Open Sourcing of Obsidian

There is another point that I would like to stress, just because you can slap a license to a project doesn’t mean that you have the legal/monetary means to engage in an international legal battle to enforce the term of said license (especially if you are a small startup).

And just because you release something under an open source license doesn’t mean it will be stolen, and if it were stolen that doesn’t mean that you would lose revenue. Why would anyone choose a product other than Obsidian if it was Obsidian they wanted?

But like you said, it’s your choice to make. It’s regrettable that you refuse to release it as free (as in freedom) software, but you do you. I’ll take my money elsewhere.

I would love it if Obsidian was open source. And since I support a lot of open source software that I use regularly, I promise I would support Obsidian on a platform like Liberapay on a recurring basis.

Yes but without being able to inspect the open source code, one cannot verify what data obsidian collects in its servers or not. As stated above, one should not simply trust someone (eg developers of an app) that you’ve never met and have very little or no personal relationship.

The solution to unplug from the internet and keep your files in a vault while perhaps appropriate for some is not really a reasonable response.

People want to know they can trust and the only way to truly do that is by open sourcing code to be inspected and see if it matches what is being said…

without being able to inspect the open source code, one cannot verify what data obsidian collects in its servers or not. As stated above, one should not simply trust someone (eg developers of an app) that you’ve never met and have very little or no personal relationship.

If you block Obsidian from contacting the internet (or even just specific websites), you don’t need to trust it. It can’t call home. This is not the same thing as “unplugging from the internet”. It’s just unplugging Obsidian.

People want to know they can trust and the only way to truly do that is by open sourcing code to be inspected and see if it matches what is being said…

No, it’s not the only way. They could regularly release an independent audit of the telemetry the software sends back. Wouldn’t that be enough?

Not to mention - unless you are a diehard FOSS-only consumer, you put your trust in closed-source software from many companies on a daily basis, whether explicitly or implicitly. Giving companies the benefit of the doubt is not a new concept.

I bet most of you use Windows or MacOS. Are you hounding them to make their code available? I wonder what MS or Apple they would say? Tell Google you want to see all of their source code. I bet you still use Google products, and you know how they make their money. If you like Obsidian use it. If you love Obsidian, and want to further the cause throw a bit of coin their way. If you don’t like Obsidian, or their practices, go elsewhere. Why spend time trying to make someone bend to your whims?

ce

I am just replying to the ignorance in this thread about what open-source means and its comparison to closed-source. This is not an appeal to go open.

I started a closed-source project back in 2003 and eventually open-sourced it, while continuing to receive money for it because the users valued my development. I am an OSS contributor to the FreeBSD OS and other projects. Playstation, Nintendo, OSX, and other companies making insane revenues, all use FreeBSD code in products they ship for which I’ve contributed to but I expect nothing from them as I know what I signed up for when I contributed based on the license used.

Some people here assume open source means anyone could fork the project and become a competitor. That’s just false. You can write a license that says you can look at the code or provide fixes but not make any derivative product or project. If someone is trying to compete with your open-sourced code that violates your license you sue them into oblivion (and they pay your legal fees). I don’t have a good response for international violations, but if someone wants to violate they are going to violate even if it means writing their own app from the ground up and copying all of your features.

Arguments about closed source being more secure are false. Even for Windows the “code” is visible by looking at the machine code. A skilled attacker is not discouraged by that. All closed-source does is obscure and prevent lazy attacks from code scanners. I learned this lesson from people reading the machine code of my binaries, cracking my protections and showing me it was futile, and I see this after years of more experience in the OS field.
Do you think the lock on your front door actually protects you? It is trivial to pick (and easy to learn), even more trivial to kick the door open, or to drill the lock. All which take mere seconds. But it makes you feel safe. At the end of the day closed-source just makes you feel safe. Abusers are going to abuse.

I’m not sure if this has been said but most of the Obsidian source is easily viewable (I would be shocked if the devs didn’t realize this). I read through its saving logic recently trying to understand some iCloud Drive problems of files getting deleted while in-use. That was helpful for me to find evidence that Obsidian isn’t necessarily the problem. Security through obscurity is not good security. Someone who wants to abuse the license agreement here already can. So in a sense the closed nature here is only limiting contributions from others and limiting the use of non-commercial use.

I think the arguments about open sourcing being for “more eyes” and “better security” are not great and is biased and plagued with assumptions. How many of YOU have read through open sourced code before in depth? If you are running an automated tool to do it for you, have you thought through what the attack and privacy vectors actually are and then audited the tool to see that it is inspecting for it? How many 20+ year bugs have been found in older OSS projects? Hint: more than you think. How many of you work at software companies and have seen the nature of code reviews? It is easy to review a trivial change’s logic but if someone submits 3000 lines of code you are more likely to just skim it for style and rely on automated tests. This is true both in open and closed source. A big difference between open and closed is that closed can keep their bugs secret and never disclose them while open typically discloses them. So the appearance of more secure is biased because we see less bugs. The fact is software has bugs. Bug backlogs in the hundreds, thousands, for newly released code is not uncommon.

