> At AWS, we believe that maintainers of an open source project have a responsibility to ensure that the primary open source distribution remains open and free of proprietary code so that the community can build on the project freely, and the distribution does not advantage any one company over another. This was part of the promise the maintainer made when they gained developers’ trust to adopt the software.
I have enormous respect for Adrian's work on cloud systems but the quote above seems very self-serving for Amazon.
Open source is bound by licenses that define the terms of open source code use. There's nothing whatsoever in the licenses that binds the project developers to continue to work on the project, to maintain similar license terms in later releases, or to take (or not take) any other action in their lives. To argue otherwise seems contrary to the notions of freedom that are the foundation of open source software.
Edit: typo corrected
Those maintainers owe Amazon nothing. The have no responsibility to Amazon. None.
Same as they owe me nothing.
By definition (if you use any of the more-that-two-or-so-year-old definitions of "open source"), the project is defined by "remaining free and open", in that you can always use the code and license you've been using - but there's no way anybody can make it a "responsibility" of a maintainer to to anything in the future. They could die, they could get bored, they could get an all-encompassing job, they could get a family, they could get venture capital and license any future work with a non-open source license (as Redis and Elastic have done, at least in some people's view).
The "the promise the maintainer made" was "here's some code, under GPL or aGPL, or Apache Licence, or Artistic license of BSD three clause, or whatever the promise at the time was. Take it or leave it. No future responsibility assumed or enforced. They might even have a track record of releasing more stuff under the same license/promise. But they can stop or change things whenever they want.
If Amazon wants the maintainers to do anything else (including ever committing another line of code or fixing a bug), they can wait for them to do (or not) it at their discretion, or they can pay the maintainer (or someone else) to do it (and then, depending on the license, potentially be required to release that code under the same license.
Sorry for the rant, but that line caught my eye too, and I got immediately pissed off at Amazon's sense of entitlement there. No open source maintainer owes you shit. They've shared what they've shared, and you can take it or leave it, but you taking it doesn't place any obligation or responsibility on them.
But most maintainers (including Elastic) don't want that. They proudly declare that their developers and users are a community, and they're steering the community to produce a great and open project on an ongoing basis. The maintainers certainly have a responsibility to follow through on such promises - or at least, if Amazon is correct and they aren't following through, they have no right to complain about a hostile fork.
I help out by sweeping Amazon's yard everyday, for free. "Thanks!" they say, "Any time!" I reply. But years later, I decide to stop. Amazon cries out in anguish "But you have a Responsibility!", and threatens me that if I don't clean their yard... well, they'll do it themselves.
Free maintained software suits Amazon, and some organizations / foundations provide it. Seems to work as consulting services advertising (BTW which incentivizes hard-to-use software, lots of complicated features, jumbled together... ever seen a large foundation's open source project like that?)
Some businesses fund these foundations directly, but minimally, and there's a certain... reluctance. Perhaps an unmet need there...?
It is true that Amazon here is just stating their own interest and are not well placed to give lessons of open source implication. Elastic has paid many developers to build open source code.
However, Shay Bannon on his side, is too much using the word "open" for a company that is not running and from my POV cannot run a real open governance. Elastic is now a listed company and was VC backed. Presenting the integration of xpack in the core repositories as an "opening" when it's a move backwards in terms of open source governance, is not fully honest.
There is a fundamental issue with Open Source and Investor backed companies. The main goal is not open governance, but the main goal is the company.
Elastic is not clear about this. Actually not being clear means there is no open governance.
Shay Bannon won't go there, because I believe as the CEO of a listed company he can't, unless it's in the interest of Elastic's investors, which means the board should decide.
Elastic does not have to have open governance and can be a great OSS contributor nevertheless. And to the opposite, it is very possible that without very healthy Elastic.co, that there would be less OSS code.
However it raises questions about the future. What will be the next step ?
What I would prefer is to have Shay Bannon be fully honest about the fact that Elastic.co needs to be healthy for the project to be healthy unless other companies are heavily investing in the community and start contributing code. And that Elastic.co being healthy means to have a mixed model. And finally I would like to hear that Elastic.co cannot promise that this won't change because Elastic.co might have to change it if the investors decide it but that as long as he is CEO he will do his best to maintain the current mixed model as long as it is financially successful.
It would be more honest that saying "doubling down on open" when you are tainting open repositories with non open source code. There was no technical reasons that the xpack repositories could not be separate.
Also, there is a way to not give an advantage to any company in an open governance way while helping companies be healthy. You can decide to have an App store in which paying features are proposed only from core contributors that contribute more than a certain level. Business could be added to the goals of the open community.
