Today we are going to talk about a very interesting phenomenon: the "fat tiger effect".
Fat Tiger is the "villain character" in the classic animation "Doraemon". He bullies the protagonist Nobita on campus all the year round. The image of a pigskin bully is deeply rooted in the hearts of the people and is the object of many children's disgust. However, in some theatrical works of "Doraemon", Fat Tiger accidentally did a good thing, which will give people a feeling that "this kid is not so bad", which makes the audience's favor for him skyrocket. .
On the other hand, if an upright gentleman who has been doing good deeds on weekdays is suddenly revealed to have done a bad deed, the image of this person as "bad" in people's hearts will multiply, and even all the good things he has done before will be completely denied and given to others. A feeling of "this person has always been good all the time." As the saying goes, "A hypocrite is scarier than a real villain".
The "fat tiger effect" originally came from a spoof line in the comic "Gintama". Although there is no reliable theoretical basis for this law, the simple example of the fat tiger intuitively reflects a common psychological phenomenon. This phenomenon maps to real life, and we can see many examples that match it, especially in the open source field.
The "fat tiger effect" in open source
The most classic example of the "fat tiger effect" in open source is Microsoft's transformation.
As we all know, Microsoft used to be the biggest enemy in the open source world. This proprietary software giant publicly declared that open source software represented by Linux was a cancer in the industry 20 years ago. Ruthless suppression for more than a few years: what kind of suppression has open source experienced?
For a long time, Microsoft's reputation in the open source community was as follows:
The reason why Microsoft (reputation) is so bad is historical reasons. It can be seen that you can’t do too much bad things, and if you do too many bad things, it’s hard to do good things. —— 2012-10-02How can the words Microsoft and open source be put together? —— 2014-06-11When will M$ feel good about open source? Should say never. —— 2014-06-12
After changing its CEO in 2014, Microsoft followed the market trend and turned to support open source, open sourced a large number of technologies in its .NET technology stack, actively participated in the construction of open source communities, and won a lot of goodwill in the open source industry. Even if the core logic behind it is still considering commercial interests, it will open up the developer market through open source. Today, Microsoft's every move in the open source world has attracted widespread attention from friends in the community, and the open source .NET technology system has also gained a large number of supporters at home and abroad, accumulating a good reputation.
Microsoft got it right this time, moving to .NET - 2014-11-13It is recommended to take a look at last year's Linux kernel source code enterprise contribution list. Microsoft is already in the top 20, and it still has cancer... It has long been a matter of Chen sesame and rotten millet. —— 2014-11-15Microsoft I love you. —— 2014-11-16Microsoft is finally more open and transformed—— 2015-02-04
The negative case of the "fat tiger effect" is more common in the open source field.
Last year, we reported that Qt has switched LTS into a commercial operation mode since version 5.15, that is, the LTS stable version binary files officially supported by Qt for a long time require users to pay for download and use. As soon as the Qt official was released, it was immediately strongly protested by community users. This widely-acclaimed open source cross-platform development tool seemed to collapse overnight.
Qt is dead and won't be used anymore. —— 2021-01-06Say goodbye to Qt, which is gradually closed source and commercialized, and look forward to the release of the community version of Qt. ——2021-01-06
Similarly, Red Hat stopped maintaining CentOS in favor of rolling out CentOS Stream .
In the past, the market was big, and it was possible to expand its influence through open source. Now that competing products are almost dead, they have to prepare for harvesting. Commercial companies will dominate this matter, especially listed companies, which will inevitably aim to make profits. Everyone is gone, the road to prostitution is getting narrower and narrower. —— 2020-12-10What I hate most is the word Stream—— 2020-12-10The stable version becomes a rolling update version, and in this way, CentOS is indeed dying in the server world. —— 2020-12-10
Although these open source projects have provided high-quality and free services for countless users for a long time, when the decision makers behind them finally "see the poor" and take a step toward commercialization, they are "justified" by the community. "The engulfment of public opinion seems to be an inevitable result.
