標籤 tag(s)
- web
- open source
Open vs closed, a trap that many Hong Kong web agencies are falling into.
I've had a number of discussions and thoughts recently into open-sourced vs closed-source CMS and while I was once an advocate and developer for open-sourced websites. That is no longer the case.
But because recently I've seen more and more and more Hong Kong agencies dropping into the Drupal bandwagon. I have to write this blog post about why these agencies may have been a little naive.
Open Vs Closed
First of all, I want to begin with a section on open vs closed. I won't waste time to explain everything but instead, I'll put it in a nice little table for you to compare side by side.
Open-sourced CMS (more specifically Drupal) | Closed-source CMS |
| Description: A ready to deploy package with user management, basic page management, navigation that is constantly updated by the community. It also has many many plugins avaliable. | Description: A ready to deploy package with user management, basic page management, navigation that is constantly updated by the production company. It has as many plugins it has previously developed for clients. |
| Cost: Low | Cost: High |
| Security: Even - 0 day exploits are common because source are open. Security holes are generally patched relatively quickly as it is maintained by community, but deployment of updates on security issues are not automatic thus dependent on the developer still. | Security: Even - 0 day exploits uncommon, hackers have to investigate and tap through system thoroughly to find security holes (if any). Security depends on development skills of company. |
| Flexibility: Medium - A community created CMS will always aim to be as flexible as possible, but the problem is that generally the 'core' of the system is hard-coded and rarely change. | Flexibility: High - The core of the CMS is often changed by the development company to suit individual client needs and maintained by the company. |
| UI Complexity: High - as the general 'backend' has to be tailored to everybody. This can in a limited way customised but generally not. | UI Complexity: Low - because every CMS is tailored to the client. |
| Technological Advantage: Low - Medium Technologies used in open-sourced CMS are common and well-known, there maybe community plugins that are avaliable which can extend it to a high standard, but again, there is a ceiling limit to how high it can go because of the limitation of the core. | Technological Advantage: Low - High In addition, closed systems do not have to build layers to accomodate all the different kinds of databases and other type of 'common' but 'different' software platforms that it has to use, thus saving valuable processing power. However, there are companies that simply develops a basic CMS and have used it since the 90s and charge a fortune. So, buyers beware, it maybe a good idea for to hire a 3rd party consultant if you do not have anyone technical when trying to decide how to build your platform. |
License: GPL. All work that extends or is a derivative work must be licensed under the GPL which mandates that anyone who recieves a distribution of the work have essentially free reign over the work and can freely distribute it to others. Thus You are 'highly encouraged' to 'contribute back to the community' | License: Variety of options to suit different budgets. There are annual license that ensures you only use their system and their expertise or nothing at all, these tends to be the least cost of course. There are full source royalty free license that grants you the permission to edit all you want but does not allow you to redistribute (obviously), which is similar to an open-sourced license without the bad deal of making avaliable your website's source code avaliable for downoad after you commissioned it. |
And into the pit hole they go.
The question of open vs closed has never been easier for me. Given the fact that the durpal FAQ itself states that, plugins, javascript, images, css and HTML basically needs to be open-sourced. It means that most of the site a so called "digial agency" develops for his/her client will have to be opened to all who manages to get his/her hands on it.
Now of course, if you hide the fact that you're using Drupal, or you simply don't distribute it to anyone else after you finished development, then you and your client is safe - until somebody else gets access to the source to your entire site.
Hang on, does this mean anybody can request access to my source codes? the GPL FAQ has this very often misunderstood point:
If I know someone has a copy of a GPL-covered program, can I demand he give me a copy?
No. The GPL gives him permission to make and redistribute copies of the program if he chooses to do so. He also has the right not to redistribute the program, if that is what he chooses.
While a business itself would not be under immediate threat from others asking for a copy of the source codes of the entire site. Essentially, all 'source codes' transmitted via the internet, this includes, CSS, HTML, javascript in Drupal, any visitor can take it and redistribute it, because the very act of the transmission of CSS HTML and javascript over the internet is 'distribution'.
Furthermore, it also means that anybody who your client one day gives access to the FTP, (for example a third party developer) will also be able to just lift the entire source code from your server legally and use it. So while it's not a direct I can request all your source code issue. The scenario where you fear your company's code being lifted and taken after you spent a fortune on it, still applies.
So clearly, it is bad for clients businesses because business is a lot to do with confidentiality, and secondly, it is bad for the agency itself because it will never be able to get a leg up on competitors and on the contrary, they themeselves are breeding new competitors adopting such a system.
Most agencies and development companies really only opt for open-sourced because they are not competent enough to create their own. Very few (if any) who can do so, would ever use or advise clients to use an open-sourced projects.
Having said that. If a business don't mind their website (perhaps it's used only for portfolios and product catalogues) being completely open inside and out. Then they do get all the benefits of an open-sourced project, without much of the downside.
A second argument against open-sourced web based projects such as Drupal is that it encourages bad coding, because it removes a huge layer of complexity and allowing a huge influx of non-programmers/developers creating websites with little to no understand of the underlying layer works.
This is bad for the community as a whole as real developers do not stand a chance against these 'faux developers' who are offering so called web development services at peanut prices. You may think that's great, that's great for the client. The answer is a categorical NO, because these are exactly the type of people who cannot even adhere to standards and have little idea of security.
At the end of the day though, this isn't something a client would ever understand (unless they happened to read this post on my site). And given the fact that I've seen Hong Kong digital agencies making e-commerce sites that are not SSLed and stores credit card details in full without encryption and still claims to client it's secure. This is a drop in the ocean in the issues facing Hong Kong's digital agency scene today.
標籤 tag(s)
- web
- open source
Comments
Any published comments will adhere to the etiquette policy and all e-mail addresses will be treated in accordance to the privacy policy.
Me in real-time
- If you see this, something's wrong with Twitter.
Blatant Plug
Need a new CPU or graphics card? Get AMD.
Support
I've pledged my support to these organisations, and I think you should too.
