

Ask YC: Is distributing your source code a stupid idea? - hbien

A lot of web apps these days are hosted, but there are  still some that are licensed (haveamint.com, fogbugz, warehouseapp.com).<p>I'm thinking about making an app to sell cheap, $30, but should the source code be included with it?  The application is meant for anyone with a shared hosting account or VPS, so the source code might be useful for hackers who want to change things for their own needs.<p>But at the same time, giving away the source code feels like you're giving away your hard work.<p>What do you guys think?
======
SwellJoe
Open Source (or available source) and business is a tricky combination. We
(Virtualmin, Inc.) are predominantly an Open Source based company, though we
also have some proprietary products--but even the proprietary products include
all of the source in a non-obfuscated form. We have not had significant
problems with folks absconding with our source...but we have such a strong
brand and awareness of our product and Open Source projects that we aren't
afraid of someone launching a competitor based on our code.

That said, I suspect you won't gain much by distributing source in a wholly
proprietary product. Customers might occasionally find a bug or two, and might
have some interest in modifications...but you can solve the former by fixing
problems quickly, and the latter by providing an API. So, while your
particular fears are unfounded. Why would someone steal your code, when there
is probably better-documented Open Source software to do roughly the same
things from a developer perspective? Where proprietary software can win is on
usability, UI, support, and sometimes more rapid innovation if the field
doesn't have thousands of developers.

As slashcom mentioned, you need to be very clear about the terms of use of
your software if you include source, and if you mention inclusion of source
code on the website as a feature. Like izak30, your customers may wrongly
assume you're talking about Open Source software. We still get occasional
users who find ways to misunderstand our license terms because we offer an
Open Source version of our product.

Good luck, whatever you decide.

~~~
hbien
Thanks SwellJoe, I guess it doesn't sense that other people would steal my
code and release their own product based on it.

------
crucini
It depends on your market. Some markets would consider source-availability an
advantage; most wouldn't. Are your competitors making source available? If you
have no competitors (which I really doubt) find a comparable product selling
into the same market.

A related issue is license enforcement. Lots of shrinkwrap (meaning, not
hosted by the copyright holder) software incorporates licensing code to
discourage installing the software on multiple servers without paying for it.
Again, this decision must be made with sensitivity to your specific market. If
your competitors don't protect their code, you shouldn't either.

Obviously, all licensing code relies on security through obscurity. If you
offer customers the source, and choose to enforce licensing, you have an
interesting technical challenge on your hands.

The only positive I can see to source-availability is a hedge against your
company going out of business. A technically proficient customer such as an
ISP can then continue to maintain their instance.

A big negative, both for you and for corporate customers, is that customer
employees may modify the code, leaving it in support limbo.

I recommend laser-like focus on the market you plan to serve. Incidentally,
such a focus may cause you to reconsider your $30 price point.

------
ivankirigin
You could make it available upon request, see the reasons for the request,
then decide to remove the option if people aren't taking it for the right
reasons.

My guess is that few would ask, but those who would are the ones that could
help you improve the program. People trying to take your market won't beat you
just by tweaking your source and selling it.

I've been thinking about a related idea: opening the security code, at the
very least.

How do you make the security of a web app public so that smart people know
about it, but control it so that if not enough people are looking, exploiters
see the holes first?

I think it's the kind of thing you wait to do when you're bigger, but we don't
see much openness on web security like we do for most FOSS.

------
nickb
> The application is meant for anyone with a shared hosting account or VPS...

FWIW, I'd never allow installation of a non-"open source" app on our servers.
I put "open source" in quotes since our definitions might differ. You can
release a commercial product with source available for your customers to see
but the product can be under a non-open source labs certified license.
Providing the source, in your case, doesn't mean your customers can give the
thing away or show the source to someone else. Just specify it in contract.

If there was absolutely no way that we can have the source and the app does
something absolutely amazing so we must have it, then we'd install it on a
separate slice away from all other apps. I'm not saying that open source apps
are somehow safer but at least with open source apps I can go in and try to
see what it's doing and what the quality of the code is.

But seriosuly, why worry about source? Rely on social contract, copyright and
legal contracts to enforce your ownership. If someone wants to copy your app,
they'll find a way no matter what. When people deploy their web apps, they
allow anyone to see their source (JS, CSS, HTML) anyway.

Another option is to obfuscate but that doesn't solve much.

------
slashcom
A lot of companies have to deal with this. vBulletin and Red Hat both
immediately come to mind. I don't see how it would set you back. You know all
the people you give the source code to, so you know who to go to about leaks.
And most clients won't care about the source code anyway. What's most
important is that you be clear about the terms under which your code is
released.

Probably should consult a copyright lawyer.