A typical case recently is the "open source poisoning incident" that has been making a lot of noise in the front-end circle.
First, Miller (@RIAEvangelist), the author of vue-cli's dependency node-ipc package, added a text file named "Peacenotwar" to the latest version of the project in solidarity with Ukraine. In addition, if the user's computer is Russian or Belarusian IP address, Miller will insert malicious code into the package to overwrite the user's file system. The incident had a bad effect on a large number of downstream users of the node-ipc project, with many servers and PCs failing when updating to the latest code, and some users' system files involving Russian IPs were damaged.
Later, the author of the npm package "event-source-polyfill", which was downloaded 600,000 times a week, secretly added anti-war code to the new version. For a time, everyone in the front-end circle was in danger, and all walks of life began to check their own open source project references.
As soon as the incident came out, not only did the original authors of these projects have a rock-bottom reputation in the industry (even if they had contributed a lot of excellent code to the open source community and maintained them for free for several years), but more importantly, these open source authors had The aggressive approach in this incident also led many enterprise users to have doubts about the security of open source software itself.
As one developer's comment on GitHub put it, "This incident will cause other companies with absolutely nothing to do with Russia or politics to realize that free and open source software can be used as a way of supply chain attack to bring down their business. , and started banning free and open source software within their company, mind you, all free and open source software ."
Think rationally about the "fat tiger effect"
Whether it is the commercialization of Qt and CentOS mentioned above, or the poisoning of node-ipc and event-source-polyfill projects, many people's goodwill towards these open source projects has plummeted. In essence, the "fat tiger effect" comes from the gap between people's original expectations .
Most of the open source software, including Qt and CentOS, are usually packaged with labels such as "open, free, shared, free " in the promotion stage, setting high expectations in the hearts of the audience, so that there are still many people. Equating open source with free. Therefore, when these open source software suddenly turn to commercialization, they will inevitably be called "cutting leeks", and will be spurned by many users.
The same is true of the open source software supply chain security issues derived from the npm package poisoning incident. "As long as there are many eyes, bugs are easy to catch", which sets us up the expectation that open source software code is transparent, safe, and reliable; most of the excellent open source project authors who advocate the spirit of dedication and sharing also set a reliable example in people's hearts. However, when the extreme case of "poisoning" a widely popular npm package by an open source project author does happen, it is bound to have a severe impact on the good impression that open source software has accumulated in people's minds.
On the other hand, the "fat tiger effect" can easily lead people to fall into a "black or white" misunderstanding.
In fact, whether it is Microsoft, Qt or Red Hat, their essence is a commercial company for profit, and open source is a means of software promotion. Switching from closed source to open source, or changing the way open source is used to facilitate the growth of a fee-based business, are all business decisions made by the decision makers of these companies at a certain period in the company's interest - if open source can make the product more attractive users, and it has no impact on the profitability of the company's main business, then I will actively embrace open source; if this product or function can be changed to charging to increase the company's revenue (as long as it can bear the loss of some users caused by it), then I will Launch corresponding paid services.
As users, we only need to judge whether this product is good or not (whether it is worth our money to use the commercial version, and whether it is worth our time and energy to rebuild the community version), and then choose to continue to support or turn around smartly, by the way Thank you for the free service they have given us.
It is extended to the concerns of enterprise users about the security of open source software caused by the "poisoning" incident of npm. On the one hand, closed-source software actually has different degrees of security problems, and there is also the possibility of being injected with malicious code; on the other hand, many open-source software are also maintained by foundations, commercial companies and other organizations behind it (not relying on someone Willingness to do evil easily). Therefore, whether it is open source or closed source software, the review and testing of code security is a link that every enterprise needs to pay attention to.
The so-called "fat tiger effect" is in the final analysis just a picture of happiness, which reminds us to maintain dialectical thinking when facing open source, and avoid falling into the "black and white" thinking trap, whether open source is not related to the software itself. Good or bad doesn't matter . Whether it is an open source project, an open source author or a commercial company behind an open source project, there is no need for moral kidnapping, as long as we choose software that can meet our own needs.