If the claims are true, and done intentionally, it's a really bad move on part of Elastic. The ambiguity around licensing hurts all their users and not just Amazon.
 "Unfortunately, since June 2018, we have witnessed significant intermingling of proprietary code into the code base. While an Apache 2.0 licensed download is still available, there is an extreme lack of clarity as to what customers who care about open source are getting and what they can depend on. For example, neither release notes nor documentation make it clear what is open source and what is proprietary."
 "Individual code commits also increasingly contain both open source and proprietary code, making it very difficult for developers who want to only work on open source to contribute and participate"
We quickly built a SQL parser for Elastic, an alerting engine, some other bits. These are all bits that just went poof yesterday when Amazon released opendistro - and I couldn't be happier. Sure we'll have to slice out a bunch of code, but at the end of the day it didn't have value to our core business.
I just wish Elastic as a company was easier to deal with. We'd be months ahead if not for them - and ultimately just worked around them. This is in spite of MY using Elastic for ~9 years now.
One aspect Elastic is also not directly attacked on and therefore not addressing is the choice of features that are not free and the price point. Elastic's business model is quite smart. You can easily develop on top of elastic, however once you have done it and want to go to production some key features are missing and they are not cheap. Particularly securing your cluster data is one of the features in xpack which is problematic not to have. I'm pretty sure you can search for open ports 9200 over the internet or company intranets and find unwanted unprotected data. And it's not cheap as you need to go for Gold subscription if I'm correct. I would be surprised nobody has proposed a pull request with competing code.
Elastic has and is investing a lot as open source and they do need a good business model that allows investment in the core open source code. The thing is I'm not sure it's missing here. Elastic.co is quite healthy. It's hard to know if it would be without this business model, but anyway there is little chance they would do differently given Elastic.co is VC backed. In the end the real fight is between the big money players, not about whether Elastic the software is sustainable. The reality is that given the community, it would very probably be even without the "xpack" package. Now it's not sure Elastic.co would be able to aggressively invest in both oss and non oss as much and therefore compete with Amazon.
OSS is tough. When you go for it, you should go in it for OSS, not for the company, because keeping the company at the level of the OSS success is hard both for small and big OSS projects.
Ludovic Dubost (XWiki)
But the main problem is that unsecured clusters by default have caused a lot of reputation loss to the brand. When every few months news hit about yet another unsecured Elasticsearch cluster that leaked huge amounts of data, it is getting harder and harder to explain to the less informed how that is the fault of those people who did not even bother running a reverse proxy, not the fault of Elasticsearch itself.
This is my only complaint with what Redis/Elastic/Mongo et al are doing lately.
I 100% support their right to change their licensing terms. Applaud them even - I'm fascinated to see if their attempts at new business models will work out medium/long term.
Doing that and still claiming to be "open source" is wrong. It's co-opting a term that while not solidly defined, is universally understood to mean something different to what they're offering. They're lying to their users and customers.
Elastic are muddying the waters in a grey area - where you can build Apache2 licensed or Elastic's new non-FOSS licensed versions from the same download. I reckon they need to cole clean and make if very clear that they're "partially open source".
If I read this correctly, Amazon tried to get a special deal from Elastic basically in order to produce a competing service. Elastic declined to cooperate and now Amazon is exercising their rights under the Apache license. So, far so good.
It's the provocative website that makes it seem like there's some huge conspiracy by Elastic that provoked Shay Banon's response. And not the fact that Amazon are doing what they are doing (i.e. redistribute the OSS parts of Elasticsearch), Elastic seems to have little problems with this because their license allows this and as Shay points out others have done this as well.
Amazon's complaints boil down to two things:
1) Elastic distributes a version of their software that includes non OSS components. You don't have to use these but you can. Actually Elastic offers rpms containing only the apache licensed components on their download page: https://www.elastic.co/guide/en/elasticsearch/reference/curr.... So this is maybe a bit less true than Amazon is portraying here. This would be what you'd install on a server if you are self hosting. Likewise there are OSS docker images from Elastic. They also have oss docker images. Elastic does this because up-selling this stuff is how they make money. Amazon's beef seems to be that it would be awfully nice for them if they could offer an alternate distribution more prominently without all this stuff so that they give that to their own customers.
2) Their repository contains some well documented directories that contain non Apache licensed source code for these components. As far as I know this is pretty well documented and if you are modifying files in a directory, presumably you know what you are doing. This is because they want to develop most of this stuff in the open and be able to accept pull requests against both their OSS and non OSS stuff. This seems pragmatic and preferable to producing binary distributions with some components from private repositories.
