Comment by jazzyjackson
4 years ago
I think the author makes a great argument, and would add network effects to reasons why code is worthless. Let's say I build an exact clone of Facebook, do I take away any value from Facebook.com? How about Office 365, I offer an exact copy of their cloud, except the sync doesn't work because OneDrive is built into Windows and won't authorize with my clone.
I guess before everything sync'd and auth'd to the cloud I could pirate Photoshop, but as the author points out, cracked software has always been a different landscape that carries malware more often than not and has no stability or feature updates, so why worry, it's no real competition if you're actually innovating your product, not to mention tech support!
As for throwing out code, I'd have to do some digging but there's a talk, maybe Dan Geer, outlining that every 1000 lines of code you write there's a certain number of security vulnerabilities, and you'll never find them all -- and the longer the code stays the same the longer those vulnerabilities are able to be prodded and discovered. So say you have an adversary with access to your source code, they are trying to figure out the "weird machine" of all the bugs in your code. The best way to foil this adversary is to keep changing the way your software works, always switching out one set of undetected bugs for another. Again, having a development team that understands how to change the code is infinitely more valuable than having access to the repo.
(moving the security bits up because I find it dangerous)
And the security argument is a strange one. If you never let the code "mature" then your defect count remains high. Which means there are likely exploits that can be quickly found with simple automated tools, vs being hardened enough that it actually takes real effort to find the ever more obscure cases. Which is why when you look at windows, a lot of the exploits recently are because they churned pieces of the OS that were decades old. And the "unsupported" versions of the OS weren't vulnerable. Similarly, the product I was working on a few years back dodged heartblead for the same reason. We were on a fairly old version of SSL only being patched with security updates. So, when the exploit finally became public we didn't have anything to worry about. Our version of SSL simply wasn't affected.
Its very dangerous to think that the most secure version of a product is the one that isn't battle tested because its being churned. That is just a reformation of the security through obscurity argument and assumes there aren't blackhats more than happy to hack a product and keep quiet about an exploit for years. Combined with the fact that now your hoping to randomly close these exploits through code churn just screams of a naive development model.
(comment on network effects)
I've rarely heard anyone mention any of the recent web based "innovation" as a reason to use photoshop over gimp, or even older versions of photoshop. OTOH, when I heard these discussions in the past, there were real hard reasons people didn't use gimp (color profiles?), libreoffice (document compatibility), etc. So the "innovation" needs to be something the end user finds useful, not just pretty buttons, or software subscription models.
Its obviously not enough to just appear to be a clone, there have to be real reasons to consider an alternative to overcome the network effects. When that happens you can bet people start choosing the "clone", which does in fact devalue the original offering. If a legitimate facebook , O365, etc competitor shows up you can bet people will start to switch even with the network effects of those two products. In the case of photoshop, from what i've heard a lot of people have been looking at Affinity's product. Which points to gimp still not being a proper alternative.
This isn't just software, its everything. Everyone keeps buying x86, until the day it turns out there is a cheaper/faster arm laptop. And it might not even be a change in the products themselves, the US automakers lost out in the 1970's because the market changed and they weren't as well positioned for it.