Hacker News new | past | comments | ask | show | jobs | submit login
The best Parts of Visual Studio Code are proprietary (underjord.io)
439 points by ingve 77 days ago | hide | past | favorite | 268 comments



Yes and no. The complaint is that some widely used extensions are proprietary. If these extensions require MS servers, then they have every reason to be. Even if they don't, there's nothing wrong with a company holding back some stuff they consider strategic, they're not obligated to release them.

If we're debating the OSS credentials of VSCode, it'll need to be based on the code already released (which makes it a pretty great OSS editor) and the current team of people the company has devoted to maintaining that OSS section of the product (also pretty great).

Arguing that there are some extensions that are closed source and that's bad is a bit weird, especially when we can just make an open sourced extension that does the same thing.


I don't think it says "Software not open-source is bad". But more something like "It is marketed as open source but it is not".

Developers should be aware that VSCode is not as open source as it claims it is. In my circles, developers could swear VSCode is fully open source without even knowing VSCodium.

If people were more aware about this, they might think twice before using VSCode for everything and getting lock-in (just like the article says)


>But more something like "It is marketed as open source but it is not". Developers should be aware that VSCode is not as open source as it claims it is.

Honest question...

Is SQLite also deceiving people about its "open source credentials" because the Encryption Extension is proprietary and costs $2000?[1]

... because as far as I can tell, most conversations do refer to SQLite as "open source" without always bringing up the encryption extension as a disclaimer in every online discussion. SQLite's creator, Richard Hipp, has a company selling a commercial license for the encryption add-on but it doesn't seem to tarnish the "open source" perception of SQLite.

[1] https://www.hwaci.com/cgi-bin/see-step1


I think it's often easy to unknowingly use or rely on a proprietary extension, such as in Visual Studio or even a particular browser's features. When an extension requires you to get out your credit card then this isn't possible. If it costs $2000 you can assume it's proprietary.

So I think the issue for VScode is more nuanced: proprietary extensions are not clearly marked or separated from the open source feature set.

Another good example to consider is whether people feel deceived by various Linux distributions who bundle one-click or automated install of proprietary blobs.


Someone can correct me, but the last time I installed the remote extension pack I’m almost certain that a notification popped up that said “By using this extension, you agree to the license terms...” which is unique to the Microsoft closed source extensions.


The main way SQLite is used around the world is as a library component of a larger application. The main way people use VS code is through the proprietarized official build that uses the official EULA.

Also, lots of people seem to value the proprietary extensions a lot more than people value the encryption extension of SQLite.


>The main way people use VS code is through the proprietarized official build that uses the official EULA

The blog author complained about "Live Share" as one example. As far as I can tell, "Live Share" is not in the builds one downloads from Microsoft's "Visual Studio Code" website: https://code.visualstudio.com/download

The Live Share feature is downloaded from a separate web page: https://marketplace.visualstudio.com/items?itemName=MS-vsliv...

This separation seems similar to SQLite Encryption Extension. Can someone explain how the situations are not analogous?

The github page for "Visual Studio Code" prominently displays "Open Source" in its title: https://github.com/microsoft/vscode

I'm willing to be convinced that it's a marketing deception and "open source" should be removed but so far, I haven't seen any precedent from other hybrid open/closed source projects justifying that.


> Can someone explain how the situations are not analogous?

The difference is that typical usage of SQLite is co-located with an application, such that you don't need encryption, and it doesn't market itself as a great database to stand up on a far-away server.

VSCode is marketing these extensions with the core product, as features thereof. They seem to be much closer to critical, core functionality. I think that they are functionally similar situations, except that nobody uses/cares-about that SQLite extension.

Microsoft is also marketing as if VS Code is open source. One claim or the other is fine, but the combination is deceptive. There are many closed-source components which are part of VS Code, if indirectly.


Hmm. Nobody I know that uses VSCode uses either Remote or LiveShare. They don't seem critical or core to me.


I've been using VS Code since day one, and I have zero interest in Remote or LiveShare. I can definitely see how they'd be useful in certain environments, but they just have no use to me.


Not that they are critical or core, but that they are, in the words of the original author, "the best parts of VScode." All the core and critical features of VScode exist in every other editor. LiveShare and Remote are, as far as I and the author can tell, not replicated by any other editor, and are therefore (subjectively) the "best parts". Whether or not you know anyone who uses the features is irrelevant.


The person I was replying to used the words "critical" and "core".

As to best (admittedly subjective) if they are so good I'd think that one of the 100s of devs I know depend on them.

The only close one was Remote - which other editors do too - When I showed that remote drops code to the far end machine we determined that to be too risky - and went back to sshfs.

Also, if those extension are so "best" why hasn't a replica been created? Or why didn't any other editor have them? It might be those extension are not so compelling.

Also, my previous favorite editor (jEdit) had remote features back in like 2003 - maybe earlier.


I don't agree with the word choice of the parent, but I think the argument stands if you replace "critical" and "core" with "best". That's why I chose to re-reference the original article.

I'm curious if you've used the live share features personally, and if you have if you've found value in them. I suspect many devs do not like collaborative programming in general, and so may never use them or like them if they have. As someone who thoroughly enjoys collaborative programming, I can tell you that these features are extremely compelling. It's way easier to tell your designer friend to boot up VScode and click on a link to your live app running locally than almost any other solution I've found. It also makes pair programming extremely easy.

I used to use vim and now emacs for everything. I've also used JetBrains products for years. The only reason I ever boot up VScode is for those features. You just can't replicate the experience in any other editor as easily. Every other feature of VScode I've found a similar or better solution in every other editor. I'd be interested to hear any other feature of VScode that you think is as compelling, without parallel in any other editor. I suspect there are few/none.


I love pair programming. I teach loads of juniors, that's how I know so many devs (that and hiring/recruiting).

So, the features of LiveShare I found are better handled with external tools. But that is mostly because I don't want anyone to become to dependent on one tool. How can I LiveShare between emacs and Sublime? WebRTC screenshare+A/V works a treat, across editors and systems.

I don't find VSCode, or it's extension super compelling. But it is very nice.

I think the feature I like the best, built in, is that debugger - that's easier/smoother than Atom, or jEdit or any others that I've used in the last 20 years. It's like what was available in Visual Studio 6 (c1999).


I doubt the author would make the same complaint if Microsoft wrote similar proprietary extensions for Emacs or Vim or Atom.

I also doubt they would make the same complaint if JetBrains or someone else wrote the same proprietary extension for VS Code.

Neither the first case nor the second would make any of those editors any less open source.


If Microsoft wrote a proprietary extension to emacs that was so compelling many would consider it to be the "best" feature, I think devs would complain. Emacs is way more FOSS than VScode claims to be, so that would be an even worse affront to the philosophy of the editor and community. Maybe you're right about the JetBrains products, but to my knowledge they don't market themselves as open-source to the extent that VScode does.


Just going by "feel" without rigorously analyzing why it feels this way, my personal answer to your question is that the sqlite encryption extensions feel very much like LiveShare and not so much like Remote. Remote feels to me like a major part of the product that MS advocates without differentiation. LiveShare feels like a neat add-on that's a nifty alternative to several other similar things.

Similarly, the encryption extension has many alternatives and I've never heard Dr. Hipp advocate using it. This thread is the first I've heard of it, and I've heard of alternatives before. Where I knew coming in about Remote and LiveShare based on promotions from Microsoft.

That's just an explanation of how it "feels" to one reader, not any kind of careful analysis or sweeping statement.


> Developers should be aware that VSCode is not as open source as it claims it is.

VS Code is as open source as it claims to be.

> If people were more aware about this, they might think twice before using VSCode for everything and getting lock-in

Are there many software developers who are not aware that most open-source software can run proprietary extensions?

I personally don't use any of Microsoft's services. Therefore, the entire claim that "the best parts of VS Code are proprietary" is completely false for me.


If you don't use Microsoft products the claim can't be taken as false. What in your own words do you know? Nothing.


One can use plenty of Microsoft products while using none of their services.

Which is an important distinction in this context.


I know full well about VSCodium, but choose not to use it. For all intents and purposes, VSCode is open source - the source code it freely avaibale on github under an MIT license. AFAIK only the installer and some extensions are not open source - that plainly doesn't mean VSCode itself isn't open source.

VSCode is a fantastic tool, and I'd prefer to use it directly from Microsoft. I am aware that there is telemetry, and as someone conscious of privacy concerns I've looked at what telemetry is sent - I'm satisfied it's anonymised sufficiently and benign enough not to affect my privacy. If the VSCode team really find this data useful, then I'm happy to provide it and help improve VSCode.

