Flux RSS

Why "open source" is good

Not so long ago, I made a post explaining Why open source is bad. I'll try to redeem a bit myself and try to explain why there are some very good aspects of it, and why closed source is sometime excessively bad. As I mentioned in my previous post, I don't think open source should be used as a selling point in the "it's open source so it has to be good" way. Instead, it should be used as a selling point in the "we're transparent" way.

Basically, I think that anything that has a critical, widespread incidence should be open source, for transparency. For example, I am a strong believer an operating system should be open source. There's actually not a single valid argument about why Microsoft Windows is better closed source. It doesn't mean that being open source won't enable them making money. There are portions that can stay closed, the same way Apple does with Darwin and MacOS X. But the core really needs to be open source.

There are several reasons for this. First, portability. When you're writing code that's cross platform, you have to deal with standard differences. When Microsoft decides to implement their own "standards", and tell Posix to GTFO, I wouldn't mind that much, if I could read their source and understand the differences. But since things are closed, I just can'd do this. And I either have to dig awful and possibly erroneous documentation (any good coder here know that source code is the best documentation ever), or have empiric tests to figure out the implementation details. I'm talking about this because this just bit me recently where I wrote a piece of code that was doing some standard OS calls, but they weren't working the same way at all between linux and windows, even though they are really basic stuff.

But my main argument is security. Anyone claiming that being open source is a security threat is a moron that shouldn't even be working in the computer industry. If you have a cryptography protection relying solely on the fact the source isn't disclosed, you're doing it wrong (why hello there Sony!). There are people who don't need the source code to understand how a software is working. And tools for this are getting better and better. There's really no use trying to conceal source code. I believe that having a core product being closed source is actually a security risk. Because it has less audience, it means the existing bugs and exploits are probably going to be discovered by a restricted set of people, and will be used for evil purposes. So if you're writing a core product, such as an operating system, a compiler, a web browser, a cryptographic tool, or any middleware which code directly impacts millions of people, having it open source is the right thing to do. I'd personally consider a legal offense not to disclose source code for critical pieces of code. Now if you're writing an end user product, such as a 3d modeler, a game, a word processor, or an image processor, this can stay closed source, as the potential bugs in there won't have any huge impact.

All in all, the conclusion is that if I ever get any strong political power, I'd enforce a law stating that if you're creating a core product which security flaws may gravely impact millions of people, you'd be legally enforced to make the source code readable by everyone. That's the only sensible thing to do. Microsoft is doing it wrong. Windows's kernel, the C/C++ compiler and Internet Explorer should have their source code disclosed.