Open Source Tension — Who Should Profit?

Twitter has been all a flutter with tweets on open source, specifically about what you do when open source meets the Cloud. Jon Christensen and Chris Hickman of and Rich Staats of discuss the tension between creators and commercial users of open source software and projects. Kelsus Secret Stache Some of the highlights of the show include: Open source companies and sponsors being taken for granted and feeling pressured to find ways to make money Tension stems from economic and open source business model changes over the last few years; open source projects need to figure out how to adapt to them Redislabs revised its open source license to be modified with the Commons Clause for protection from Cloud vendors monetizing without contributing Common business approaches with licenses is that improvements made need to be open source or money cannot be made off software running as a service Difficult to keep up with licenses because there’s so many of them, and companies are now inventing their own licenses to force restrictions with software Some companies can’t/don’t want to compete with the Cloud to make money and grow Companies can change licenses to make money and be competitive, but they don’t own that open source code/project Open Source Software Premise: Given to the community, and not owned by anyone Open source consumers include AWS’ Kafka, DocumentDB, and other services Two problems where open source software serves as a marketing solution: Getting developers to buy and use your software; and operating software at scale Original contributors of open source projects and companies created by them can’t compete with big providers; create new ways to make money and proprietary software Links and Resources Orange MongoDB Redis AWS Red Hat Apache 2 Confluent GitHub Kubernetes NPM Kelsus Secret Stache Media Transcript Rich: In Episode 50 of Mobycast, we discuss the tension between creators of open-source projects and those that use the software commercially. Welcome to Mobycast, a weekly conversation about cloud-native development, AWS and building distributed systems. Let’s jump right in. Jon: Welcome, Chris. It’s another episode of Mobycast. Chris: Hey, Jon. Good to be back. Jon: Glad to have you here. We’re going to talk today about Twitter’s favorite topic. We try to not do this all the time because we like to share useful content for people to bring to their jobs and, hopefully, they learn a little something and then go use what they learned as they’re doing software engineering, hopefully cloud-native, very high-quality professional software engineering, but, yeah, this is just too interesting. What has Twitter been talking about? What has the orange website been talking about? They’ve been talking about and they’ve been talking about what you do when open-source meets the cloud and, essentially, what’s been going on with companies like MongoDB that we’ve talked about before, like Redis, and then, obviously, the huge gorilla that’s taking over and just wreaking havoc in some very amazing and very good ways but also in some negative ways, which is AWS. I don’t want to be the one to introduce this because I think that you’ve done a little bit more thinking about it and done so in a more organized way so, Chris, maybe you could introduce us here. Chris: Yeah. Like you said, this is a very current topic, it’s a very active topic and it is changing day by day, like there’s new things happening here and, really, what it boils down to is there’s this tension with the open-source community between the folks that are producing or sponsoring its development and then the folks that are actually then using that, consuming it. In particular, we’re seeing big public cloud providers, and other service providers are operationalizing these open-source projects, turning them into production-grade services that are fully managed, and that becomes a business for them and it’s very profitable for them. The open-source providers are struggling to find their business model as a producer of that technology or as a sponsor to that technology, and so that’s where the tension’s coming in so it’s kind of like there’s just a lot of pressure there with these open-source companies or sponsors of these projects, like, “How do we make this money?” and this feeling of being kind of–I would imagine it’s a kind of feeling like being taken for granted or being used. They probably feel like, “Hey, we did all this hard work and yet we’re not making any of the profits. These other folks are coming in and taking away our livelihood, and that’s a big problem for us,” so that’s the ground-level tension that’s going on here. Again, it’s lot of different players in the space. Many, many different open-source projects are making changes to their license models, and then you also have, on the other side, the players in the consumer space, so the big public cloud providers like AWS, folks like Red Hat and even, actually, some other open-source type communities that you have, and we’ll get into that a little bit more as well. You’ve got players on both sides of the space, but I think, at the end of the day, what this boils down to is what’s the business model for open source because it’s changed from what it was even five years ago, and I think that’s what we’re dealing with here. I think this is where the tension is coming from, is that the economics have changed, the business models have changed and I think the open-source projects have a big challenge ahead of them to find out how they’re going