
Ask HN: can a company do too much OSS? - epi0Bauqu
#15 of patio11's summary of pg's future business trends (http://news.ycombinator.com/item?id=1632689): "I can't name a company which did too much OSS. If no one has gone too far, we're probably not doing OSS enough yet."<p>As one example, I've thought a lot about open sourcing all or parts of DuckDuckGo, but have been hesitant for the obvious reasons (trade secrets, gaming the system, etc.). Of course, anyone interested would have to wade through my Perl. On the other hand, I'd love the opportunity to develop more of a community around the code.<p>So where's the line?
======
blantonl
IBM is the line. Their participation in the OSS community is very active and
positive. See IBM's developerworks as examples as to how the largest
organizations can participate in the open source community and not try to take
direct control.

Now, IBM's motive is to most likely bundle services around those OSS
implementations, so they profit from that.

On the other hand, we have Oracle who outright acquires OSS organizations just
to wrap sales and maintenance around the products. They'll trickle in funding
to barely nurture the products along, only to have the founders/leaders of
those projects bail when they realize what is really happening.

That results in the mass resignations that we see with MySQL and countless
other Sun OSS acquisitions.

And don't get me started on Java. :(

~~~
aphexairlines
Somehow I don't see IBM open sourcing WebSphere, J9, DB2, zOS, Lotus Notes,
Lotus Live, EAS, Cognos, the Rational lineup, the Tivoli lineup, CloudBurst,
ibm.com/cloud, or anything they consider a product.

------
dotBen
_(ok with the pre-amble that I am VERY pro-OSS, and generally very bullish on
the value for companies of every size to embrace an OSS strategy...)_

I think a resource-constrained startup (pre-funded thru to series A) needs to
be careful that every dollar spent is building direct value to the company
that investors will want to invest in.

Creating _good_ OSS does have an over-head (documentation, support, community
collaboration, etc). Sure that can help you attract good developers to come
work for you - but if you launch too many OSS project the overhead costs can
become disproportionate to the funding of the company.

You also need to be careful that while you are building value early-on that
you are not exposing yourself for your competitors (or your own employees) to
fork what you are doing and build their own competitive service (it does
happen but again, some of this comes down to license used).

I would not want to publish 'secret sauce' of a company (algorithms,
development strategies, etc) before I got to a point where I could defend the
business with network effect, traction, funding, etc.

There is no point of over-committing or over-exposing and then not having the
resources to be around in 18 months time to keep the OSS project going.

~~~
dotBen
I'm not going to name the company, but another extreme example comes to mind
was of an early stage company in a specific vertical who completely funded a
relatively high-profile (read: well hyped) open source project that was
orthogonal but not completely related to the core competencies and interests
of the parent company.

I would have been strongly against this if I was an advisor or investor in the
company.

Suffice to say, things ended badly when the company ran out of money and now
both their project and the open source project are dead in the water, + lots
of hurt feelings all around.

------
fleitz
Sun is the line. Perhaps they couldn't sell their product either, but their
competitors were making bank selling software instead of giving it away. Look
at what oracle is doing with their IP

~~~
patrickaljord
Let's see how those lawsuits go for Oracle, it's too soon to tell if they'll
pay off.

~~~
fleitz
I was referring more to how they are handling Solaris, but Java is another
prime example of a technology that Sun failed capitalize on in spite of making
it open source.

OSS is a great idea for commodity software that has little margin left in it
anyways, but very few open source their core competency and live to tell about
it. The exception to that rule is probably Red Hat.

The smart thing to do is to open source your complements, something Google and
Apple do phenomenally well at.

~~~
ZeroGravitas
Sun fought the open sourcing of Java for a long time past when it made
economic sense for them to do it so it's an odd example of going too far with
open source.

Even now the booby traps they laid are being put into actual use and the end
result could be a true open source fork which will be very good for the Java
ecosystem, and less than optimal for Oracle.

------
patrickaljord
Reddit is almost 100% open source except for some of their anti-spam code
which can be replaced by open source code. I think they could go 100% open
source though as I don't believe in security through obscurity.

Duckduckgo could go for a distributed model where each install could
communicate together and maybe scale better.

~~~
immad
Spam protection with obscurity is different from security through obscurity.
Spam protection through obscurity is fairly prevalent and reasonable.

~~~
jrockway
A better technique is one where even if the spammers know what your
countermeasures are, they still can't spam you.

