Why I Do Not Trust Non-open-source Software
About this Article
This article aims to explain why I do not trust non-open-source software programs and libraries, and would rather not depend on them, even if they are technically superior to their open source alternatives in some respects.
Publishing Date: 3 March 2014
The Article
In this essay, I would like to explain why I do not trust programs that are not FOSS and instead are more restrictive. (I have previously told this story as part of a different essay, but it was easy to miss there.)
In any case, the BitKeeper version control system is now quite obscure, due to the advent of quality open-source distributed version control systems such as Git and Mercurial. However, several years ago it was used by many developers of the Linux kernel, and the demise of its gratis version was in fact the impetus for the creation of Git (and later - Mercurial). Several years ago, some time before Linus Torvalds started using it as the version control system of the kernel’s source code, I ran into a limitation of CVS, a popular, but limited, open-source version control system, which I used back then. As a result, I went looking for an alternative, and after reading an out-of-date article about BitKeeper (which said its source was available under a mostly open source licence), decided to use it and its bkbits.net service.
At first, I was quite happy using BitKeeper for some of my projects, but then I posted a question to the mailing list, asking where I can find the source, which was implied to be available on the BitKeeper site. Larry McVoy (= BitKeeper’s main creator and maintainer) replied by saying that they opted to remove the source code, because some users modified it to remove the restrictions, and allowed them to abuse the licensing of the gratis version and prevent them from paying for the commercial version. He also noted that availability of source, meant that, in practice, your software was Public Domain, and that they provide the sources for people they can trust, in private.
At that point, I figured out that I don't have an immediate need for the source, and that perhaps in the future, I can win BitMover (= BitKeeper’s parent company) trust and gain access to it. So I continued using BitKeeper.
That changed, however, when Mr. McVoy announced a licence change to BitKeeper (while requiring all users of the gratis version to upgrade) that I found unacceptable, and caused me to seek a different alternative. This caused an unpleasant exchange between me and the BitKeeper developers, and made me lose some of the repositories I hosted on bkbits.net.
From that moment on, I realised that I cannot really trust non-open-source software, because even if I am allowed to continue to use its previous version after a licence change, then it may accumulate bugs or stop being runnable on my systems, or stop being supported, and I cannot risk it. To quote Richard Stallman: “Every non-free [= non-FOSS] program has a lord, a master — and if you use the program, he is your master”.
The end of the BitKeeper story, was that after evaluating a few open-source alternatives, I settled on using the open-source Subversion, and later on also started using Mercurial and Git. Furthermore, from then on, I often refused to look at and evaluate proprietary programs. Lately, many open-source developers have become infatuated with Sublime Text, but I am not willing to even try it, because it is not open-source, so I will never have to depend on it.
Despite all that, I still license most of my original open source software under non-Copyleft, permissive, licences, because the GPLv2 and the GPLv3 are incompatible, both with one another, and with many other open-source licences; because I know of at least three different interpretations to the GPL (GNU’s one in the GPL FAQ, the Linux kernel's one, and the draconian Nmap interpretation); because I want my code to be of the maximal available use without the need to consult a lawyer; and because I don't want to be worried about how it will possibly be abused, when I don't care if it will. I'm still using GPLed software, in the hope that I won't get sued. See my "FOSS Licences Wars" essay.
To sum up, I do not wish to rely on non-FOSS, because it may mean these software applications later become unavailable to me, in a similar manner to what was the case with BitKeeper. I hope you can relate to that, and, if not, you may likely run into a similar situation in the future, which was also the case for the Linux kernel project, with the demise of the gratis BitKeeper version altogether.
Links
“Evaluating the harm from closed source” — an essay by Eric Raymond (ESR).
“Learn to Read the Source, Luke” - another reason why it is important to have the source code of your dependencies.
"The Old Shareware and the Android Applications" - by Nadav Har'El.
Some Discontinued Non-FOSS Applications
Visual Basic 6 (and earlier) - was famously discontinued by Microsoft in favour of the incompatible Visual Basic .NET. (Also see “How Microsoft Lost the API War”.)
pSOS - stood a risk of being discontinued.
The Xv Image Viewer for X - no release since 1994.
Microsoft FrontPage - also see John C. Dvorak’s “Microsoft and Skype: A Marriage Made in Hell”, which references the demise of FrontPage.
Adobe’s acquisition of Macromedia resulted in many software applications - either by Adobe or by Macromedia - being discontinued.
HotMetaL - an HTML editor for Windows and Mac OS.
FoundationDB - a proprietary database system. Update: it was made open-source under the Apache 2.0 licence, several years later.
Licence
This document is Copyright by Shlomi Fish, 2014, and is available under the terms of the Creative Commons Attribution License (CC-by) 3.0 Unported (or at your option any later version of that licence).
For securing additional rights, please contact Shlomi Fish and see the explicit requirements that are being spelt from abiding by that licence.