Human Who Codes Newsletter - Weaponizing Open Source


Thoughts on Weaponizing Open Source

When you think of open source software, you might think of it as a gift from someone to the world. They’ve written something of value, and instead of trying to make money off of it, they’ve posted it online for anyone to use (and potentially make money off of) for free. While many projects start that way (Linux, ESLint, etc.), there’s another way open source comes into being: as a weapon against a company’s competition.

Android. Perhaps the best example of weaponizing open source is with the Android operating system. When Google purchased Android, Inc. in 2005, the operating system hadn’t been released yet. Two years later, with much of the industry expecting Google to announce a “Google Phone” to compete with Apple’s newly-released iPhone, Google instead open-sourced Android. Additionally, Google announced the formation of the Open Handset Alliance, a partnership between Google and multiple mobile phone companies and manufacturers who are “committed to greater openness in the mobile ecosystem.”

What actually happened is that Google recognized Apple could easily become the dominant player in mobile phones if Google didn’t do something quickly. Google wasn’t ready to release a phone anytime soon, so it would need to partner with handset manufacturers to get something out. By releasing Android as open source, they could free manufacturers from worries about licensing fees and vendor lock-in for the operating system. Wielding Android as a weapon, Google quickly caught up to Apple in terms of mobile operating system penetration, and then blew way past them. Today, Android is installed on over 70% of mobile phones worldwide (vs. under 30% for iOS).

Chrome. Following a similar playbook, Google released Chrome in 2008 along with the Chromium open source project. Once again, Google talked about the importance of “openness” for web browsers. At the time, Internet Explorer 8 and Firefox 3.0 were fighting it out for dominance on Windows, and the introduction of a third browser hardly seemed like a viable idea. But Google knew that in order to go where the company wanted to go (the apps that would eventually become Google Workspace), it needed the ability to add new features to web browsers without going through Microsoft and Mozilla as gatekeepers. Microsoft had laid this foundation well by adding new features to Internet Explorer that it needed to make Hotmail a popular web-based email client. Launching their own browser gave Google a seat at the browser table and the ability to push for and prototype the features they believed were needed.

Fast forward to 2024 and Chromium-based browsers dominate the market. Chrome itself has a massive 65% market share while seven of the top ten browsers by market share are built on Chromium (the outliers are Safari at 15%, Firefox at 4%, and UC Browser at 0.4%). Top competitors Microsoft and Opera abandoned their entire proprietary codebases to rebuild their browsers on top of Chromium.

Llama. The latest example of a company weaponizing open source is with Meta’s release of Llama in 2023. AI is the next battleground for big tech companies and Meta was caught a bit behind the curve of OpenAI’s ChatGPT and Google’s Gemini (not to mention Anthropic’s Claude). Whether AI is all hype or not, Meta is using the same open source playbook as Google to try and chip away at competitors’ ability to gain AI market share. Training a model like LLaMA costs millions of dollars, so you know that Meta isn’t releasing it simply for the public good. As with Android and Chrome, the goal here is to provide a high-quality alternative that will tempt companies away from competitors, preventing other companies from gaining an unstoppable percentage of the market share. (Microsoft, on the other hand, has taken to embedding AI into apps for free rather than charging a separate fee like OpenAI and Anthropic. This is a lot like the approach they took with Internet Explorer to gain market share.)

None of this is to say that open source projects spearheaded by companies in an attempt to undermine a competitor’s market position have no upside. The more high-quality open source software in the world, the better. Sharing expertise and collaborating with other developers around the world can’t be overlooked as a pleasant side effect of this strategy. Once code is released under an open source license, it remains open source forever. (Although companies can stop supporting it and start building proprietary code on top of it.)

Still, it’s important to understand that open source projects like Android, Chromium, and Llama are part of a larger corporate strategy and not an act of pure altruism. That matters because corporate strategies change, sometimes suddenly, as when Redis decided to change its license. In Redis’ case, there was enough interest to create an always-free fork named Valkey, but not all open source projects are so lucky when they are no longer tethered to a company.

So the next time you see a company touted their commitment to “openness” with the release of an open source project, it pays to take a little time to think about the bigger picture.