For reference, here's the text of the license file (https://github.com/elastic/elasticsearch/blob/master/LICENSE...):
"Source code in this repository is variously licensed under the Apache License
Version 2.0, an Apache compatible license, or the Elastic License. Outside of
the "x-pack" folder, source code in a given file is licensed under the Apache
License Version 2.0, unless otherwise noted at the beginning of the file or a
LICENSE file present in the directory subtree declares a separate license.
Within the "x-pack" folder, source code in a given file is licensed under the
Elastic License, unless otherwise noted at the beginning of the file or a
LICENSE file present in the directory subtree declares a separate license.
The build produces two sets of binaries - one set that falls under the Elastic
License and another set that falls under Apache License Version 2.0. The
binaries that contain `-oss` in the artifact name are licensed under the Apache
License Version 2.0."
So, you might not agree with this arrangement but you can get or build pure OSS quite easily and many people do. And it is hard to argue against Apache 2.x here. The license pretty much makes it obvious how stuff is licensed. This is unsurprising. Any confusion here would be a legal bug; this stuff needs to be unambiguous and it seems to be.
BTW. I think it is great that Amazon is providing their own distribution for their customers. It would be awfully nice though if they'd update it to the current version and not ship already fixed bugs. They have a history of doing this with Elasticsearch; probably because they are not on speaking terms with Elastic apparently. Contrary to the popular belief, this is not a fork. It's a binary distribution. Probably really convenient if you use their hosted version.
Otherwise, get the latest and greatest from upstream. Also refer to the Elastic website for documentation because Amazon does not bother with this either. And go to their discussion forums and stackoverflow for free support and options for getting payed support, etc. Once you figure out that they are not doing a half bad job of that, go check out elastic cloud and use that. It's easier, better, faster, and cheaper and you can get it with AWS billing. Or if you prefer on other clouds or your own cloud. And yes, I have used both elastic cloud, aws elasticsearch and have done self hosting as well.
They're free to license their software however they want; I don't use it so I really don't care. But it really rankles when someone extols the virtues of open source and waxes rhetoric about how open they are, and yet the software they offer is proprietary by default. They "double down on open", but the open source distribution is opt-in.
I cannot help but feel that the articles are deliberately constructed to mislead. That's a serious accusation and I wish I could be more charitable in how I interpret them but the terminology is so consistent that it cannot be an accident -- gratis-but-proprietary is always "open", libre is never just "open" but always "open source".
Technically correct isn't enough. No-one's explicitly staked "open" as being the same as "open source". But in the context of this conversation "open" is an obvious contraction of "open source" and to use the obvious contraction to mean something diametrically opposed is not reasonable or ok; especially when "source available" is widely understood. The same thing was attempted with the Commons License.
The intent behind words is important. Persuasive oratory is fine but using those tactics to mislead does not engender trust, especially when the beneficiary is the one speaking and not the audience.
OP uses the word free twice, in both cases meaning $-free.
"We [...] open sourced most of it, and made all of it free."
From an enterprise licensing perspective, 'open source' as a subset of 'free' just means I shall have to spend more time with lawyers and accountants.
I also wrote up my own thoughts, but it's obviously not as relevant as this. I'm a little more blunt about what AWS is doing. I even throw in a comparison to Microsoft abusing their monopoly power in the 90's by distributing Explorer for free to kill off Netscape: https://www.influxdata.com/blog/aws-intends-for-their-new-pr...
Longer term, the real question is how Elastic will respond to this commercially. Will they create more closed source? Go higher up the stack into specific applications? It's going to be an interesting and tumultuous couple of years in open source infrastructure software.
EDIT: you've remarked elsewhere on the thread about commercial and economic realities, so I want to take the opportunity to qualify my statement: they're free to license and monetize their code however they want. It's what I see as deceptive intent that I'm having a (very strong) reaction to.
When Amazon wrote their letter, the [HN response](https://news.ycombinator.com/item?id=19363961) seemed to tip towards not liking what Amazon had to say or was doing.
When ES writes effectively a response, the initial comments don't like ES's response or what they're doing either.
It may be that the collective HN vibe is critical no matter what. But also maybe "we" in aggregate legitimately don't like either option given.
I know open source devs need to make money somehow. I also wish there was a way to do it that was open source. I'm not sure there is. I'm not sure what it means for the continued viability of open source.
