Be aware of hidden vendor-lock
If something is for free, always ask “Why” and “To Whom interest”, don't get locked to Big companies even promising a rocket speed deployment.
Story behind
Well, I guess Everybody is familiar with Meetup.com in these days (https://www.meetup.com). Basically, a great platform to manage knowledge sharing and meeting new people. In these days also heavily used by companies for pre-hiring AD's.
The Meetup was about REACT while using Firebase as an engine for rapid development of MEAN stack app. Pretty nice and easy, to be honest, just a simple configuration, not many hooks and simple HTML-generated page — and here we’re — we have full stack app in place.
But who stands behind of such “free” tools?
Well, it's Google to be clear — I guess that Everybody knows just from the link above for Firebase.
But wait — right now, we have already 2 big companies in game: Facebook as REACT and Google as Firebase, both providing great tools for what?
Intro to the problem
While having meetup and big pharma IT dept I started to ask myself the question: “Is this real?”. We all know the power of knowledge and security obstacles at corporate levels that banns some of technologies for sake of “good”. However, I don't see Firebase as a product to be used here.
I asked the leader of the meeting, at the coffee, and what shocked me the most, he had no clue about problems related to promoting Google “free tool” as the one used internally — even worst, it's already used and this meeting is just about to show “how we're using it”. I must be fair here — the speaker got shocked and I'm pretty sure that his insight will dramatically change just after understanding the fact, that even internal pharma app can give Google something, what was not intended to be shared.
And, last but not least, using Firebase means applying vendor-lock in behind of the code, that is then going to be really hard to change. Database schema is basically cloud-based stored with to get data out after a while will be a nightmare not counting user experience in behind.
Is this really a problem
Well, let me point some of actual dangerous development method I crossed:
- Using of node libraries (including javascript libraries in overall) that brings such functionality as user management, password management, authentication and data query.
- Using hooks and 3rd party services for data and UIX manipulation.
- Using Frameworks like Angular and React that are compounded of almost unlimited numbers of functions and authors what makes security control of the code almost impossible.
- …and what makes this as problem, not understanding vendor contractual terms and conditions in details.
I don't say that using free tools is a bad practice — even I like to use it and coded many freeware codes in past. However, what I see almost Everywhere is practice of fast paced development (Agile) that is using advanced libraries without having a contractural / NDA agreements with vendor of the code. This is now even asked or requested, nor documented. And this, out of research and dev department, means an open door to legal and costs issues in the future.
Hidden hook of vendor-lock
In the past, many of companies — even the biggest software houses — used a dirty code to apply vendor-lock mechanism to their delivery. This was heavily used in Public sector. Some of such code was for purpose of National Security, so called black box, however such code was well documented. I'm talking about a special code used to make really hard to get a new supplier like data modification per a special hash or never released data schema, using a proprietary technology.
However, a situation changed and with GNU (e.g. publicly accessible code) such dirty behaviour was limited. But a new era of “free service” arisen while applying the same principles. Here are some key points to be considered as dangerous:
- Free Operation systems (Android)
- Free services for data storage and rapid development (Firebase, Heroku)
- Free libraries and hooks (nodeJS)
Nothing is free — information is super expensive. ALWAYS seek for answer given by question: “Why I'm getting such great service for free, e.g. what I'm going to give to the vendor?”. You'll find out that you give Everything, just read terms and conditions.
Conclusion
The service is always about purpose. Be informed that once you sign for a free service typically data passed to the service is not yours anymore. Be aware, that is can have legal implication as mostly, in dev teams, you can expose sensitive data to the cloud.
Image yourself as the Queen in the picture bellow. What would be your purpose while providing the free service — to build a wall or to keep it open?
Have a great day and Thank you for reading.
And if you have a question or comment feel free to ask.
