Most active commenters
  • cdchn(4)
  • sqs(4)

←back to thread

Sourcegraph went dark

(eric-fritz.com)
424 points kaycebasques | 11 comments | 20 Aug 24 03:30 UTC | HN request time: 0s | source | bottom
Show context
sqs ◴[20 Aug 24 10:28 UTC] No.41298641[source]
Sourcegraph CEO here. We made our main internal codebase (for our code search product) private. We did this to focus. It added a lot of extra work and risk to have stuff be open source and public. We gotta stay focused on building a great code search/intelligence product for our customers.

That's what ultimately lets us still do plenty of things for devs and the OSS community:

(1) Our super popular public code search is at https://sourcegraph.com/search, which is the same product customers use internally on their own codebases. We spend millions of dollars annually on this public instance with almost 1M OSS repositories to help out everyone using OSS (and we love when they like it so much they bring it into their company :-).

(2) We also have still have a ton of open-source code, like https://sourcegraph.com/github.com/sourcegraph/cody (our code AI tool).

BTW, if any founders out there are wondering whether they should make their own code open-source or public, happy to chat! Email in profile. I think it could make sense for a lot of companies, but more so for infrastructure products or client tools, not so much for full server-side end-user applications.

replies(14): >>41298707 #>>41299099 #>>41299575 #>>41299592 #>>41299724 #>>41299784 #>>41299956 #>>41300159 #>>41300346 #>>41300771 #>>41301859 #>>41305881 #>>41311564 #>>41312895 #
quantumwoke ◴[20 Aug 24 10:39 UTC] No.41298707[source]
Been a fan of sourcegraph since 2016 or so, it's been exciting to watch the pivots along the way. That being said, the loss of transparency here is pretty sad, speaking as a large FOSS repo owner. What were the main factors apart from risk that went into the decision?
replies(1): >>41298885 #
sqs ◴[20 Aug 24 11:14 UTC] No.41298885[source]
Thanks for being a fan. And I understand it's a bummer to not have our code be public and open-source anymore. Sorry.

It's a bunch of reasons that add up. I'll give some more details for anyone curious.

(And I know that despite these reasons, lots of HNers probably wish it was not so. I agree! I too wish for a world where all companies could have their code be public and open source.)

- We have a lot of tech around large-scale code graph, indexing, etc., stuff that is very differentiated and hard to build. We were starting to put some of this in separate private repositories and link them in at build time, but that was complex. It added a lot of code complexity, risked bugs, and slowed us down, and if a lot of the awesome stuff was private anyway, what was the point?

- As we've been building Cody (https://cody.dev), our code AI tool, we've seen a LOT more abuse. That's what happens when you offer any free tier of a product with LLM inference. We had to move a lot more of our internal backend abuse logic to private repositories, and it added code complexity to incorporate that private stuff in at build time.

- It confused devs and customers to have 2 releases: an open-source release with less scaley/enterprisey features, and an enterprise release. It was a pain to migrate from one to the other (GitLab also felt this pain with their product) because the open-source build had a subset of the DB schema and other things. It was confusing to have a free tier on the enterprise release (lots of people got that mixed up with the open-source release), and it made our pricing and packaging complex so that lots of our time was spent helping customers understand what is paid and what isn't.

- There were actually very very few companies that were going to pay but then decided to use the open-source version and not pay us. A lot of people probably assume that's why we made this move, but it's not. I think this is because people like the product and see value in it, including all the large-scale code nav/search features that are in our enterprise version.

- Although very very few companies used our open-source version to avoid paying us, we did see it cause a lot of annoyance for devs who were asked by their management to try cloning our product or to research our codebase to give their procurement team ammunition to negotiate down our price. This honestly was just a waste of everyone's time.

- If we got a ton of contributions (we never really solicited any), then it might've changed the calculus. Sourcegraph is an end-user application that you use at work (and when fun-coding, but the primary revenue model is for us to charge companies). For various reason, end-user server-side applications just don't get nearly as many contributions. Maybe it's because you'd need to redeploy your build for a bunch of other users at your company, not just yourself. Maybe it's because they necessarily entail UX, frontend, and scaling stuff, in addition to just adding new features.

- We heard from people who left GitHub that people at GitHub were frequently monitoring our repository to get wind of our upcoming features and launches. Someone from GitHub told me his "job is to clone Sourcegraph". Since then, they obviously deprioritized their code search to re-found GitHub on AI, so we're not seeing this threat anymore. But I didn't love giving Microsoft an unfair advantage, especially since GitHub products are not open source either.