~~~
moultano
Good luck! :)

Unless you're taking a blood sample from every user, you are going to have
spam that you can't catch.

~~~
gridspy
If a robot makes a meaningful contribution to your website / service, do you
really care if they are a robot?

If you could tell which comments are insightful / relevant / interesting /
unique it wouldn't matter which ones were produced by humans and which ones by
algorithms.

Likewise humans can often create spam by hand - daft comments / contributions
that hurt your site but come from legitimate humans.

~~~
moultano
The assumption with any kind of collaborative filtering is that the opinions
of many people produce a better result when combined than the opinions of one
person. If you are allowing machines to vote then you're letting one person
have an arbitrary number of votes, which totally breaks the model.

------
JesseAldridge
My guess is it doesn't really matter either way. Software projects are so
complex that just understanding them is a full time job. The code will be an
incomprehensible blob to anyone who hasn't put many hours into understanding
it. People may be enthusiastic at first and screw around with your project for
a couple of weeks, but eventually they will stop caring. So the maintainer
ends up doing the vast majority of the work, regardless of whether a project
is open or not.

I have no data to back up that claim, it's just my gut feeling. Has Reddit
gotten substantial code contributions as a result of open-sourcing its stuff?

------
astine
I think that it greatly depends on the company and its needs. If you think
that there is a great chance that someone will simply ape your code and use it
to compete directly with you, it might be wise to hold back. If, on the other
hand, you a likelihood of people getting involved and helping to improve the
code, that might outweigh the risks. I'm not so worried about the former
seeing as you're already competing against some very powerful players, but
that's just me.

It really depends on whether you think that your algorithms important enough
to keep secret, or whether you thing that an open source search engine would
really add something.

------
fragmede
> I can't name a company which did too much OSS.

Of course you can't. They failed and faded into obscurity. Unless you were
directly involved, I don't think you would have heard of any of them.

------
nathanmarz
There can be strategic business reasons to open source, but don't forget that
open source is a powerful recruitment tactic as well. Recruiting is the main
reason we are permissive about open source at BackType. Programmers (esp. top
ones) really want to be involved in open source.

I wrote more about this here: [http://nathanmarz.com/blog/why-your-company-
should-have-a-ve...](http://nathanmarz.com/blog/why-your-company-should-have-
a-very-permissive-open-source-p.html)

------
csytan
The biggest benefit of open sourcing DDG in your case is that it would be
useful as research to programmers who are developing something similar (e.g. a
search engine, wikipedia parsing, crawlers).

You might also think of extracting some common functionality into a project
which could be directly used by programmers. That would also give you the
chance to form a community.

Examples: Tornado web server (Friendfeed), Cassandra (Facebook), RoR
(37signals).

------
A1kmm
It depends on your motivation.

To society as a whole, if everyone released their software as Free / Open
Source software, much less effort would be wasted writing software that has
already been written, and this effort could be directed towards developing
better software to solve new problems.

However, FLOSS is a reverse tragedy of the commons situation. Everyone
benefits from it, but the person who develops it isn't directly rewarded.

If your only motivation is profit (or you have a duty to maximise profit),
there are still some good reasons to release FLOSS software: contributing to
other infrastructure projects (especially if it is an established project)
will be useful to other people who don't directly compete with you, and if
there are lots of contributors, you will likely get more back than what you
put in, while still getting the feature you want. In addition, if you make it
known that your company is involved in FLOSS development, it is likely to
generate good PR amongst technical people. It may also help you get good
quality employees who are already familiar with some of your code base.

If your aim to make society a better place, without harming profits too much,
rather than purely profit, FLOSS development makes even more sense. The risks
to watch out for are spending too much time supporting the software, liability
issues (nearly all FLOSS licenses include a disclaimer, but it is hard to rule
out liability entirely), lowering barriers to entry, and having an unfair
disadvantage if competitors use your code or ideas but don't release theirs
(the Affero GPL can help with the former - and patenting novel algorithms and
licensing them to all services which release their implementations with the
latter - but you need to consider whether you have the cashflow to enforce
your license / patents anyway).

~~~
meric

        If your only motivation is profit, ...  there are still good reasons ...

It wouldn't not make sense for google to be developing top of the line web
frameworks and open source them either; More better websites means more people
would go on the internet and thus more google searches.

I think another reason you might open source software is so that the community
around your product flourishes and uses your product even more.

------
Caligula
I think the specific license you choose is a bigger factor than the amount of
code or of a product open sourced.

I think the line is, if you are the dominant open source player in a specific
market or likely to be, like sugarcrm is, it makes sense to use GPL.

If on the other hand you are not the incumbent, it makes sense to use a more
liberal license, so LGPL/bsd/mit like vtiger has.

So the line really depends on your status in the market your in.

