News

Cloud Computing and Open Source: It's Complicated

• By David Ramel
• 06/22/2021

The years-long friction between the open source camp and cloud computing platforms still lingers, a recent report reveals.

The friction is caused by cloud vendors using open source software as the foundation of for-pay managed services. That can rile companies that serve as primary open source project maintainers, contributing heavily -- in time and money -- toward open source projects that serve as the basis for their own proprietary for-pay offerings. They complain that their development investments in the foundational open source code are being capitalized by cloud companies who get use it for free and can undercut their offerings and impinge on their markets. The debate around this issue was exemplified by Amazon Web Services (AWS) in 2019 when it announced a DocumentDB service based on MongoDB code.

"Imitation is the sincerest form of flattery, so it's not surprising that Amazon would try to capitalize on the popularity and momentum of MongoDB," MongoDB CEO Dev Ittycheria was quoted as saying by CNBC.com at the time. "However, developers are savvy enough to distinguish between the real thing and a poor imitation."

AWS retorted shortly afterward when it announced Open Distro for Elasticsearch. "When AWS launches a service based on an open source project, we are making a long-term commitment to support our customers. We contribute bug fixes, security, scalability, performance, and feature enhancements back to the community," the company said in a post titled "Keeping Open Source Open – Open Distro for Elasticsearch."

That didn't sit well with Shay Banon, CEO of Elastic, who fired back at AWS: "Our brand has been used and abused, hijacked, and misrepresented many times. Companies have falsely claimed that they work in collaboration with our company, topically Amazon," Banon said.

A GitHub blog post in March of this year titled "What’s up with these new not-open source licenses?" showed that the debate is still continuing, especially on the licensing front. In discussing open-core and dual-licensing models, the post says:

As the cloud grows, both models face challenges. The shift from server rooms to data centers enables cloud vendors to use the open source license to stand up offerings based on the open-core or dual-licensed project, often under pressure from customers who want to buy all their computing services from a single company. This puts the open-core or dual license business at risk: the cloud vendors suddenly have the initial relationship with users, making it more difficult for the open-core or dual-license vendor to develop relationships that convert to sales.

In response to this pressure, many open-core or dual-license companies, including Confluent, MongoDB, Cockroach Labs, Redis Labs, Timescale, and Graylog moved away from OSI-approved licenses to licenses that are not 'open source.' These new 'source available' licenses contain restrictions to prevent cloud infrastructure providers from building a service out of their code.

That post stirred up quite a debate on Hacker News, generating 342 comments.

Wikipedia defines "source available" licenses as "a source code distribution model that includes arrangements where the source can be viewed, and in some cases modified, but without necessarily meeting the criteria to be called open-source."

Just last month, a new research report prominently featured source available licensing. Sponsored by Percona, the report is titled "The Changing Face of Open Source." It shows the debate is complicated, with survey respondents holding different views on the cloud computing/open source kerfuffle.

"There are many challenges that open source companies are currently facing according to the surveyed IT decision makers, one of them being the public cloud companies who don't contribute to open source projects," the report stated. "The main challenges revolve around the fight to protect their innovation and to fight against public cloud organizations that want to monetize the resource without engaging with the community.

"Despite the appeal of source available licensing helping to push back against public cloud companies who do this, this mindset will punish those who do want to contribute and use open source as it is intended."

As the graphic below shows, 58 percent of respondents said open source companies face this challenge: "Competition from public cloud companies who use open source projects but don't contribute back."

Another graphic shows that while positive on the whole, there is some uncertainty round open source companies switching to source available licenses.

The report commented on the graphic: "With many respondents being confident that they're aware of the differences between open source and source available licenses, they should be assured in their feelings towards open source companies switching to source available licenses. However, there are polarizing views on the issue suggesting that there is an overconfidence on the understanding of source available licenses, and that the positivity towards public cloud companies is unjustified as many agree that oen source companies should be able to protect themselves against public cloud's influence, even if that restrictive license could lead to the downfall of a truly 'open' open source."

Other graphics show respondents' views on the benefits of switching to source available licenses and the drawbacks.

"There is some confusion around what stand out benefit would be of open source companies switching to source available licenses for the open source community," the report said. "No single benefit stands out which potentially highlights the disagreement of what the controversial switch would mean for the open source community, despite respondents being confident in their knowledge of the controversial topic."

"Although there are potential benefits to the open source community, the drawbacks might not be worth the risk," the report said. "Inevitably open source companies switching to source available licenses would increase the costs and encourage lock-in licenses, which goes against what open source is supposed to be -- open. If public cloud companies keep forcing their agenda onto the open source community, more and more open source software will be forced to make the switch which would dramatically harm open source."

While the survey shows mixed attitudes about source available licensing, a 2019 TechCrunch article blames its advent on a lack of leadership in open source.

"Amazon's behavior toward open source combined with lack of leadership from industry associations such as the Open Source Initiative (OSI) will stifle open-source innovation and make commercial open source less viable," the article stated. As far as Amazon's offensive behavior, the article lists:

• It takes open-source code produced by others, runs it as a commercial service and gives nothing back to the commercial entity that produces and maintains the open source, thereby intercepting the monetization of the open source.
• It forks projects and forcibly wrestles control away from the commercial entity that produces and maintains the open-source projects, as it did in the case of Elasticsearch.
• It hijacks open-source APIs and places them on top of its own proprietary solutions, thereby siphoning off customers from the open-source project to its own proprietary solution, as it did with the MongoDB APIs.

On Hacker News 229 comments were made on that article.

That aforementioned March blog post by GitHub's Justin Colannino, director of developer policy and counsel at GitHub, opined on what the movement of "single source" companies from "open source" to "source available" licenses means to developers.

"So what's the lesson for developers choosing their stack?" Colannino concluded. "Understand that project ownership and diversity in the contributor base matter. Open source-licensed projects with a non-profit home, neutral trademark ownership, and multiple significant contributors are less likely to face pressures to relicense. Projects that are the main revenue generator for a 'single source' for-profit company have different dynamics. Any for-profit company needs to make a profit. If you take a dependency on such projects, you may face the for-profit company relicensing to protect its business."

As we said, it's complicated.