to adapt to that. Are you still there, Jon? Jon: Yes. I’ll mark this note on the timeline. There’s a little hiccup, and here I go with my response. I’m not sure where to go from here. One of the things that I want to get in is just kind of a little bit of a list of some big things that have happened recently and then I also want to dive into just a couple of thoughts that I had when you started talking about the business model. I guess it makes more sense to lay the groundwork a little bit so, Chris, maybe you could just tell us what’s been happening. Give us a little bit of a bulleted list of what’s happening in the past weeks or months. Chris: Sure. Yeah. I think Redis Labs has definitely been at the forefront of this so Redis Labs is sponsoring the Redis Project. Redis is a great in-memory database solution that’s been around for quite some time right now, just a wonderful, wonderful piece of software, and Redis Labs is kind of the sponsor for that now. Their business model is they provide that. They have a service offering for Redis and they’ve done some improvements to it as well with Redis Modules. They kind of kicked this off, its latest salvo of license attacks, if you will, back in August of 2018 so they went and they revised their open-source license to be modified with the Commons Clause. Really, what this was, was this was about making changes to protect them and that project from cloud vendors like AWS, allowing them to go and monetize this but not contributing back to the projects in a significant manner. That was the goal of that and then, just recently– Jon: Can I stop you there before you say “what happened just recently”? You just said they had appended the Commons Clause to their license, but could you just tell me what that means? What’s the Commons Clause? Chris: Full disclosure, I haven’t read the specifics of that before what that is but, again, it’s attaching restrictions to what you could do and the derivative works. They’re making these licenses more restrictive. Jon: Right. I thought–and this is where I’d love it if somebody went just right to us and tell me that I’m wrong–that the Commons Clause is essentially saying that if you do make changes to this, that you need to be open-source, too. You don’t get to go make changes and then commercialize the core open-source part with your changes, but I could be wrong. Chris: That’s probably pretty much spot-on. This is the common theme with these licenses, that they’re either, A, saying, “Whatever improvements you do around it, that has to be open-source as well,” or the licenses are more geared towards saying, “You know what? You just can’t use this. You can’t make money off of this as a service. You can use the software but you can’t make money running as a service.” Those are the two different approaches that the community’s taking right now. Jon: Okay. Cool. Yeah, and I think that’s fair. Without getting into the names of the licenses and the specific legalese, those two businesses approaches to licensing software–I think that’s clearly what’s happening so yeah. Chris: It’s impossible to keep up with all these licenses because there’s just so many. There’s Apache 2, there’s the BSD license, and now everyone’s making their own. They’re inventing their own licenses so you have–we talked about, with Mongo, they have the SSPL. That’s their Server Side Public License. It’s only for Mongo but they had to come up with a new license just for what their needs were. Now, Redis Labs has come out with their own. They just, days ago, came out with a new way of attaching a license to a software and they’re calling this the RSAL, the Redis Source Available License. Jon: There we are back to where we were going originally because you were about to say before “just a few days ago” and, yeah, they put on this new license. Isn’t it funny, the name of that license? The name of that license is just sort of feels like a trip down memory lane, right? Redis Source Available License? It just really feels like, “Yeah, I feel like I bought some enterprise product that had that feature before.” Chris: Yeah. It’s super interesting to see that even the first iteration of this wasn’t restrictive enough for Redis Labs. They still weren’t happy with it, weren’t seeing the traction and so just spending more and more energy in this space to come up with other ways of what approaches they can use for it. This new license specifically applies to Redis Modules that have been created by Redis Labs so it’s not the actual Redis engine itself, and the modules are–it’s just a way they’re extending Redis, plugging in new functionality into Redis. It’s not part of the core Redis engine so they’ve done some stuff here and dealing with AI and ML, things like bloom filters and other things. This new license covers that code and this particular license is saying, “You know what? You can use this as you want except you can’t integrate it into a DB, a caching engine, a stream processing engine, search engine–basically, you can’t put it into an engine,” is the restriction there so, again, just trying to find ways to make it so that other folks can’t use the software and profit off of it without giving back or, in some cases, just not being able to profit off of it. That’s the case here with this license, with the Redis modules and ElistaCache. It’s just not going to happen. Jon: Right, and Redis isn’t the only one at this. Who else is doing this? Chris: As we’ve talked before on a previous episode, MongoDB made a really big change with their license back in October of 