
The third wave of open source migration - ohjeez
https://blog.tidelift.com/the-third-wave-of-open-source-migration
======
msoad
If you work for a big engineering organization you will find yourself
questioning things that are being built a lot. Open Source alternatives often
have higher quality and better support, yet engineering organizations opt to
build their own. You might wonder why? It's because growth is the name of the
game. Any engineering leader wants bigger and bigger organization under
her/him so what they do is they green light projects that mostly don't make
sense but they can pretty much lie about how essential it is to build in house
to the board/CEO.

When winter comes, those projects don't make sense anymore because cost
cutting measures are in mandate. The same leader might even make the case for
the Open Source alternative.

I've seen this enough times to know it is a pattern in our industry.

~~~
em-bee
but it's not always malicious.

sometimes building something new seems obvious. i have to push hard to get
people to back up that obviousness with evidence. (provide me with evidence
that these existing solutions are not suitable before we build a new one from
scratch.

sometimes building something new seems easier or cheaper than the effort
required to evaluate alternatives, especially if the solution only takes a few
days or weeks of work (take the obviousness factor above into account).

another factor is the seemingly common dislike of working with other peoples
code. especially when it's known that modifications will need to be made. do
we take this system with a lot of legacy code where we have to modify 20% or
is it easier to start over and build what we need?

~~~
flukus
In house tools can also offer a lot more stability than OSS/commercial
equivalents that will often require you to be on their upgrade treadmill. Very
few companies will plan for this kind of maintenance so it's important the
developers align with that and don't take on unnecessary burdens.

There's more OSS than ever but there is a huge lack of stability in most of
it.

~~~
2ion
This is key. Extremely many "OSS" projects are also not up to quality
standards and require significant engineering time for understanding, auditing
and perhaps integrating the thing, even before deploying it. The bigger the
set of useless features on a project, the bigger the risk in introducing an
unknown into the critical paths that allow you to ship/provide a
product/service. While many global "base" technologies like Postgres,
enterprise Linux, Redis, NodeJS, Tomecat, the JDKs, etc are solid lighthouse
projects with better quality than what "just writing your own" without world-
class engineering teams and investment could produce in a reasonable amount of
time, many others are just not that good. The cost of "adopting" a 2nd- or
3rd-rate FOSS solution may be very high and introduce significant technical
debt down the road.

In way to many companies, engineers (including engineering managers) have to
explain to a non-technical C suite that OSS/FOSS IS NOT FREE and NOT
GUARANTEED TO BE CHEAPER than going with proprietary or self-written, minimal,
tested and concise solutions in any given context. They can be, of course, and
with some engineering investment they can be for the longest time in the
feature, but every case is different and a "wave" certainly is not what just
removes the need to do this kind of evaluation.

~~~
em-bee
i disagree that extremly many Free Software or Open Source projects are not up
to quality standards. i use them every day and 95% is of high quality. higher
than many closed source applications or libraries.

this is not a FOSS question. (i would not touch a closed source library as s
potential dependency with a 10 foot pole. it's either FOSS or i write it from
scratch)

this is a question of the ability or willingness to adopt and maintain 3rd
party dependencies.

fear of FOSS could be added as another reason, but that reason is even worse
than mere unwillingness to work with other peoples code.

in order to use a 3rd party application or library as a dependency you must be
able or willing to maintain it yourself, in case you run into an issue with
its support. (that's one of the big points of FOSS, btw)

you are right about unnecessary features being a risk, but again, that has
nothing to do with FOSS as a choice.

------
pinky07
We are witnessing this since weeks at Odoo.
([https://odoo.com](https://odoo.com))

Last month, we lost a big project against SAP (budget 5m€): the company
choosed SAP because their holding was willing to pay for the project. Last
week, the same prospect came back to Odoo: as the holding could not afford
such a project anymore, the company has to pay from its own budget. So, they
choose Odoo (<1m€ budget)

I believe the next wave is a replacement of proprietary expensive business
applications: ERP, SAS, BI...

~~~
c-smile
Am I right that this has nothing with FOSS per se but just about "X is cheaper
than Y" kind of reasoning?

~~~
pestaa
Yes. Odoo is open core, and many components are closed, and those are far from
being free.

~~~
agustif
Is there any good resource on what addons are not open-source?