I do however think that telemetry in VSCode should be opt-in rather than opt-out.


The big surprise for me is that the extension repository isn't (legally) accessible by any open source distributions of VSCode. It's not technically part of VSCode, but it's a big piece of functionality that I would have expected to be available.


isn't that the same thing with chrome vs chromium?

chrome as a whole is not Open Source or Free Software while chromium is.

whether that matters to you is up to you. those who want to use Free Software or Open Source should use Chromium and VSCodium


Google doesn't run a user-agent check in, say, YouTube that makes it refuse to run under Chromium.


This divisive "us and them" stance is unnecessary, and doesn't help anyone.

OSS and free software matters to me - so I use VSCode, which is OSS. Whether extensions are OSS or not is immaterial (the same extensions you can use with VSCodium!).


the compiled version of chrome is not Free Software or Open Source. only a version from sources only is. you can't build chrome from those sources, only chromium.

now it is possible that VSCode is different in that regard. but if that were the case then VSCodium would not need to exist. so i guess that it is not possible to build a full version of VSCode from those sources either. i'd love to be wrong on that though


I don't think I mentioned Chrome?

It's perfectly possible to build VSCode from source.

AFAIK, the main reason VSCodium exists is to remove telemetry (since it's opt-in by default in VSCode, something I do disagree with).


is the telemetry in the source?

in that case, very well. i am happy to be wrong, and retract any claim that VSCode itself is not fully open. thank you.


Yes, it's in the source code in GitHub.


these extensions are a key part of my workflow so imo vscode in effect is proprietary as i would not find value in it without these. this appears to be an opinion that is shared with other devs here. it seems you simply handwaving that opinion away as immaterial is more divisive than someone asserting that if you appreciate OSS you should use OSS.


All FOSS is OSS, but not all OSS is FOSS.


Right, but VSCode is MIT licensed.

The gripe in the article is about extensions not also being MIT licensed - an argument precisely nobody would be making if it wasn't Microsoft; as someone else here pointed out, you could make the same argument about SQLite, but nobody would.


It’s important to note which code is MIT licensed, and which isn’t, as others have mentioned around components of the extension functionality itself.

I’m not making the specific claims you are arguing against, and I don’t disagree with what you say, in any case. Just as in SQL, and in this case, these licenses matter. A feature matrix clarifying features and licenses would be mice. Also, it would be nice to have a fully FOSS mode for VS Code in its settings or config. It is a distinction with a difference.


Yes this is exactly the risk: developers become dependent on the VSCode extension ecosystem, while thinking they are safely using only FOSS tools.

This is the kind of double-speak which lets MS have the best of both worlds. From a marketing/developer relations perspective, developers think they are using open-source tools. But in actuality, developers are investing in workflows where MS is a critical link in the chain.


I really don't understand this, when I use a library in my codebase I make sure I understand the licencing implications of using said library. When I add an extension to my IDE, I make sure I understand the licencing implications. If I add and extension to my IDE, I have modified my IDE beyond the base IDE, I should very well know the implications of doing so. It is no big secret that these two extensions are not FOSS tools. Some people care, some people don't but if a developer is blindly adding stuff to their IDE without knowing the ramifications, I would certainly question their judgment and I would certainly question their judgment if they are under the assumption that every extension out there is FOSS.


> When I add an extension to my IDE, I make sure I understand the licencing implications.

The UX decisions of VSCode go against this kind of careful consideration of licencing implications. If I open a code file and VSCode has a suggested extension for the file type, I will see an animated popup in the bottom of the screen, with a button to install. The simplest way to get rid of this popup is to simply install the extension. There's also no link on the popup to read up on the licensing terms. Everything about this interaction design wants you to just mindlessly install the extensions VSCode suggests to you, and I would wager this is what a lot of users end up doing.

Also if you look at the VSCode homepage[0], very close to the top of the page you get these marketing claims:

> Free. Built on open source. Runs everywhere.

You might be very capable of understanding the details here, but I think a new CS student who's maybe just heard of open source and knows a little bit about it could be forgiven for conflating these claims with the idea that VSCode is FOSS.

[0]: https://code.visualstudio.com/


I guess it is just me, but I have never clicked on that pop-up. I always go to the extension tab and add extensions there, where the second link at the top, has a direct link to the licence of said extension. I always go to the extensions tab because it provides documentation about the extension, which I want to read before I add it to my IDE.


Even that page doesn’t tell you the license. It just has a link to “license”, and given that VS Code is marketed as open source software, and there’s often even a GitHub link (for issues), it’d be pretty easy that the “license” linked to was GPL or MIT or something.


Do you think that is the intended user interaction?


Many times, how developers / (manager that think it is a great idea) design an application and how users, use an application do not intersect. I personally would not install an extension to my IDE without at least skimming the docs, checking the licence to see if I am going to have to subscribe or pay later, and checking reviews to ensure that it's a legit extension. I am certain, that there is a contingent of people that do, but as for developers, I would expect them to be a power users that knows better than to just click a yeah, sure install that button.

Honestly, if that where the only way to install extensions on VS Code it would probably be a deal breaker for me. I never install something because the application tells me I should. Especially in an ecosystem where anyone can provide a package. To me it would be akin to blindly adding an Node module, python module, jar or any other third party provided dependency to the custom software I am writing without first vetting it. I mean the licence for an extension, could very well state, that any software produce form the use of this extension, entitles the author of the extension a 10% royalty from said resulting software. That is a very real and valid licence, game engines, codecs, encoders use it all the time.


As the author puts it: "It makes me less certain that this isn't the Extend in Embrace, Extend, Extinguish."


Other Microsoft OSS ventures makes me wonder if they haven't resurrected that policy too (e.g. the crippling slowness of azure mysql and azure postgres as compared to SQL server).


Google has largely outpaced Microsoft on what concerns Extinguish.


Can you give some examples? I haven’t seen Google close source something lately, except for Go’s package hosting server (which makes me inclined to believe you, I just haven’t heard of other instances).


All the Google apps that used to be open once-upon-a-time in Android and whose evolved versions are all closed source now.


Google Play Services pops to mind


"Extinguish" is often not the case in this decade.

It's all about capturing market share aka creating user lock-in.


User lock-in is how Microsoft has traditionally extinguished competition.

Microsoft Office is an early example. I know zero people that switched to it because they liked its functionality or user interface. They switched because nothing else could open Office documents correctly. Eventually, everyone I knew switched to it (and many happily switched away decades later, once “as-a-service” competition cropped up, solving the compatibility problem).


> developers are investing in workflows

If this discussion were about anything other than text editors, I would take it much more seriously. But text editor popularity cycles every 5 years or so, and the main reason is simply that we get bored and want to try something new.

When we "invested" in VSCode over the past few years, we discarded all of our previous investments in Sublime workflows.

When we invested in Sublime back in the early-2010's, we discarded our previous investments in TextMate or Notepad++.

When we invested in TextMate or Notepad++ in the mid-2000's, we discarded our previous investments in UltaEdit or God knows what.

When we invested in UltraEdit or God known what back around the turn of the century, we discarded our previous investments in Vi or Emacs or Nano or whatever we were using from the shell in our 1990's computer science classes.

All of this has happened before, and all of this will happen again. We'll be bored with VSCode by mid-decade... and when we migrate to the next thing, it will take us a matter of days.


Agreed that many developers do this. I'm very averse to relearning all my tooling every couple of years, though, so I tend to treat FOSS very seriously because my investment will last decades. This makes me a bit of an outlier, but it's the reason I invested in building skills in GNU tools, Linux, and Emacs in the 90s, and continue to use those tools every day. For people like me, VSCode is not a great choice, for all the reasons you suggest. For most, I agree that the stakes aren't quite as high, simply because folks are switching tools from time to time for other reasons anyway.


> "From a marketing/developer relations perspective, developers think they are using open-source tools. But in actuality, developers are investing in workflows where MS is a critical link in the chain."

There's plenty of open core software that's the same, like Gitlab. I don't see any big outcry over open core in general so presumably very few people care.


it could have something to do with the fact that microsoft has a history of bad behavior and abuse of their market dominance, perhaps?


> "it could have something to do with the fact that microsoft has a history of bad behavior and abuse of their market dominance, perhaps?"

Can you provide a plausible scenario for abuse is likely to happen with VSCode? Does VSCode even have any kind of market dominance? As others have pointed out, the open parts of VSCode could probably survive on their own as a community supported project, minus the proprietary plug-ins.


From what I can tell from the official VS Code site by Microsoft they no where say that it is a fully open source piece of software. Infact they say "Free. Built on Open Source. Runs Everywhere" So they are saying it is "Built on Open Source" which means something completely different to me.

https://code.visualstudio.com


"Built on Open Source" is in the same vein as putting "Made from natural ingredients" on a cereal box. It's meant to make the product sound better for you than it actually is.