2018, and that was fully to go after these software providers, these running nodes as a service so MongoDB itself has said that, “Look, we need to be able to monetize MongoDB exclusive with cloud competition and, if we can’t, then we’re not going to be able to sustain the development. It’s not going to be worth our while,” which is a pretty strong statement. They’re basically saying, “Hey, we can’t compete with the cloud and so it’s kind of imperative for us to kind of just stop that in the bud. We don’t want to compete with them because we can’t and so we need to find ways to make it so that we’re not competing with them,” so there’s definitely been a lot of activity there on Mongo. They have a big spotlight on them as being a public company so they have to make money. Jon: Right? They have to grow. Yeah. Chris: Yes, absolutely. They have to grow so this is a very core issue for them as well. You have other projects out there that are making this, maybe not as well-known but Confluent recently did this as well. They just came out with a new license that they call the Confluent Community License, and this is one that says, “Hey, you can use this software. You can modify it. You can redistribute it but you cannot provide the software as a SaaS offering. Boom. Just going to make it very explicit: You cannot run this as a service and charge money for it,” which is pretty strict. That’s pretty cut and dry. Rich: Hey, there. This is Rich. Please pardon this quick interruption. We recently passed an internal milestone of 30,000 listens and I wanted to take a moment to thank you for the support. I was also hoping to encourage you to head on over to iTunes to leave us a review. Positive feedback and constructive criticism are both incredibly important to us so give us an idea of how we’re doing and we’ll promise to keep publishing new episodes every week. Okay, let’s dive back in. Jon: Yes. At this point in the show, if we were a radio lab, there would be a DJ scratch and we would say, “Wait a minute,” because I think where we’re going next is to say all of these open-source sponsored companies like Mongo, like Redis, they don’t own their products in the typical sense. They may be changing the license on future versions of those products but they can only do that because the licenses are open source to begin with so they’re just taking a version and saying, “Hey, we’re going to create a commercial product for the different license based on this version,” on something that is freely available and in the public domain. That’s just sort of interesting to me. These companies that–I think that the core cognitive dissonance for me in this conversation for me is, “Well, Mongo’s changing their license,” or, “Redis is changing their license,” and I think that we need to tease that apart and say, “No, that’s not their code. That is open-source code. It does not belong to Redis Labs and Mongo does not belong to MongoDB,” and when they’re changing the license, they’re just saying, “We’re going to take a version that we’ve been working on internally and put a new license on it,” which they’re totally welcome to do. The previous open-source license made that allowable so I think that’s what gives me this aha moment, like, “Whoa.” Okay, just because they built a business around an open-source product doesn’t mean that they are the open-source product, and that just kind of makes me kind of like–I don’t even. I just kind of shake my head like, “Whoa, this is so weird. What’s going to happen now?” so I think we’ll talk a little bit about that. Before we go all the way there and just really get into what their rights really are and what they should be getting for their contributions to these open-source projects, let’s talk a little bit about who the open-source consumers are. Do you want to just go through that a little bit, Chris? Chris: Great. Obviously, the big gorilla here is AWS. AWS has many different open-source projects that it’s turned into highly-available, highly-scalable services that are fully managed that just makes it so easy to use. Redis is a great example, Memcached, Kafka. We talked about DocumentDB, which is the MongoDB drop and replacement. You have Elasticsearch. The list just goes on, and on, and on. There’s quite a bit of open-source software that has been turned into service by AWS. Make no mistake about it. They’ve added a lot of incredible expertise, engineering and lots of resources to make those highly-available, highly-scalable managed services, and that’s kind of like the core crux of this, of what the competition is about and why folks like Redis Labs and Mongo are having problems and issues, is that this is–and we’ve kind of touched on this a little bit at the beginning, just kind of saying, “Hey, the landscape is changing and it’s different today than it was five years ago,” and one of the huge big changes that’s happened is that the cloud is here and cloud-native development is here and people are running in the cloud. Before, it wasn’t the case. You went and, basically, everything was kind of on-prem and you were installing software yourself, you were managing it, you were applying updates and patches, and that works really, really well for the open-source community because your business model there was like, “We can charge support,” so give away the software but people are going to need support on how to integrate with this, and how to run it, and how to manage it, and how to do backups and restores, and what not so we’ll provide support contracts. That’s our business model. It works