[CiTyBear]

I don't think it says "Software not open-source is bad". But more something like "It is marketed as open source but it is not".

Developers should be aware that VSCode is not as open source as it claims it is. In my circles, developers could swear VSCode is fully open source without even knowing VSCodium.

If people were more aware about this, they might think twice before using VSCode for everything and getting lock-in (just like the article says)

[jasode]

>But more something like "It is marketed as open source but it is not". Developers should be aware that VSCode is not as open source as it claims it is.

Honest question...

Is SQLite also deceiving people about its "open source credentials" because the Encryption Extension is proprietary and costs $2000?[1]

... because as far as I can tell, most conversations do refer to SQLite as "open source" without always bringing up the encryption extension as a disclaimer in every online discussion. SQLite's creator, Richard Hipp, has a company selling a commercial license for the encryption add-on but it doesn't seem to tarnish the "open source" perception of SQLite.

[1] https://www.hwaci.com/cgi-bin/see-step1

[als0]

I think it's often easy to unknowingly use or rely on a proprietary extension, such as in Visual Studio or even a particular browser's features. When an extension requires you to get out your credit card then this isn't possible. If it costs $2000 you can assume it's proprietary.

So I think the issue for VScode is more nuanced: proprietary extensions are not clearly marked or separated from the open source feature set.

Another good example to consider is whether people feel deceived by various Linux distributions who bundle one-click or automated install of proprietary blobs.

[easton]

Someone can correct me, but the last time I installed the remote extension pack I’m almost certain that a notification popped up that said “By using this extension, you agree to the license terms...” which is unique to the Microsoft closed source extensions.

[est31]

The main way SQLite is used around the world is as a library component of a larger application. The main way people use VS code is through the proprietarized official build that uses the official EULA.

Also, lots of people seem to value the proprietary extensions a lot more than people value the encryption extension of SQLite.

[jasode]

>The main way people use VS code is through the proprietarized official build that uses the official EULA

The blog author complained about "Live Share" as one example. As far as I can tell, "Live Share" is not in the builds one downloads from Microsoft's "Visual Studio Code" website: https://code.visualstudio.com/download

The Live Share feature is downloaded from a separate web page: https://marketplace.visualstudio.com/items?itemName=MS-vsliv...

This separation seems similar to SQLite Encryption Extension. Can someone explain how the situations are not analogous?

The github page for "Visual Studio Code" prominently displays "Open Source" in its title: https://github.com/microsoft/vscode

I'm willing to be convinced that it's a marketing deception and "open source" should be removed but so far, I haven't seen any precedent from other hybrid open/closed source projects justifying that.

[winkeltripel]

> Can someone explain how the situations are not analogous?

The difference is that typical usage of SQLite is co-located with an application, such that you don't need encryption, and it doesn't market itself as a great database to stand up on a far-away server.

VSCode is marketing these extensions with the core product, as features thereof. They seem to be much closer to critical, core functionality. I think that they are functionally similar situations, except that nobody uses/cares-about that SQLite extension.

Microsoft is also marketing as if VS Code is open source. One claim or the other is fine, but the combination is deceptive. There are many closed-source components which are part of VS Code, if indirectly.

[edoceo]

Hmm. Nobody I know that uses VSCode uses either Remote or LiveShare. They don't seem critical or core to me.

[jaywalk]

I've been using VS Code since day one, and I have zero interest in Remote or LiveShare. I can definitely see how they'd be useful in certain environments, but they just have no use to me.

[codemonkey-zeta]

Not that they are critical or core, but that they are, in the words of the original author, "the best parts of VScode." All the core and critical features of VScode exist in every other editor. LiveShare and Remote are, as far as I and the author can tell, not replicated by any other editor, and are therefore (subjectively) the "best parts". Whether or not you know anyone who uses the features is irrelevant.

[hoistbypetard]

Just going by "feel" without rigorously analyzing why it feels this way, my personal answer to your question is that the sqlite encryption extensions feel very much like LiveShare and not so much like Remote. Remote feels to me like a major part of the product that MS advocates without differentiation. LiveShare feels like a neat add-on that's a nifty alternative to several other similar things.

Similarly, the encryption extension has many alternatives and I've never heard Dr. Hipp advocate using it. This thread is the first I've heard of it, and I've heard of alternatives before. Where I knew coming in about Remote and LiveShare based on promotions from Microsoft.

That's just an explanation of how it "feels" to one reader, not any kind of careful analysis or sweeping statement.