Key Takeaways

  • Companies exist to make money, and the open source projects they publish aren’t always an act of charity.
  • Whenever a company touts their own open source project and a commitment to “openness,” that usually means they’re trying to prevent a rival from dominating a market.
  • More open source is always better than less, but use corporate open source projects with an eye towards what happens if the company’s strategy changes.

Understanding JavaScript Promises Print Book

My self-published e-book, Understanding JavaScript Promises, is now available as a printed book! Everything I know about promises is included in this book, including a whole new chapter on using and creating abortable functions.


Stuff I've Enjoyed this Month

🎬 Does fast charging ACTUALLY ruin your battery? by Marques Brownlee
I recently helped my parents upgrade their phones, and I was caught in a debate with the salesperson over whether or not they actually needed new charging cables and bricks. I found this video helpful in solidifying my understanding of how mobile phone batteries actually work.

📝Should form labels be wrapped or separate by James Edwards
You've probably heard the advice that it's best to wrap HTML input elements inside of <label> elements for optimal accessibility. It turns out, however, that this isn't the case, and it really is best to use an ID with <label for="id"> regardless if your <label> wraps the input element.

🎬 Lightboard videos: How we make them by IBM Technology
I love the IBM lightboard videos, but I only recently did some thinking to figure out how they were made. After I did, I went looking to verify my theory was correct and found this video. I love how simple techniques can be combined for a fantastic result.

📚 The Coming Wave by Mustafa Suleyman, Michael Bhaskar
This book explores how technological waves affect humanity, all the way back from the invention of fire to today's world where AI and biotechnology are poised to change life as we know it. The discussion centers around how the world has previously reacted to technological leaps and what we can learn to safely move forward with the powerful technologies now in development.

🎬 Don't use JS for that by JSConf
This talk explains the latest HTML and CSS features that you can use to replace JavaScript in your web applications. Both languages have come very far in the last few years and it's worth taking a look to see if you can remove some JavaScript from your app.

📝Oracle, it's time to free JavaScript by Ryan Dahl
Many don't realize that JavaScript is actually a registered trademark of Oracle (acquired when they purchased Sun Microsystems). In this open letter, Node.js and Deno creator Ryan Dahl implores Oracle to release the trademark into the public domain. This probably won't amount to anything, but it's a nice statement to make.


What I'm Working On

🏠 Real Estate: I got the lead paint issue resolved just in time for another property to fail rental inspection. Since the apartment building collapse, Davenport has made their inspections a lot stricter but the extent of this was a shock. Almost all of the items had no relationship to safety (for example, missing soffit in one section). $2,000 later everything was addressed. Follow my Instagram for real estate photos.

🎧 Podcast: I was recently interviewed for Software Engineering Daily, where we discussed some of my background in linting and the challenges of technical leadership in open source and companies.

💻 ESLint: I finished up work on a new way to load configuration files. This changes how the ESLint config file is located. For most users it won't affect anything, but it will help with monorepo setups.

Human Who Codes Newsletter

A once-per-month newsletter discussing topics important to senior-level software engineers, with a particular focus on frontend technology and leadership.

Read more from Human Who Codes Newsletter

Thoughts on Rates of Change One of the first things I realized about working in codebases is that different parts of the codebase change at different rates. There are some files that are touched very frequently while others can go months, or even years, without being touched. This fascinated me, partly because it reminded me of my closet (why do I even still have those jean shorts?), and partly because people seemed to put such little thought into optimizing their projects to reflect this...

Thoughts on Node.js, Deno, and Bun If you started working in the tech industry after 2005, what’s going on now may seem like a shock. Large tech companies continue to lay people off despite record profits. Smaller tech companies are also laying people off, and in some cases, having “quiet layoffs,” where they find other ways to reduce headcount, including offering employees three months of salary to voluntarily leave the job. As a result, there are more software engineers looking for jobs in...

Thoughts on Node.js, Deno, and Bun For well over a decade, if you wanted to run JavaScript on the server, your only choice was Node.js. It has been battle-hardened by some of the most demanding companies in the world, many of whom paid employees to help maintain or contribute to the project. Then in 2018, Node.js creator Ryan Dahl announced Deno, a new server-side JavaScript runtime that was intended to fix a lot of the problems of Node.js. Fast forward to 2023, and Bun was released as...