Most developers don't care they just want to get to job done. Many of them use IntelliJ, etc. which is not free software either.

Those who care about using fee software already know about these things, because they check before starting to use a new software.


They don’t brag about it as much as Microsoft do but IntelliJ Community Edition is free software.

https://github.com/JetBrains/intellij-community/blob/master/...


... and open source (Apache 2.0 License)


All free software is open source, by definition.


There is a difference: intellij/Jetbrains don't claim to do OpenSource.

Microsoft markets them as OpenSource player and Viscose as OpenSource IDE and if you don't look at the license terms you miss the part.


Seems I can't edit the comment anymore. "Viscose" was supposed to be "Viscose". Thanks autocorrect :)


> "Viscose" was supposed to be "Viscose".

Uhhh...


I give up. The phone rules over me.


While IntelliJ is not completely open source, the community edition definitely is(not free in the gpl sense but OSS). But they are careful in marketing it that way.

https://www.jetbrains.com/opensource/idea/


Given the fact that you have to download both extensions separately and intentionally from the VS Code binary. I would say that VS Code does indeed meet the technical definition and spirit of open source. I don't know a major open source IDE that does not have closed source and/or paid extensions that you can purchase/download. I find this argument kind of strange, neither of these extensions are part of VSCode proper, sure they are nice but to ding the base editor because MS did not hand these out is a bit of a stretch.


Google does the same or even worse with "open source" Android and chrome.


Exactly. And it's important to write articles like this about VSCode, Android, Chrome, and any others engaging in this (increasingly common) marketing approach.


And users can help by actually using VSCodium, LineageOS, Linux distro Chromium builds, non-Xcode clang, etc. instead of the proprietary variants.


Which the large majority chooses not to, so there you have it, the open source dream.


On the other hand, Safari's WebKit being open source allowed Google to build Chrome on the same engine. Years later, Chrome's Blink engine being open source meant the same for Opera, Brave, and Edge.

It is hard for individuals to run and maintain custom forks, but the benefits of open source in terms of preventing lock-in are substantial.


The same WebKit that now breaks the mobile Web and it being open source is completely irrelevant.


That Apple locks down iOS very tightly is a separate problem.

WebKit on Mac continues to be usefully open source, and I believe performance improvements that Apple has made for Mac Safari have been incorporated into Firefox, Chrome, etc.


Firefox doesn't use WebKit, and no it is not a separate problem because it shows how being FOSS isn't enough.


Firefox does not use WebKit (and at this point neither does anyone else), but they can look at patches to WebKit to understand how Apple improved Safari's performance. Because Apple produces the hardware, the OS, and the browser, the choices they make in the WebKit implementation are highly informative.

> it shows how being FOSS isn't enough

This is true for every app on iOS: even if you have the source code, you can't necessarily run a modified version, and so you're missing one of the main user freedoms that FOSS should guarantee. I wish Apple would rethink this, but Safari is still usefully open source.


No they cannot unless they want to contaminate their development, as far as I recall the licenses aren't compatible.

It is true for any commercial application with source code available since there are computers.

If the user freedoms were of any value as you mention, WebKit and Bink would use copyleft licenses.


Just because you can't literally copy the code from one place to another doesn't mean you can't learn from it. I'm not a lawyer, but my understanding is it's fine to learn what series of system calls they're making and look at their optimizations.


Reading the code means analog copy paste.


Is it though? On the VSCode site it says "Built on open source." I don't see anywhere it says "Is open source."


Remote doesn't use Microsoft servers, it uses your servers. C# debugging doesn't use Microsoft servers. C++ debugging doesn't use Microsoft servers. Microsoft only broke these extensions on VSCodium to cripple open-source builds.


They are components from VisualStudio proper. Probably derived from a quite old code base. On old code bases you easily have the situation that parts of it are licensed from other vendors or contractors. Digging through old contracts and history of the code can be a notable effort.

Microsoft did the digging with their C++ standard library, which is derived from Dinkum's STL.

I observed that a bit with Sun and Solaris/OpenSolaris where in the final release was one component missing.

So even with will this won't come for free.


Or, you know, to actually make money from an editor they created, offer the core and tons of functionality for free and as FOSS, and spend millions employing people to work on, but adding some non-free value-added extensions...

(Which even them, they offer free as in beer).


So how does it make them money?


By integrating well with Azure and by making their brand attractive to developers.


You don't need proprietary plugins for that, though.

To make the brand attractive, free/open source is best.


The "bad" reason why they are closed: They have the open core, but with key parts closed it's boarder for others to build a solution on top of it, thus they can shovel more integrations with their services in.

The "good" reason: Because relicensing of old software is hard and while they want to make it available (to strengthen their position in the developer community) See also my comment in https://news.ycombinator.com/item?id=24048633


Hasn't Microsoft been a pretty attractive brand for years on end while being proprietary?

You make a brand attractive by offering a good product, good support/service, and then marketing those points.

I try to use as much OSS as I can. But free/opensource isn't the most attractive feature to everyone. And I'd say the success of so many proprietary companies is proof of that.


I saw somewhere that they will offer the remote development in the browser as a paid cloud feature. They can also at any time make those proprietary features non-free. Perhaps when they get a large enough user base or new CEO or something like that.


You know... even for a feature like that, the plugin itself can be open source.

After all, if the remote development feature is based on a centralized server (owned by MS), the license check will be performed on that server. And if no centralized server is in play, suffice it to say, anybody sufficiently motivated could reverse-engineer the plugin, remove the license check, and go on using the feature for free.


For one, by not allowing someone to just take their code and use it in another editor to offer the same "remote development" etc features using their (MS's) work.

So they control the value from those closed features to only be used to enhance the VSCode and VS brand.


It boils down to the (hostile?) takeover of the term "Open Source" by large, shareholder-value driven companies. Admittingly, Stallman has a point when he says "Why Open Source misses the point of Free Software" [1]

[1] https://www.gnu.org/philosophy/open-source-misses-the-point....


Some additional salt in this particular wound is that the use of the Marketplace of VS Code extensions is also proprietarily licensed. So all these open source developers are shoving their extensions into a competitive advantage for one of the world's largest tech firms.

What does this mean in practice? I guess it protects from the competition. Such as the VS Codium project which provides VS Code binaries without the proprietary parts. But also, as a consequence of this, without the Marketplace of extensions.


> Yes and no. The complaint is that some widely used extensions are proprietary. If these extensions require MS servers, then they have every reason to be. Even if they don't, there's nothing wrong with a company holding back some stuff they consider strategic, they're not obligated to release them.

that is kinda debatable, considering that those are extensions to an LGPL-licensed core (Blink, the rendering engine used in electron) - see e.g. https://lists.gnu.org/archive/html/directory-discuss/2017-12...


The LGPL parts here are dynamically linked, which is exactly what the LGPL was supposed to let you do.


they definitely aren't. no libchromiumcontent.so to be seen anywhere.

    $ ls /opt/visual-studio-code/**/*.so
    /opt/visual-studio-code/libEGL.so
    /opt/visual-studio-code/libffmpeg.so
    /opt/visual-studio-code/libGLESv2.so
    /opt/visual-studio-code/swiftshader/libEGL.so
    /opt/visual-studio-code/swiftshader/libGLESv2.so
    /opt/visual-studio-code/swiftshader/libvk_swiftshader.so
And running `strings` on the `code` binary obviously prints the name of classes covered by the LGPL.



this is the license of google's additions - this does not negate the license of individual source code files:

https://chromium.googlesource.com/chromium/blink/+/109acd80b...


If me using a remote session on one of my servers requires microsoft servers, that itself is skeptical enough.


The issue here is that Microsoft pretends to be FOSS-friendly while they are not.

> Even if they don't, there's nothing wrong with a company holding back some stuff they consider strategic

It is when you are going to potentially get into legal trouble for improving said software. Or when your code is leaked due to an extension whose code you can't inspect.

Coldtea: Notepad++ is foss.

> the same thing that happened to all those people using ...

Just because you do not know about it it does not mean that it has not happened. In addition would you be willing to be the first person that this happens to? If they had nothing shady to hide they would release the source of said addons.

(also, IntelliJ and Sublime are paid software, they are not closed source for the fun of it, unlike the subject of this topic)


>Or when your code is leaked due to an extension whose code you can't inspect.

Yeah, the same thing that happened to all those people using XCode, Visual Studio proper, IntelliJ, Notepad++, Sublime Text, and so on.... Oh, wait, it hasn't...


