It has been an interesting year for open-source software makers. The primary commercial sponsors and/or individual contributors to projects as game-changing and as popular as Apache Kafka, MongoDB and Redis, among many others, may now be asking themselves if they are being taken advantage of, are using the right open-source licenses, or if they’re truly engaged in communities of like-minded people.
This is happening as some cloud providers and open-source brands are taking code that was written by open-source project “volunteers,” lofting it onto their clouds or locking it down and then reselling it. The most recent occurrence happened late last week at Amazon Web Services (AWS) re:Invent conference.
Kafka on AWS
Standing on the keynote stage, Amazon CTO and vice president Werner Vogels announced Amazon Managed Streaming for Kafka (Amazon MSK), a fully-managed service that makes it easy for developers and their employers to build and run applications that use Apache Kafka to process streaming data. Vogels explained to AWS customers how this would benefit them. “It’s a nightmare having to restart all the cluster and the main nodes (as you have to do with Apache Kafka),” he said. “This (Amazon MSK) is what I would call the traditional heavy lifting that AWS is really good at solving for you.” The announcement was received with great applause.
Innovative as Amazon MSK might seem, Kafka was initially built at LinkedIn. LinkedIn donated Kafka to the Apache Software Foundation and gave their blessing to Kafka’s principal creators to leave the company and form a startup, Confluent. Confluent is the commercial sponsor of Apache Kafka. Its employees are the primary (but not all) code committers; they work on the project on company time. It’s hard to tell if any AWS employees contribute anything to Apache Kafka at all.
But it is important to note that AWS isn’t breaking any rules by selling Apache Kafka-based services. “It’s fine to use open-source software for commercial services, you can take it and sell it whether you contribute to it or not,” according to Patrick Masson, general manager of Open Source Initiative (OSI). Not only that, but OSI guidelines indicate that you can’t even stop “evil” people from using or profiting from open-source software. It’s likely that each of the Kafka project’s 439 individual contributors know this.
Regardless, AWS’ move took the Kafka community by surprise, including the management team at Confluent. For now, the venture-funded company is taking the high road.
Neha Narkhede, co-founder and CTO at Confluent, told CMSWire, “The AWS announcement speaks to the mainstream applicability of Apache Kafka, but its offering for developers only allows them to get started and play with Kafka, likely because AWS lacks Kafka expertise and has made no contributions to Kafka itself. It’s great to know that more and more developers will be exposed to Apache Kafka’s immense capabilities and see firsthand the benefits of streaming data, but as a builder myself, I know they’ll want and need more in order to reach full potential. Confluent Cloud, a complete streaming platform centered around Kafka from Confluent, offers a fully-managed version of Kafka re-engineered to run as a native cloud service, from the creators and committers of Kafka.”
Redis Took a Different Approach
However, when it comes to AWS and other clouds giving away open source Redis, the “most loved database” according to Stack Overlow, Yiftach Shoolman, founder and CTO of Redis Labs, handled things differently. “Cloud providers have been taking advantage of the open-source community for years by selling (for hundreds of millions of dollars) cloud services based on open-source code they didn’t develop (e.g. Docker, Spark, Hadoop, Redis, Elasticsearch and others). This discourages the community from investing in the development open-source code, because any potential benefit goes to cloud providers rather than the code developer or their sponsor.”
Last August, Redis Labs took certain Redis modules — RediSearch, Redis Graph, ReJSON, ReBloom and Redis-ML — and moved them to Apache 2.0 modified with Commons Clause license. Commons Clause says that third parties cannot sell, charge fees or offer a product or service whose value derives, entirely or substantially, from the functionality of the software. Redis’ adoption of the new license angered some Redis contributors who claim that Redis is now proprietary. “The commons clause will destroy open source,” wrote open-source programmer Drew Devault. He also warned open source contributors not to sign Contributors License Agreements, suggesting that they make it legally possible to take open-source software and commercialize it without returning any compensation to those who support the project.
But that’s not all, developers Chris Lamb and Nathan Scott have formed GoodFORM with the intent of keeping Redis modules “free and open.”
IT Managers Need To Be Aware
While this might appear as infighting between open-source developers, idealists and commercial open-source project sponsors, IT managers need to be cognizant of changes as they are being made, according to Ray Wang, principal analyst and founder of Constellation Research. Masson agrees, explaining that developers often promote open-source projects not only so that others can freely use the software that they created, but also so that they can collaborate with others to improve it, patch it, debug it and so on.
“If I create something (open source) called Patrickware and Joe’s Plumbing wants to use it, that’s great,” he said. “Then suppose, a group like Joe’s Plumbing finds a few bugs or does something to improve Patrickware, they might then give that code back to the Patrickware community. (This is the spirit of open source.) Then a third group, that has contributed little or nothing to Patrickware might pick it up and start to monetize it, (instead of Patrickware running their business, selling Patrickware becomes their business) that’s where the trouble begins.
Masson told CMSWire that when this kind of thing happens, OSI receives feedback from developers who say things like, “I have been working on this, giving away my personal time and my innovations, and now you’re taking my work and profiting from it. Where’s my share?” Or, “You are taking code that I provided (to the project) and you are not contributing anything back to the project.”
While most (maybe all?) open-source licenses allow for this kind of behavior, there can be consequences. But before going into that, a bit about MongoDB.
Last month the leadership of MongoDB changed its open-source license (AGPL) to a server side public license (SSPL) to keep cloud providers from selling its code without providing anything back in return. Here’s how Eliot Horowitz, the co-founder and CTO of MongoDB explained the reason for the license switch, “This should be a time of incredible opportunity for open source. The revenue generated by a service can be a great source of funding for open-source projects, far greater than what has historically been available. The reality, however, is that once an open-source project becomes interesting, it is too easy for large cloud vendors to capture most of the value while contributing little or nothing back to the community. As a result, smaller companies are understandably unwilling to wager their existence against the strategic interests of the large cloud vendors, and most new software is being written as closed source.”
He went on to explain that AGPL “requires a management stack used to operate that Software-as-a-Service to be made available under the terms of the AGPL and that international cloud providers have begun to test the boundaries of this license. While MongoDB seems to believe that they’d be successful litigating the matter, they would rather spend the time and money creating great software. By changing their license to SSPL, they will now be able to do this.
However, that may come at a cost. At least for now, according to Wikipedia MongoDB is considered to be proprietary software and closed-source according to the OSI. Maisson said that the OSI is still in the process of reviewing whether the SSPL license, which was created by MongoDB, is open source or not.
Either way, Constellation Research vice president and principal analyst Holger Mueller believes that MongoDB made the right choice. “This was an important move by the vendor, as other vendors were building commercial offerings on top of its open-source and free software. So it’s legitimate, in my view, to protect your own intellectual property, and make sure other vendors are not monetizing it,” he said.
While discussions around open source vs. proprietary might seem philosophical, the reality is that there can be important implications for both technology providers and corporate consumers as to which license, model, and whose software to choose or use. Consider that developers, in general, prefer open-source tools and will go out of their way to find them. Not only that, but companies also like open source because many believe that it is less expensive, is created and supported using better procedures, and because it doesn’t lock customers in. But there are other things to consider as well, such as what happens when open-source models change, do your reasons for choosing the software disappear? What if the contributors, committers and communities who made an open-source product great, get miffed, fork a project, or walk away? And, finally, what if the sponsor of an open-source technology you love can’t make money? Will they cease to exist?
“I think folks need to realize that the business models are changing in open source. We should expect shifts over time,” said Wang.”Users need to know that if the model fails, then open-source community will fail too. The win-win has to be there in order for the community to survive. Be cognizant of these changes.”