In the original period of open source, people generally worked on open source on the clock at their existing jobs, a building tools they needed for that job, a job not dedicated to that particular product but to getting something done that product helped with. People were getting paid to write open source, but it wasn't by "productizing" it. The results were still shared freely.
(this is how/where apache httpd, for one, came from; people with jobs who needed an http server writing one on the clock, even though their job was not "writing an http server." They needed an http server to accomplish what was needed for their employers, but their employers had no desire or capacity to be in the business of selling an http server. Why not collaborate on one we can all use?)
But those days are gone, software has just gotten _so much more complex_ and time-consuming to develop. The open source software we have and need can't be developed in someone's "spare" (even on-the-clock spare) time. Some open source is still written by people working for a large employer, who pay them to be dedicated to that product. But we see the perils of that when an employer decides "wait, why aren't we making money selling this? Why are we contributing our employee's time to it?" (thanks Oracle).
So that leaves people trying to productize it one way or another. It is not clear to me how to have a healthy open source ecosystem in that market environment. I don't think "proprietary layer on top" is actually good for open source, especially if it's gonna lead (naturally) to rejecting contributions from outside to add those same features as open source (why would we want to spend time working with a contributor to make the feature solid, when we _already wrote it_, and when accepting the contribution would _harm our business model_ because that feature is what we want to charge for?), and then resistance to the "right to fork" which I consider the fundamental basis of open source freedom.
Build a database, not a database engine.
> Some open source is still written by people working for a large employer, who pay them to be dedicated to that product.
Take e.g. tensorflow by google. The software itself, is per se worthless, so they can release it as OSS as some kind of calling card or recruiting tool. The crown jewels they are guarding closely and are never letting any outsider access directly is their data.
No, I think it's a little more complicated than that. I don't think this is a good comparison.
Tensorflow is only "worthless per se" because it was completely open sourced. It's quite a sophisticated library and a substantial product could have been built using it if it was kept proprietary.
However, Google got to the space first and Google is fundamentally a software service company. The reason they open sourced Tensorflow is because they have data and recognized the data would be more valuable; hence, they decided to commoditize the complement. By open sourcing Tensorflow they made their data even more valuable (likewise for their services which can be used to build and manage a data pipeline).
I have to strongly disagree here. Stuff like Kafka from LinkedIn, Envoy from Lyft, Prometheus from Soundcloud are just the tip of the iceberg of people writing tools because they need them, not because they are in the business of making infrastructure software.
I believe that selling software, be it foss, open core, or fully proprietary is not good business model, neither from business nor from ethics point of view. Sell your expertise or use the software yourself to generate value, but trying to sell it is just futile.
I believe you're conflating "open core" with with "open source". I don't believe that open source needs a profit motive to exist and flourish. While this may be a blow to the open core FOSS business model, there are a number of other models that continue to exist that do not involve proprietary enterprise extensions.
While these models may not be attractive to venture capitalists, they can certainly provide a way for developers to make money.
The question is, who is going to write open source projects at a complexity/polish level similar to ElasticSearch. And how are they going to pay their rent?
People working on it need to pay the rent somehow.
I am suggesting that the way people paid the rent while working on open source historically in the "first phase" of internet open source (doing it on the clock at jobs for which the open source was useful for their job role, but producing the open source was not their job) -- is no longer working to get software written at the complexity level of 2019 software, as software gets much more complex requiring more people coordinating with themselves and spending more hours.
I agree, at least for the sake of argument, that "open core" is distasteful and problematic. I believe it was a response to the question of "how do we write open source and still earn a living." It may not be a satisfactory answer. I'm not sure what other answers exist. If there aren't better answers, open source will shrink, including by "open core" and such.
I believe that "open core" was not a response to the question of "how do we write open source and still earn a living?" but rather "how do we leverage open source to make a billion dollar company?". I think the distinction, however minor, is important.
I am not sure there are obvious models/examples that are working. I think there's a reason that "open core" is an increasingly popular thing to try to do. I'm not sure if I can think of many earning a living while producing high-complexity high-quality open source software _except_ "open core".
(And I still think "open core" is problematic for the continued viability of actual open source).
Maybe. But I also think that kind of funding for open source you talk about is not there for high-complexity projects in the present time.
It's not that I don't like that traditional model. I am legitimately worried it is no longer feasible.
Or, there are Fair Source License / Commons Clause / Business Source License /... that allow developers to capture some of the value they generate, but this of course means they are not open/free/libre because they limit some of the freedom to accomplish that.