How are they closed source? Aren't they javascript?


The source code on Github is MIT licensed, but when you download VS code from the Microsoft website, it will present you with a non MIT EULA [0] that violates the four freedoms in multiple ways. So it's proprietary.

[0]: https://code.visualstudio.com/license?lang=en



You can look at the source code on GitHub here and compile it yourself if you want...

https://github.com/microsoft/vscode/tree/master/src


They are reacting to the parent who seems to have the misconception that all JavaScript is OSI opensource because you can read the source code.


I dont see what you mean...


The extension by design is made to be optional to use and are not integral (I would argue) to the vanilla experience of VS Code.

That also means that if other people wants to create their own proprietary extensions they can do so. The basic experience of the plain VS Code does not change.

Now one can say indeed that the Remote and also LiveShare is the best extension there of, and since the extension author decides not to share the code, then it stays proprietary. It's just that this time the author is Microsoft itself.

But because the extension itself is not integral to the VS Code itself and merely an extension, there is no stopping anyone to create open source version of the same experience.

However, where I have issues with is that, if you were to base you own editor with VS Codium (the open source, without the telemetry), you still can't use the service that is the extension marketplace for VS Code. Yes, even if it still works, and even if the extension itself is open source. Hence, just because VS Code has a lot of extensions that is open source, does not mean it is readily reusable, because the extension service is off limits.

Of course, one can also publish the same extension in another public directory if they want, but currently there is no such directory exist. And it has to be republished to the new public extension directory.

So yes, VS Code is open source, but the access to the extensions is not currently.


There is an alternative public directory: https://open-vsx.org/

It's used by vs codium and theia.

It's not just those two plugins, it's also the ms-code.cpptools which has proprietary parts. And that's sad because other plugins are built on it like platformio. Which prevents platformio from being added to ovsx because the cpp tools can't be added to ovsx.

Which stinks for me because the cpp proprietary parts are windows only, and all I want to use platformio from is theia running on Linux, but I can't.

VS Codium: https://github.com/VSCodium/vscodium

Theia IDE: https://theia-ide.org/

More details about PlatformIO not being to be added to OVSX: https://github.com/open-vsx/publish-extensions/issues/86

More cpp tools licensing details: https://github.com/microsoft/vscode-cpptools/issues/5784

Edit: you can run theia from one computer and use it via the browser on another. That's why I was so excited for it.

Edit 2: VS Codium, not open codium


The other side is that keeping some extensions closed-source probably allows the VS Code team to access more of Microsoft's work. I would guess that the proprietary parts of ms-code.cpptools are using code from Visual Studio and other closed-source Microsoft tooling.


Oh, definitely. I understand it. It's just sad for me, personally, since I don't use those parts but it blocks other things (cpp dependent) plugins.


code-server has most extensions available. They do it by scraping GitHub for extensions and building them.

https://github.com/cdr/code-server/blob/3da6c561b83d2a4c57f3...

The Microsoft extensions are notably missing, but they have a lot of other ones. There's an issue template for requesting another one if you find something missing.

Not sure if their second extension store is available for use by software other than code-server, but it's not an impossible problem.


code-server also lets you customize the marketplace URL at runtime.

https://github.com/cdr/code-server/blob/master/doc/FAQ.md#ho...

  SERVICE_URL=https://open-vsx.org/vscode/gallery
  ITEM_URL=https://open-vsx.org/vscode/item
So you can use open-vsx, ours or Microsoft's (with the caveat that you would violate their license).

See this thread: https://github.com/microsoft/vscode/issues/31168#issue-24453...


There's been recent discussion about TypeFox and Coder combining efforts on Open VSX after the transfer to Eclipse Foundation is complete.

https://github.com/cdr/code-server/issues/1473


It is indeed, anyone should feel free to use it.

I work at @cdr


I think enough of VS Code is open sourced to where if it truly were necessary to do a more serious fork with a community market place and all that jazz it would probably build up a userbase. Developers dont like certain amounts of shennanigans from companies. If Microsoft doesnt want to risk a mass exodus they will make sure not to do anything extra stupid with VS Code. Especially considering for some its the one Microsoft product sucking them in.

Update:

On the other hand with Neovim being able to run headless you may just need that and VS Code stripped and use Neovim for the underlying editing and plugins if you really wanted to have a more open VS Code ecosystem. Kind of a hack, but it would work.


VSCode is not open source, VSCodium is.

VSCode includes extra twitter/microsoft spyware (or "telemetry" for those who prefer that euphemism).

The "VSCode" binary you download includes unknown proprietary extras.

Fun fact : VSCode official home page used to have the motto "Open Source", now it is "Built on Open Source" (check on the wayback machine if you don't believe me)

I guess the MS legal team was afraid of keeping lying about the openness of VScode yet they knew Open Source is a good buzzword to attract devs so they played with words.

This is the typical big corporate approach :

Step 1) Say you develop an Open Platform so that you get many users and free contributions.

Step 2) Once you own the market and people are too addicted to switch, bit by bit make it proprietary, add more spyware.

This is the story of Android , VSCode, ONNXRuntime, and many others.


Telemetry isn't a euphemism for spyware.


I can be counted as one of the skeptics of MS's open-source efforts. It just seems to me that MS's history and recent investment in open-source puts us in a quantum state between two possibilities:

1. MS has changed their ways, and has become an altruist organization which just wants to give developers things of value for free so they might hopefully choose Azure when they decide what cloud provider to run on.

2. MS is embedding themselves in the open-source community in such a way that it's almost unavoidable to make use of their proprietary tools without even realizing it, and they will use that to their advantage against competitors and developers.

It's just hard for me to think that the second possibility won't become increasingly true to the extent that MS gains the leverage to get away with it.

As a side-note, I think MS's marketing for VSCode has been very effective. As an editor, I don't see an advantage over 𝚖̶𝚘̶𝚛̶𝚎̶ ̶𝚘̶𝚙̶𝚎̶𝚗̶ less corporate alternatives like SublimeText, and I actually don't like the "install this plugin" spam in the bottom right corner.


As far as I'm aware of, Microsoft is not even trying to put their own services forward. For example neither Github nor Azure are the defaults in VSCode. Go to the source control section and use what ever source control tool you want, VSCode does not even suggest you use Github. They also don't bundle extensions like LiveShare with VSCode, by including it into the VSCode installer they distribute on their own website.

This is why I disagree with your claim that Microsoft is giving away VSCode away for free to promote their own proprietary tools. You can shame Microsoft for trying to improve their image by making VSCode, Typescript, ... opensource. To me this is totally different from bundling your own Browser into an operating system to increase artificially your market share, you can't compare the two.

There is nothing bad about not blindly trusting a big corporation like Microsoft, but I dislike it when people are so desperate to blame Microsoft for mistakes it did in the past, that they write articles that are (deliberately?) misleading. In this case, by saying parts of VSCode are opensource when it is just some extensions. This is putting VSCode on a pedestal with Chrome, but the comparaison is all wrong, Chrome includes lots of proprietary parts, while chromium is the opensource variant you can build yourself, but for VSCode this is completely different as the version distributed on the Microsoft website doesn't include anything besides the opensource code from Github repository.


> but I dislike it when people are so desperate to blame Microsoft for mistakes it did in the past

I find it a bit weird when people anthropomorphize corporations and feel bad for/protective of them.

And let's be honest, we're not talking about "mistakes", we're talking about a decades-long strategy which was methodically executed to cultivate good will, and then take advantage of it to destroy competitors.


Conversely, I find it a bit weird when people anthropomorphize corporations as if they have personalities and traits that somehow live beyond an almost 100% turnover in staff and senior management changes.

The MS of today isn’t the MS of the 90s. That’s not to say they’re virtuous and wonderful today, just that banging on about the past doesn’t really feel relevant.


> 100% turnover in staff and senior management

So, I just checked https://news.microsoft.com/leadership/. The vast majority of the people there joined Microsoft in the 80s or 90s. Two or three in the early 2000, and one after 2010. For one person it was unclear when they joined.

So, an overwhelming majority of the senior management were perfectly happy to work for the "MS of the 90s". Therefore, it's hard to see that they'd be particularly uncomfortable with the ethics of the "MS of the 90s".


> I find it a bit weird when people anthropomorphize corporations as if they have personalities and traits that somehow live beyond an almost 100% turnover in staff and senior management changes.

Companies definitely have personalities and traits that last longer than their constituent members, that's what's called a culture. Just like a nation has defining features that will still be around when every single currently living member is dead, so have companies. In particular old, large ones.

That's not to say that they can't change, and Microsoft definitely has changed since the 90s, but the past is not irrelevant.


