
You Think the Visual Studio Code Binary You Use Is Open Source? Think Again - pabs3
https://carlchenet.com/you-think-the-visual-studio-code-binary-you-use-is-a-free-software-think-again/
======
huntie
This has been known for nearly two years now[1], and was talked about here a
few months ago[2].

VSCode also downloads code from MicroSoft servers during the build process and
won't build without an Internet connection. I'm pretty sure someone had forked
VSCode like ungoogled-chromium but I can't find the repository.

[1]
[https://github.com/Microsoft/vscode/issues/17996](https://github.com/Microsoft/vscode/issues/17996)
[2]
[https://news.ycombinator.com/item?id=17346492](https://news.ycombinator.com/item?id=17346492)

~~~
josh64
Are you thinking of
[https://github.com/VSCodium/vscodium](https://github.com/VSCodium/vscodium) ?

~~~
jillesvangurp
Covered here just a few weeks ago:
[https://news.ycombinator.com/item?id=17850960](https://news.ycombinator.com/item?id=17850960)

This article is similarly alarmist with some stupid click bait title
suggesting that you are too stupid to read the documentation that comes with
VS Code which points all of this out but somehow smart enough to read the
genius bit of journalism that uncovered this terrible truth.

Just checkout what vscodium actually modifies. There are a few small diffs to
disable telemetry and take out branding and a few other things.

But this is hardly some secret plot by MS to do something evil. It's a nice
product provided to you by free by MS that is almost entirely open source. Yes
it has a bit of branding and a bit of telemetry, which is presumably there to
help them improve the product.

If the handful of stuff in there that isn't OSS bothers you for whatever
reason, you can indeed build from source and take these things out like
vscodium seems to be doing. You'd be well in your rights to do that. And it's
very relevant for e.g. linux distributions like Debian or OSS purists.

------
013a
Is there any technical evidence that Microsoft is doing something suspicious
with the binaries? Differing hashes? Weird network traffic? Binary de-
compilation? Its not hard to find evidence if you've got a hunch, instead of
publishing a fear piece like this.

~~~
jakobegger
The license forbids you to reverse-engineer, so how would you find out without
breaking the license?

~~~
mort96
Come on, nobody is preventing anyone from running the binary with strace or
with wireshark open and comparing it to a version compiled from their sources.
It's absolutely something which would've been relevant in a post like this
one.

~~~
gnu8
None of that would fall under ‘reverse engineering’ in this context since
those techniques are basic due diligence that would be required before running
software from a disreputable source like Microsoft.

------
pkaye
If people don't trust Microsoft to do the right thing then it is prudent to
not trust any of the code until someone has had chance to audit the entire
codebase. Even compiling from sources does not imply that it is safe.

------
dvh
Wrong title. Article says "free software" which makes much more sense than
"open source" in title. On HN you should know the difference.

~~~
duckerude
They're pretty much interchangeable in this title. Saying "open source"
instead of "free software" preserves the meaning but makes it less ambiguous.
The difference matters when you're talking about ideology, but it's not so
important when you're talking about the legal status of a piece of software.

The Open Source Definition was adapted from the Debian Free Software
Guidelines, which the FSF approves of.

According to gnu.org: "The two terms describe almost the same category of
software" ([https://www.gnu.org/philosophy/open-source-misses-the-
point....](https://www.gnu.org/philosophy/open-source-misses-the-point.html)).

------
oliwarner
"MIT allows this" is a red herring.

Even if the source was GPL, if Microsoft own[1] it, they can do whatever the
hell they like with it.

[1] own or own enough rights. Before any PRs are accepted, you need to sign
the CLA [https://github.com/Microsoft/vscode/wiki/Contributor-
License...](https://github.com/Microsoft/vscode/wiki/Contributor-License-
Agreement)

------
guardian5x
This is not a secret. And its really easy to compile it by yourself. So not
really sure why this article is making such a big deal out of it.

------
liftbigweights
I still don't get the love ( real or manufactured ) for VS Code. There are far
better tools to use on linux. On windows, you should use visual studio. VS
Code doesn't make much sense unless you want to install additional spyware.

It's funny to see people say how "light" VSCode is when they use it as a
glorified notepad for a few days. Then they install more and more extensions
and then slowly VS Code evolves into Visual Studio.

~~~
prepend
I like it because it is lightweight and runs similarly on windows and mac. And
it’s free so a good compromise for people I work with who are deep in the IDE
wars. I haven’t used it on Linux so can’t speak of that environment.

I don’t code all day, so it’s a good drop in editor that doesn’t require
paying a license, but has more functionality than vim.

------
azinman2
So what’s so bad in the end? If vscode is good and closed source, I’d still
use it.

~~~
netgusto
The difference, according to the article, is in the way Microsoft apparently
misleads users into thinking that the binary is the straight product from open
source code compilation, which it seems it is not (see
[https://news.ycombinator.com/item?id=18012688](https://news.ycombinator.com/item?id=18012688))

This can drive privacy concerned people to use the product because they
(wrongly) think it's open source and fully community reviewed.

