it.
Very few companies would be willing to just throw the code as is to the world. Usually they're going to want to go over that old code line by line to make sure it's fit for public consumption and doesn't contain intellectual property that they don't have a right to open source. All of that stuff costs money and engineering time and probably legal time as well.
They would also have to have some reason for doing it in the first place, something more than that it could be hypothetically interesting to hypothetical people. That's a leap of faith that few companies are willing to make, and the larger the company, the more people have to make that leap and sign on to it.
Having said that, I also wish that more companies would open source their old code (for academic reasons if nothing else). I just think the reason it doesn't happen more often is for really practical and predictable reasons, and not because those companies are totally oblivious to the idea or because they're evil or anything.
Is it possible for the library simply be removed, and the code posted with the notice that they won't work without either the proprietary library or some code work to swap it out?
I like to believe all open source code has value to someone, even if it's someone stumbling through working with said proprietary library, and trying to find something else that connects to it. ;)
Open source code is generally supplied as-is without any liability acceptance or warranty. If your business relies on it and it has bugs then that is the business's problem to deal with.
Eh. They could just opensource the code but not its dependencies. The opensource world is remarkably good at taking something like that and getting it working again.
The company I work for is scared to use open source often, much less let people release it. They care more about scoring patents on useless processes than on releasing useful code that could have been written by a competent intern at LITERALLY any company in the industry.
Decisions made by lawyers and bureaucrats.
(These opinions are mine and not necessarily those of my employer)
You seem not to understand what open source means. Code released to the public under common free open source licenses mean someone can fork the code and put it on Github any time. If the company chooses to close source further development, then it's their unfortunate choice, nevertheless already released older open sourced code will stay open source.
If it writes what would have been open source dependencies based on open source code you no longer have to license that work or your own. Also coders might not want to open source original work for fear they are just going to feed that beast that will ultimately kill them. Sort of a chilling effect if they cannot chose to contribute to that cause or not while also sharing code as open source.
So? Just because your code is not open source does not mean you're not allowed to use it.
They might not care about the company they are applying to opensourcing their code. Plus you have to try really hard nowadays to not use any open source code at all
I completely agree that open sourcing the project does not guarantee that the project will continue to function. I also think that after a company goes out of business they have no responsibility to keep their project functioning. Once they open source it, anyone is free to put in the work to keep it going and I can't think of a better guarantee a company could reasonably give.
For products in the hardware, gaming, platform, and OS space, I understand that a lot of code is often bought, licensed, or shared between companies in a manner that would prohibit open-sourcing the software without a time-consuming IP hunt.
However, I don't think I've ever worked at a web startup that didn't require all employee and contractor-contributed code be granted irrevocably and without limitation to the company, and the last few companies I've worked at have also required that all third-party dependencies be licensed in such a way that the company could use them in an unlimited commercial or non-commercial manner.
Everything I've worked on in the last 5+ years could, I think, be open-sourced with the flip of a switch without IP or legal issue provided the company decide to do so. In a few cases I know about, projects I worked on were open-sourced after I left without even notifying me.
Do I think it's a bit irritating and potentially somewhat immoral? Sure. I'd have liked knowing that my code was open-sourced retroactively, if for no other reason than to add it to my OSS resume.
But I've never worked in a web startup where my employer wasn't effectively free of IP-debt, or one where the "flip the switch and-open source it" method wasn't legally viable.
I think I agree with your point, though: "just open source it when it dies" is a naive argument that ignores how much work putting code out there can really be.
This is just a general issue with third party code - C/C++ libraries have always suffered from this weakness. Still, I've worked in places where if we were unable to distribute our library closed source the business wing wouldn't let us distribute it at all - everyone is welcome to their thoughts on copy-left software, but a thing that exists wouldn't have existed if we could only release it open-source (and yes, we even explained how licensing worked to the higher ups)
Sure, but for companies that fail their code ceases to be run by them. If their code is used by other groups then they will have to deal with maintenance themselves, if that's even possible.
This risk is somewhat mitigated by demanding only open source software be used. At least then if a software's supplier goes bankrupt then updated versions can still be produced. That's not the case with closed source software.
This is a hazard of open source or shared community code in general, I think most of us have run into -- and more will be as history moves forward, more years and more projects means more abandoned projects, and more dependency changes meaning abandoned projects become liabilities.
To some extent there's not much you can do, the risk is just part of the game; you're making a tradeoff, risking future lock-in to abandonware, by gaining produtivity by using someone elses shared code.
But the one thing you CAN do is avoid using projects with restrictive licenses. It takes something pretty exceptional ly valuable (AND with all the signs of being a project with legs) to get me to use something with a restrictive license. If it's got a sufficiently flexible license AND is popular, it's pretty likely someone (if not me) is going to step in to do the bare minimum of changes neccessary for security or dependency upgrades.
The other thing one can do is try not to use projects with really poorly written/organized code -- cause it's an additional barrier to someone else patching it once it's abandonware. But that's harder to judge correctly, and anyway if the thing is really useful and difficult for me to reinvent myself, I'm likely to ignore perceived bad code quality and use it anyway.
I worked for a company where one of the clients required that all the source code be periodically archived and shipped to them so that if we went out of business they could potentially run it themselves. Practically, they wouldn't be able to because of the sheer complexity of all the different services. It was a minor pain to do this for them but the contract was worth it.
Having said that, I am a big fan of open sourcing projects of they fail. Why not? What do you have to lose?
I won't use a language that isn't open source, I don't trust companies enough, there is a chance they could die, revoke a license or do some other stupid thing that makes it unreliable in the future.
reply