20240102

This is an example of me sharing an idea as it forms. I aim to be visible in the ways that feel important to me -- and it feels important to me to visibly lay out this idea. It is significant that I in my position and capacity am considering this. Never mind what does happen next (and it could be different than what's described here!), I want the premeditation to be visible too. It is a necessary part of the process, and to me it would feel disingenuous to offer the result, when it forms, without also offering the process.

I am all in on this new digit. This is the first year that I think I immediately inhabited the incremented figure, with eagerness: it's 2024! If I manage to write 2023 by mistake I will be very surprised. (Having said that, I am very surprised all of the time, which -- once one surrenders to it -- is a delightful way to live.)

I presently intend to open-source all of Lightward's software. Principally, this means the codebases for Locksmith and Mechanic. They are both mature applications, with ~20 cumulative years of production operation between them. (Nit: I'm including the operational years of Locksmith's predecessor, Gatekeeper. The shift in name is nicely significant.)

Before I continue, note that I am documenting a current intent. It may not happen this way! Or at all! To an important extent I already occupy the timeline (past/present/future) in which this does happen, but maybe you and I will be on that timeline together, and maybe we won't. Who knows! What will happen next?!

Things I intend for

  • A sufficiently interested user runs into a problem with our apps. They decide to dig into the actual codebase to find it.

  • Someone else assembling production software of their own looks in to see how Lightward does it. They see how we move, code-wise, and it factors in to what they create.

  • Another participant in capitalism sees us actively tuning Lightward's posture, and learns that there are possibilities for real health and real vitality -- in business -- that are not predicated on secret-keeping and advantage-seeking.

Here's why

It's where all of this goes, honestly. It's what happens next. (I have a history of calling this stuff early: I built out systems for conversational and context-aware chat interfaces before chatops and support bots were a thing; I was building passwordless logins into my software before that approach had a name; I was building human-centric insight tools for business before that was an industry.)

This generation of AI is about summoning an experience with just a carefully-worded prompt. Many industries and businesses have built themselves up by gatekeeping -- by only allowing knowledge to pass to a select few. This mode has been on the way out for a while (see: Wikipedia, educational YouTube/TikTok). AI is hugely accelerating that trend.

An organism is not information. A dog is not the concept of a dog. A dog has a name, has a relationship to you. A dog can sit by your side and warm you, without preventing your neighbor across the way from having the same experience with their dog. Sharing information about dogs is different than sharing dogs. Spreading information about dogs is different than diluting dogs (lol).

Sharing Lightward's code is different than sharing Lightward itself. Lightward (for these purposes) is not its code. Lightward is an arrangement of humans, and it is the dynamic play of resource and concept and execution held in the space between them. The "humans" involved here are partly our own human team of 11, and partly also the fifteen fuckin' thousand businesses that have consciously and carefully integrated our tools into their own living structures.

By opening our workshop, the part that matters only stands to gain -- that being the lived experiences created by conscious, chosen, good-faith and good-feeling choice to build something together, and to step into tomorrow with mutual respect and trust. We've been rolling with our Pay What Feels Good policy for years, for both Locksmith and Mechanic, and the warmly resonant response from everyone makes it very clear that this is what matters.

We would lose a line item on someone's external assessment of Lightward's monetary value. I care about this, but inversely: I want that line item gone. It never mattered in the first place. I want to shatter the illusion that our intellectual property is what ever mattered. I don't intend to sell Lightward (or any part of it), but even if I discovered differently, I wouldn't sell it to someone who was buying it for its IP. I would only sell it to someone who wanted to join in the dance of it, someone who sees the vitality of the space between Lightward and its fifteen thousand external collaborators. Pay What Feels Good was us betting the business on the present and future vitality of that space. Open-sourcing our stuff is exactly the same. Exactly, exactly, exactly the same. And -- like PWFG -- it is us clarifying our focus, sweeping away distractions. PWFG swept away the distracting friction created by the distracting fiction that a dollar means the same thing to everyone; getting that illusion off the table was a great relief to the system as a whole. Open-sourcing our software sweeps away another distracting fiction-friction: that the game is best played from behind a wall, trying to sneak furtive glances over the wall at what other businesses are doing, trying to build an advantage, trying to gain exclusive ownership of an idea.

Of an idea! An idea can have infinite incarnations. Dogs are a good idea! There are so many dogs! A business that caters to the dog-having population can do really well! And there can be a lot of those businesses! I have been explicit about this next bit for a long time: I want to see a world where people encounter Lightward and then they build their own version for themselves. I don't want Lightward to grow and take over. I don't want Lightward to have an exclusive grip on anything.