[krn]

> Developers should be aware that VSCode is not as open source as it claims it is.

VS Code is as open source as it claims to be.

> If people were more aware about this, they might think twice before using VSCode for everything and getting lock-in

Are there many software developers who are not aware that most open-source software can run proprietary extensions?

I personally don't use any of Microsoft's services. Therefore, the entire claim that "the best parts of VS Code are proprietary" is completely false for me.

[wolco]

If you don't use Microsoft products the claim can't be taken as false. What in your own words do you know? Nothing.

[Legogris]

One can use plenty of Microsoft products while using none of their services.

Which is an important distinction in this context.

[GordonS]

I know full well about VSCodium, but choose not to use it. For all intents and purposes, VSCode is open source - the source code it freely avaibale on github under an MIT license. AFAIK only the installer and some extensions are not open source - that plainly doesn't mean VSCode itself isn't open source.

VSCode is a fantastic tool, and I'd prefer to use it directly from Microsoft. I am aware that there is telemetry, and as someone conscious of privacy concerns I've looked at what telemetry is sent - I'm satisfied it's anonymised sufficiently and benign enough not to affect my privacy. If the VSCode team really find this data useful, then I'm happy to provide it and help improve VSCode.

I do however think that telemetry in VSCode should be opt-in rather than opt-out.

[jamesgeck0]

The big surprise for me is that the extension repository isn't (legally) accessible by any open source distributions of VSCode. It's not technically part of VSCode, but it's a big piece of functionality that I would have expected to be available.

[em-bee]

isn't that the same thing with chrome vs chromium?

chrome as a whole is not Open Source or Free Software while chromium is.

whether that matters to you is up to you. those who want to use Free Software or Open Source should use Chromium and VSCodium

[Nullabillity]

Google doesn't run a user-agent check in, say, YouTube that makes it refuse to run under Chromium.

[GordonS]

This divisive "us and them" stance is unnecessary, and doesn't help anyone.

OSS and free software matters to me - so I use VSCode, which is OSS. Whether extensions are OSS or not is immaterial (the same extensions you can use with VSCodium!).

[em-bee]

the compiled version of chrome is not Free Software or Open Source. only a version from sources only is. you can't build chrome from those sources, only chromium.

now it is possible that VSCode is different in that regard. but if that were the case then VSCodium would not need to exist. so i guess that it is not possible to build a full version of VSCode from those sources either. i'd love to be wrong on that though

[GordonS]

I don't think I mentioned Chrome?

It's perfectly possible to build VSCode from source.

AFAIK, the main reason VSCodium exists is to remove telemetry (since it's opt-in by default in VSCode, something I do disagree with).

[em-bee]

is the telemetry in the source?

in that case, very well. i am happy to be wrong, and retract any claim that VSCode itself is not fully open. thank you.

[venatiodecorus]

these extensions are a key part of my workflow so imo vscode in effect is proprietary as i would not find value in it without these. this appears to be an opinion that is shared with other devs here. it seems you simply handwaving that opinion away as immaterial is more divisive than someone asserting that if you appreciate OSS you should use OSS.

[aspenmayer]

All FOSS is OSS, but not all OSS is FOSS.

[GordonS]

Right, but VSCode is MIT licensed.

The gripe in the article is about extensions not also being MIT licensed - an argument precisely nobody would be making if it wasn't Microsoft; as someone else here pointed out, you could make the same argument about SQLite, but nobody would.

[aspenmayer]

It’s important to note which code is MIT licensed, and which isn’t, as others have mentioned around components of the extension functionality itself.

I’m not making the specific claims you are arguing against, and I don’t disagree with what you say, in any case. Just as in SQL, and in this case, these licenses matter. A feature matrix clarifying features and licenses would be mice. Also, it would be nice to have a fully FOSS mode for VS Code in its settings or config. It is a distinction with a difference.

[skohan]

Yes this is exactly the risk: developers become dependent on the VSCode extension ecosystem, while thinking they are safely using only FOSS tools.

This is the kind of double-speak which lets MS have the best of both worlds. From a marketing/developer relations perspective, developers think they are using open-source tools. But in actuality, developers are investing in workflows where MS is a critical link in the chain.

