upvote

points

by CodesInChaos10 hours ago |
comments
upvoteby mdp10 hours ago|
next
[-]
Exactly. I respect their decision to go closed source if that's what they need to do to make it a viable business, but just be honest about it. Don't make up some excuse around security and open source.
reply
upvoteby bearsyankees10 hours ago|
parent|
next
[-]
I don't know if I fully agree with this -- how many people were actually self-hosting cal infra? I def could be wrong though
reply
upvoteby sixhobbits6 hours ago|
parent|
next
[-]
it's not necessarily about people self hosting it, it's about people preferring to pay for hosted stuff that is open source (e.g. I pay for Plausible).

Now it's a lot easier to rewrite open source stuff to get around licensing requirements and have an LLM watch the repo and copy all improvements and fixes, so the bar for a competitor to come along and get 10 years of work for free it a lot lower.

reply
upvoteby pembrook6 hours ago|
parent|
prev|
[-]
The issue isn’t would-be customers going to the trouble of self hosting to save a measly $30/month.

The issue is competitors popping up to clone your offering with your own codebase.

reply
upvoteby renewiltord9 hours ago|
parent|
prev|
[-]
[flagged]
reply
upvoteby baileypumfleet8 hours ago|
prev|
next
[-]
We've run an extremely profitable business for five years, raised a seed and a Series A, and grown at 300% a year sustainably while being open source.

Going closed source actually hurts our business more than it benefits it. But it ultimately protects customer data, and that's what we care about the most.

reply
upvoteby avivo7 hours ago|
parent|
next
[-]
I think if it ultimately protects customer data in a significant way, I would be for it.

Are you able to share any more detail on how you determined this is the best route? It would be a significant implication for many other pieces of open source software also if so.

(And I say this is someone who just recommended cal.com to someone a few days ago specifically citing the fact that it was open source, that led to increased trust in it.)

I did find the video valuable, for reference for others: https://www.youtube.com/watch?v=JYEPLpgCRck

I think if you are committed to switching back to open source as soon as the threat landscape changes, and you have some metric for what that looks like, that would be valuable to share now.

I would like to see the analysis that you're referencing around open source being 5-10x less secure.

reply
upvoteby tgrowazay6 hours ago|
parent|
prev|
[-]
By this logic, Linux should switch to closed-source.

All your servers are Linux, so imagine how insecure you are - must switch to windows ASAP.

reply
upvoteby bruckie8 hours ago|
prev|
next
[-]
AI makes a great scapegoat. Need to lay off people? "AI." Need to switch to closed source? "AI."
reply
upvoteby riazrizvi6 hours ago|
prev|
next
[-]
Yes. Before AI the source was a demonstration of your substance. Users would be encouraged to reach out to maintainers to pay for upgrades or custom tweaks or training. Or indirectly pay for advertising while reading docs. After AI those revenue streams have collapsed. Now you have to withdraw enough of the work to make it hard for an individual to recreate with an LLM. The open source needs to be restricted to a rich interaction layer. Cloudflare just announced they are using that model with their services which were already closed source but now they are exposing them through new APIs. So they can capitalize on existing services that were not ripe enough for SaaS before AI, that had to be handled by their in-house professionals services folks. With this move they are using AI to expand/automate their white glove professional services business to smaller customers.
reply
upvoteby p_stuart8210 hours ago|
prev|
next
[-]
separating codebase and leaving 'cal.diy' for hobbyists is pretty much the classic open-core path. the community phase is over and they need to protect their enterprise revenue.

blaming AI scanners is just really convenient PR cover for a normal license change.

reply
upvoteby mikeryan9 hours ago|
prev|
next
[-]
It’s also now ridiculously easy to simply cherry pick from open source without actually “using” it.

“I need to do foo in my app. Libraries bar and baz do these bits well. Pick the best from each and let’s implement them here”

I’d not be surprised if npmjs.com and its ilk turn into more a reference site than a package manager backend soon.

reply
upvoteby wilj9 hours ago|
parent|
next
[-]
I literally have a Claude Code skill called "/delib" that takes takes in any nodejs project/library and converts it to a dependency-less project only using the standard library.

It started as a what-if joke, but it's turned out to be amazing. So yeah, npmjs.com is just reference site for me now, and node_modules stays tiny.

And the output is honestly superior. I end up with smaller projects, clean code, and a huge suite of property-based tests from the refactor process. And it's fully automatic.

reply
upvoteby pixel_popping9 hours ago|
parent|
next
[-]
It's that easy yes, and someday, we will literally be able to prompt "Redo the Linux kernel entirely in Zig" and it will practically make a 1:1 copy.
reply
upvoteby bobkb6 hours ago|
parent|
prev|
[-]
Interesting - I am interested to know how’s it impacting the codebase size interms of lines of code.
reply
upvoteby yibers9 hours ago|
parent|
prev|
[-]
Ironically, given the recent supply chain attacks, that may be also more secure.
reply
upvoteby serial_dev10 hours ago|
prev|
next
[-]
I'd think it's also much easier to spin up a (in some area) slightly better clone and eat into their revenue.
reply
upvoteby svnt10 hours ago|
parent|
[-]
This is part of it for sure. It is also true that many open source business depended on it not being worth the trouble to figure out the hosting setup, ops etc, and the code. Typical open source businesses also make a practice of running a few features back on the public repo.

Now I can take an open source repo and just add the missing features, fix the bugs, deploy in a few hours. The value of integration and bug-fixing when the code is available is now a single capable dev for a few hours, instead of an internal team. The calculus is completely different.

reply
upvoteby kelnos7 hours ago|
prev|
next
[-]
Yes, it feels like they've been looking for an excuse to go closed-source, and this one is plausible enough to make it sound like they're only doing it because they "have to".
reply
upvoteby hxugufjfjf6 hours ago|
parent|
[-]
What an uncharitable take
reply
upvoteby phillipcarter10 hours ago|
prev|
[-]
I mean, it's hard to make a viable business regardless of if the tech is OSS or not, but it's often seen as more challenging this way.
reply