~~~
pestaa
[https://www.odoo.com/page/editions](https://www.odoo.com/page/editions)

Quite a few actually. If you're a software shop or digital agency, I think the
Odoo Studio and marketing automation features are the big gaps.

For the latter, there's Mautic.

However, good CRUD builders are difficult to find. Seatable is promising,
haven't evaluated it yet.

------
jamesblonde
This is a hilarious video that captures the state-of-play of open-source
frameworks in Data Science:

[https://twitter.com/wdaali999/status/1161973951565881345?lan...](https://twitter.com/wdaali999/status/1161973951565881345?lang=en)

Basically, anything not open-source is not cool any more - SAS, matlab, SPSS.
Kids are not learning these frameworks in school and don't want to use them. I
see open-source taking over Data Science by the time this recession is over:
Jupyter, conda, Scikit-learn, TensorFlow, PyTorch, RStudio, and even PySpark.

~~~
DangerousPie
> I see open-source taking over Data Science by the time this recession is
> over

Hasn't this already happened by now?

~~~
jamesblonde
Datarobot, dataiku; domino datalabs - all unicorns with proprietary data
science frameworks. Not dead yet.

~~~
killjoywashere
yet

------
RcouF1uZ4gsC
Kind of like “follow your passions”, “open source” is a great way for software
developers to work at way below the market rate to provide provide great value
to corporations for very cheap. Through github stars and “recognition” the
corporate world has managed to gamify software development and get
enthusiastic developers to develop and give away literally billions in
software value.

No wonder the MBA’s view software developers as suckers.

Read through HN, and you see maintainers of hugely popular open source
software that probably has saved corporations billions of dollars, burned out,
mentally exhausted, living in poverty and begging for donations.

------
mooreds
I think there's substantial value in replacing expensive system components
with free alternatives. Things like FusionAuth /
[https://fusionauth.io/](https://fusionauth.io/) for user identity (full
disclosure, I'm an employee) and Pentaho Kettle
[https://github.com/pentaho/pentaho-
kettle](https://github.com/pentaho/pentaho-kettle) for ETL and data
transformations can help.

It is important to recognize the value of developer time too, though. There's
a cost in dev time for setting up a "free" project.

That's why I think that any open source project that gets too popular will
have to have a cloud vendor strategy, otherwise they'll get done to them what
AWS did to Elastic Search.

I also thought it was interesting that the author mentioned support for the
various application libraries. I know that there have been several "tip" type
applications (gittip, gitcoin.co) that try to align incentives and allow open
source developers to make a living.

~~~
lifeisstillgood
>>> That's why I think that any open source project that gets too popular will
have to have a cloud vendor strategy,

This.

In fact sadly one of the marks of a successful OSS project is ability to pay
yourself, and even perhaps commercial success. In Linus' day it was enough to
have a whip round online to buy a faster Pentium machine, but these days it's
a foundation and cloud offering.

~~~
mooreds
I was at a conference last year and talked to someone who said that the
investors he knew were shying away from investing in open source software
companies because anything that was successful would just be copied and
operationalized by AWS/GCP/Azure.

I hope that isn't the case, but we'll see. Maybe the answer is niche
operations that are too small or domain specific to be noticed by the big
folks.

~~~
mntmoss
I'm pretty sure there's room for smaller verticals these days. It's been
demonstrated many times that if you have the best front-end to the problem
space, and you add some services on top, everything under it can be totally
commodified but you'll still get customers.

From there the strategy would depend on whether you want to stay small or not:
To get bigger, you'd start going deeper into the open stack to scale things up
and provide a wider array of services. If you stay small, your organization
will necessarily be more focused on interfaces and compatibility while
maintaining that top-end UX. In both instances there are plays for open
source, but with different characters; the big company will tend to code-dump
an enterprise toolchain, the small one will primarily be a contributor to a
foundation project or open some of their internal interfaces.

~~~
cutemonster
> _It 's been demonstrated many times that if you have the best front-end to
> the problem space, and you add some services on top, everything under it can
> be totally commodified but you'll still get customers._

Examples please? (I might be in that situation)

------
octorian
One big area where open source unfortunately falls flat is end user
application software. In this market, proprietary applications do add real
value.

Unfortunately, there isn't a very good business model to fund developers to
work on such applications, when the application itself is not a sell-able
product.

These sorts of projects can work if there's a significant overlap between end-
users and capable developers. If there isn't, then they're often woefully
inferior to the commercial alternative.

