Scott Hanselman

Open Source versus Source Out in the Open

April 25, 2006 Comment on this post [8] Posted in DasBlog | NUnit | NCover | Nant | XML | Bugs
Sponsored By

An interesting point came up during my talk at Deeper In .NET on Saturday. (Korby Parnell has a flattering writeup as does Avonelle, BTW)

There's a difference between "Open Source" and "Source in the Open."

I've seen folks copy and paste directly from Google Groups and when prompted for a bit of code's origin they announce "It's Open Source."

Despite what many folks may have gleaned from some recent thinking out loud, I'm a fan of Open Source. Within the context of just .NET, I think that the (Windows Development) world is a much better place due to widely successful Open Source applications like NAnt, NUnit, log4net, NCover, Subtext, SharpDevelop, etc.

These projects are great places to learn how to code in .NET.

I made a comment at a conference once, where a lot of folks were badmouthing XML, complaining that the XML spec misses a number of important, albeit edge, cases and that it was generally a mess. Not meaning to be snarky (but succeeding) I introduced our next talk saying "I can't talk to the previous speakers concern about XML, but at Corillian we use success as a metric."

That's really what it comes down to. When you copy/paste/refactor/beg/borrow/steal someone else's code and put it into your application it's important that you know at least two things:

A. What it does.
2. That it works.

When one finds code in production (and you know you've found this yourself) with a link to a Google Group's thread embedded within the code's comments, you might want to pause a moment.

I'm much more likely to snarf an algorithm or technique from NUnit or SharpDevelop because I know those applications work and work well. They are successful by virtue of the fact that they are used. What they lack in Unit Tests they make up in sheer code coverage.

DasBlog has a number of nasty bugs lurking, some we know about, most we don't. However, it's tested every day on this blog and others. I know what it's good at and what it's not.

When an application is a trusted, used, successful "Open Source" Application, chances are it's code is more trustworthy than "Source in the Open."

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Hosting By
Hosted in an Azure App Service
April 25, 2006 16:51
A friend and I just had this discussion the other day (it stemmed from my showing him Krugle - way better than Google code for reliablity btw) and I opted that in order to truly be open source, it must have defined licensing. This is something that most code "snippets" you find on Google lack thus making them simple code in the open.
April 25, 2006 16:53
A friend and I just had this discussion the other day (it stemmed from my showing him Krugle - way better than Google code for reliablity btw) and I opted that in order to truly be open source, it must have defined licensing. This is something that most code "snippets" you find on Google lack.
April 25, 2006 18:02
My favorite part is the twe-element list using a...unique numbering scheme in the middle of the post.
April 25, 2006 18:21
Couple (triple) thoughts. 1) Yay that when people snarf code they credit the source, let's give them ... uh ... credit. B) *Just because* code came from Google Groups doesn't mean it doesn't work. Ya never know, people might test it. iii) What exactly IS the copyright of code that people list in forums?
April 25, 2006 20:34
>These projects are great places to learn how to code in .NET.

Except when they're not. For example, until the most recent drop, Log4net was so full of egregious violations of the .NET naming guidelines that it made my eyes burn to look at.

This phenomenon seems to be most common in C# ports of formerly Java code bases.

April 25, 2006 22:09
I agree that GSCP (Google Search Copy Paste) code is suspect, but I'd argue that it does have some things going for it. For one thing, as long as the site has a feedback mechanism, it's likely that bugs will be reported and possibly fixed. Either is better than new code. For instance, if the code is pasted from a Google Group, you've potentially got an ad-hoc community support system for that snippet. Of course, open source projects which are actively used are more highly reliable for the same reason, but both sources are more reliable than new code.

I agree it's important to understand what the code is doing. No way around that.
April 25, 2006 23:11
While digging in my pockets I found two nicely polished pennies, and I decided to hand them to you!

I am leading the Commerce Starter Kit Open Source project ( and I have to say that it's been a crazy freakshow since day 1. Over half my time goes to pimping OpenSource as a concept, and pushing some in the community to "contribute not complain" when they see things they don't like. Most are quite receptive and tend to "get it" when confronted with the notion that they can directly impact a large-scale project.

OpenSource in the .NET community is sort of mangled between, just as you say, "Source in the Open" and true OpenSource. Some say the definition is in the licensing (OSI - the "Open Source Iniative" will let you brand yourself as certified if you use one of their licenses. We use the Mozilla 1.1 so I spose we're certified), others will look to your source code management, and yet others (the zealots) will only consider you OpenSource if you are using Linux/Apache/MySQL/PHP (or the like).

All are welcome to check us out and contribute back. I am utterly stunned at how quickly, with the help of the community, we have put together a ROCKIN eCommerce tool. I sort of hate to call it a Starter Kit because it's rapidly moving beyond that. To see the latest:

Good post Scott- also wonderful work on DasBlog. I use it and completely love it!
April 26, 2006 7:07
I agree with this post Scott (and your last statement about trusting used applications like say, oh, dasBlog) but here's a wrinkle.

We write blogs every day (well some of us) and often we're doing it to answer a question or solve a problem someone posed us (hey, maybe you guys don't do this but walk with me on this).

A user will ask how to do something or we'll respond to some post in a newsgroup on a request or something just doesn't sit right with us and we'll write some tests to prove the right way to do it. Whatever the reason or motivation, that's what drives us to write some code specifically for a blog post.

A blog post that gets googled.

So I have to take exception that while my blog posts are not being used every day like DasBlog or NUnit is, it was put on the Earth for a good reason and I did spend some time writing it (and sometimes even writing tests around it) and by all virtues, it's valid. Will I stand behind any code you find on my blog written by me? Absolutely. Will it blow up and screw with your network. Maybe. But I for one will be sure to stand up and say it did as I'm not ashamed.

Anyways, just wanted to mention that some of us bloggers out there do post code and it is "Source in the Open" rather than "Open Source" but it does carry some sanity behind it.

Comments are closed.

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.