Open Source

The Cathedral and the Bazaar Were Both Wrong

Eric Raymond’s famous essay framed the choice in software development as between the cathedral (top-down, closed, planned) and the bazaar (bottom-up, open, emergent). It was a useful metaphor in 1997. It’s misleading now, because it suggests open source is primarily a development methodology. It isn’t. It’s an epistemological position.

Open source is the assertion that knowledge should be verifiable. That’s it. Everything else — the community, the collaboration, the cost savings, the innovation — is downstream of that single claim.

The Epistemology of Code

Proprietary software asks you to trust without verification. Trust that the code does what it claims. Trust that it doesn’t do what it doesn’t claim. Trust that the company’s incentives are aligned with yours. Trust that the binary you downloaded corresponds to the source code that was audited (if it was audited at all).

This is faith, not knowledge. You believe the software works correctly. You believe it respects your privacy. You believe it hasn’t been compromised. And for most software, most of the time, your belief is probably justified. But “probably justified belief” is not the same as knowledge, and the distinction matters precisely in the cases where it matters most — security, privacy, financial systems, voting infrastructure, anything where the consequences of misplaced trust are catastrophic.

Open source eliminates the need for faith by making verification possible. Not mandatory — most people never read the source code of the software they use — but possible. The option to verify changes everything, even if you never exercise it, because it means someone can verify, and that someone’s verification benefits everyone.

The Economics Nobody Talks About

The open source movement has an uncomfortable relationship with economics. The early rhetoric was quasi-utopian: software wants to be free, sharing is caring, the community will provide. This was naive, and the naivety had consequences.

The reality: open source software powers virtually the entire internet, generates trillions of dollars in value, and the people who write it are frequently unpaid, burned out, and exploited. The Log4j vulnerability in 2021 — which affected virtually every Java application on Earth — was maintained by two volunteers in their spare time. The infrastructure of the digital economy depends on the unpaid labor of people who are, functionally, subsidizing trillion-dollar corporations with their free time.

This isn’t a failure of open source. It’s a failure of the economic systems surrounding it. The code is open. The value capture is closed. Companies extract enormous value from open source software and return almost nothing to the people who create it.

The solution isn’t to close the source. The solution is to build economic systems that properly reward open contribution — and that’s a much harder problem than the open source movement initially acknowledged.

Openness as Resistance

Beyond epistemology and economics, open source has a political dimension that becomes clearer every year: it is a form of resistance to the concentration of technological power.

When software is proprietary, the company that owns it has leverage over everyone who depends on it. They can change the terms. They can raise the price. They can discontinue the product. They can be acquired by someone whose interests conflict with yours. They can be compelled by a government to add backdoors. Every dependency on proprietary software is a potential point of coercion.

Open source eliminates this leverage. If the maintainer abandons the project, you can fork it. If they take it in a direction you disagree with, you can fork it. If they’re acquired by a hostile entity, you can fork it. The right to fork is the right to exit, and the right to exit is the foundation of all negotiating power.

This is why open source matters most not for the software that works well, but for the software that must work well — infrastructure, protocols, security tools, anything where a single point of failure could be catastrophic. For these systems, “trust us” is not an acceptable architecture. Verifiability is not a nice-to-have. It is a structural requirement for a society that wants to remain free.

The Unfinished Revolution

Open source won the technical argument decades ago. The remaining arguments are social and economic: how do we sustain the people who create open source software? How do we prevent open-washing — companies that use the language of openness to capture the benefits while externalizing the costs? How do we extend the principles of openness beyond software to data, to algorithms, to AI models?

These questions don’t have clean answers yet. But the direction is clear: the more critical a system is to human flourishing, the more important it is that the system be open, verifiable, and forkable. The alternative — a world where the most important systems are black boxes controlled by entities whose interests may not align with ours — is not just undesirable. It’s dangerous.