~~~
izak30
If you are condisering making any real amount of money off of a thirty dollar
product, then you probably won't know all the people who have it; on the other
hand, if making money isn't the goal, then by all means, give away the source,
OS projects are often a tremendous help to the community

~~~
izak30
BTW, whoever downmodded this, it wasn't sarcasm;

Sometimes I don't understand what gets somebody downmodded around here.

~~~
Goladus
I'm confused too. If that point was worth downmodding, it should be worth
discussing.

------
brianr
What makes you want to sell individual copies rather than collect a monthly
fee by providing it as a hosted service? If it has to be hosted anyway, and
unless it's going to be tightly integrated with the buyer's website/server,
selling a hosted service might make a lot more sense since you can collect
$x/month instead of $30 just once. And you keep your source code, and
releasing updates is far simpler.

~~~
hbien
I'm on the fence for software as a service. It might make sense for
small/large businesses, but the software I'd like to make is consumer level
software. It's mostly for web hobbyists.

------
mironathetin
The scary thing about giving away your code is certainly this: You put in
months, maybe years of development and now a competitor of yours just grabs
your code, puts in slight modifications and starts to sell. You, as you don't
have the money, cannot file a lawsuit (if your competitor would be google or
M$ for example).

But: being into software development for more than 25 years now, I can
honestly say: if a piece of code is longer than 300 lines, it is easier and
faster to rewrite it yourself instead of trying to understand and modify
someone elses code.

That said: generally I would not say its bad to open source your code. On the
other hand, if you really have something in it that nobody else has and that
makes your app better than others, keep THAT part for yourself, at least for a
while.

See Apple. Aqua is closed, darwin is open. Good example, IMHO.

------
andrewfong
You can open-source it and insist upon them registering their site with you.
If you happen to Google a non-authorized use of your software, you can quickly
check it against your customer database before sending a nasty e-mail.

------
thinkingserious
I think the answer will depend on a clear definition of your goals, such as
your revenue goals, how you see people using your software (and what you want
to allow them to do with it) and exit strategy.

You may just want to build a good API to make it easy for hackers to customize
and extend if you decide not to release the source.

------
flashgordon
What are you trying to achieve by releasing the source code? Improved quality,
by having it scrutinized by lots of other coders/hackers/devs (if you are
lucky and release it under GPL).

Good will and Trust?

Perception of "more for the buck"?

~~~
hbien
The web language/framework I would like to use (Python/Django) doesn't have
any sort of source code protection for it. There's no compiled byte code or
source code encoder product.

But if it's an advantage to release the source code, that shouldn't matter. If
it's a mistake to release the source code, I would probably use PHP (I'm still
comfortable programming with PHP from my day job, but I'd be happier with
Python).

~~~
flashgordon
Actually another startup patient/kind enough to talk to me (:D) is in a very
similar predicament to yours. They are infact building a CMS by aggregating
several open source tools (eg word-press and so on). Their main reason for
open-sourcing their CMS itself was so the increased scrutiny. However the main
concern is how reproducible is your idea? If you are still at the very young
stage, and your main strength really is in your IP. But having said that, if
your customer base is such that they would be happy to fix problems themselves
given the source, that could save you a lot in support-mullah. But that may
depend on the kind of license you release your source code under.

What do you folks think? or am I thinking about it the wrong way?

------
sohail
I think your agreement should say that they have access to the source code if
they want it. However, they must not resell any modifications and may submit
their modifications to you for a discount.

------
mrevelle
Make it available to customers, even users that don't read source code will
get a "warm and fuzzy" knowing that other users can and may have.

------
henning
it depends on what terms it's given under.

probably if you distribute it with scary language about "intellectual
property" and derivative works anyone with half a brain would avoid even
looking at the code much less reusing it in a new product in order to avoid
the possibility of a lawsuit.

(IANAL.)