- Since we made our code non-open-source, we've been able to pursue a lot more big partnerships (e.g., with cloud providers and other distribution partners and resellers). This is a valuable revenue stream that helps us make a better product overall. Again, because Sourcegraph is an end-user application with a UI that devs constantly use and care about, we never really had the MongoDB/Redis/CockroachDB risk of AWS/GCP/Azure just deploying our stuff and cutting us out. We're not protecting from downside here, but we are enjoying the upside because now those kinds of distribution partnerships are viable for us. To give a specific example, within ~2 months of making our code non-open-source last year, we signed a $1M+ ARR deal through a distribution partner that would not have happened if our code was open source. This is not our biggest annual deal, but it's still really nice!

We are totally focused on building the best code search/intelligence and appreciate all our customers and all the feedback here. Hope this helps explain a bit more where we're coming from!

replies(6): >>41298979 #>>41299240 #>>41301021 #>>41303956 #>>41305711 #>>41308575 #
jsiepkes ◴[20 Aug 24 11:30 UTC] No.41298979[source]
> Sourcegraph CEO here. We made our main internal codebase (for our code search product) private. We did this to focus.

> There were actually very very few companies that were going to pay but then decided to use the open-source version and not pay us. A lot of people probably assume that's why we made this move, but it's not.

> To give a specific example, within ~2 months of making our code non-open-source last year, we signed a $1M+ ARR deal through a distribution partner that would not have happened if our code was open source.

So the reason these deals are now possible is mainly because time was freed up by not having the code base opensource?

replies(1): >>41299012 #
sqs ◴[20 Aug 24 11:34 UTC] No.41299012[source]
> So the reason these deals are now possible is mainly because time was freed up by not having the code base opensource?

No, it's that if all the code is free and open source for anyone, we would not be able to charge for it and there would be no deals. Even if, say, 60% of our product was open-source and 40% was closed source, we might still get a lot of direct customers but would struggle to do distribution partnerships because the distribution partners have outsized incentives and capacity to reimplement the subset of the 40% they think their market needs.

replies(1): >>41299201 #
vundercind ◴[20 Aug 24 12:00 UTC] No.41299201[source]
I believe the question came up because the original rationale given was “we did this to focus”, not “we couldn’t sell the code for as much if it was open source”.
replies(2): >>41299255 #>>41302557 #
sqs ◴[20 Aug 24 12:07 UTC] No.41299255{3}[source]
Both are factors, as I said in my original post (focus and risk).
replies(1): >>41299329 #
vundercind ◴[20 Aug 24 12:15 UTC] No.41299329{4}[source]
“We stopped giving away some of our apples due to risk.”

“Of… liability? Or… uh, what?”

“Oh—risk that we couldn’t sell the apples we gave away, obviously.”

replies(2): >>41299373 #>>41299520 #
1. cdchn ◴[20 Aug 24 12:39 UTC] No.41299520{5}[source]
Risking profit. I wish he'd just say it. The mealy mouthed justifications are just so transparently disingenuous.
replies(2): >>41299804 #>>41301054 #
2. eutropia ◴[20 Aug 24 13:19 UTC] No.41299804[source]
When someone speaks about business risk for a company which might not be breakeven profitable, the risk is not "we don't make enough money to chuckle sensibly into our wine goblets", the risk is "we have to lay off our engineering team and stop making software altogether".

There's nothing mealy-mouthed about trying to provide insight into their decision-making process. They don't owe anyone other than their employees, customers, and investors (in that order) a justification for their decision making on something like this, and certainly after spilling a few paragraphs of text off the cuff can't be called disingenuous.

This chorus of screeching that accompanies any reduction in commitment for a company involved in open-source is extremely off-putting to anyone who wants to try to build in the open and make a business out of it.

It's free. Gratis. Provided without warranty. Do with it what you will, but it was never yours. They didn't take anything from you by closing the repo. It's really cool that it was available, and it sucks that it's not available going forward - but expecting any business-backed OSS projects to adhere to the same behaviors as a volunteer effort is just wishful thinking.

replies(3): >>41300331 #>>41300562 #>>41301597 #
3. maeil ◴[20 Aug 24 14:21 UTC] No.41300331[source]
You make good points, but to be fair, I feel it's more the beating around the bush that people take issue with.
4. mistrial9 ◴[20 Aug 24 14:45 UTC] No.41300562[source]
these are good points but there are fundamentals at odds, really.. no amount of "explaining" will make a choice.. there are partisan issues and as said, company survival is related to profitability is related to survival.

also not mentioned so far is - this product has big implications for security by surveillance, with phone-home and instant-audit hooks, non-disclosed search for zero-day vulnerabilities, and more.. by closing the dev process, it appears that this product gets one step closer to a one-way mirror model that some customers will pay really large amounts of money for..