Pick your poison. :)
I find in general it's easier to get free labor on something the newer it is. Both because it's more exciting, and because the more 'mature' something gets the _more work it is_ for _less gain_, there's more time dealing with backwards compat and filing off rough edges and keeping the existing code just working, which is all less interesting to do for free. Plus, the more mature something is, the _more work_ it _takes_ to keep it going.
This post from Elastic consists of vague claims of 'FUD' and of their commercial code being 'bluntly copied', without any further clarifying details or responsive action to back them up. (E.g., if you have real evidence of Amazon copying proprietary code, which I doubt, then announce the copyright infringement lawsuit you have just filed, don't weakly allude to your grievances in a blog post.)
Conspicuously, the post did not contain any defense or even mention of Amazon's key accusations of "significant intermingling of proprietary code into the code base", or its claim that "the innovation focus has shifted from furthering the open source distribution to making the proprietary distribution popular." The only response offered is a vague, generic "we believe in open source" - again with no concrete action backing up those empty words.
If this is the best and only response Elastic is able to offer, I fully expect Amazon to keep the high ground in this controversy.
Most people don't realize this yet. They are taking other, existing projects which anyone could install themselves for a long time now and framing it like they built these things for their new fork. So much of their "distribution" is just a collection of other open source projects.
In the case of the security functionality, that is backed by a company named Search Guard who have an Enterprise Version in addition to the Community Version included in the AWS fork. They forked another project, renamed it and now call it their own.
They just forked the full code base and tried to remove any reference of Search Guard.
I am not sure what really happened here but this smells fishy.
The link is to a packaged, binary distribution of the 'OSS only' features, the assertion was regarding 'significant intermingling of proprietary code into the code base'. The two are not the same.
Also, from the release notes linked to from that page, Amazon's assertion that 'neither release notes nor documentation make it clear what is open source and what is proprietary' does appear to be valid.
Which is a wrong assertion, you can clearly see that it is an under Licence feature by the X-pack mention: https://www.elastic.co/guide/en/elasticsearch/reference/curr... above the name of the feature.
If I were Elastic I’d be quaking in my boots right now - their entire business model is under assault. Hell, the whole open core model is being called into question. Personally I’m glad to see Amazon’s distro.
Anyone have a different take?
I think if anything is called into question, it's the development of infrastructure software in a startup. Does it make economic sense anymore? As in, is it possible to profit directly off it at this point? Right now it obviously is, but it seems to be trending away from that.
Aren't APIs under copyright now, thanks to Oracle vs Google?
The API of a closed source, propriety and patented software can't just be copied. See Oracle vs Google.
That’ll (maybe) be a more compelling argument for one side or the other of this argument when it is finally done.
Especially if the Supreme Court rules, and it's not just the Federal Circuit’s interpretation of what the Ninth Circuit would say, which is not binding on lower courts (or other circuit courts, including the actual Ninth Circuit, in other cases.
Edit: The thought was about big companies with their own agenda behind open source initiatives. Sorry about confusion.
MySQL is still big but MariaDB is big too and definitely favored as a default by most distributions.
 https://github.com/apache/openoffice/pulse vs https://github.com/LibreOffice/core/pulse
I hope that people will be able to use "vanilla" ES too on AWS.
MariaDB is a community fork away from a controlling company. Libreoffice is run by its own foundation, again after forking away from a company-controlled version.
> I hope that people will be able to use "vanilla" ES too on AWS.
I mean, worst case just run it on EC2/ECS, which lets you run anything you want. They're not going to break that.
I guess a big driver for me is a lot of the proprietary features (example: encryption in transit, RBAC, audit logging) seem absolutely basic to me. Not basic as in easy to implement, but basic as in as an operator I’ll need them for every type of logging/monitoring infra I’d ever spin up.
Worth noting I consider Elastic’s managed offering to be superior to AWS’ in a lot of ways. But personally I’ve always chosen to build my own setup off EC2
At the end of the day, Open source developers need to be able to put food on the table. What AWS is doing here, is like a logging company, recklessly destroying things in its path as long as what they do is "legal", they don't seem to care.
Thing is, we should look at Open source software just like a precious rainforest or any other natural resource. If every company started doing what AWS were doing, soon there would be very few companies like Elastic in business and that kind of open software will cease to exist.
But hey, at least HNers won't be able to argue about technicalities of the license then, right?
Frankly, yesterday's announcement made me seriously consider whether I wanted to apply for a job working at AWS, since I expect they have many positions where you're spending most of the time working on open source code like Elasticsearch.