There are plenty of examples of very profitable profitable opensource businesses. Business models for open-source software - Wikipedia

My personal take on the business model rant about SaaS

I purchased the “Insider” package as a point that I’m willing to pay for this as a non-commercial user. I am planning to buy in more, or yearly, once I am more committed to this app and get a better sense of the management.

Plenty of SaaS businesses have lost my business because they lost touch with their users and spend too much on overhead and not enough on their product. Or demand too much for what they provide. I have not looked seriously at Roam because just in 1 minute of looking at their site I see I would spend upwards of thousands of dollars over the lifetime of using their app. It’s absurd for my purposes of a PKM. YNAB has done nothing in a year except reskin their app, making my workflow exponentially more difficult, and then raised their price. Goodbye YNAB. Evernote had my yearly payments for a decade until they rewrote their app a few years ago (in electron I believe but it is irrelevant) and dropped features they had for years. Yes it’s their decision on what to support but user requirements and basic policy of not regressing features seems to have taken a backseat at a lot of software businesses lately. If Evernote were open-sourced I could retain the feature I wanted while still paying them for their services. But I left instead. As a user I have fear of the products I use going under, being greedy at my expense, or telling me how I want to use their app, or dropping support for features I rely on, or oddly appearing to not even use their app and creating workflows that make no sense.

I’m willing to throw money at Obsidian for as long as my trust in them and their respect for their users does not get violated, and the product remains relevant.

This logic can be used to support open sourcing the project.

It seems you are concerned that (for example) a GPL license won’t be respected, a big tech company will steal the code and even though you could win if you went to court, it would bleed your resources dry…

This is absolutely a valid consideration!

But if you are concerned that a Big Tech company will not respect a GPL license (given the same scenario you outlined), what makes you think they will respect the current proprietary license you have stamped on your project?

It will require the same amount of legal fees to fight and protect a GPL license as it would a proprietary license.

So if you’re fucked either way, why not just go for the open source version because it comes with benefits that proprietary licenses do not have?

The end is near, there is no escape, so you may as well just do it…Wow…LOLOLOL…

Actually I am using this product because I can’t get it elsewhere…

I would love for Obsidian to go open source, however I understand the developers reasons for not doing at this time.

I believe a good first step would be for Obsidian to document and open source any divinations (we will call them obsidianisms from here on out) they are using/making of the markdown spec. This would help make it a documented superset spec for markdown. Then having a namespaced (spec → author|org → plug-in name) way that plug-in authors could document the changes/additions that the plugins do to the spec.

Having an open source officially defined (and versioned) spec for any obsidianism’s that differ from the official markdown spec, would allow authors who make conversion tools (pandoc, etc) to reference that clear spec in order to create plug-in’s for the tools to handle a clean conversion between formats.

This sounds like a feature request to me.

Good idea done!

for everybody that wants an open source obsidian, check out logseq:

I just started migrating. Its still in beta and early, but looks really promising and the community grows well. i love it so far. my guess is that because of them being os and having all the benefits that come with it, that they will surpass obsidian in the near future in popularity (fast dev cycles, pull requests, …)

Not trying to speak against what you said. Just wanting to comment on some interesting analogy that you used.

Even if locking my front door is not fully secure, at least it turns the attackers to my neighbor’s unlocked door. Even if close-source can still be abused, at least it turns the attackers (or at least lazy attackers) to easier targets.

Of course they can sue those who violate their license. But they did mention that they don’t have the time for those things. Developing awesome software for us is already something. So just go for the convenient path.

And I fully agree with you. How many will actually go through open-sourced code? Also, false sense of security. Just because it is open-sourced, we think that it is secure.

I am an avid user of logseq, I use obsidian and logseq for different types of notes. I use obsidian like a blog and logseq for fast firing

its in developers complete discretion to make a project closed source or open source.
AND I RESPECT THAT.

I respect whatever decisions take the developers. I’d only ask them for allowing some confidence people to dispose the code just in case something happens to them (hope not! )

Is adding the pledge to open up code access if Obsidian discontinues still under consideration? It would be awesome to have something more official written somewhere in the terms of service.

I understand the idea of getting the source of what could be considered as a critical software in our workflow, but this is not to the users to require it and given the notes are in an open format this is the only insurance to keep our notes. Also open sourcing would require people to maintain it.

There’s another aspect to open-sourcing: allowing the use of Obsidian within corporations with strict policies on what software gets whitelisted.

Being open source allows software to be subjected to a security audit. This was the case when I worked at Google - employees could request certain software to be evaluated for use within that intranet. Being closed-sourced was often a show stopper.