It’s been a rough couple of weeks for open source
There have been some high profile attacks like the TeamPCP events. Anthropic has a new model that’s going to create more security vulnerabilities than anyone can count. The number of security bug reports is going through the roof. AI slop is running rampant through GitHub. And let’s not even try to count all the hot takes from the LinkedInIstas.
It’s clear we should never trust open source again, but we should trust someone on linkedin whose company is built on top of all open source and uses AI to do everything. This feels like animal farm but the animals have all been replaced with frozen burritos. All burritos are equal, but some burritos like my linkedin posts!
The Death of Open Source
So anyway, is open source cooked? Probably not. I mean, it doesn’t care even if it is. If you use open source or not it usually doesn’t matter to open source. Imagine going to your local park and having to listen to a bunch of people standing in the middle of it shouting how they’re never coming back because they don’t trust the park. Most people in the park would be like “thank goodness, that sooner you can leave the better”. Of course those people never leave, they just keep shouting and complaining how dumb all the people trying to enjoy the park are. That’s basically what’s happening now.
The thing is, for the VAST majority of people, the people who will never read this, have no idea who TeamPCP is, and probably have never heard of xz, for those people open source was never about trust. Trust only matters to security nerds and people trying to sell something. Everyone else only cares about open source for two reasons
- it’s free
- it’s free and solves their problem
It’s very hard to beat free. “BUT WHAT ABOUT FREE LIKE A PUPPY” I can hear someone shouting. While yes the overall cost of using open source isn’t free, thanks to capitalism, nobody cares about anything unless it’s happening this quarter, and this quarter says free stuff costs less than not free stuff. So free wins. We can fix the problems next quarter.
Also AI isn’t going to replace open source because the one thing humans desire more than recognition on linkedin, is recognition from real humans. Look at OpenClaw. The bizarre security nightmare that it is, it’s filled with people creating and sharing plugins, and howtos, patches, and forks. Why should they need to share anything when the Prime Intellect can just build whatever they want? We are humans, we love to share what we’re working on and are interested in. Go ask a 6 year old about dinosaurs and you’ll understand what I mean. OpenClaw is just dinosaurs for grown ups.
The Future
Now, all this said, there are probably going to be some pretty rough days ahead for open source and all of us really. The number of security bugs is going up. The number of AI fueled PRs on GitHub is going up. All the numbers we wish weren’t going up, are going up. They’re going up pretty fast to be perfectly honest.
Open source is going to be fine in the same way the Earth will be fine if all the humans blow themselves up. It would be more ideal if we don’t explode everything. But the people in charge often seem to have different ideas.
It’s been pretty clear to a lot of people for the last few years that they way open source has traditionally worked needs to change. We don’t really know what that means yet. Everything from funding developers, to funding open source infrastructure, to how open source licenses need to change with the times.
There are people working on this, they’re not on linkedin, well some of them are. The Sovereign Tech Agency is a great place to pay attention to. I also recently interviewed Vlad from Open Source Pledge (the episode will come out in a few weeks). It’s worth keeping an eye on what they’re doing I think. These are just two simple top of mind examples. There are plenty of others but you need to go looking.
I’m always looking for people and organizations working on these hard problems. If you want to have a chat on the podcast, let me know. I don’t think any of these problems are unsolvable, but I do think they’re very hard to solve. I also think open source will solve them because open source is awesome.