I've observed that people in my environment that used to not like Microsoft still don't today while they are completely oblivious to the conduct of Google, Facebook or Amazon at the same time.

I see it as reminder to frequently check whether my opinions on different things are still valid.


I would say that it can be both. Large organizations like Microsoft have so many different people and teams that there isn't necessarily a group-think. On the contrary, different teams will have different priorities, and keeping people aligned is a really hard job.

The thing that bothers me about Visual Studio Code is that does conform to the general Microsoft rule of enabling telemetry by default. IMO, this is not good practice, and in some cases it seems to have been encouraged or mandated at a senior level. We should not have aggressive data collection in the world's standard desktop OS, or compilers baking vendor instrumentation into C++ binaries by default.


I used to be quite hardline on this matter myself, but I found the julialang [1] discussion on this topic quite a persuasive argument in favour of default telemetry.

I think it's a difficult ethical question, because there are balancing concerns and interests, and most behaviour doesn't easily fall into the obviously wrong or obviously right categories.

[1] https://discourse.julialang.org/t/pkg-jl-telemetry-should-be...


There is a difference between, say, Debian popcon (which is opt in during install) and the 50 MSFT tracking options that are enabled despite having ticked the "no" box during install.

One of which is a keylogger! Windows 10 is pure evil.


Do you have a link for the key logger?


https://support.microsoft.com/en-us/help/4468250/windows-10-...

"As part of inking and typing on your device, Windows collects unique words—like names you write—in a personal dictionary stored locally on your device, which helps you type and ink more accurately.

If you sync your Windows device settings to other Windows devices, your local user dictionary (up to 100 KB per language and 300 KB total of hard drive space) will be stored on your personal OneDrive for the purpose of enabling sharing of your dictionary with your other Windows devices. "

And it may have been worse when Windows 10 was first released:

https://www.pcworld.com/article/2974057/how-to-turn-off-wind...



It's a big page, so I might be missing something - could you point me towards the part where is says it logs keystrokes?


It doesn't. It creates statistics on how you type and what words you use in order to predict your input in order to help you in the future by predicting words you'll use before you type them.

It also doesn't do this for password/passphrase fields.

You can also turn it off, and you're prompted to do so upon OS installation, and the option is always there in the settings application, and you can even tell Microsoft to delete any telemetry it has for you, if you want, and they'll delete it.

Those are the facts. But, it's common to ignore those and just shout "keylogger" in online forums. It is also, somehow, a sign of weakness if you look for updated or changed information which may change your opinions, because no one ever seems to do this. Like, ever.


I would argue that it's not about intent. The most reliable way to predict the behavior of a corporation is to expect them to take the action which will optimally help their bottom line.

So for instance, the team building VSCode might be the most altruistic FOSS diehards on the planet, but that doesn't matter if the people managing them see an opportunity to leverage their work to profit MS at the expense of developers.


Optimally help their stock price*, which is supposed to factor in longer term effects including developer community goodwill etc.


If you have compelling evidence of corporations choosing long-term "good will" over short term profits I would be very interested to see it


every generous return policy by a shop

every PR action

free(as in beer) software (e.g. visual studio)

charitable donations (e.g. google to wikipedia)

not pressing charges for rampant cracking (photoshop used by students/children)

diversity photo ops/hiring practices

non-firing of incompetent employees

free workshops or tours for the public/children


Those are almost all tax deductions or are required by law.


Yeah, clearly the Windows team thinks it is still in the mid 90s.


How is Sublime Text more open? It's closed source.


Thanks for the correction, I have updated my post. The more relevant point is that Sublime Text is a less corporate alternative.


I don’t think Package Control prevents you from downloading its extensions and using it with another editor.


Version 2 is open. Download and enjoy.


I think it's 3. MS realized that it's not as powerful as it was in the 80s and 90s because Apple and Google took over a huge portion of the computing market with mobile. So they have "changed their ways," not because of any altruism but because they have to change their ways to compete from a position that, while enviably strong, is also a laggard especially on the consumer and developer side of the business.


The problem with that is because if the only reason they changed their ways is because they lost the competitive advantage, what confidence should you have that they won't change back if they regain market-share?

It doesn't make me feel great about them owning the platform where almost all open source software is hosted, and one of the most dominant tools for writing code.


It's a company, in one of the most cutthroat industries in the world. Of course they do everything for competitive advantage, that's the same for all of them. Do you honestly think Amazon or Google are any different in this regard?

Microsoft's embrace of open source is about making their PaaS offerings universally compatible, and about trying to meet developers where they are. They will continue this strategy as long as it remains super profitable; ie as long as great developers have a preference for OSS, and as long as OSS remains a key part of the software ecosystem. If you want Microsoft to remain open source friendly, those are your battlefields.


I certainly don't think Amazon or Google are any different, but I'm not using their code editors, and I'm not hosting my open source projects on their platform.

It's not about MS being worse than the other tech giants, it's about opting out of these kinds of tools in favor of more open, less corporate controlled tools in general.


All companies become more sociopathic as they become more powerful. Look at Google's "Don't Be Evil" which went from inspirational, to corny, to sickening. The solution here isn't to try to support companies that won't do this (they all will, eventually)... it's to regulate how powerful they can get.


> MS is embedding themselves in the open-source community in such a way that it's almost unavoidable to make use of their proprietary tools without even realizing it

Try removing the word "proprietary" from that strategy, and see if it still fits the evidence you see. Or replace it with "paid".

Look at their earnings reports (https://www.microsoft.com/en-us/investor/earnings/FY-2020-Q4...). Licensing proprietary software is a small and shrinking piece of the pie, they don't even segment that way anymore in fiscal reports. They are (successfully) pivoting to become the Enterprise cloud service provider, and tightly integrated tools are an important part of that picture. Licenses simply aren't. So it's not "commercial office365", it's "commercial office365 and cloud", because o365 has tightly integrated Azure services and the revenue is tracked together. Which parts are OSS licensed is irrelevant, because that's not a primary revenue driver anymore.

A good example is the fastest growing service on Azure, AKS. 100% open source, even the implementation down to bare metal. They don't care about keeping it proprietary, because they make the same money with it either way.


Let's imagine that a few years from now, MS starts advertising Azure right inside VSCode, and they start releasing features which favor Azure integration, and actually cause problems when working with GCP.

Now imagine I as a developer want to pick up shop and move to another editor, but it turns out my workflow depends on proprietary extensions which are only available on VSCode, and my velocity will be cut by 70% if I switch editors.

If MS owns the interface most developers have to their code, there are all kinds of ways they could leverage that to your disadvantage.


In this scenario would you be relying on a proprietary extension to interact with GCP developed by Microsoft? Surely you would want to use a Google or Third-party developed extension to do that right? And in that case the developer of that extension would have a vested interest in making it available to you again, potentially in a forked version of VS Code. As long as the editor is open source extension developers can just fork it and create a new public directory of extensions. The only thing you potentially lose is Microsoft's proprietary extensions which are likely to always work well with Microsoft products and you really shouldn't use them to interact with Microsoft's competitors.


I do not understand people with allergy to non OSS.

Compare that to any google service which barely releases the clients as open source, and the clients usually are so complex that may need quite long time to get any professional developer productive in such complex code bases. Also being tied to a controlled protocol, set of libraries, cloud infrastructure which does actually keep your data is in fact the actual evil that Free Software wanted to save us.

At the end it is just corporations fighting for their users and giving free candy (OSS Clients) so they get some traction. I do not expect that to change and I do not thing companies should either keep their servers OSS just for the sake of keeping OSS folks happy.

I am more concerned about law compliance and companies respecting my rights, and providing good user support when necessary. Also the next freedom battle should be to accept any system to plug in to any other "cloud" provider service (as much as we do with electricity, phone, etc) and in this regard Microsoft is way ahead of Google and Apple yet still far from an utopian free interexchangeable stack.


Your comment neatly alludes to the difference between the Open Source philosophies and the Free Software philosophy, and the biggest point of difference is "freedom for whom?" wherein OSS is about freedom for developers and FSF is about freedom for users.

Most users don't actually fall in either camp, and largely care about free as in beer (gratis), or possibly free as in doesn't require complex purchasing processes that require signoff or approvals.


Well, FSF is about freedom for users with the technical expertise to modify the software and understand its source code.


>Well, FSF is about freedom for users with the technical expertise to modify the software and understand its source code.

FALSE, example some guy pays me to modify a GPL script/program and add some integration for his business. If I am a jerk I don't give him the source code only an obfuscated binary. This guy is not an expert but if I would have respected the license and give him the source code then he can in future hire a new developer to update the application when a new change is needed.