[kls]

I really don't understand this, when I use a library in my codebase I make sure I understand the licencing implications of using said library. When I add an extension to my IDE, I make sure I understand the licencing implications. If I add and extension to my IDE, I have modified my IDE beyond the base IDE, I should very well know the implications of doing so. It is no big secret that these two extensions are not FOSS tools. Some people care, some people don't but if a developer is blindly adding stuff to their IDE without knowing the ramifications, I would certainly question their judgment and I would certainly question their judgment if they are under the assumption that every extension out there is FOSS.

[skohan]

> When I add an extension to my IDE, I make sure I understand the licencing implications.

The UX decisions of VSCode go against this kind of careful consideration of licencing implications. If I open a code file and VSCode has a suggested extension for the file type, I will see an animated popup in the bottom of the screen, with a button to install. The simplest way to get rid of this popup is to simply install the extension. There's also no link on the popup to read up on the licensing terms. Everything about this interaction design wants you to just mindlessly install the extensions VSCode suggests to you, and I would wager this is what a lot of users end up doing.

Also if you look at the VSCode homepage[0], very close to the top of the page you get these marketing claims:

> Free. Built on open source. Runs everywhere.

You might be very capable of understanding the details here, but I think a new CS student who's maybe just heard of open source and knows a little bit about it could be forgiven for conflating these claims with the idea that VSCode is FOSS.

[0]: https://code.visualstudio.com/

[kls]

I guess it is just me, but I have never clicked on that pop-up. I always go to the extension tab and add extensions there, where the second link at the top, has a direct link to the licence of said extension. I always go to the extensions tab because it provides documentation about the extension, which I want to read before I add it to my IDE.

[Gaelan]

Even that page doesn’t tell you the license. It just has a link to “license”, and given that VS Code is marketed as open source software, and there’s often even a GitHub link (for issues), it’d be pretty easy that the “license” linked to was GPL or MIT or something.

[skohan]

Do you think that is the intended user interaction?

[kls]

Many times, how developers / (manager that think it is a great idea) design an application and how users, use an application do not intersect. I personally would not install an extension to my IDE without at least skimming the docs, checking the licence to see if I am going to have to subscribe or pay later, and checking reviews to ensure that it's a legit extension. I am certain, that there is a contingent of people that do, but as for developers, I would expect them to be a power users that knows better than to just click a yeah, sure install that button.

Honestly, if that where the only way to install extensions on VS Code it would probably be a deal breaker for me. I never install something because the application tells me I should. Especially in an ecosystem where anyone can provide a package. To me it would be akin to blindly adding an Node module, python module, jar or any other third party provided dependency to the custom software I am writing without first vetting it. I mean the licence for an extension, could very well state, that any software produce form the use of this extension, entitles the author of the extension a 10% royalty from said resulting software. That is a very real and valid licence, game engines, codecs, encoders use it all the time.

[thisiswater]

As the author puts it: "It makes me less certain that this isn't the Extend in Embrace, Extend, Extinguish."

[pydry]

Other Microsoft OSS ventures makes me wonder if they haven't resurrected that policy too (e.g. the crippling slowness of azure mysql and azure postgres as compared to SQL server).

[pjmlp]

Google has largely outpaced Microsoft on what concerns Extinguish.

[easton]

Can you give some examples? I haven’t seen Google close source something lately, except for Go’s package hosting server (which makes me inclined to believe you, I just haven’t heard of other instances).

[lenkite]

All the Google apps that used to be open once-upon-a-time in Android and whose evolved versions are all closed source now.

[harrygeez]

Google Play Services pops to mind

[ex_amazon_sde]

"Extinguish" is often not the case in this decade.

It's all about capturing market share aka creating user lock-in.

[hedora]

User lock-in is how Microsoft has traditionally extinguished competition.

Microsoft Office is an early example. I know zero people that switched to it because they liked its functionality or user interface. They switched because nothing else could open Office documents correctly. Eventually, everyone I knew switched to it (and many happily switched away decades later, once “as-a-service” competition cropped up, solving the compatibility problem).

[StevePerkins]

> developers are investing in workflows

If this discussion were about anything other than text editors, I would take it much more seriously. But text editor popularity cycles every 5 years or so, and the main reason is simply that we get bored and want to try something new.

When we "invested" in VSCode over the past few years, we discarded all of our previous investments in Sublime workflows.

When we invested in Sublime back in the early-2010's, we discarded our previous investments in TextMate or Notepad++.

When we invested in TextMate or Notepad++ in the mid-2000's, we discarded our previous investments in UltaEdit or God knows what.

When we invested in UltraEdit or God known what back around the turn of the century, we discarded our previous investments in Vi or Emacs or Nano or whatever we were using from the shell in our 1990's computer science classes.