~~~
Mandatum
Open-source sucks at UX. I think because there's no community behind open-
source UX like there is in the inner workings of systems, where people just
want to get shit done.. You have to pay UX developers and designers to do
their job, because it's generally not a job you'd do for free or in order to
accomplish "something".

~~~
vbezhenar
I wonder why UX designers don't want to work for free while software
developers do work for free?

~~~
Mandatum
As a software developer, I'm writing to benefit me because I use the code I
write.

What I write and share is directly re-usable to others.

We can walk a path and share our work, and others can take it and copy it
immediately.

Whereas with UX.. Most of the time it's written for the benefit of someone
else. And it's not something that can be used elsewhere very easily.. Often
needing to be completely re-worked to be useful anywhere else.

~~~
vbezhenar
You're talking about libraries. And parent answered to message about end user
software. Sure, you might use your own end user software, but so can UX
designer.

~~~
clarry
If the designer isn't also a software developer who writes a new application
to scratch their UX itch, then they must work with some existing project,
which presumably has existing users..

It's probably always going to be harder to contribute design overhauls than
bugfixes & features.

------
prepend
I think the growth is on a continuing streak and there’s not a need for a
RedHat style support for every package.

I think using these packages and projects requires more due diligence and
planning on staff to pick and support, but I think the current highly variable
support project by project works out well. And then for big stuff (Linux,
Postgres, etc) some commercial support is brought in.

I’d much rather see more support for companies donating developer hours to
patches and features. Some way to recognize in kind and labor contributions
and expand recognition for these kinds of contributions. I think this works
better for software than trying to get every company to pay into some support
fund. If you want to pay structured licenses for everyone, there’s a model for
that. Trying to shoehorn license fees on top of open source loses a lot of the
efficiencies, I think.

~~~
freedomben
Disclosure: I work for Red Hat

I think you're missing the real value here of the support model and services a
company like Red Hat can provide to large orgs.

It's not about having support for every package, it's more about having others
do the hard, expensive work of presenting you a portfolio of projects known to
work well together, so you can focus on adding your own business value rather
than spending hours duplicating effort from others and debugging arcane
issues.

To some extent you can't out-source everything (and I personally wouldn't
recommend that. I think having some in-house experts is really important), but
not everybody should roll their own OS, DB, container orchestration, etc.[1],
and finding consistent options that work together can be difficult when you
have huge, diverse, engineering departments with different values/priorities.

I don't disagree with you: I think contributions in either code or donations
are a _great_ way to support FOSS projects. I just think there is also a lot
of business value in the support contract style method, because you're not
just buying insurance, you're buying real value in the form of somebody
presenting you with a portfolio of disparate open source projects that have
been integrated and tested together.

[1] Note I'm not talking about "React v. Vue" which I agree support wouldn't
make sense for.

~~~
dnautics
Thanks for the insight. How might someone in a position to spin up services
for this be able to think about capturing this sort of a market?

I work at a DL/ML hardware company; and many here on HN would know that
packaging DL libraries correctly is a nightmare and a half. In fact a good
chunk of our value prop is offering an open source pre-baked bundle. It's
great (and I've deployed it on some friends' machines and they love it) but
it's, let's say three-quarter-baked and moving it into a "fully supported"
model with domain-specific expertise isn't something that our company has
figured out how to transition into (also not easy given our company is really
small), and given business strategy and software strategy are independently
difficult enough problems.

Do you (or any others) have any suggestions?

~~~
mooreds
> Thanks for the insight. How might someone in a position to spin up services
> for this be able to think about capturing this sort of a market?

Obligatory (from 2014) "Why There Will Never Be Another RedHat: The Economics
Of Open Source": [https://techcrunch.com/2014/02/13/please-dont-tell-me-you-
wa...](https://techcrunch.com/2014/02/13/please-dont-tell-me-you-want-to-be-
the-next-red-hat/)

~~~
dnautics
Thanks for the link!!

