People who know me are well aware that I love Open Source with all my heart. I have more than 50 open-source repositories in my github account. Some are maintained, some are not.
This post is not to talk about me, though. It is to talk about how freaking incredibly awesome Open Source is and how people will surprise you every time.
Thumbor is a much better project because of the MANY MANY contributions we have received from the comunity.
I can’t stress enough how incredibly fortunate we are that there are so many VERY SMART people out there willing to contribute back to our project.
That’s why Open-Source will win every time against proprietary software. Because of the people. Keep reading if you want to know more about our story.
Thumbor is an open-source image operations server. Don’t let this simple description fool you. IT IS powerful. It does INCREDIBLE stuff that saves our company a boatload of money.
When we started the project, the development team decided on open-sourcing the project.
It is general purpose enough as not to require any of our internal information and/or business details to leak.
This decision comes with some trade-offs, that seem very negative at first. A couple questions that came up?
- How are we going to change the way Thumbor stores images? Do we need to fork the project to have our “company version” of it?
- How do we load images from our domains only? (Repeat first question proposed solution and rinse)
- How do we stop attackers from overloading our servers with requests for images of different sizes?
- How do we stop competitors from using our software to their advantage?
- How is this any valuable compared to using a proprietary solution (given we have the money to buy it)?
As you can see, there are many questions people came up with NOT to open-source the project.
We decided we would tackle each of those problems when their time came.
I want to give a brief description of the team behind Thumbor just to clarify why we decided to open-source it even in the face of so many questions.
Rafael Carício is also a big-time supporter of Open-Source projects, being committer of Pyvows and many other open-source projects. Recently he spent two days just fixing issues with the default Python interpreter. Pretty awesome if you ask me.
If we were going to open-source Thumbor, we needed to make sure it was as extensible as possible.
This kind of architecture is not simple to build, so we came up with parts that would be general enough so you can start using Thumbor right away.
We also needed to come up with a system to stop people from exploiting Thumbor to generate an infinite number of images and thus overload the server. We came up with encrypted URLs. We don’t believe in security by obscurity either, meaning that even if the software was closed source, people would exploit it.
The company we work for, globo.com, has many, many images (millions) and many users (nearly 5B page views/mo). So we had to make sure Thumbor was up to the task. So we fine tuned it.
Ok, so what were our premises for thumbor?
- We need everything to be extensible, so we also need to come up with reasonable implementations of the extensible parts;
- We need Thumbor to be safe, so we must stick to secure by convention, meaning that if you don’t change a thing, Thumbor is secure;
- We need Thumbor to be fast so it can handle many operations per second without requiring expensive clusters
I’m skipping intentionally the main premise which is we want Thumbor to be the best software at cropping images which is what drove us to build it in the first place.
Skip a couple months to the future…
So we fire up our servers and Thumbor is a go. We notice it’s a little slow, but hey, it’s doing its job and we started with a small team of users.
Then the unexpected happens!
We have FREE skilled testers in our project now. People who are proactively testing it for us and reporting back their findings.
Not only that, they are fixing our software for us and giving us back the code with NO STRINGS ATTACHED.
Let me say this again, these people, highly skilled individuals, all of them WITH JOBS, are working for free in a project they did not start.
This is humans at their best if you ask me!
That’s another incredible aspect of Open-Source Software: people READ your code.
People read ours. They found MANY, MANY things to improve/change/add/remove. We are grateful for every single one of them.
The project would not be as good as it is for our users if it wasn’t for the people that are contributing.
Through contributions we improved storage, loading, graphics engines, security (A LOT), performance (A LOT) and our software practices.
That’s actually one thing of the process of developing open source software that is very humbling. People pay more attention to software practices like testing and continuous integration when they are trying to get their patches accepted.
And they call on you when you are slipping on your side of the fence. And we got called! And we listened. All of us came out of the process better at our craft.
Thumbor has already payed for itself many times. It is so useful to us that we don’t care if our competitors use it, as long as the community keeps improving it.
As for buying a proprietary software, I haven’t found a single one that does the same as Thumbor and even if we do, we’ll never get this level of creativity, support and diversity from any given company.
This means if we have to choose again between open or closed source, I think we’ll stay with open source every single time.
HUGE MEGA THANKS WITH RAINBOWS AND UNICORNS
I think I did stress in this post how much I appreciate all the contributions, but I still feel obligated to thank you guys. Your contributions have been incredible and are all INVALUABLE.
So sincere thanks to (in no particular order):
- Damien Hardy
- Stefano Cavallari
- Cícero Verneck Corrêa
- Rudá Moura
- Douglas Soares
- The incredible team at Square
- Everyone else using Thumbor and helping us make it even more awesome!