The argument you're making is equivalent to the old argument against open-source software itself: if companies can't make money by selling proprietary software, who's going to want to be a software developer? Sure, it's great that some bored Finnish guy wrote an OS that's competitive with Solaris, but if he drives Sun out of business what's the guarantee anyone else will want to work on his OS? Don't we need proprietary software companies to ensure that quality software gets developed?
And that did happen, we don't have a single decent affordable personal computing ecosystem at this point. The only good personal computing ecosystem is with Apple, which makes its money by selling proprietary software mostly but is not affordable to ordinary joe.
What an ordinary person can buy, is an ad-riddled machine like a windows desktop or a chromebook, where although the software is not proprietary, they're basically selling you ads(directly or indirectly through your data).
To tie it back in, in fact open source software did rise up and proprietary software did go down, but we lost the pure software aspect that came with proprietary software. Basically, open source software is being used to sell you ads and if the ads based business goes down/stops so does open source ecosystem.
If you haven't realized, the biggest parts of the open source economy are propped by FAANG and Microsoft. If these big whales go away, open source's vibrancy will vanish in a poof.
In fact open source software creation is hugely concentrated to North America and by extension FAANG. So if FAANG were to stop sponsoring open source, we'll be back to proprietary software age soon. So, I'm not convinced of your argument that "open source" has won conclusively.
But confusingly sort of being open source is only going to create pain in the long run.
1. Get elasticsearch delivered as an inscrutable binary blob
2. Get elasticsearch delivered as binary blob but with its source as well so that I can see what ES is doing underneath the hood.
In most cases of proprietary software, the big clients eventually in case #1, do end up getting the source of the proprietary software as well. Just that the source is for viewing only not for modification.
What ES did was better than that, they made source available to anyone (including the small fish). This doesn't weaken the need for ES to make money through selling their sofware, just that the purpose of releasing the source is more towards "viewing" it and less towards making modifications and reselling it.
AWS is releasing their changes as open source software to the public and maintaining their release. As long as ES the project keeps getting released who cares if it's Amazon, Netflix, Google or whomever that pays for the work behind it?
It's easy for AWS, Azure or GCP to be altruistic and suggests everything should be OSS for the betterment of humanity, since they've become the primary beneficiaries of the wealth created by OSS which benefits them more than anything else. Then use the profits to develop billion dollar cloud infrastructure moats to ensure a barrier to entry that prohibits anyone else from partaking in.
This is ultimately the core issue between companies behind developers of OSS software like Redis Labs, Confluent, Elastic.co, etc. They've put in the investment to build and support their OSS products but it's the cloud vendors end up reaping most of the revenue derived from it given they're the only entity Customers pay to host their production systems. This is what the extended OSS licenses are designed to target which are typically free for everyone else but prohibits the cloud vendors from absorbing all the rewards from hosting their software without revenue sharing anything back.
If you look at Red Hat on other hand when they decided that Kubernetes was the way to go for their OpenShift project they put lots of engineering resources for upstream k8s.
You can't get alerting without paying a king's ransom for features you'll likely never use.
Clarification: Not push X-Pack itself, but features comparable. Like they suggested people do in the post.
There are costs associated with running a business and one of the largest is marketing. What open source allows you to do is defer these costs by charging nothing for adoption. This allows you to acquire users, build up an ecosystem, and create a moat against competitors to your business. Competitors not in the sense of AWS which is adjacent, but competitors in the sense of another replacement for Elastic Search itself.
At the beginning you are losing 100% of your revenue opportunity, but you have to remember that you are either modeling yourself as a consumer company or business company. Simply put, consumers companies make more money from consumers while businesses make more money from businesses.
AWS is a business company so the majority of their revenue is from businesses. With most open source projects you are also a business, which means if you find 10 years of success 90% of your revenue will eventually come from businesses.
Those early adopters are usually smaller entities so they aren't really a large opportunity loss and the big businesses want to see massive adoption before they really consider switching. So effectively you are cutting out 20% of your revenue opportunity to build up an ecosystem moat as well as marketing budget. It isn't money directly out of your pocket, but instead is paid purely in head count, which by the way is much cheaper and more effective than trying to market your software to hundreds of thousands of people across the world.
The "free" component isn't just one of benevolence but actually an attack on any future competitor because why would those early adopters pay $5 for something that they can get for free. Most early businesses rely on these smaller customers and open source actually cuts that out of the equation, reducing competition.
So it's a very interesting dynamic in the sense that something that was started for a "good" purpose can accidentally actually stifle future competition, when you would assume otherwise.
The way this is written, it seems like there was a difference of opinion in terms of the product architecture, and not a purely commercial decision by Amazon. I would think it would make commercial sense for the team at Elastic to align with Amazon than the other way round. On the other hand Amazon claims that Elastic was moving away towards proprietary code .
