Open source
The economic anomaly that works
Description
Open source software is one of those facts about the modern world that is so taken for granted it stops looking strange. Most of the internet runs on it. Every smartphone ships with millions of lines of code that nobody owns, written by people who were not paid to write it, given away under licenses that forbid the usual ways of making money from software. Android, the servers behind almost every website, the databases storing our records most of this is open source. A 2024 Harvard Business School paper estimated the demand-side value at roughly 8.8 trillion dollars. That is a strange number for something the textbook says should not exist.
The textbook is not wrong about the puzzle. Software costs real money to write, and the best programmers are expensive. If we give the result away, we cannot charge for copies. The theory of public goods predicted that anything available for free would be chronically under-produced, because no rational person would pay to make something a free rider could use without contributing. Open source has been violating this prediction at industrial scale for forty years. The Linux kernel alone has received contributions from more than 15,000 developers across thousands of companies.
Something is going on that the textbook missed. The interesting question is not whether open source works that is settled but why it works and where its limits are. The answers involve a licensing innovation that hijacked copyright law, an economic argument proprietary defenders kept losing, a corporate embrace nobody saw coming, and a maintenance crisis nobody has a clean solution to.
The question we're asking: how did giving software away become the dominant production model, and what does that imply?
What we'll see: the licensing trick, the economic argument, the corporate shift, and the maintenance problem.
Table of contents
01From RMS to Linus Torvalds
The story usually starts with Richard Stallman and a printer. In 1980, Stallman was a programmer at MIT's AI Lab, where the culture was to share code freely. The lab received a new Xerox laser printer, which kept jamming. Stallman wanted the source for the driver so he could add a feature alerting users when print jobs failed. Xerox refused. The driver was proprietary. The episode is the founding myth of free software because it crystallized what Stallman had been noticing the collegial code-sharing culture he had grown up in was being replaced by non-disclosure agreements and proprietary licenses, with no obvious way to reverse the drift.
Stallman's response was to start the GNU Project in 1983 and to write, in 1989, the GNU General Public License. The GPL was the licensing innovation, and it used copyright law against itself. Software under the GPL could be freely copied, modified, and redistributed, with one binding condition any modified version had to be released under the same license. The clause is called copyleft, and it means improvements to GPL code cannot be privatized. The mechanism relies on copyright, which exists to enforce exclusion, to enforce inclusion instead. Lawyers initially thought it would never hold up. It has held up consistently.
02Why open source won infrastructure
Through the 1990s, the conventional wisdom was that open source could never beat proprietary products on quality. Serious software, the argument went, requires planning, professional management, paid testers, and integrated design none of which a loose collection of volunteers could provide. By 2005, the wisdom had quietly inverted. Linux dominated the server market. Apache served most websites. MySQL and PostgreSQL ran the databases. Python and Ruby were the languages startups used. The proprietary defenders had been measuring the wrong thing.
They had been measuring the quality of any single release and missing the quality of the iteration loop. Proprietary software shipped polished releases on long cycles, with no realistic way for users to fix problems. Open source shipped rougher releases more often, with the source code available for anyone to read, debug, and patch. For infrastructure software, the second model produces better outcomes over time, because the bugs that matter are the ones encountered in production by users with the technical capacity to fix them.
03The corporate embrace
The shift in corporate attitudes is one of the most striking reversals in recent business history. In 2001, Steve Ballmer, then CEO of Microsoft, called Linux a cancer that attached itself to everything it touched. The company's strategy was to defend its proprietary business by every available means, including legal action against open source distributors. Microsoft funded papers arguing open source was insecure and pursued patent claims against Linux distributors. The corporate world largely sided with Microsoft, because Microsoft was where the money was at the time.
In 2018, Microsoft bought GitHub for 7.5 billion dollars. GitHub hosted most of the world's open source code, and the acquisition was greeted with apprehension by parts of the community who remembered the cancer comment. The apprehension turned out to be misplaced. Microsoft has run GitHub as a relatively neutral host, has open-sourced significant parts of its own stack including .NET and Visual Studio Code, and now ranks among the largest corporate contributors to open source worldwide. Microsoft's business shifted from selling Windows licenses to selling cloud services, and a cloud business runs on the same open source stack as everyone else's.
04The maintenance problem
In March 2024, a Microsoft engineer named Andres Freund noticed that a routine database test was running half a second slower than it should have been. He investigated. The cause was a backdoor carefully inserted into XZ Utils, a compression library used in essentially every Linux distribution, by a contributor who had spent more than two years building trust with the project's overworked sole maintainer. The backdoor was a few weeks away from being included in major distributions, which would have given the attacker remote access to a substantial fraction of the world's servers. The catastrophe was averted by one engineer's curiosity about a half-second delay.
XZ was the most alarming of a series of episodes that have made the maintenance question impossible to ignore. In late 2021, a vulnerability called Log4Shell was discovered in Log4j, a widely used Java logging library maintained by a small group of unpaid volunteers. It allowed remote code execution on essentially any server running affected versions, including Amazon, Apple, Twitter, Cloudflare, Minecraft servers, and countless internal corporate systems. The library's lead maintainer was working on Log4j in his spare time. The companies whose products depended on it had not, until that moment, registered how much critical infrastructure rested on a volunteer project.
05Conclusion
Open source is the rare case where a system that should not work, according to the standard theory, turned out to work better than the alternative. Stallman's licensing trick made it possible to build durable commons. The argument proprietary defenders kept losing was that infrastructure software wants to be a shared resource because the iteration loop is what produces quality, not the marketing budget. The corporate embrace happened because the economics of cloud computing aligned the largest software companies with the open source ecosystem rather than against it. None of these shifts were inevitable, and the people who saw them coming earliest were largely dismissed at the time.