Conclusion is that I do not need to be a developer to benefit from free software I can always find somebody that I can pay to fix or add something I need.


Legally he could sue when the next developer asks for it.


And for users with access to technical expertise to do the same. IOW, free software decouples the maintenance and adaptation of software from the original vendor, much like personal vehicles, household appliances and general home improvements rely on a support infrastructure that has only very minimal ties with the original manufacturer.


Having worked in large corporations and now wishing to bootstrap my own projects here my two cents on how I see things currently in the OSS/FS:

I see the current state of FS as a way to cooperate between organizations in an almost transparent way and at the same time protect themselves from competitors by making the entry barrier to the market higher to little players as they would need to be remarkably stronger than the current free offering.

Sure, everyone wins by having more accessible free knowledge and products everywhere, but now these markets have quite high entry bar for anyone who doesn't have enough capital to be in a market which cannot sustain smaller players.

Somehow `massive` OSS defeats the competitiveness of capitalism and that is something which wasn't expected when FS was originally formulated. Also a project which appears to be free but it is extremely lobbied and flooded with milions of many companies and contains incredibly large amounts of financing and development time is not accessible to most of the users anymore as these are overpowered by corporations.


Oh, I think there might have been some expectation on Stallman's part of doing injury to capitalism.


No, expressly not, except maybe to the (strictly American) capitalist conception that monopolies are a good thing. When you take the original capitalist idea that says monopolies should be avoided because they distort the free market, Free Software is actually very capitalist: it removes the stranglehold that the original manufacturer has on the software after initial sale, thereby ensuring that market power doesn't concentrate in one entity.


I think the point of an article like this is to make developers aware that the "OSS" tool they are using is not as open as they think it is.

As a developer, you might choose to invest in truly OSS workflows which don't involve proprietary MS technologies, and you might not be aware that you're not doing that by choosing VSCode.


Exactly. I always knew about VSCodium but was lazy. This article (thank you!) made me stop procrastinating. I have replaced VSCode with VSCodium now.


> I am more concerned about law compliance and companies respecting my rights

What about rights to study, modify, share the software? Yes, sometimes they are important: https://www.gnu.org/philosophy/free-software-even-more-impor...


These aren't rights under any legal system but concessions given by a license (or privileges if you prefer this term). Actually the OSS movement and FS won the battle long ago: we are flooded with millions of OSS projects and the largest problem we have it is not anymore closed protocols or lack of knowledge anymore. And I do not think it is reasonable to expect every single project from every single company to be open source just for the sake of it.

I think these privileges you mention are very important but if I am honest with you I do not think we have the moral right to demand companies to release all of their IP and code, specially if it is running in their servers and just because we stablish a customer-vendor relationship. It would feel crazy to demand such lack of privacy in other professional relations.


> I do not understand people with allergy to non OSS.

Maybe this will help: https://news.ycombinator.com/item?id=24047877

`I don't think it says "Software not open-source is bad". But more something like "It is marketed as open source but it is not".'

> just for the sake of keeping OSS folks happy.

Heh. Maybe it is just me but that sounds very condescending.


Vscode is open source. You can clone it and build it. The binary you get from Microsoft is that open source stuff plus a small number of closed additions.

Vscodium is some wrapper scripts to download vscode source, fix up a dev environment suitable for building vscode, and building it while rebranding it "vscodium".


I agree with you if the optic is just that it is marketed as OSS but it is in fact not. I woudl still argue that this is the state of the art in nowadays OSS, like for example Mongo or other OSS projects which use OSS for marketing purposes and some key features are then later propetary or licensed differently


> state of the art in nowadays OSS

I agree with that, in fact it has been for quite a while. There are lots of OSS projects which have companies selling proprietary extensions for. For example, The Qt Company sells a proprietary plugin that automatically generates QML from Photoshop designs. Most people are fine with that because it is a very niche feature and not something that is the value proposition of the OSS project (Qt in this example).

OTOH, the OP feels like LiveShare, Remote and Marketplace are VSCode's primary value proposition - in which case it is fair to object to it being marketed as OSS. (although I personally consider only Marketplace to qualify)


> I do not understand people with allergy to non OSS.

Because people do not want to go to jail/have to pay huge fines for improving a piece of software that they are using.


A bit simplistic way to see the whole situation, isn't it?


I don't think this is a fair assessment.

This post is about two plugins (`LiveShare` and `Remote`), both by Microsoft, not being open source. None of these plugins are even mentioned on Microsoft's Visual Studio Code homepage [0]. At least LiveShare is marketed as a separate tool for which a Visual Studio Code plugin exists (as well as a Visual Studio plugin).

[0] https://code.visualstudio.com/ [1] https://visualstudio.microsoft.com/de/services/live-share/


Microsoft's Python support just went closed source(pylance vs python language server) the closed sourceness is creeping in on multiple sides. IntelliCode is another closed source aspect.


More precisely, the Python extension is open source but the Pylance language server is not:

https://github.com/Microsoft/vscode-python https://github.com/microsoft/pylance-release


Pylance is built upon the Pyright language server which is open source: https://github.com/microsoft/pyright

I'm curious what research/IP has lead to this being a source turducken of open-closed-open, but it's not entirely closed.


Has anyone said definitively that it wouldn't be open-source in the future? I know sometimes this is due to things like joint or contract development where the lawyers need to hash out the rights first.


No plans according to a comment in July [1].

Curiosity leading me to try to answer my own question with an educated guess: Pylance does appear to use the ONNX runtime, so it seems probable that it could be using ML models for type information to feed to Pyright developed by or in concert with IntelliCode efforts and that research effort of IntelliCode does fit what Microsoft is currently keeping proprietary.

[1] https://github.com/microsoft/pylance-release/issues/4#issuec...


Interesting, thanks for the link - that definitely sounds like they’re trying something like using the free version as training for a paid product.


They are saying in that README that pyright as a VS Code Extension will be left to rot, leaving just the typechecker as open source and maintained.


I tried to be fair but I can't necessarily strike the balance you'd like :)

I am disappointed because I expected more openness from the new direction of Microsoft than this indicates. In most of the places I've heard of LiveShare and Remote it is discussed in the context of the larger open source efforts of Microsoft. And it really isn't part of that. Specifically on things like open source-focused podcasts and such. That's how I've come across it. I think the distinction of what parts are proprietary and what parts are open will pass most developers by while they happily think they are working with open source tools.

This is indeed about two plugins not being open source, as well as the marketplace for extensions which is dominated by open source work also being limited to Visual Studio-products only. I find this disappointing and it makes me more skeptical than I was previously.

I think Microsoft can afford and would benefit from going further in an open direction with this. Its fine to not believe the same.


I really like VS Code, but am definitely wary of the way that it intermingles open source, proprietary code and remote services. For that reason, I use the VSCodium build most of the time.

You definitely need to take responsibility and read the documentation for each extension that you decide to install. You may be surprised.

I would also disagree with the article and recommend that you disable telemetry, unless you specifically decide that you want that copy of VS Code and those extensions to send data. I understand the value of telemetry data, but I think that turning it on by default is unethical: software should not be written to automatically transmit data to remote systems without explicit user consent.


> but I think that turning it on by default is unethical

Not to mention illegal in the EU without explicit informed consent. Accept-by-default etc have been ruled illegal by courts many times.


Does telemetry include any GDPR data?


Not a complete answer but at least they have made some effort to consider this.

If you think it's not good enough, you could raise an issue on the code repo. I've found them quite responsive there.

https://code.visualstudio.com/docs/getstarted/telemetry#_gdp...


AFAIK, no. But there is also the EU ePrivacy Regulation, which is some ways is stricter - I'm not actually sure it if applies to software, or just websites though?


Of course it does, the IP address alone is viewed as PII.


What makes you think they log IP addresses?


Under GDPR any kind of data processing falls under the protection umbrella. And that includes the data processing that automatically happens during the creation of a TCP/IP connection - where the recipient party automatically gains knowledge of the IP address of the other side.

For a web site itself this is generally fine as it is a technical necessity and intended by the user... however stuff that is not necessary to fulfill the user intention such as any kind of tracking or telemetry is opt-in only.

And yes this was and is the explicit intention why the GDPR was passed in the first place: get rid of involuntary tracking, telemetry and other data thefts.


> Under GDPR any kind of data processing falls under the protection umbrella.

If processing IPs always required consent, every website, app, and operating system would have to come with a cookie banner. Instead, processing IPs falls under the "required to make things work" banner. I'm sure VSCode processes your IP address for many things such as installing extensions and updates and nobody is arguing they need consent for those.

This particular case is complicated since it's telemetry, however, they are gathering non-identifying data.