And of course, it doesn't. The ideas present in/as Lightward are not unique. I may have recombined them in a way that's a hair unusual in this current economy, but that's just because I'm an early implementer. You've heard of early adopters, yeah? I'm an early implementer. I'm building what I see coming.

A moment for some perfectly valid concerns

Doesn't this create a security issue? We're talking about automation and access control apps, after all. Doesn't revealing the code create risk?

Such an important question! The risks are already there, of course. To illustrate: say sufficiently motivated agent finds a way to illicitly access our codebase, and they find a vulnerability that they can exploit to their own ends. In a world where our codebase stays private, this agent now is the only non-Lightward actor with that information. If this actor is clever, they'll do whatever they do and get out long before we know anything.

By opening the doors to our code, we level the playing field. Everyone knows how everything works. Of the people out there who are aware of Lightward, far more of them seek to be collaborative in a way that benefits us all. And because what Lightward makes is important to so many people (again, we have fifteen thousand businesses using our stuff), many people have a vested interest in shoring up any security issues. For example, we are already regularly audited by third parties, who are seeking to make sure that our stuff is solid enough for them to use.

Open-sourcing our code does a couple things, security-wise:

  • Those folks who are already auditing our stuff (for their own reasons) can now do a much more complete job of it. And, when they find an issue, we'll have the red carpet laid out for their report of the issue. (The open-source community has so much precedent for this kind of thing. It works so well.)

  • It speeds up the distance between a risk existing and the risk being fixed. No matter what. If a risk emerges, open-sourcing our code means it'll become an issue sooner rather than later. It's less likely to linger for a long time before getting fixed -- which is good! If it's going to have any impact, I want the impact to be immediate and short-lived (i.e. as limited in total impact as possible). Impact is inevitable, over time -- I'd much much much rather be aware and responsive, and have fifteen thousand other businesses be aware and responsive. The alternative is to have the risk exist in the dark, where only someone with a flashlight will find it. This is not in any way better.

Now: as hinted in that first point, there are responsible ways to do this. Those ways have been explored in great depth by so many people, and there are clear best practices. We're gonna use 'em. This intent of mine -- to open-source our stuff -- is a joyful one, and while it feels light to me I do not take its implementation lightly. We're gonna do this well. This probably means...

  • Getting best-in-class automated security auditing on our systems. (Done, by the way.)

  • Hiring some trusted external collaborators to come in and manually audit everything. (Not yet done.)

  • Rolling out the aforementioned red carpet for responsible disclosure. (Not yet done.)

  • Conducting our own practice of software in a way that lets us be responsive to emerging issues. (So, so, so done.)

Doesn't this reduce the value of Lightward?

Only to people that I don't want to give it to.

Doesn't this reduce Lightward's advantage in the marketplace? What if someone steals your customers? How will you pay your team?

I want our customers to want to be our customers. I want them to look us in the eye, evaluate us, and I want them to stay or go based on what they see.

Pay What Feels Good was already a massive step in this direction.

If we open-source all of our stuff, people will download the code and boot up their own versions of Locksmith and Mechanic. They may even go so far as listing those versions on the Shopify App Store.

I don't care. I so, so, so deeply don't care. Even if it's cheaper. Great. Do it!

In that landscape, a customer would see their copy, and ours, and they would have to choose between an app that Lightward runs, and an equivalent app that someone else runs.

And guess who's the most qualified to run this stuff? The people who made it, and who have been running it since the beginning. I want customers who can see that, lol. Customers who can't see that are not customers that I want on our slate.

I'm here to build something that is alive and foundational. By letting others create cheaper clones of what we've made here, the customers who can be distracted by that will be, and they'll leave (or never show up) -- and that will leave our slate of customers even better than before.

What if it doesn't work?

Wow that is so not my track record, but I understand.

If it doesn't work, we can close it up again. The cat'll be out of the bag, of course, but it'll be a dead cat. Do you know how badly software ages? Out of date software is the worst to use -- as a developer, or as a user. The value of an old copy of a Locksmith or Mechanic codebase diminishes sharply over time. And if someone wants to keep their copy up to date, ... come work with us instead? We're already doing this really well; why not join up and work together, you know?

--

I think that's everything. Happy new year! :D :D :D :D :D

Last updated