~~~
warp
When dealing with websites the GPL is almost a liberal license. There is no
requirement for a server operator of GPL'ed software to share the code with
the users of that software. If you want to copyleft the code and make sure ALL
users of the software get access to the sourcecode, use the AGPL.

------
devmonk
I think you have to talk about the pros and cons overall not just the amount.

Pros:

\+ Can boost developers' morale. Feeling of contribution of their work to
society is a plus for many people. If developers are shameful of their work or
do not want it publicized, however, it could decrease morale.

\+ Possible increase in amount of eyes on code and users of product, which may
increase the need for code changes that could increase the quality of the
product. The predicted quality increase is still often overestimated.

Cons:

\- Most projects with any respectable amount of use in-the-wild (many are not
used, and it is not a problem) require a level of support which might not have
been necessary had they not been open-sourced. And the amount of time required
for support and related added functionality is often underestimated.

\- Despite best efforts, projects will inadvertently leak private company
data. Usually the risk associated with data going public is small, but web
searches can often find passwords, etc. Many things can mitigate this risk
(thoughtful design and practices, a more secure network, etc.), but it is a
risk.

Tips:

* The more time spent on fewer projects, the more successful they will be, and the more this will reflect positively on the company.

* You need a good balance where there are enough leads on the project to sustain some leaving, but too much complexity will kill a project.

* Company and organizational/cultural politics can severely weaken a project. This is probably just as valid of a reason that many large academic projects stink as the reason that they are not money-driven or having to deal with competition.

* Lawyers and legal/licensing concerns can kill or severely stagnate an OSS project.

Despite all that, I still think companies should do as much OSS work as
possible, even if it isn't _always_ good for business.

------
SoftwareMaven
Like fleitz, my thoughts immediately turned to Sun as too much.

However, in a business environment, I don't think you should open source just
for the sake of open sourcing (which seemed to be Sun's philosophy). Open
sourcing has some potential benefits and some definite costs. Do the benefits
outweigh the costs? Then it makes sense to open source. What I don't think we
have a full grasp on yet is what all of the potential benefits are.

Regardless, I would _never_ expect the community contributing code to be a
realistic benefit. Even in a highly technical community, that won't come until
much later, after the other benefits and costs have already made their impact.

------
wazoox
Reddit opened its code. However we didn't see a swarm of reddit clones taking
over, so it must be pretty safe after all. That, and I'm a perl hacker :)

------
moonpolysoft
There are two kinds of companies for whom OSS makes sense. The first category
of OSS company is the data driven companies. Twitter, Google, Yahoo, and
Facebook all fall into this category. Data driven companies derive their
primary business value from the quality and quantity of their underlying data.
They give away their software because it is free PR, endears developers to
their platforms and it is a big morale booster for their engineers. Google
will never give away its search index. Facebook and Twitter will never give
away dumps of their graphs. Those things are the crown jewels, not the
software that supports them.

The other kind of company that benefits from open source is companies like Red
Hat, Basho and Opscode. Their open source offerings are loss leaders intended
to stimulate enterprise sales. Mission critical systems get built on the open
source software, and then managers can elect to buy enterprise features and
support from the vendors.

~~~
eitally
You're missing a category. Lots of big, non-IT-centric enterprises SHOULD
contribute to OSS projects because they're already using and extending them
(whether it violates the license or not) and it really, really pisses off
corporate developers when they're told they can't release internal code into
the wild. Totally demotivating.

~~~
fragmede
The keyword being non-IT-centric. IT projects, OSS or not, should not be a
business focus in that case. Best Buy's IdeaX (<http://bbyidx.com/>) would be
one of the first things that comes to mind as an example in this category.

~~~
eitally
I know where you're coming from with that comment but I don't necessarily
agree. Each year, information systems become a bigger and bigger
differentiator on the business side and should be a business focus.

Maybe when you said "IT projects" you meant projects where IT is the customer,
and if so I still don't agree. These tend to be "luxury" projects for a lot of
companies and, as such, the developers tend to have a lot more decision making
authority than on business projects. Letting them open source their code or
contribute to existing OSS projects is a huge motivator (especially if the
OSSed project gets popular and the company starts reaping the benefits of
additional contributors).

------
dnsworks
There is no law stating that you have to open-source any of your software.
Make the decision based on your company's business needs, not on popular
opinion within a small engineering niche that probably doesn't constitute the
majority or even a significant percentage of your customer base.