really well but, when other companies now start offering that product as a service, then you don’t need that anymore, so the dollars switch, they flow a different way, and that’s what this whole argument is now about. It’s these open-source providers are like, “The business models that worked in the past for us are not working now. It’s really hard for us to compete against these other folks that are cloud companies that know how to run SaaS software.” Jon: This is a thing that I was thinking right at the beginning of this conversation and it felt like not quite the right time to say it and, now, I think it’s the right time to say it. It’s bit of a simplified statement and some people might get after me about this, but we’ve been in the software industry for a long time and it feels like if your market is software developers or are people that create software and run software, if that’s your market–so, inside insiders of the software industry–it feels like there’s two hard problems for companies. One hard problem is getting developers to buy/use your software. “I’m in a new database. Hey, everybody, use my new database. It’s cool. It’s the best. Really, really, really.” That is a hard, hard problem. Marketing to developers is like–oh, my god, here we are doing it right now as part of this podcast, but you get it, right? It is a hard problem. The other hard problem is operating software giant scale, and that problem is a problem that’s changed significantly. I think marketing to developers changed several years ago and, now, operating software scale is changing now, and that’s where I’m going with this. Marketing to developers was kind of solved with open source, finally a way to get developers to use a product without having to call them, email them and bother them. Instead, you just use this total guerilla marketing like, “Hey, contribute to this open-source project,” or, “Use this free library. Everybody’s using it. Yeah, I’ve been using it. I’m talking about it at my meet up. It’s so great.” All of a sudden, the good products start to rise to the top and get used by more and more people and then, when you’ve got a real winner, you know it, and that is a feature of open source, I would say. Right? Would you say that, Chris? Chris: I mean open source is all about the community. It’s about kind of having–it establishes the relationship, a really core, fundamental relationship with the software so it’s a huge difference between buying software versus building software. If you build software, you have a sense of ownership to it and you’re much more loyal to it as opposed to just buying something off the shelf. That relationship doesn’t exist. Yeah, when you’re talking to folks like developers, there’s a lot of not-meant-here mentality and like, “I can build this thing better. I can design this thing better.” Open source throws all that stuff out the window and open source is fine. You can make it better? Submit a PR. Jon: Right. Exactly, so it solves that really weird marketing problem and then companies like Red Hat, companies like Confluent, come out of that because the original founders of the open-source project–and I’m actually not sure about the founding stories of those two companies that I just mentioned, but it is often the case that an open-source project that’s started by a few founders, they realize they’ve got to tie you by the tail. They realize that they’re seeing their GitHub stars go up, and up, and up and they’re like, “Oh, my goodness. We’ve got to do something about this,” and then form a company. That has been just a really neat way for people to realize they have traction to get, potentially, venture capital money and to build something around the open-source project that, yes, they mostly did create but, before they ever really got very far with it, they gave it to the world. That’s an important little phrase that I just used there. They gave it to the world. They really did serve in a legal way and give it to the world. Chris: Yeah, I mean that’s what open-source software is, right? Once you make that decision to go open source, that’s the contract. That’s the whole premise of it, is that this is something that is given to the community and it’s really not owned by anyone; it’s owned by the community and this idea of, “Hey, if you find this software useful, use it and if you can help make it better,” it’s all under the promise of it’s going to grow and it’s going to get better from that community. Once you make that decision to make it a community project, that’s what you’ve done. You can’t now try to turn it into some kind of proprietor thing that you make money off of. Jon: That’s where the crux is because that was the game. That is what people were realizing that they could do and that was the path to creating a valuable insider’s insider piece of software. Everyone realized, “I’m not going to be able to just go make a company and make a new fancy database,” or something or a fancy management system for web applications, like, “I can’t go do that as a company. I’ve got to go get a popular open-source project first and then I can convince people I can make a company around it.” It’s such a departure from sort of the peace and love free software days of the past. It really is very strategic, like, “We make this thing, give it to the world and then I’m going to capitalize on it once the world decides they like it,” and there’s a little bit of a tension there. There’s a thing that’s fallen over with the cloud. Chris: Again, everything is changing so quickly, business