Luckily it's not the only path for growth... As I mentioned we're a hardware
company so it's more like we want to wind up as a Dell (or in a worse
scenario, IBM, which isn't too shabby)

~~~
jabl
As the article the grandparent links to shows, RH is maybe the singular
example of a big successful pure OSS software company. It seems almost all
other big successful OSS companies have adopted some kind of 'hybrid' strategy
such as open core, many after first unsuccessfully trying to emulate RH.

To a hw company, I think the issue of how to monetize SW is to some extent
clearer as well as pretty different than for a pure sw company. You're selling
a tangible physical product, but customers are not interested in the raw hw
but the complete package of hw plus supporting sw (drivers, SDK, whatever) +
support. So you have to choose what is the appropriate model for you. E.g.

\- Use profits from HW sales to develop OSS that makes the HW more useful to
customers, and thus increases HW sales. For instance, one argument in favor of
this would be that drivers included in the upstream kernel and user-space
software in distros makes it easier for customers to use your HW. And you'll
get OSS brownie points which might also help drive sales.

\- Or make the SW free but not OSS, in case you're worried that your
competitors could just take your OSS and use it with their HW.

\- Or make proprietary SW that you sell in addition to the HW. I'm not sure
customers care about how you split the total bill they're paying, and free (as
in beer) software is certainly a lot easier to deal with for customers (e.g.
license hassles). But again, it depends.

\- Oh, and another potential advantage of the OSS SW model is the 'commoditize
your complement' angle (do a web search on that phrase if your unfamiliar with
it). tl;dr You can use OSS SW to undercut a pure SW competitor, as your income
is protected by your 'HW moat'.

------
c-smile
Could be, but only if companies that are behind OS products will survive by
themselves. We hear crack sounds here and there already.

Yet, "the rise of hosted cloud services like AWS, Google Cloud, and Microsoft
Azure" is just "anti-pattern" for the subject of the article. Commercial
companies that exploit (fuzzy term here but still) OS software.

~~~
jamesblonde
I think the next wave of OSS products will be AGPL-v3 licensed. It's the
"cloud condom" model - it protects you from the cloud vendors. They have
internal bans on using it, as it forces them to open up their internal
software architecture. But AGPL-v3 is still a valid open-source, despite what
the shrills at AWS will tell you (they just want to operationalize open source
projects, not lead them).

~~~
pabs3
AGPL-v3 isn't going to protect you from cloud vendors, they will just release
the source and beat you with their marketing budget. Or they will just re-
implement your APIs/interfaces from scratch and still win.

------
eric1293
Open source is a two edge sword. If developers voluntarily contribute to the
projects, it could be positive.

But increasingly it's becoming a source of cheap labor. It used to be that you
get a college degree and start a job. Now you need years of schooling, unpaid
internships, postdoc and unpaid scientific contributions, an extensive GitHub
page with open source contributions, etc to get the same job. The competition
for better CVs will push individuals towards taking years of unpaid jobs
against their will, which is negative.

~~~
ketzo
I get that expectations have changed, but I have lots of friends graduating
with a Computer Science BS, with nothing on their githubs, who do well on
their interviews and get entry-level positions making six figures.

Edited: And no one I know does unpaid internships -- most CS majors are making
$20-40+/hr over the summer of their second or third years in college.

~~~
alex4864
I graduate this May with a CS degree, that about mirrors my experiences. The
vast majority of competent and even semi-competent students have no problems
getting good paying internships, and jobs out of college. I appreciate that
unpaid internships are a really bad situation in some fields, but fortunately
CS is pretty lucrative right now.

------
einpoklum
That article was nearly content-free. Brief review of history and then some
talk about a supposed "third wave" of migration is not clearly characterized,
nor actually foreseen in any detail ("certainly X would be a good place to
start" \- thank you captain obvious).

No discussion of anything signifcat:

* Are commercial corporations contribution back to FOSS software they use?

* * Additional functionality and bug fixes?

* * Grants/donations of money, hardware or even developer time?

... Amazon, Google, MS run mostly FOSS on their clouds, and pocket billions,
but certainly don't give much back.

* Does "open source components" just mean FOSS inside but closed commercial outside, or do companies transition to making FOSS?

* What about hardware? Or at least, device drivers and firmware?

* What about all those SaaS and PaaS platforms even the article itself mentions? Their engineering setups, and software in particular, are mostly closed. Where's that promised "wave" for them?

------
okram
The third wave of open source software is no software at all. It is only a
matter of time before Amazon doesn't care whether it's licensed Apache2 or
not. They will just take software and sell it. You have a problem with that?
Have fun suing them... Year 1..2..3..oooo. you are quite the fish..4..5.
broke. Out of money.

Tech is dead.

