Comment by StillBored
4 years ago
I think the author is seriously confused over the value of some crap his startup created in a couple man years vs actual products with market share, long term maintenance and thousands+ of man years of engineering/testing/documentation time. He even admits that they were rewriting large parts of it on a regular basis. That by itself indicates much of the code actually had little value, if the engineers themselves were throwing it away.
It would be really hard to convince MS/Google/apple/etc that their primary products source code doesn't have any value.
I think the author makes a great argument, and would add network effects to reasons why code is worthless. Let's say I build an exact clone of Facebook, do I take away any value from Facebook.com? How about Office 365, I offer an exact copy of their cloud, except the sync doesn't work because OneDrive is built into Windows and won't authorize with my clone.
I guess before everything sync'd and auth'd to the cloud I could pirate Photoshop, but as the author points out, cracked software has always been a different landscape that carries malware more often than not and has no stability or feature updates, so why worry, it's no real competition if you're actually innovating your product, not to mention tech support!
As for throwing out code, I'd have to do some digging but there's a talk, maybe Dan Geer, outlining that every 1000 lines of code you write there's a certain number of security vulnerabilities, and you'll never find them all -- and the longer the code stays the same the longer those vulnerabilities are able to be prodded and discovered. So say you have an adversary with access to your source code, they are trying to figure out the "weird machine" of all the bugs in your code. The best way to foil this adversary is to keep changing the way your software works, always switching out one set of undetected bugs for another. Again, having a development team that understands how to change the code is infinitely more valuable than having access to the repo.
(moving the security bits up because I find it dangerous)
And the security argument is a strange one. If you never let the code "mature" then your defect count remains high. Which means there are likely exploits that can be quickly found with simple automated tools, vs being hardened enough that it actually takes real effort to find the ever more obscure cases. Which is why when you look at windows, a lot of the exploits recently are because they churned pieces of the OS that were decades old. And the "unsupported" versions of the OS weren't vulnerable. Similarly, the product I was working on a few years back dodged heartblead for the same reason. We were on a fairly old version of SSL only being patched with security updates. So, when the exploit finally became public we didn't have anything to worry about. Our version of SSL simply wasn't affected.
Its very dangerous to think that the most secure version of a product is the one that isn't battle tested because its being churned. That is just a reformation of the security through obscurity argument and assumes there aren't blackhats more than happy to hack a product and keep quiet about an exploit for years. Combined with the fact that now your hoping to randomly close these exploits through code churn just screams of a naive development model.
(comment on network effects)
I've rarely heard anyone mention any of the recent web based "innovation" as a reason to use photoshop over gimp, or even older versions of photoshop. OTOH, when I heard these discussions in the past, there were real hard reasons people didn't use gimp (color profiles?), libreoffice (document compatibility), etc. So the "innovation" needs to be something the end user finds useful, not just pretty buttons, or software subscription models.
Its obviously not enough to just appear to be a clone, there have to be real reasons to consider an alternative to overcome the network effects. When that happens you can bet people start choosing the "clone", which does in fact devalue the original offering. If a legitimate facebook , O365, etc competitor shows up you can bet people will start to switch even with the network effects of those two products. In the case of photoshop, from what i've heard a lot of people have been looking at Affinity's product. Which points to gimp still not being a proper alternative.
This isn't just software, its everything. Everyone keeps buying x86, until the day it turns out there is a cheaper/faster arm laptop. And it might not even be a change in the products themselves, the US automakers lost out in the 1970's because the market changed and they weren't as well positioned for it.
Large companies also do occasional complete re-writes of legacy products. It's not as common (because of course the larger the project, the more expensive it is), but it still happens.
I would also argue that rewriting your code somewhat frequently is part of good engineering. As you discover more of the problem, old code needs to be discarded. Usually what happens is that you start solving problem A, then realize a new need to solve problem B. But really it would've been much better to solve a combination of the two, problem C, which requires an entirely different approach than dumping new code for B onto the old codebase for A.
It's actually part of why I wrote the article, because I do honestly believe it is a common misconception that rewrites are more expensive than modifications (although I'm sure that's true in some cases).
Also, I gotta say, while I appreciate that you took time to comment and chime in with the discussion, the way you worded it was quite rude and a bit hurtful.
> the way you worded it was quite rude and a bit hurtful
You probably just hit some nerve of the person you responded to. Granted, your article was exaggerating about the worthlessness of source code, you made a very good and interesting point grounded in real experience.
On top of that you did something that I think is very important, commendable and interesting: Looking at the history of software engineering and programming. There is a wealth of knowledge and insights at our fingertips and as a culture we're not paying enough attention to history.
And the message is very sound if not taken to the extreme. Source code quality matters and is worth investing in, but people ultimately matter more. It's an important message that needs to be heard again and again.
I disagree with you... sort of.
I think there's some truth that code has value, and there is some risk that making it available can cut into profits (See: Redis, Mongo, etc, changing course after open offerings became available on AWS/Azure/GCP).
But I think the much larger truth is that most of the value provided by companies (and most of what they charge for) is not "lines of excellent code" but rather the operating expertise of keeping a complicated system stable and available.
For example - All of the companies you listed do have widely available, open source offerings (Android, VS-Code, Mono, Swift, Webkit, etc).
The value wasn't in the code, the value was in the ecosystem around it.
I think this is true in more cases than folks expect. The Windows source code was leaked, but I don't see any companies scrambling to compete with MS by building on that code.
I think even if most of Google's repo was made public - the valuable part was the team that supports the infrastructure behind it, not the lines of code themselves (or at least, they make up a smaller portion of the value)
> I think there's some truth that code has value, and there is some risk that making it available can cut into profits (See: Redis, Mongo, etc, changing course after open offerings became available on AWS/Azure/GCP).
An example like that is only valid if you argue that there was a reasonable chance that the company could have 1) developed a comparable closed source version of the product and 2) somehow prevented a competitive open source version of that product from existing and being used by competitors.
Well I don't disagree with that either. Only that I must point out that libre washing a company with an open source product here/there doesn't really count. Sure android is open, but google isn't using it to make money directly, instead it feeds into the closed source ad/marketplace offerings.
If they opened that code, or apple opened up the entire iOS stack its quite likely they would have competitors that as you point out lowered the value of their primary offerings.
A google with a half dozen competent ad/search companies would look very different than the one that can afford to give away a large part of their product portfolio.
So, there is value in operating a "service" buisness, but there is even more value in operating a service business that has high barriers to entry. One way to erect those barriers is with hundreds of millions of dollars in engineering time spent on "source code" be that the code actually doing the searches/etc or the code being used to manage the clusters its running on.
Which doesn't really explain why when most of the source code to Windows XP leaked, it barely moved the needle on anything.