| ▲ | CodesInChaos 2 days ago |
| > The reasoning provided by their CEO, Bailey Pumfleet, is that AI has automated vulnerability discovery at scale, That sounds like an excuse. The real reason is probably that it's hard to make a viable business out of developing open source. |
|
| ▲ | mdp 2 days ago | parent | next [-] |
| Exactly. I respect their decision to go closed source if that's what they need to do to make it a viable business, but just be honest about it. Don't make up some excuse around security and open source. |
| |
| ▲ | bearsyankees 2 days ago | parent | next [-] | | I don't know if I fully agree with this -- how many people were actually self-hosting cal infra? I def could be wrong though | | |
| ▲ | sixhobbits 2 days ago | parent | next [-] | | it's not necessarily about people self hosting it, it's about people preferring to pay for hosted stuff that is open source (e.g. I pay for Plausible). Now it's a lot easier to rewrite open source stuff to get around licensing requirements and have an LLM watch the repo and copy all improvements and fixes, so the bar for a competitor to come along and get 10 years of work for free it a lot lower. | |
| ▲ | pembrook 2 days ago | parent | prev [-] | | The issue isn’t would-be customers going to the trouble of self hosting to save a measly $30/month. The issue is competitors popping up to clone your offering with your own codebase. |
| |
| ▲ | renewiltord 2 days ago | parent | prev [-] | | [flagged] |
|
|
| ▲ | baileypumfleet 2 days ago | parent | prev | next [-] |
| We've run an extremely profitable business for five years, raised a seed and a Series A, and grown at 300% a year sustainably while being open source. Going closed source actually hurts our business more than it benefits it. But it ultimately protects customer data, and that's what we care about the most. |
| |
| ▲ | avivo 2 days ago | parent | next [-] | | I think if it ultimately protects customer data in a significant way, I would be for it. Are you able to share any more detail on how you determined this is the best route? It would be a significant implication for many other pieces of open source software also if so. (And I say this is someone who just recommended cal.com to someone a few days ago specifically citing the fact that it was open source, that led to increased trust in it.) I did find the video valuable, for reference for others: https://www.youtube.com/watch?v=JYEPLpgCRck I think if you are committed to switching back to open source as soon as the threat landscape changes, and you have some metric for what that looks like, that would be valuable to share now. I would like to see the analysis that you're referencing around open source being 5-10x less secure. | |
| ▲ | tgrowazay 2 days ago | parent | prev [-] | | By this logic, Linux should switch to closed-source. All your servers are Linux, so imagine how insecure you are - must switch to windows ASAP. |
|
|
| ▲ | bruckie 2 days ago | parent | prev | next [-] |
| AI makes a great scapegoat. Need to lay off people? "AI." Need to switch to closed source? "AI." |
|
| ▲ | mikeryan 2 days ago | parent | prev | next [-] |
| It’s also now ridiculously easy to simply cherry pick from open source without actually “using” it. “I need to do foo in my app. Libraries bar and baz do these bits well. Pick the best from each and let’s implement them here” I’d not be surprised if npmjs.com and its ilk turn into more a reference site than a package manager backend soon. |
| |
| ▲ | wilj 2 days ago | parent | next [-] | | I literally have a Claude Code skill called "/delib" that takes takes in any nodejs project/library and converts it to a dependency-less project only using the standard library. It started as a what-if joke, but it's turned out to be amazing. So yeah, npmjs.com is just reference site for me now, and node_modules stays tiny. And the output is honestly superior. I end up with smaller projects, clean code, and a huge suite of property-based tests from the refactor process. And it's fully automatic. | | |
| ▲ | pixel_popping 2 days ago | parent | next [-] | | It's that easy yes, and someday, we will literally be able to prompt "Redo the Linux kernel entirely in Zig" and it will practically make a 1:1 copy. | |
| ▲ | bobkb 2 days ago | parent | prev [-] | | Interesting - I am interested to know how’s it impacting the codebase size interms of lines of code. | | |
| ▲ | wilj 17 hours ago | parent [-] | | It varies from project to project, but applications benefit a lot more than libraries. When I de-lib a normal express app it might add a few hundred lines of code and a few thousand new tests, but if I de-lib an library then depends on how ancient it is. The older the library is, the higher the chances that most of what it needs is built-in to the standard library. |
|
| |
| ▲ | yibers 2 days ago | parent | prev [-] | | Ironically, given the recent supply chain attacks, that may be also more secure. |
|
|
| ▲ | p_stuart82 2 days ago | parent | prev | next [-] |
| separating codebase and leaving 'cal.diy' for hobbyists is pretty much the classic open-core path. the community phase is over and they need to protect their enterprise revenue. blaming AI scanners is just really convenient PR cover for a normal license change. |
|
| ▲ | riazrizvi 2 days ago | parent | prev | next [-] |
| Yes. Before AI the source was a demonstration of your substance. Users would be encouraged to reach out to maintainers to pay for upgrades or custom tweaks or training. Or indirectly pay for advertising while reading docs. After AI those revenue streams have collapsed. Now you have to withdraw enough of the work to make it hard for an individual to recreate with an LLM. The open source needs to be restricted to a rich interaction layer. Cloudflare just announced they are using that model with their services which were already closed source but now they are exposing them through new APIs. So they can capitalize on existing services that were not ripe enough for SaaS before AI, that had to be handled by their in-house professionals services folks. With this move they are using AI to expand/automate their white glove professional services business to smaller customers. |
|
| ▲ | serial_dev 2 days ago | parent | prev | next [-] |
| I'd think it's also much easier to spin up a (in some area) slightly better clone and eat into their revenue. |
| |
| ▲ | svnt 2 days ago | parent [-] | | This is part of it for sure. It is also true that many open source business depended on it not being worth the trouble to figure out the hosting setup, ops etc, and the code. Typical open source businesses also make a practice of running a few features back on the public repo. Now I can take an open source repo and just add the missing features, fix the bugs, deploy in a few hours. The value of integration and bug-fixing when the code is available is now a single capable dev for a few hours, instead of an internal team. The calculus is completely different. |
|
|
| ▲ | kelnos 2 days ago | parent | prev | next [-] |
| Yes, it feels like they've been looking for an excuse to go closed-source, and this one is plausible enough to make it sound like they're only doing it because they "have to". |
| |
|
| ▲ | phillipcarter 2 days ago | parent | prev [-] |
| I mean, it's hard to make a viable business regardless of if the tech is OSS or not, but it's often seen as more challenging this way. |