~~~
okram
Ha. The two comments that critique Amazon got down voted with negative points.
Does Amazon have cronies patrolling Hacker News to squash dissidents?

~~~
wisnesky
You must be referring to the "love-hate" relationship between Amazon and open
source software as described eg here?

[https://www.zdnet.com/article/amazon-and-commercial-open-
sou...](https://www.zdnet.com/article/amazon-and-commercial-open-source-in-
the-cloud-its-complicated/)

"Vendors developing those open source products started accusing AWS of strip
mining, i.e., reaping the benefits of the products, without contributing back
to their development."

~~~
pabs3
I hate to defend Amazon, but it seems that they do contribute back to open
source:

[https://aws.amazon.com/opensource/](https://aws.amazon.com/opensource/)

For example running `git shortlog -ne` in the Linux kernel git repository will
show a number of Amazon folks with many commits to their name.

~~~
redis_mlc
Linux contributions are not the best example, since it's GPL, and you pretty
much have to contribute back to get your changes mainlined, and end-users can
request your changes at any time.

Now, if they contributed back to FreeBSD, that would be meaningful, since they
don't have to.

~~~
pabs3
Amazon doesn't distribute Linux on server hardware (just consumer hardware
like the Kindle) so they don't have to give back for server aspects of Linux
like KVM, yet in the Linux kernel code, the Amazon employees are mostly
submitting patches for things like KVM, not for Kindle hardware support.

It would surprise me if Amazon use FreeBSD, I thought they use Xen & Linux KVM
exclusively?

~~~
_msw_
Disclosure: I work for AWS.

See
[https://twitter.com/cperciva/status/1211125881264934917](https://twitter.com/cperciva/status/1211125881264934917)
for one example of working with FreeBSD.

    
    
      It's truly awesome that I can send an email to Amazon 
      saying "we're seeing an odd performance issue here" and
      get back "here's a FreeBSD kernel patch I just wrote which
      provides a 10% performance boost".
      
      And people claim that Amazon never contributes back to
      open source...
    

I linked the patches here. Not all of the work is from an AWS engineer:
[https://twitter.com/_msw_/status/1220088310443307008](https://twitter.com/_msw_/status/1220088310443307008)

    
    
      https://reviews.freebsd.org/D23322
      https://reviews.freebsd.org/D23323
      https://reviews.freebsd.org/D23324
      https://reviews.freebsd.org/D23325

------
mrfusion
I’d love to see more open source hardware as the next wave. The ardiuno seems
like it’s a success.

~~~
m463
I don't care as much about open source hardware as open interfaces or drivers.

I hate that every single thing you buy requires an app and a login and a
shitty proprietary driver.

(why does my mouse need a cloud account?)

In general hardware folks don't do software well. Software is just a checkbox.

Meanwhile there's a world of great folks out there that will make their
hardware get up and dance given the chance.

Honestly they should commoditize software to increase sales of their hardware.

------
killjoywashere
I feel like now would be a good time for an open source FHIR-compliant
electronic health record to start building integrations for any non-
Cerner/Epic company in the market. Which the more I learn about healthcare is
approximately all of them.

------
aphextron
>Now, after one of the longest bull market runs in history, the road ahead is
again uncertain.

The rumors of this bull market's death have been greatly exaggerated. The DJIA
is still up over 18% over the last 3 years, or ~6% annually; barely a percent
below average. The NASDAQ 100 has almost completely recovered its' losses from
the initial COVID-19 crash. Major drivers of the market over the last 10 years
like $FB, $AMZN, $MSFT, and $AAPL are through the roof. Granted that a lot of
this is fed meddling, and yes a lot of people from the service and hospitality
industry are out of work, but the primary engine of our economy is humming
along. I would not be surprised to see a record Q3 this year.

~~~
rswail
Amazon's marketplace and delivery service have a "captive" market due to the
closure of bricks and mortar retail.

The general move to the cloud rewards AWS/GCP/Azure with the two primary
"winners" currently being AWS and Azure. This will continue as companies move
to the cloud, but expect there to be a flattening of growth.

As for Facebook and Google, they rely on advertising, which relies on
consumption. When there is 10+% unemployment and 20+% underemployment,
consumption is highly likely to at least flatten if not fall off a cliff,
particularly in elective consumption like high end electronics.

The share market is not indicative of the economy and is a lagging indicator
of company revenues.

------
hekmatof
I don't understand the second wave relation to open-source and free software.
They moved to cloud platform to save cost and non of these platforms are open
source.

