undefined | Better HN

0 pointslutusp13y ago0 comments

> Other than the transparency of what’s going on behind the scenes, what makes for an eloquent argument for making it open-source?

First argument: people will be willing to use it. Consider what you're offering -- a closed-source library that manages people's financial transactions. You may or may not be surprised to hear that people are reluctant to trust closed-source libraries that process financial transactions, account details, and patterns of economic behavior.

Second argument: open-source libraries are more likely to be successfully scrutinized for security flaws, and repaired in advance of exploitation. An irony of open-source is that over time it becomes more secure, not less, indeed one often-heard explanation for Windows' notorious insecurity is that it is closed-source, so the first revelation of a vulnerability is, not when errors are noticed by routine scans of source code, but when they're exploited in the wild.

Third argument: people will be able to see how your code works. This isn't a license to steal, it's a way for people to find out if your code meets their needs and behaves as they expect (or as accounting standards require).

I once debugged an accounting package that had a weird error -- two runs on the same transaction database never produced the same outcome. After a lot of back and forth, I got the developer to open the source, and discovered that his way of rounding off to the nearest penny was to generate a random binary number -- if 0, round down, if 1, round up. It was breathtakingly stupid, and we would never have solved it without seeing the source.

Fourth argument -- you can't arbitrarily shut down users of your library. An open-source library survives the extinction of its source or a change in policy. A closed-source library can't do that in any meaningful sense.

That should do. :)

0 comments

rendezvouscp13y ago

I think one of the things that separates our points of view is that I see Iron Money, the apps and service, as the product, with the API as a great extension for helping developers build cool stuff on top of their data; I don’t really see the API as the product I’m trying to push. Point for point:

1. This makes sense and is what I thought would be my biggest hurdle. Thankfully, this has never really been an issue. A lot of people are surprisingly willing to trust their finances to a third-party they don’t know that well.

2. I agree, although I think it’s even more valuable to have professionals audit the source code. Both together is probably optimal for security.

3. I realize that, in the example you cite, it was helpful to have the source open, but in the case of a (usually) consumer product, I don’t think this argument holds much weight. Iron Money mainly targets young singles and couples who want their finances on the iOS devices and Macs, and having it be open-source rarely plays into the decision to purchase.

4. I agree. I don’t think Iron Money is really marketed as a closed-source library, but the point stands. In any case, I would probably open the source if the service was shut down.

Thanks for taking the time to write up your thoughts; they definitely provide food for thought.

plinkplonk13y ago

"people are reluctant to trust closed-source libraries that process financial transactions, account details, and patterns of economic behavior."

Lots of people trust closed source applications though. QuickBooks, Turbotax ..

Your point is still valid, though I don't know what the exact differences between Iron Money and (say QuickBooks) are.

lutuspOP13y ago

> Lots of people trust closed source applications though. QuickBooks, Turbotax ...

No, they don't trust them, they use them because they have no choice. And the problems caused by Intuit's closed-source business model are legion:

http://www.consumeraffairs.com/computers/intuit_turbotax.htm...

The above sounds like a recitation of distrust, not trust.

j / k navigate · click thread line to collapse