models, just the players and just what opportunities are there. I think a good example here is the Apache Project. That kind of feels a bit more like just a pure play, like this is hardcore community projects and, really, it’s all about just community, sharing, contributing and building something, just something really great. Jon: Yeah, just because it should exist. Chris: But it’s just not really about money, and that’s where open source started and that’s where it had been for a while, and then there was the realization like, “Wait a minute. We can make money off of this by doing in support, like doing support or training,” and some of those efforts paid off very, very handsomely. Even just recently, I’m looking at you, [00:26:12]. That’s a great example of it. Kubernetes is an amazing piece of technology and it’s grown to be just so huge. It’s just amazing, all the pieces to it and everything it can do, but it’s been developed–I can’t imagine how many contributors have added to the codebase and it’s such a big project but, again, some of the creators of that project were able to go build a venture-funded company and they just recently had a very, very nice exit to the tune of half a billion dollars, and that was all built around the business model of, “We will provide training, consulting and whatever else comes out it for Kubernetes.” Jon: And managed services as well so, yeah, this is such a tough thing. I’m about to say my favorite, favorite part of this whole conversation which is that while there is, obviously, this disparity between how AWS is taking these products and then gargantuanizing them–that is a word I just made up–they’re doing that and they’re not making, really hardly, any new open-source projects or, when they do, nobody thinks of AWS as the open-source company. They may actually contribute quite a bit but they’re not making that a big part of their brand, if nothing else, versus the companies like Redis Labs that are like, “No, this is ours. Don’t take this away from us,” and so here it is. There’s not any difference. Redis Labs was using open-source software to make money for themselves and that’s AWS is doing, too. Just because the people of it were the first committers to Redis, happened to work at Redis Labs, there’s not a legal distinction between those things or, really, a business distinction between those things. It’s the same. They’re both looking– Chris: No, they’re both trying to make money off of the open-source software and they’re basically competing the same way now as a managed service and they’re find it very, very hard to compete against these other companies like AWS and the other public cloud and, again, that’s where this tension is coming from. They’re finding it very difficult to compete. It’s threatening their business model so they’re trying to find ways to stave off that competition, and it just really feels like this is the wrong approach. Jon: Yeah, the relicensing just feels off. Chris: This poses a really big risk to the open-source projects so it’s either going to–they’re going to lose their communities because just even individual contributors are going to be wondering, scared or wary of contributing to a project that is so strictly licensed where it doesn’t even feel like an open-source software anymore and it’s kind of lost that whole spirit. Jon: Right, and if even if you’re not in it for the money, if you love working on AWS or you were proud, you make a contribution and you get it into to the core and then you see it running there, your own contribution is now running in the big cloud, it’s like, “Yes!” and if that’s not a possibility anymore, it’s less motivating. Chris: Yeah, indeed, and then the other risk here is that these licenses just lead to other folks just forking that codebase and making brand-new derivative works that are now proprietary, that they’re not open-source, and so what happens is you can think of it as a tree branching and the trunks just withering. That’s not the best analogy, but the open-source projects are at risk of withering because they lose their community not getting the kind of focus anymore because people now have to choose. “Do I go with MongoDB or do I go with DocumentDB? Does the licensing of the SSPL cause AWS to start splitting off DocumentDB from Mongo where it’s now a superset of MongoDB?” and, now, people have to choose. “Do I go with DocumentDB or do I stay with MongoDB, like who am I going to bet on?” so that is a really big risk here for the open-source projects. Jon: It’s not just a risk for those projects but I feel like it’s a risk to the world. There’s no doubt that open-source projects over the last 10 or 15 years have accelerated the pace of innovation, creation and software. Everybody’s benefitted by the ultra-rapid advancements of these open-source projects and then, now, everybody is benefitted by not having to even work with those open-source projects to get them to run at scale by those being in the public cloud so everyone’s winning except for, unfortunately, the original contributors to those open-source projects and the companies that were created by those people so I don’t know what to do about that, exactly, but I certainly don’t want to lose this thing that we’ve created. How can we retain that? This is getting into the conclusions of this conversation. It’s like how do we get the good parts of what we have without having a bunch of Stan Lees, creator of Spiderman or all the Marvel comics that didn’t get a bunch of money until way late in life? How do we motivate the creators that