5. chubot ◴[20 Aug 24 15:41 UTC] No.41301054[source]
I thought the explanation was very good (second comment more so than the first)

This sounds like "I'm angry I don't get free stuff anymore, and I want to lash out", and I expect better from HN

replies(1): >>41301550 #
6. cdchn ◴[20 Aug 24 16:36 UTC] No.41301550[source]
All the arguments are attempts to veil "we're not making enough money."

When companies dangle "open source" projects to get attention, or start off as open source projects then someone decides "I can make money off this", then rug pull them, that leaves a bad taste in my mouth.

replies(2): >>41302059 #>>41302355 #
7. cdchn ◴[20 Aug 24 16:41 UTC] No.41301597[source]
>There's nothing mealy-mouthed about trying to provide insight into their decision-making process. They don't owe anyone other than their employees, customers, and investors (in that order) a justification for their decision making on something like this, and certainly after spilling a few paragraphs of text off the cuff can't be called disingenuous.

When you say things like "we did it for the devs" thats mealy-mouthed and disingenuous. They don't owe anyone but their employees, customers, and investors an explanation, but then they start making public statements-- even if they are a few paragraphs and text off the cuff-- acting like they're doing it for _alutristic_ reasons.

Rug pull your open source once you've gotten what business ends you desire out of it and when it conflicts with your open source goals; like you said its your you own it.

8. chubot ◴[20 Aug 24 17:31 UTC] No.41302059{3}[source]
I don't see any attempt to veil it -- there was specific mention of revenue and competitors

Did SourceGraph make any promises about a community or free support? (honest question)

I think your expectations may be off, perhaps learned from corporate marketing. "Open source" by itself does not mean necessarily

1. you get any support

2. there is a community [1]

3. you're entitled to all future source code by that person or company, whether under the same project name or not.

---

It could be that SourceGraph has broken some promises, and that IS pretty typical of VC-backed companies.

But so far I don't see evidence of that.

Quoting my comment: https://lobste.rs/s/tg5vwi/sourcegraph_went_dark#c_vnaqxu

Even according to Stallman, free software never required any kind of support, open development, or commit history. You can publish a tarball on a web server, and that counts as free software.

i.e. publishing source code doesn’t sign you up for a lifelong obligation. People can fork it, or not fork it.

---

Practically speaking, I might think of SourceGraph as something like Android.

Is Android open source? Yes. [2]

Does it have huge proprietary parts? Yes.

It is designed for collaborative development? Not really unless you work for a big company, and are paid to work on Android. (That said, I'm sure there are hobbyists / "people in their basement" that do meaningful things with Android source code -- and actually I think that is how some open phone companies started)

Is it better than it's open rather than closed? Yes. Multiple competitors to Google use Android source code, e.g. Amazon has built phones off of it. That is good thing IMO.

---

[1] On my own open source projects, there is a community and best-effort support, and I really encourage that! But the point is that there are MULTIPLE valid project models under the name "open source".

Throwing code over the wall is actually valid open source, and it actually benefits society IMO. It's still valuable, even if you STOP doing it, as SourceGraph has done.

It's distinct from "I get free stuff that I like using"

There could be a different name for "unfunded or independently funded open source", but the funny thing is that the term "open source" originated as a corporate-friendly alternative to "free software"

[2] As a tangent, I also think Android has a really suboptimal and cloud-slanted architecture, but for this discussion, let's just use it as a an example of corporate open source

replies(2): >>41303574 #>>41310025 #
9. avianlyric ◴[20 Aug 24 18:02 UTC] No.41302355{3}[source]
You clearly never actually looked at Sourcegraph OSS. The OSS version died a very long time ago, the vastly majority of Sourcegraph most valuable features were never OSS, and Sourcegraph has always been very transparent about this.

All that’s changed here is that a non-OSS, but public codebase, is now private. From a customers perspective, nothing material has changed. Only those who want something for nothing are seriously impacted by this.

10. cdchn ◴[20 Aug 24 20:12 UTC] No.41303574{4}[source]
>I don't see any attempt to veil it -- there was specific mention of revenue and competitors

Here you go:

>Although very very few companies used our open-source version to avoid paying us, we did see it cause a lot of annoyance for devs who were asked by their management to try cloning our product or to research our codebase to give their procurement team ammunition to negotiate down our price. This honestly was just a waste of everyone's time.

11. mistrial9 ◴[21 Aug 24 13:21 UTC] No.41310025{4}[source]
you have misused the Stallman quote .. the idea is that the code is always available to rebuild and recompile.. the commerce between vendors or users is not specified. In the case you apparently defend, the source code is no longer available to build the complete product.