Overall, being in open source for a decade, I am against this trend in dual licensing (which I fear is pushed by Venture Capitalists). People forget that the fact that you have freedom and zero friction, is what makes open source awesome. There are other ways to make money, like building a kick-ass consulting practice around the open source offering.
That said, I can't shake the feeling that we could get the same level of performance with RethinkDb with the benefit of a better API and less overhead.
Assuming that the use case does not require large quantities of full-text search, is there really any reason to choose ElasticSearch over RethinkDb? ElasticSearch does have a larger ecosystem, but with how good RethinkDb's API is, I'm not entirely sure any 3rd party packages would actually be necessary.
Add to that RethinkDb's ability to do joins and changefeeds and this decision becomes a no-brainer for me.
The project may be transitioning to new governance.
I can't really say that RethinkDb NEEDS a new release.It's feature complete in my eyes. All it really needs at this point is maintenance.
Sure, that's not a ton of development, but at least it's actually, really, open source.
In addition, the software itself doesn't really need much improvement. It does what it's supposed to do very well and the client libraries are fantastic.
Elastic search is a great product and there is no doubt about it. However I understand Amazon's viewpoint that it should be clear which part of ES are open source and which are not.
A the end of the day Amazon or Google can easily buuld a clone of ES from ground up.
How? Redis is trying, and got backlash. Mongo is trying, and got backlash. Confluent is trying, and got backlash. We've rather got to pick our poison here: do we want companies to open their code and have it used for managed services/cloned, or do we want them to close it and keep making cool tech?
I recall reading about the model Google used to use for this sort of thing: open your source code about three to five years after you stop using it. This gives something to the community, while still allowing you to maintain a competitive advantage, run a managed service, etc. Particularly for those who run a SAAS model, it lets them gain widespread adoption before a competitor can spin up an instance of their stuff and undercut them slightly.
Oh, and for those saying "use the Red Hat model", the Red Hat model can't work for everyone. Red Hat had a new idea and essentially no competition for enterprise linux at the time, and so didn't have to deal with the competition. They got a chance to build a customer base before Oracle knocked their product off. And even then, Oracle did completely rip off their work. That's the risk you run with open-sourcing your codebase, and not every company is built to work that way; not our job to tell them they should redo their business model to allow it.
To be specific and on-topic, Open Distro for Elasticsearch is being given back to the community under an Apache 2.0 license.
If a creator thinks that it is wrong to take without giving, there are lots of other licenses for different philosophies.
Personally, as current and former administrator of multiple ES cluster, I'm quite worried how this "intermingling of open source and proprietary code" will affect my current and previous team.
We certainly not aware of it before this week.
Just don't know where Amazon is going with this approach of re-packaging existing opensource tools and calling it their opensource contribution.
Also, their MongoDB "distro" is just "Amazon DocumentDB (with MongoDB compatibility)". That's not going to be open source, because it took a lot of work to basically rewrite most of Mongo.
Someone else with a business model that benefits from providing these features for free and making them open source to reduce their development/maintenance burden - cloud providers like Amazon - are going to do just that. And they're well within their right to do so.
Impeding security updates seems rather unethical. Unless you mean backports to old/stable versions, which is still iffy in my mind but does at least maintain a way to stay secure for everyone.
For example enterprises may want quicker access to well tested bug or security fixes - they can get that first and then the patches appear on GitHub for open source users.
Most software isn't like that. My current preference is going back to highly-permissive, shared-source licenses by public-benefit companies whose charters and contracts don't let them screw people in at least all the ways we know about. Perpetual, free licenses w/ no or optional support for non-commercial or small business. Cost goes up with scale from there maybe with enterprise features sold separately. Anything not a competitive advantage, esp building blocks or platform stuff, might get open-sourced. Anyone licensed can modify the software and distribute that to other licensees. Might make exception for features or code in new version so they can't skip payment with backport. Maintains most of benefits of OSS with less risk of proprietary or hybrid licensing.
Charging for security fixes could be a simple way of motivating folks to pay for improvements to the software. A preferred model that's harder to build is using methods that make nearly vulnerability-free software with a warranty against specific types of defects or at specific, defect rates. Cleanroom shops and Praxis Correct-by-Construction did that with an upfront premium applied with defect rate in warranty fixed at supplier's cost. So, still thinking on specifics of all of that or potential integrations.
Elastic's licensing is very hard to navigate, and the per node nature of it often makes it more cost prohibitive than Splunk.