want to share their work with money without bringing back the old problem of, “How do you market to developers?” because open source is an absolutely wonderful solution to that problem so I want to not try to think of different solutions to that problem; I just want to think of different solutions to the problem of, potentially, an open-source project getting picked up by a big cloud provider and then only making the cloud money. Any ideas? Chris: I think it’s a tough challenge for the open-source projects and the folks that were trying to have business models built around that because, again, it’s changed so I think my advice is you can’t compete against the big service providers in that space. That’s not your core competency as the OSS, as an open-source provider or sponsor. You’re not going to do better offering that as a service than these big companies like AWS and, even if you were, you still have the problem that all of their infrastructure, software and services all running inside of that AWS cloud and then you now have to separate external entity thing and how do you make that efficient. All the other extra plumbing that has to go on top of that makes it a fairly difficult fit. I think what has to happen here is that the open-source project companies that are trying to make business models out of that software need to come up with new ways of making money that are different from the past, like the traditional support is not going to cut it necessarily going forward and then offering that as a service isn’t going to support that so you’ve got to find another way. Maybe the right way to do this is, actually, what Redis Labs is doing. Create a plugin system and make money off the modules. That’s actually a really great model. The core project is there and that is what’s open source and free, but what is your secret sauce? What is the company that you’re building to focus on this open-source project and to make money off? You’ve got to bring something unique to the table. You can’t just say, “We’re going to sponsor a team of developers to do work on it.” You’ve got to have something else. Just figure out what that is that you bring to the table and make that proprietary and make that your business model. Do something that’s going to make it hard for other people to compete against with. You could do this with Mongo and you can do it with Redis. I think there’s models out there for all of this stuff so just don’t try to compete head to head with someone like Amazon in the SaaS space. You will lose. Jon: It’s a little unfortunate because it may mean that, for open-source ideas, there are going to be fewer unicorns in the future but it doesn’t necessarily mean that there isn’t a really good potential to make and change-your-life money on getting a good, open-source project out the door. Didn’t NPM just release an enterprise version of NPM? It’s kind of interesting. They’re kind of thinking differently than other open-source projects. Chris: Yeah, NPM is an interesting thing. It’s got its own unique characteristics. NPM from the get-go, even though it was the package manager for Node, it was completely separate. Isaac Schlueter, the creator of NPM, actually retained that as his. I don’t know specifically what the licensing was, but it was very much not part of the Node project. This was actually something that Isaac did so he went and founded NPM to basically go make a business out of NPM. One of the reasons why he could do it is because, actually, he was the license holder of that, not Joyent, the Node Foundation or anything like that. They’ve gone and they’ve been doing this now for a while. They formed NPM a company. It is now offering NPM as a service and now they have a paid model for doing. It’s very common. You have public repos versus private so they’re charging for private repos and then, just recently, they have a new version of it that’s geared more towards enterprises. I believe this is–basically, now, instead of having the global NPM population of modules, it’s really going to be like you get to decide what’s in that so it’s not just your own private ones but also what public ones do you want to be part of that as well but, again, it’s a really smart approach of, “Hey, NPM’s out there. It’s still open source. It’s free. You don’t have to pay money for it to use but if you want some of these value-added things, you can go ahead and do that,” and they can have a very good business all around that until, of course, AWS decides to [00:39:07]. Jon: Actually this is yet another one that AWS can pick up. Chris: Yeah, but it’s great. This is one of those things where there’s probably not a lot of customers that are yelling at AWS saying, “I wish you had a pack [00:39:20] over Node and patch manager for Python.” I’m probably not hearing that nearly as much although they did do this with Docker Images. They have ECR and that definitely is a competitor of Docker Hub. Right now, it’s still a good pitch for them. Jon: Right on. Thank you very much. What a fun conversation. Chris: Yeah, it was. Jon: Yeah, and we’ll be back here next week. Thanks for listening. Chris: All right. Thanks, Jon. See you later. Jon: Bye. Chris: Bye. Rich: Well, dear listener, you made it to the end. We appreciate your time and invite you to continue the conversation with us online. This episode, along with show notes and other valuable resources, is available at . If you have any questions or additional insights, we encourage you to leave us a comment there. Thank you and we’ll see you again next week. mobycast.fm/50