My response to people who think open source is the answer to everything
There is a group of people I call “open source puritans”. They are not your average open source developer or advocate. I love open source developers and advocates. No, these are people who believe open source is the answer to absolutely everything. No matter what. And if it’s not open source, well, f-you.
I believe the world needs people to fight the good cause. But they should find a healthy balance between this puritan approach, with doing what’s in the best interest of their shareholders and customers.
In a perfect world, everything would be open sourced. In a slightly less than perfect world, everyone would strive to open source everything — or as much as possible. But, we don’t live in a perfect world. So to restrict your options to open source solution only, you restrict your organization’s potential. Innovation would come to a halt if open source was the only option.
When speaking specifically about cybersecurity, organizations that restrict their solutions to open source, severely restrict their potential to protect themselves and their customers. When we take this even further in the context of Cryptocurrency where security is the number one challenge faced by Token launches, ICOs and cryptocurrency investors, their stance scares the sh*t out of me. And it should scare their communities.
Below is an email I received from a reputable person who I’ve been exchanging messages with for the past couple of weeks. You can tell from their tone that they don’t respect my team’s appreciation for open source or our contributions to some of the worlds’ biggest open source projects. Trust is our currency at MetaCert. So for the avoidance of doubt, I’ll reiterate our track record at the end of this post.
You really don’t get it: For people like us in this space, an open source (that is to say, liberally licensed) solution, even if it is inferior in features etc, *is* better. By orders of magnitude. Not even the same league. Almost everybody you’ve spoken to in that GitHub thread is trying to bring an end to companies, full stop — nobody here cares about your startup, or any startup for that matter. The misalignment is obvious in you not understanding that; you haven’t realized how radically positioned the community that you seek to serve actually is.
I won’t disclose who the sender is. I won’t even hint at who it could be either. This was a private communication. So unless they comment in public, I will make sure this conversation remains private.
Let me unbundle that message
“For people like us in this space”
🤔 Aren’t we/I in this space? I’d like to think we’re making significant contributions to the ecosystem.
“an open source solution, even if it is inferior in features etc, is better. By orders of magnitude. Not even in the same league”.
This organization / group is more concerned about its mission to see an open source world, than it is to protect their community members / investors from losing their savings through phishing scams. I hope they use commercial security solutions for their own corporate network, personal computers, mobile devices etc. If not, holy crap.
To reach this point in our conversation, I wasn’t debating MetaCert vs open source alternatives. That’s not my place. And I’m not going to give my opinion in this post either as that will only detract from my main points about the adoption of open source for everything — even when implementing “inferior” solutions.
The comment above was made after I reminded them that a few of their developer friends who built an open source product, should not slate an entire company and its team just because they have a competitive product which is not open sourced. Isn’t that unethical and dishonest? It doesn’t matter if it’s open source — if you are promoting your own product over another, at least be honest when comparing them from a technical perspective. At least try to be constructive.
It’s ok for them to debate the merits of open source vs closed. But it’s not ok to tell lies about a company, its team or its products just because you want to promote your own personal work. That does not benefit their customers or society as a whole. Isn’t that the endgame for open source, blockchain technologies and cryptocurrencies? To help everyone rise?
Almost everybody you’ve spoken to in that GitHub thread is trying to bring an end to companies, full stop
Not sure what to say to that. It’s a little weird. Naive at best.
nobody here cares about your startup, or any startup for that matter.
That’s a little unfair but they’re entitled to their opinion. I only hope they turn to commercial security solutions to protect their communities.
you haven’t realized how radically positioned the community that you seek to serve actually is.
Thankfully this person and the few communities to which they refer, make up a tiny percentage of all crypto communities. If this opinion represented the majority I’d probably move MetaCert away from Crypto as I wouldn’t want to work with people who are this extreme, or downright horrible. You gotta take the good with the bad. But as a startup founder I can choose not to work with people I really dislike.
To summarize, I love open source. I support open source. I wish the world was entirely built on open source.
More about our appreciation for open source projects
Ian Hayward is our COO at MetaCert. As one of the first 25 contributors to Mozilla, Ian built, funded and maintained SpreadFireFox — a developer portal for the Firefox community — one of the world’s first and most successful open source projects.
Fun fact — as an early advocate, I hosted the biggest Firefox birthday party in the world on behalf of Mozilla when I rented out an iMax cinema in Ireland. I think it was bday #2 or #3. Fun but hardly as important as Ian’s work.
Ian, along with three of our engineers, built the mainstream browser add-ons for digg, Delicious, Yahoo!, eBay, PayPal and Google. And they contributed to bug fixing Firefox.
Open web standards are just as important.
In 2005 I co-instigated the creation of the W3C Standard for Content Labeling / URL Classification, which formally replaced PICS as a Full Recommendation in 2009. It was the first ever incubator project at the W3C — a new process at the time to fast track new ideas to see if they were worthy enough to move onto the Full Recommendation Track.
I was one of the seven original founders of the W3C Mobile Web Initiative. I held a seat on the Steering Counsel for the first year and was the first person to re-write Tim Berners-Lee’s vision of “the one web” — which helped to form the formal Charter for the MWI. I’m a named contributor to 8 technical specifications, including Web Content Accessibility Guidelines Specification 2 and the Evaluation and Reporting Tools Working Group. I was also one of the first invited experts to the W3C Semantic Web Education & Outreach Programme where I was tasked with helping to bridge communication with the Web 2.0 advocates. That last bit wasn’t successful.
MetaCert and Rocket.Chat are sleeping together
Recently MetaCert and RocketChat announced a close partnership and alliance to work on an open source project that would see a security module for RocketChat. Obviously, phishing attacks will migrate to other platforms as soon as Slack becomes more safe. So this is an important step in helping to protect communities that migrate from Slack to Rocket.Chat.
So, we really do care and support open source projects as well as an open web.
We should all pull together to fight the bad guys — not fight each other inside the crypto community. We’re all in this together. We’re all part of the same community. Let’s try to be nice and respectful to each other. Life is too short. If we don’t agree, let’s be constructive and not destructive.
☞ Please tap or click “👏” to let Paul, his team, and others know that you appreciated this post. The number of claps indicates how much you liked the post so put those hands together as many times as you like.🤗