Hopefully this is a wakeup call to Elastic to start delivering value that can't simply be added by third party contributions. If thats the case, what purpose is Elastic (corporation) actually fulfilling?
I think this may have been the crux of the friction between the companies. Elastic sure looks to have collaborated with GCP , if not other enterprises.
> Our answer has always been a constant: send a pull request, like everybody else does. The quality will speak for itself.
I look around and spot at least three substantial bug/fixes from AWS employees (?) , so I don't see any lack of effort from AWS? AWS engs were sending pull requests, just like the others. That said, any sort of heavy handedness from maintainers of elasticsearch might also play a role in forcing enterprises to take control of software they depend upon so much where legally allowed. We have seen this happen with Node.js/IO.js and MariaDB/MySQL before.
> The FUD mostly comes from large(r) companies that fear what such a movement can cause.
The irony of this statement is not lost on me. Elastic is that larger company (one that crucially controls a majority of the ecosystem around elasticsearch: kibana, logstash, beats, xpack to name a few), and AWS is an upstart here with their investment in open-distro, presumably to fight FUD.
> We all sometimes need to self reflect on what and why we did that made us successful, to make sure we stay true to our course. [..] to others out there, that face so many reasons to be distracted, keep your focus [..] And last, to express our shared commitment to continue to build great products [..] It is our true north.
I think one right way for Elastic to show commitment to opensource would be to entrust the projects to a community agreed governance model, like others before them have done .
Also, what's interesting is that its not just Amazon here, but Expedia and Netflix as well putting their weight behind open-distro .
Like someone pointed out, this response from Elastic does seem to be emotionally charged .
 blog.google "With the Elastic partnership in place, we’re kicking off our joint engineering work and will start rolling out managed Elasticsearch on GCP later this year." https://www.blog.google/products/google-cloud/google-cloud-p...
 GridGrain and https://ignite.apache.org
 Various networking companies and http://opennetworking.org
 Cloudera and https://impala.apache.org
 LinkedIn/Confluent and https://kafka.apache.org/
 "It is always Day 0 at Elastic (like the developers we serve, we use zero based numbering)."
AFAICT that partnership just resulted in Elastic Cloud running on GCP in addition to AWS. If I had to guess, I'd say that Elastic didn't think it was worth their time to support GCP, but Google provided some resources to encourage them to add it as an option. That way Google gets to tell prospective GCP customers that they have an option for hosted Elasticsearch without having to build it themselves.
(I am, as it happens, rather opposed to Amazon as a company. I canceled my Prime membership; I try to shop anywhere else if possible; I celebrated the loss of NYC HQ2. But in this case, I think they're in the right.)
Of course a lobby group like this should be transparent. But I don't expect a group like that with closed mailing lists to actually be Open.
The total budget of the OSI is in the couple hundred thousand range, i.e., comparable to a single full-time software engineer. So the fact that a few companies are each giving five-digit donations that add up to a six-digit budget doesn't seem like it's a huge priority for any of these companies. Take a look at the sponsorship levels on https://opensource.org/sponsors .
In any case, I agree that the Open Source Initiative should be transparent, and my individual membership in the OSI is not an endorsement of everything the OSI does any more than having a PyCon ticket is endorsement of everything the Python Software Foundation or their corporate sponsors do. (One specific thing they haven't done is post form 990s more recently than 2016, and I do intend to ask them to post these. But if you look at the 2016 one https://opensource.org/files/2016990EZ.pdf you can see that these aren't vast sums of money, and Craigslist donated more money to the OSI than any cloud provider.)
Edit: well, there's Microsoft's "Shared Source", but that's read-only if they like you, not particularly useful.
For a "bunch of jerks" they sure do a lot of open source stuff.
Right near the top of their list (in your link) they brag about contributing to Linux. Let's see how well their brag stacks up? Looking at the contribution reports on Linux, are AWS in the top 10?
AWS are not even on the list. https://twitter.com/ibrahimatlinux/status/768631239683158016...
Duh, I'm glad about the direction Amazon is going.
"When others closed down, we opened up."
...links to another article called Doubling Down on Open  where they say introduce their source available strategy and in some places call it open source (with and without capital letters) and in other places differentiate between it and open source.
Please don't call things Open Source that don't fit the Open Source Definition. You have a right to do so since it's not trademarked, and I'll defend that right, but it adds confusion (the D part of FUD). And while the OSI doesn't have a trademark to Open Source (perhaps rightfully so since it's a generic term, though more generic terms like Apple have been trademarked), they do own opensource.org.