Dear Debian users, contributors, and enthusiasts,
I have been working in IT, for more than twenty years, essentially Debian.
I tend to prefer non-computer related activities for the free time I have, therefore, I don't really contribute to
Debian, at least not directly.
Still, I have a personal open-source project that relies on and promotes Debian, and I am still passing some time on it.
I make great effort on the documentation, as well as using only Debian packages. I sometimes raise bug reports, or send
detailed messages to reproduce or bypass issues to the packages maintainers, or on this list.
These days, I am working for a company that intensively uses Debian servers, both on prem and on a major well known
cloud provider. Sadly, I notice that any service, not directly implemented by Debian, is systematically replaced by
proprietary services from third party providers.
Here a few simple examples, might be relevant or not to our usage, but some of
you are definitely familiar with:
- An external company would provide host based intrusion detection system (HIDS) and automatic upgrades, using
proprietary forks of Wazuh and Nessus open source software and s cloud hosted nice console.
- A proprietary antivirus is installed, instead of using or contributing to ClamAV virus databases or Linux kernel
security modules.
- A centralised git source code hosting platform, where git actually does not
need to be centralised.
- A cloud hosted bug tracking system, wiki, etc... You name it.
- etc.
Most of the time, these companies business speech is, "focus on your core business activity, and let us manage the
rest". Or something approaching, you get it, and it's true, on some aspect. I know that on many aspects, using these
proprietary tools are advantageous. They are often more polished, more modern than the "old" open source tool that
nobody maintained any more.
From what I have seen, there are issues, though, both minor and major. I will start by the minor ones, to finish by
_the_ major one, IMHO. You can disagree with the minor and major, depending on your experience.
The "minor" issues:
- The integration with Debian, or even Linux FHS, is not very good or even non-existant (like download and extract this
zip file, and run install.sh). Most of the time, they just don't care.
- These cloud platforms are vendor lock-in, it is hard to move away from them, to another provider. By the time you want
to move away, it is too late, too costly and too complex.
- They introduce dependencies towards a third-party service or site, that sometimes breaks and hold your activity in
hostage.
- They "attract" terrorists groups, because it becomes extremely interesting to inject a backdoor on their site (supply
chain attacks).
- They contribute to centralise the internet in the hands of powerful and monopolistic giant companies. Internet was
initially thought to be a decentralised and free network.
- They are installing black boxes closed sources binary agents, that we have to
blindly trust on our systems.
Now, the last point, the major one, at least in my opinion: this attitude is contributing to the slow demise of "free"
and/or "open source" software. For most of these companies, the contributions to Debian - or even Linux, or open source
software - are often very little or even none.
I also think about the many open source projects, that died because there was
only one or a few developer(s).
I also think about recently discovered vulnerabilities, or backdoors introduced in major open source libraries relying
on the free time of one developer. The hypocrite reaction from major companies suddenly "discovering" that the library
they used was the work of one person, deciding to start a "new" version of the same software, sometimes with a non-free
licence.
The worst is, most of the times, the money spent on these third party services could be used to hire developers, benefit
the open-source communities, and achieve better results.
Please, tell me what are your thoughts on this. Am I too pessimistic ? Are you, like me, thinking these companies as
open source "scroungers" ?
Thanks for your feedback.
Andrew
