It clearly states in the article that though VSC is open source and you can build it from source, there are opaque components that are part of the VSC installer. The article claims that the installer installs telemetry systems, though they can be opted out of. However, the project owners do not trust Microsoft to honor the 'opt-out' part if not now then in the future.
Why would trust them? honest question. VSCode is more transparent as any other open source project it can be, yet people still have that Microsoft stigma for years ago. To me is just blatant paranoia.
I would not trust an installer from a third party without knowing what was really changed, that's scary as hell if you ask me. Just look at the bootstrap 4 backdoor that was introduced but luckily was caught.
Ah, that's because you are on an untrusted platform in the first place. There is no "installer" on ubuntu, so it's actually easy to verify if the package we got really came from the sources we see in github. But vscode packages are explicitly different from the code by those proprietary additions during build. We have to trust them that they only add telemetry. One very important feature of open-source is that you don't have to trust. Adding this proprietary blackbox completely removes that factor. Not to mention, I really don't want telemetry on my code and this wouldn't be the first time Microsoft let you disable something only to be later revealed that it was still sending.
That's mighty dissonant and hypocritical of them to use and benefit from Microsoft's work and investment, and claim that their telemetry is the part they don't trust.
VSCode is OSS right? So microsoft’s Work and Investment was specifically designed to be reused without any direct financial compensation.
I don’t quite understand your point. Do you think that it’s hypocrtical to use and benefit from OSS work and investment? It seems important to respect the creator’s intent and if software is released under an OSS license it’s not dissonant or hypocritical or bad to reuse, or even make money under many licenses. It’s a feature, not a bug.
In the 90s there used to be these companies that sold “internet in a box” in waldenbooks and other stores in the US. It was about $70 but it was all just OSS stuff- trumpet winsock, Eudora, mosaic, etc. I thought it was really crazy because it’s all available for free. One day I was in line behind an old guy who was buying it and he was so happy because it was conveniently packaging everything together and he had no idea how to bootstrap all these tools onto his PC. OSS is designed to allow this.
This is a clear case of people exploiting and perpetrating FUD (fear, uncertainty and doubt), riding on Microsoft's historic reputation as not being trustworthy, and turning it to their private benefit.
If you have trust issues with Microsoft, you shouldn't be using software authored by them, as software can have backdoors and security issues hiding in plain sight (heart bleed bug, for instance).
Atom has/had the exact same kind of telemetry, but hasn't attracted this type of hysteria, because GitHub wasn't Microsoft. This is all plain and simple dogma.
I think this is why OSS helps to reduce fud. Clearly showing the source that produces telemetry and providing a district that doesn’t use it, and can clearly be built for source is the best way, I think, to reduce fud. MS gets more than others because of their history and size.
You do realize VSCode's built on top of things like Electron, Node, V8 etc. It's a lot of work done by other people to enable MS to build VSCode in this way.
So why is it problematic now for other people to build on top of what Microsoft added?
I hope you see that writing millions of lines of original source code on top of (Election, node, v8,..) and investing tens of engineers at millions per year in cost, to create VSCode is not equivalent to disabling telemetry and slapping a non Microsoft label on it.
There's absolutely zero problems with people using OSS as intended. But for me personally, as I stated in the original parent comment, value obtained by persisting with Microsoft's VSCode, despite telemetry, is worth continuing to use it, as against an entity's fork whose USP is furthering unfounded FUD.
They're not trying to hide/deny it's Microsoft's VSCode. It's called VSCodium, inspired by Google Chrome/Chromium, after all. As for it being FUD, being concerned over OPT-OUT telemetry is for many not FUD, but to each their own.