All of this has happened before, and all of this will happen again. We'll be bored with VSCode by mid-decade... and when we migrate to the next thing, it will take us a matter of days.

[rpdillon]

Agreed that many developers do this. I'm very averse to relearning all my tooling every couple of years, though, so I tend to treat FOSS very seriously because my investment will last decades. This makes me a bit of an outlier, but it's the reason I invested in building skills in GNU tools, Linux, and Emacs in the 90s, and continue to use those tools every day. For people like me, VSCode is not a great choice, for all the reasons you suggest. For most, I agree that the stakes aren't quite as high, simply because folks are switching tools from time to time for other reasons anyway.

[ThrowawayR2]

> "From a marketing/developer relations perspective, developers think they are using open-source tools. But in actuality, developers are investing in workflows where MS is a critical link in the chain."

There's plenty of open core software that's the same, like Gitlab. I don't see any big outcry over open core in general so presumably very few people care.

[venatiodecorus]

it could have something to do with the fact that microsoft has a history of bad behavior and abuse of their market dominance, perhaps?

[ThrowawayR2]

> "it could have something to do with the fact that microsoft has a history of bad behavior and abuse of their market dominance, perhaps?"

Can you provide a plausible scenario for abuse is likely to happen with VSCode? Does VSCode even have any kind of market dominance? As others have pointed out, the open parts of VSCode could probably survive on their own as a community supported project, minus the proprietary plug-ins.

[jjuel]

From what I can tell from the official VS Code site by Microsoft they no where say that it is a fully open source piece of software. Infact they say "Free. Built on Open Source. Runs Everywhere" So they are saying it is "Built on Open Source" which means something completely different to me.

https://code.visualstudio.com

[skohan]

"Built on Open Source" is in the same vein as putting "Made from natural ingredients" on a cereal box. It's meant to make the product sound better for you than it actually is.

[dmortin]

Most developers don't care they just want to get to job done. Many of them use IntelliJ, etc. which is not free software either.

Those who care about using fee software already know about these things, because they check before starting to use a new software.

[electronstudio]

They don’t brag about it as much as Microsoft do but IntelliJ Community Edition is free software.

https://github.com/JetBrains/intellij-community/blob/master/...

[TAForObvReasons]

... and open source (Apache 2.0 License)

[electronstudio]

All free software is open source, by definition.

[johannes1234321]

There is a difference: intellij/Jetbrains don't claim to do OpenSource.

Microsoft markets them as OpenSource player and Viscose as OpenSource IDE and if you don't look at the license terms you miss the part.

[johannes1234321]

Seems I can't edit the comment anymore. "Viscose" was supposed to be "Viscose". Thanks autocorrect :)

[yencabulator]

> "Viscose" was supposed to be "Viscose".

Uhhh...

[johannes1234321]

I give up. The phone rules over me.

[mqus]

While IntelliJ is not completely open source, the community edition definitely is(not free in the gpl sense but OSS). But they are careful in marketing it that way.

https://www.jetbrains.com/opensource/idea/

[kls]

Given the fact that you have to download both extensions separately and intentionally from the VS Code binary. I would say that VS Code does indeed meet the technical definition and spirit of open source. I don't know a major open source IDE that does not have closed source and/or paid extensions that you can purchase/download. I find this argument kind of strange, neither of these extensions are part of VSCode proper, sure they are nice but to ding the base editor because MS did not hand these out is a bit of a stretch.

[vezycash]

Google does the same or even worse with "open source" Android and chrome.

[lucideer]

Exactly. And it's important to write articles like this about VSCode, Android, Chrome, and any others engaging in this (increasingly common) marketing approach.

[est31]

And users can help by actually using VSCodium, LineageOS, Linux distro Chromium builds, non-Xcode clang, etc. instead of the proprietary variants.

[pjmlp]

Which the large majority chooses not to, so there you have it, the open source dream.

[jefftk]

On the other hand, Safari's WebKit being open source allowed Google to build Chrome on the same engine. Years later, Chrome's Blink engine being open source meant the same for Opera, Brave, and Edge.

It is hard for individuals to run and maintain custom forks, but the benefits of open source in terms of preventing lock-in are substantial.

[pjmlp]

The same WebKit that now breaks the mobile Web and it being open source is completely irrelevant.

[stonemetal12]

Is it though? On the VSCode site it says "Built on open source." I don't see anywhere it says "Is open source."