I suspect this is currently a grey area of the GDPR which would take a lot of money and lawyer time to work out. In the meantime, MS (and many others) are taking the point of view that this non-identifying data gathering is important for the work of making the software better and therefore doesn't require consent. Personally, that seems reasonable. None of my actual identifying data is being collected, so this matches the spirit of the law at least, if not the letter.


> If processing IPs always required consent, every website, app, and operating system would have to come with a cookie banner.

Or, you know, they could just not do data collection or limit to reasonable amounts? The way stuff used to be before ubiquitous broadband connections? As the GDPR intended?

> Instead, processing IPs falls under the "required to make things work" banner. I'm sure VSCode processes your IP address for many things such as installing extensions and updates and nobody is arguing they need consent for those.

Because installing updates is something the user wants and needs (and is recommended by international IT security standard). But telemetry is not something the user wants or needs and the software works fine without the data, therefore it should be opt-in only.

The problem: Microsoft formally has the Ireland subsidiary listed for data processing (as many US tech companies do), and the Irish DPO is notorious for being slow and lax. It will take years for courts to decide on that matter.


Well, I honestly don't care enough about non-identifying data being collected to continue this discussion. However, if you really feel that this is illegal under the GDPR, rather than wait for lawyers to get involved (which might never happen), why not open an issue on the VSCode repo and discuss it there?

Even if they dismiss it, it might help matters for lawyers at a later date - as in, they can point to the issue that was opened and say, you cannot deny being aware of this issue because you dismissed people's concerns previously.


The best parts of Code are the editor functions. If I had to name the good parts of Code I wouldn't even think about LiveShare, it's mostly a gimmick I've looked at once or twice.

As for the marketplace, most extensions link to their github repositories, from where you can download and install the extensions. The marketplace itself is mostly a convenience thing.


I had never even heard of LiveShare until today.


LiveShare is pretty great.


And even the C++ intellicode/parser extension is proprietary.

But no, last time this was mentioned, it was downvoted to oblivion. "But, you see, they put the intellicode C++ extension in Github, so it must be opensource!"

Wrong. They are just using Github to distribute binaries. If you download the vsix file from either github or the vscode extension repos, you will find a 10MB binary called cpptools that was not there in the source tarball. The extension does nothing without it.


> If you download the vsix file from either github or the vscode extension repos, you will find a 10MB binary called cpptools that was not there in the source tarball. The extension does nothing without it.

I've seen people try a similar maneuver when discussing Pocket. If you point out that the reported plans/expected outcome of Pocket being made open source have never come to fruition, even though it's now been 3 and a half years since Mozilla Corp acquired them, there's a certain type of person who will do a cursory search and point to the Pocket org on GitHub in an attempt to score some points and say you're wrong...

... without ever actually checking that the code in question is even there.


Your claim is supported by the "Offline installation" section of:

https://github.com/microsoft/vscode-cpptools

"The extension has platform-specific binary dependencies, therefore installation via the Marketplace requires an Internet connection in order to download additional dependencies. If you are working on a computer that does not have access to the Internet or is behind a strict firewall, you may need to use our platform-specific packages and install them by running VS Code's "Install from VSIX..." command. These "offline' packages are available at: https://github.com/Microsoft/vscode-cpptools/releases."


No, not at all . Platform specific does not mean proprietary. In fact, the same vsix also contains a lldb and a mono binary ( which are platform dependent) but these are opensource and in fact build scripts are provided.

It is the hidden cpptools binary which has no source that is the problem. And that one is not that well announced. So lot of people think the extension is opensource when the important bits are not.


> It is the hidden cpptools binary which has no source that is the problem.

Anybody knows what that binary does?


It _is_ (I dare say) the important part of the extension, as it contains the language server and then more. E.g. all C++ parsing is done on it.


> all C++ parsing is done on it.

Unless somebody needs to change how the C++ sources are processed, doesn't its mere presence allow the extension to function? I.e. if you modify the source of the extension, wouldn't that modified extension still function with the unchanged binary?

I fail to see, from the perspective of some user of VS Code: what are the issues of not having the sources for the binary that does C++ parsing?

It seems to me comparable to not having a source of Google, but being able to make as many queries as you want (Google wouldn't even allow you that, by default).


This looks flamebait since it seems you are literally asking "what are the benefits of opensource" ?. For starters, you can no longer run the extension on platforms that MS does not care for, e.g. Haiku or even ARM or RISCV on Linux. Plus the only thing I have ever modified in a C++ IDE is, actually, the C++ autocomplete component, so I do have a reason to want to modify this extension.

> It seems to me comparable to not having a source of Google, but being able to make as many queries as you want

This analogy does not work at all. This is a local component and there are no online services whatsoever involved.


> I do have a reason to want to modify this extension.

And it is...? It's a completely honest question, I really like to know what you'd want to achieve and modify but is hidden from you for being in that binary. I'm not interested in the "benefits of open source" but in the specific use cases.

I surely agree that you are limited to the platforms MS is building that binary for, but if you are already using the platform for which they provide the binary, what would you like to change but you can't since it is in the binary and not in the rest of the extension for which there is existing source?

I'm asking as somebody whose job was for many years actually implementing these kinds of software (parsers, compilers, real time parsers for help during editing, etc.). I am really interested in specific use cases, to know if working on the development of some alternative could be justified.


Back in 2016, my team started using the structured binding declaration (C++1z, yes) in our codebase, aka "auto [a, b] = ...".

At the point I was using Qt Creator which had two C++ parsers: a custom one which was very fast but not keeping up with the times and (optionally) a clang-based one. I was using the "custom" parser because it would take 2 minutes to scan a small 10MLOC codebase where the clang one would take almost a day (and still takes multiple hours, and so does the Eclipse CDT parser and others).

That small custom parser would choke on structured binding declarations, and it would recover in the most terrible way possible as it would skip entire functions. Thereby I was starting to lose autocomplete on huge chunks of the codebase.

Now, I have quite a bit of experience on parsers, so it was trivial for me (one weekend) to change the QtCreator one to handle these declarations like (a series of) auto declarations (which it did not do that well, but it was workable). I was able to get another 2 years out of QtCreator with that fix. By then I didn't care.

But this is just my particular example.

I really don't understand why usecases for an opensource IDE would be surprising, specially since this is _developers_ we are talking about, the most likely group of people to feel comfortable editing the IDE to their liking.


Right, they ported their proprietary language server from Visual Studio to VS Code.

Why would we expect them to open-source a completely different project just because they're adding support for a new editor?


True that the marketplace has some weird rules (I think there is an online instance of VSCode, that scrapes Github for plugins that have permissive licenses to show them in the Marketplace tab - essentially a forked marketplace) - but the best bits of VSCode are open.

Remote plugin, terminal, marketplace are less valuable in an engineering sense than the actual editor itself.

Monaco, Monarch & LSP are projects that are directly or tangentially related to the VSCode project are they are MIT licensed and have astounding capability. Have a look at the editor API for Monaco - its extremely well engineered.

I for one am extremely thankful that these projects are open source because those are they genuinely impressive bits of engineering from VSCode.


This sounds like a very similar argument for other IDEs, such as Eclipse. You have a free IDE, with open source code, and a giant plugin ecosystem, but the plugins themselves aren't free nor open source. What's new under the sun?


So don’t use liveshare? It’s still a compelling (Open source) editor without liveshare.

I don’t think LiveShare is a top-10 feature of vscode. It’s one of the better unique features but that’s something else.


I thought the same, the article title is (deliberately) misleading by using the word "parts" instead of being clear and stating that some extensions that you can get from the store might not be opensource ... I had never heard of LiveShare before and have no need for it, I have lots of extensions installed and don't think any of them is proprietary


>Such as the VS Codium project which provides VS Code binaries without the proprietary parts. But also, as a consequence of this, without the Marketplace of extensions.

It's worth noting you can easily switch vscodium back to using the official extension marketplace by changing the product.json file as noted here: https://github.com/VSCodium/vscodium/blob/master/DOCS.md#ext...

They note the legality of this is dubious. I'm no lawyer so I can't say I understand the intricacies of this, but as far as I can tell, it's merely against the TOS of the marketplace. At worst, I imagine Microsoft would just lock the marketplace down and prevent vscodium accessing it in the future, if they see it as a big enough problem.


Vscodium isn't different from vscode. It IS vscode. Vscodium is merely some scripts to download the vscode source, and compile it while removing Microsoft branding.


>It makes me uneasy to accept VS Code as an "open" project in any wider meaning of the word when compelling features are legally locked to only work inside the family of Visual Studio products.

Yeah, so? I'll still use it. And those "compelling features" were only added in the last year or so. VSCode became immensily popular sereval years before they landed.

Plus, if somebody likes, they can create the same functionality as open source extensions upon the open source VSC core.

Microsoft also has to create something to differentiate themselves, right? Or should it all be just free foss stuff?


This is quite a reach. VSCode is open source. Some popular extensions are not. Neither extension used as examples here are ones that I use, so they certainly aren’t critical to the product functionality.

The argument here feels akin to saying Linux is open source, but some applications available for Linux aren’t, so Linux is thus somehow not actually open source.


I know that the author wants to use VS Code. But for those reading here and live in the terminal, tmate[1] is truly incredible. Install and type `tmate`, and you have a tmux session that people can SSH into. I have used it countless times and is a great complement to a video sessions. Much better than pixelated fonts in a screen share.

[1]: https://github.com/tmate-io/tmate


I don't think tmate allows you to edit text separately, right? It simply allows you to both control the screen.

VSCode Live Share allows users to independently move. So, if you're pair programming and want to check something, you don't need to awkwardly ask to switch files.


I can't wait to try this, thanks for sharing!


The tech giants leverage the profits they get from dominating one area to compete in another. You can't build a hyperscale cloud without being able to spend billions. Amazon subsidizes AWS using their e-commerce business, Google with advertising, Microsoft with Windows/Office/etc.

Microsoft has a long history of giving things away for free in order to hamstring their competitors. Netscape is the prime example. MS is very good at developer tools. How can any commercial editor compete with the amount of resources they are putting into making VS Code and giving it away for free?

MS fundamentally needs their remote editing tools to support developing for Linux-based containers on Windows. Then they leverage it to debug containers running in the cloud from VS Code. But then they keep competitors from using the server side extensions. We need an open source server for this.

Anti-trust needs to look at more than the monetary cost to consumers. It should consider the long term health of the ecosystem.


Amazon subsidizes AWS using their e-commerce business,

Pretty sure AWS is more profitable and doesn't need any subsidy.


If, as the author says, live collaboration is important, then its probably much better to rely on GNU screen or similar. It follows therefore that you should then be using an editor that can run inside of a terminal such as Vi or Emacs.

Also, the revelation that Visual Studio Code is not in fact as open source-y as it could be should come as a surprise to nobody


Is android not considered opensource enough because it uses google play services?


I mean, yeah? That's a common attack against Google and the reason ungoogled forks of Android exist.


That's one reason that I have started paying attention to the Theia project. I like to keep things open.

Link: https://theia-ide.org/


On the other hand you have IntelliJ which is closed source, and doesn't have any live share feature. Despite it being a highly voted feature on their feature/bug tracking site

https://youtrack.jetbrains.com/issue/IDEABKL-708


> Despite it being a highly voted feature

To be fair, this is a really complex feature to add, so it would be a serious commitment from JetBrains to build it.


It runs in a browser shell. It's got WebRTC ready to go. The hardest part of WebRTC is dealing with whatever bullshit Mozilla and Apple are doing this week, so given that browser shell is Chrome, and you can hardly walk through a computer science journal without tripping over a consensus algorithm paper these days, it's really not that complex.


IntelliJ does not run in a browser shell.


Sorry, I still had VSCode on the brain


the base install is open source tho: https://github.com/JetBrains/intellij-community


I can see how remote can be a vital plugin these days for some...although I can't say it makes vscode what it is. there are workarounds and it's not like remote doesn't have its own problems.

LiveShare though doesn't convince me because there are existing ways of code sharing and collaboration that doesn't involve google doc style live sharing at all. In fact that pattern sounds a bit weird to me. I guess it enables pair programming if you really need it but it's completely useless to me. I use git+reviewboard to share my code and they work just fine.

That said, I do think the author's larger point stand. Microsoft's good will to be open source extends only to where it wishes and in this case it's a rather limited range. I believe in the spirit of sharing code and I think sharing more is better than sharing less, which is better than not sharing at all.


This feels like free to play but pay to win kind of games, or cheap base game to release to poison, countless expensive DLCs. But instead of money, it is freedom.

Just because of this I prefer open source projects from smaller developers that are built with labor of love, instead of from big corporate businesses that will eventually try to use you for any kind of profit.

Since topic is similar, I would like to recommend onivim 2 [0] for who prefer vi bindings. It is almost out of alpha and in pretty usable stage. Currently they are integrating open-vsx. Project is open source with dual license and it is currently very cheap for who wants to support, or free to build from source to try.

[0] https://www.onivim.io/


It's the same strategy that Google follows for Android. The secret juice of the Android app ecosystem is in the Google Play services... And that's entirely proprietary. So even though the OS is open source, it's impossible to truly build an alternative ecosystem. I agree with the author that the marketing rings falsey.


I am grateful that VS code is free and if they want to monetize this by having some kind of paid upsell to another product, then all power to them.

They made a good product and if this is a way to fund improvements, I say it's a good thing.


Is VS Code lean anymore? I switched to it long ago when Atom got too slow, but I’m using VS under Ubuntu for Go development on a brand new X1 Carbon and it’s laggy as hell — probably 200ms average between keypress and response, and sometimes up to a second between clicking to open a file and getting focus in the window.

I mean I love the extensions and everything but I’m probably gonna use this as motivation to learn vim.


I was at Pycon - even at the MS booth! - when the Remote stuff was announced. There was a lot of pushback on why it wasn't open. At the time the story was, opening it didn't provide much benefit at the start, but was possible in the future; I recall the all-over-the-place nature of the code was stated as one of the "there's no benefit" (eg they don't want 100 pull requests to fix trivial things or formatting or issues they already know about).

They may never open it. Open source isn't magic pixie dust you sprinkle on software to make it better, but it does make for a weird experience to see them open some things and not others.


> If you have good suggestions for strong collaborative development tools that are open source, please let me know

What about screen + vim|emacs ? That's how pair programing have been going for ages right ?


From a license specific stand point, what is exactly preventing a company or an individual to create an equivalent or even better Remote and LiveShare feature on another code editor?


What open source alternatives are there to LiveShare? I've become rather reliant on LiveShare, I had never checked whether each extension I was using was open source.

Teletype for Atom appears to be under an MIT license, and it seemed to work fine for me before I switched to VS Code (after M$ acquired Github and I figured Atom was doomed). https://github.com/atom/teletype


I don't think it is a problem (which I understood that for author is). It seems that VS Code is a platform to provide content. Plugins are this content and some are open source and others are closed source. Another thing is that I prefer Jetbrains IDEs. They have real power of refaktoring and sincerely who writes imports nowadays (talking about Typescript)?


I think its great that Microsoft has made a great open source code editor/ide! If one wants a full open source eco system there is always Eclipse/Atom/Emacs/Vim. The paid Vscode alternative is IntelliJ but that is crippled with extensions in the community edition so you have to buy the commercial IntelliJ edition to get language extension.


Lately I have become fully dependent on the remote development extension for my research, and this makes me very uneasy. I do not want to be restricted to using proprietary tools in case they change something down the line that is not to my liking. It was a lot of trouble moving on from Matlab to Python already...


Just use vim.


Would anyone think this is any different from open core offerings from many other companies?


Hell of a lot of people in this thread insisting that a glorified chatroom shuffled off into the extension gallery is "critical, core functionality".

I guess they must have been former Emacs users.


I might have missed a key paragraph, but what is preventing anyone or any company to develop a Remote equivalent for vim or any other editor? If not already done.


That it is proprietary?

> I read a piece of license that said that LiveShare could only be used with the Visual Studio family of products


> It also frustrates me that this prevents someone from building a compatible plugin for VIM or any other editor. This would be much more powerful if it could be in all the IntelliJs as well.

VS Code implementation could be used to implement VIM because VIM can use language server infrastructure etc. IntelliJ would be a game changer for me but Microsoft OSS-ing their implementation would have 0 impact on this - IntelliJ uses their own language analysis infrastructure, FS, etc. and they shown no interest in using language server protocol.


It's time for a rebirth of Atom, then! Except it's "owned" by Microsoft as well.

Oh, well... let's revive LightTable, then :)


The .net core debugger is also similarly proprietary. Why is that you think? Serious question.


I think TextAdept is underrated, and it's very easy to extend with Lua.


I mean, if you don't like that then you probably shouldn't be using Google Chrome because it has similarly proprietary bits (geolocation, translation are a few examples, but there are afaik ~30-50). Firefox most likely does as well.


I think that most linux distros package chromium instead of Chrome for this reason.


If you don't know, you shouldn't throw accusations.

Also at least for firefox and chromium (but not chrome) you can look at the source.


I absolutely Do Know


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: