Threads are paginated for performance reasons (yes we're working on it), so to see the rest of the comments you need to click More at the bottom of the page, or like this:
Apart from the general consternation about an OSS license becoming non-OSS, can we also talk about the problem that companies are formed, invest a whole lot of resources into creating a product, open-source it, and then have Amazon eat into their profits by just installing and maintaining that product as a service?
No matter how you slice it, I think Amazon is bad for us end-users, and Elastic is good. Elastic could have released ES as closed source, but they didn't, and the OSS ecosystem is better for it. They were hoping to make money off their product, which I don't think anyone can fault them for, but instead Amazon came in and took a bunch of that money while not giving anything back.
Now Elastic is not happy, and I wouldn't be either. As an end user, I'm grateful the circumstances exist that allow companies to make a living from OSS, and I want to encourage that. AWS is the fly in the ointment there, and I don't see how blaming Elastic for not giving us stuff for free any more is anything other than entitled. We should be grateful that ES is OSS at all, and we should want an environment where companies that produce OSS can thrive, instead of blaming them for wanting to get paid for the work that they release freely into the world.
Amazon hinders that, period. I don't think Elastic is in the wrong here, I think Amazon is.
> Apart from the general consternation about an OSS license becoming non-OSS, can we also talk about the problem that companies are formed, invest a whole lot of resources into creating a product, open-source it, and then have Amazon eat into their profits by just installing and maintaining that product as a service?
Ten years ago I would be very hesitant adopting ElasticSearch if I knew that they were the only ones allowed to maintain a cloud solution of it. The fact that is was liberally licensed made me less afraid of vendor lock-in.
In my opinion it seems like Elastic wants ElasticSearch to still be perceived as the fully open source project (with all of its good connotations) it once was.
> AWS is the fly in the ointment there, and I don't see how blaming Elastic for not giving us stuff for free any more is anything other than entitled. We should be grateful that ES is OSS at all, and we should want an environment where companies that produce OSS can thrive, instead of blaming them for wanting to get paid for the work that they release freely into the world.
It's okay to release things as non-OSS. It's also okay to release something as OSS first, and then regret later. But it's super weird that they're painting this picture of AWS being a big evil company when they're just doing exactly what is expected. Can't they just say "we're not able to build a company around the liberal license" instead of this "we're such an open company and we love open source and AWS is ruining everything" talk?
The new license doesn't restrict others from operating Elasticsearch as a service. It restricts others from operating Elasticsearch as a service unless they release any source code patches, improvements, and/or functionality extensions they make to it.
To me, that's exactly what you're saying you expected from liberal licenses, but it's delivered by a restrictive license, using the restrictions popularized by GPL licenses. This makes ElasticSearch more open source, rather than less, because now anyone who uses it has to "open" their source code. That's the premise of GPLv3 in a nutshell, and I'm hard-pressed to understand how it's a drawback here.
Have I misunderstood and their new license somehow reduces the openness of their source code to the world?
I think the term "more open" is a bit too vague in this discussion. Sometimes people use it to refer to permissiveness (e.g. BSD) and sometimes people use it to refer to stimulating further open source work (e.g. GPL).
(And if we're following the "definitions" then ElasticSearch is no longer "open source" since that has a strict definition, but it's probably not so relevant in this discussion.)
I also don't really object to their license choice at all; what I object to is how they're framing the discussion. This license change is all about business: They want to be able to sell their cloud service without competition. That's perfectly okay, but there's no need to hide this. And certainly no need to "shame" Amazon for building a business on top of something Elastic open sourced.
> Have I misunderstood and their new license somehow reduces the openness of their source code to the world?
I think their new license just shows that it's all about business. If they really wanted an open source license which stimulates anyone to share improvements to ElasticSearch they could have picked GPL. As of now, any big company (Facebook, Google, etc) can create an improved internal fork of ElasticSearch which none of the community will ever be able to take advantage of. And why are they fine with Facebook/Google doing this? Because it won't jeopardize Elastic's cloud offering.
In addition, their new license also makes it harder for other people to build businesses on top of ElasticSearch. Imagine that I invest a ton of time and effort into creating a new management layer which is capable of scaling ElasticSearch drastically better. Something completely novel which looks at current trends of traffic and automatically moves shards around. Non-trivial stuff. Well, sorry, there's no way of building a business on top of this idea.
> If they really wanted an open source license which stimulates anyone to share improvements to ElasticSearch they could have picked GPL. As of now, any big company (Facebook, Google, etc) can create an improved internal fork of ElasticSearch which none of the community will ever be able to take advantage of
GPL does not require releasing source code or patches except to those whom you give the binaries. If Facebook creates an improved internal fork of GPL code and runs it inside of Facebook, they can keep their sources/patches private and be in compliance with GPL.
There is a practical advantage to upstreaming your patches: because it makes maintenance easier if those patches are accepted and merged upstream, but there's no legal/license requirement to release them for code that you keep internal to your company.
IANAL but I believe that the AGPL would address the case where AGPL code was used in a user facing setting. If the code was used only internally I believe that it is no different from the GPL in this respect.
Correct: AGPL3 is GPL3 + one requirement – any user who communicates to a program must be able to retrieve its source code.
If ES was under AGPL3, AWS' ES server would absolutely fall in scope.
The Facebook example, however, is tricky. You are technically right: the FSF calls this the Service as a Software Substitute (SaaSS) problem[1]. But Facebook can run an AGPL3 project and, as long as they are careful, will not need to expose any changes they make to it.
In practice, Facebook and other big corporations are extremely unlikely to do this. If they get it wrong, they've inadvertently accepted a license they didn't mean to, which could open them up to liability or worse – relicensing things. To prevent this you get a set of approved permissive licenses that are always kosher. If you want to stray off the path there is a set of massive flaming hoops you have to jump through (VP approval? legal review? just the beginning of your fun!) that are designed to convince you that you should chose a different path that involve more permissively licensed software.
> The new license doesn't restrict others from operating Elasticsearch as a service. It restricts others from operating Elasticsearch as a service unless they release any source code patches, improvements, and/or functionality extensions they make to it.
If this was AGPL, I'd agree with you. IANAL, but SSPL is so broad that it could be construed to cover the Linux kernel, which is a no-no. :(
What real, non-theoretical, "would stand up in a courtroom" risk is there if the SSPL extends to cover the Linux kernel?
SSPL: you have to share your source code to the Linux kernel if you sell Elasticsearch-as-a-service"
GPL: you have to share your source code to the Linux kernel if you release binaries
SSPL+GPL: you have to share your source code to the Linux kernel if you sell Elasticsearch-as-a-service or if you release binaries
As long as the source is duly published under the merged SSPL+GPL conditions above, anyone trying to bring a GPL case against Elasticsearch-SSPL-on-Linux-GPL may discover that their judge refuses to enforce the GPL's hostility clause, because the SSPL strengthens the intent of the GPL without weakening it in any respect. We'll never know until someone gets to a judge, though, but my armchair speculation bet is that the "can't combine this license" clause won't hold up when the combination increases the total amount of Copyleft in play without decreasing it in any regard. I hope someone takes this to court and doesn't settle, or else we'll never find out :)
(I'm not your lawyer, this isn't legal advice, etc.)
No offense but this advice is rather risky and legally dangerous, please don't tell people to potentially put their products in jeopardy by doing this. The correct thing to do is for MongoDB/Elastic to just clarify the wording in the license.
No. The correct thing is to adopt a license I understand.
AGPL is okay.
I'm not hiring a lawyer when I'm selecting a few tools to benchmark. I'm not using EC until I've had the license reviewed by a lawyer. Ergo, redis or similar.
If the license is so badly worded that nobody can understand it, it needs to be corrected. I agree you should not hire a lawyer for that, it's not your lawyer's job to fix some other company's license for them. It's a shame that MongoDB appears to have completely lost interest in drafting SSPLv2.
Redis is still FOSS under the BSD license. If Redis Labs were to change the Redis license, AWS would fork it in a heartbeat. To help clear up confusion you can read about the Redis, Redis Modules and Redis Enterprise licenses here: https://redislabs.com/legal/licenses/
ElasticSearch know exactly what they are doing here.
By leaving it grey and a little open to intrepretation they know that AWS lawyers will have to advice AWS to avoid it because it might open them up to legal attack.
You write as though the AWS lawyers' advice is binding. However the article starts with a trademark violation and apparently in that case, the AWS lawyers didn't have the upper hand internally.
> In my opinion it seems like Elastic wants ElasticSearch to still be perceived as the fully open source project (with all of its good connotations) it once was.
That’s my attitude towards most of these license changes or “open core” pivots. These companies want all the good will and community contributions of “open source” while still being able to wield intellectual property protection laws against other companies who dare compete against them on unrelated, commoditized services like hosting.
It's somewhere between bait and switch & dumping. It's very hard to compete against free. And it's very hard to make money when you give away your product for free. Cloud hosting was a way out of that conundrum. But that window is now closing as the big cloud operators move in + the rise of Docker making hosting much easier.
> And it's very hard to make money when you give away your product for free. Cloud hosting was a way out of that conundrum.
But surely it's only a conundrum if the primary goal of a software project is for a single company that has the same name as the software project to exclusively make money by selling hosting and/or support for that software while still using an open source license to attract a community of developers to work for you for free. I'd argue that this conundrum is easily resolvable: either have an open source software project for which anyone can sell support and hosting, or have a software company that develops proprietary software and sells it and related services.
The only mistake Elastic seems to have made here is not releasing ElasticSearch under something like the SSPL in the first place. Of course, it didn't exist then.
Almost every user would have been free to use it exactly as they do today.
I think AWS is a case of someone ruining it for the rest. Yes, they’re allowed to do that and there’s nothing wrong legally, but in the end everyone will be worse off.
I would be much more hesitant choosing an storage solution if I knew the parent company has problems monetizing upon it.
> more hesitant choosing an storage solution if I knew the parent company has problems monetizing
You should be hesitant about choosing any mission critical product where you don't know how the vendor will make money. This is even the case with stable vendors. How many products has Google killed over the years because they could figure out how to make them profitable (enough)?
> How many products has Google killed over the years because they could figure out how to make them profitable (enough)?
HN never ceases to amaze me. This is a post on pattern of exploitative and anti-competitive behavior of AWS. Somehow HN crowd found a way to whine about Google. Every single day multiple anti-Google posts on HN front page was not enough.
> In my opinion it seems like Elastic wants ElasticSearch to still be perceived as the fully open source project (with all of its good connotations) it once was.
This. It is too bad they couldn't have satisfactory financial success building on open source and it is their right and perfectly fine to switch to a different model, but their justification as well as the SSPL dual licensing muddle the water unnecessarily.
At least the blogpost clearly states it is no longer open source, but then it goes "it's just definition, we're actually totally free and open, just, you know, not OSI free and open".
SSPL software is not free software, it is not FOSS. Calling it "free and open software" is misleading at best.
I don't have any problem calling SSPL software "open source". Or AGPL software, for that matter. What's not free or open about applying copyleft to network services?
The license discriminates based on field of endeavor, invoking additional constraints on the basis of what you use the software for.
The legal team for Fedora expressed this well, I think:
> It is the belief of Fedora that the SSPL is intentionally crafted to be
aggressively discriminatory towards a specific class of users.
Additionally, it seems clear that the intent of the license author is to
cause Fear, Uncertainty, and Doubt towards commercial users of software
under that license. To consider the SSPL to be "Free" or "Open
Source" causes that shadow to be cast across all other licenses in the FOSS
ecosystem, even though none of them carry that risk.
The field-of-endeavor and persons-or-groups discrimination arguments don't stand up. They just sound nice if you want to knock the license.
If SSPL discriminates against a "field of endeavor" that is making proprietary software, or against "persons or groups" that are proprietary software developers, all copyleft licenses do. That was the point. Here's Richard Stallman on the GPL:
> I make my code available for use in free software, and not for use in proprietary software, in order to encourage other people who write software to make it free as well. I figure that since proprietary software developers use copyright to stop us from sharing, we cooperators can use copyright to give other cooperators an advantage of their own: they can use our code.
The quote from Fedora perfectly encapsulates the difference between the OSI review process as people perceive it and the OSI review process as it really was. Are we judging license terms, or what we believe to have been in the secret heart of the company that wrote them? What happens when someone else uses the license, as when independent hackers choose GPL, or startups choose AGPL?
Commercial software makers have plenty to fear from GPL, AGPL, and other open source copyleft licenses, because so many of their business models entail slurping up other people's open code, but not sharing their own. Those licenses prohibit building proprietary software with open code, just not if you happen to "compose" a service with network API calls, rather than build a program by copying code snippets, using frameworks, and linking libraries.
Amazon convinces investors to eschew profits. Unusual. Result: lower cost of capital.
Amazon benefits from extended tax holiday. Result: lower cost of doing business.
Amazon appropriates FOSS. Result: lower cost of development.
Amazon knocks off successful products, competing with their own partners in their own walled garden. Result: lower cost of product development.
Amazon allows counterfeit products, fake reviews, and other fraud. Result: lower cost of operations.
Amazon uses gig workers. Result: lower cost of labor.
I'm sensing a pattern...
Amazon's success, their prime (pun!) advantage, is built on aggressively avoiding costs normally incurred by other businesses. They perfected WalMart's strategy.
Sure, they've done some clever stuff. Throw enough spaghetti, some of it will stick. Free shipping with Prime membership is akin to Tencent's freemium (genius). And figuring out how to sell excess capacity was cool.
I'm sure a lot of other leaders would share Bezos' tolerance for risk, commitment to long term plans, if only they weren't micromanaged by Wall St.
Poor phrasing on my part. I mean decisions which weren't obviously correct beforehand.
I certainly didn't grok AWS for way too long.
And there was plenty of concern trolling about free shipping, eg "how long can they sustain this loss leader?!". Very long when you have free capital, certainly more than anyone else. It fortuitously parlayed into amazing customer retention and upselling. What Prof G (Scott Galloway) has coined the rundle (recurring revenue bundle). Proved so effective, in fact, that everyone's now doing subscriptions for everything.
Getting investors to give Bezos free money for being Bezos was actually pretty good for customers and got everyone free one-day shipping. Amazon is an investor charity like Uber, not a business.
Right now it is better for the customers, but that doesn't mean it will continue to be this. You assume that once/if Bezos crushes the rest of the competitors he won't start significantly increasing prices.
We saw something similar in the 90s where health care prices plummeted as the now winners developed and convinced the public that their monopolies were good. Now they are able increase prices by 15-20%/yr into the foreseeable future.
This is not a prediction (per se), but a statement that we should realize that monopolistic might be good for the consumer in the short term but bad in the long term.
There appear to be more competitors than ever to me. Amazon doesn't have much of a moat in their retail business (they do in AWS) since your lock in is only that you've bought Prime for the year; they're merely very good at it.
They do though. If one has paid for Prime, they might not even think about shopping elsewhere because they get Free n day shipping, for whatever value of n Amazon has nowadays.
> And figuring out how to sell excess capacity was cool
If you're referring to how Amazon Web Services was born out of the excess server capacity in their eCommerce service, this has been debunked as a myth [1]
Yes, and we are all voting with our wallets by buying the cheapest products. Just like with China. And just like with Chinese production, we'll regret it when it's too late.
Isnt that ultimately every business trying to do save costs? I dont see anything wrong as long as it is legal. ElasticSearch here wants to pervade the notion that they are open but wants to exclusively maintain cloud hosted versions. Thats not how opensource works, Open source works through open collaboration and feeedom. Opensource forks are completely valid as long as they dont violate the licensing terms.
I apologize. I'm simply trying to understand and explain, if only to myself, to better calibrate expectations.
I do not criticize or defend Amazon's parasitic relationship with FOSS. Frankly, I don't yet see how it can be any other way. I just merely acknowledge the plain truth. And that Amazon is better at this than the other belligerents.
While I'm a very happy Amazon Prime customer, I'd never be an employee or otherwise do business with Amazon. I just feel like there's no way for me to benefit proportionally. Per the parable of the lion's share.
> ...the wrong assumptions how to make money out of MIT/BSD style licenses.
Go on.
I'm hoping someone, anyone will discuss Peter Hintjens' (ZeroMQ) advice.
I have three projects in my back pocket. Once seen, their secret sauce is trivially reproduced. I can think of no way to publish them as anything other than FOSS. Not even as a service. Nor can I figure out how to pay rent working on them.
Which is a pity. These three tools are pretty neat.
Here is my advice, other professions pay for the tools they use for their job.
Actually outside of the webdev bubble most companies are willing to pay for software too. SolarWinds in the news for all the wrong reasons now but their bread-and-butter was selling things to big corporations that webdevs would demand for free.
Any time I've seen it, it's glaringly obvious that HN users come down on both sides of the issue.
Pattern-matching detractors of your position as dominant in a particular venue's discussion is a common partisan failure mode. Doesn't mean you have to succumb to it.
Sorry I hate to disagree. HN has lost its way last few years. The amount of FUD spread against Google on HN is mind-boggling. Every single day there is at least one anti-Google post on HN front page. Most of the content is the old broken record. I simple hide these posts from newsfeed. But the moderators have chosen to look other way.
On top of that, lots of discussion has become simply low-quality. The comments on technical posts turn into complaining about something not related to the technical content rather about the product. The amount of complaining and whining is through the roof. Mods should look into "Whine Wednesday" type threads to keep the off-topic whinings and complaining invading every single thread.
We should realize that we all succumb to the same biases when communicating in an online forum and exhibit the same tropes - exasperation at the loss of our 'secret hangout', frustration that companies we like get bashed repeatedly, and over-analyzing and drawing broad conclusions from strangers on the internet.
Try to enjoy the good responses and don't get so bothered by the rest! Or maybe there's another community that is more enjoyable out there. Personally I can put up with some of the noise and repeated points like yours because there's still plenty of value for me in these posts. Best of luck.
I dont think there is a group like "HNers", HN is just composed of people with diverse opinions. No one agrees on everything. The rules are simple, so long as we agree to disagree everyone gets along.
This is almost, but not quite, the "Tivoization" that prompted the creation of the GPL3.
The requirement to give something back and/or avoid taking profit from the work of others is something the OSS world has a complicated relationship to. GPL is quite clear that there's a requirement to pass on source changes, if not explicitly to give them back, and many people were outraged by even this limited requirement and instead chose licenses which imposed no requirements at all.
Similarly, people want their work to be used for free by everyone .. but haven't really considered that this results in them working for the Bezos fortune, for free. Or the US military, for free.
There aren't simple clear answers to these questions, only a slowly evolving discussion.
> There aren't simple clear answers to these questions, only a slowly evolving discussion.
Certainly, and I think that if we want OSS to thrive we need to move towards a future where it's easy for companies to make a return on their investment by releasing OSS. I think Amazon and all the "I provide your software as a service" providers eat into that and hinder that future.
Yes, GPLv3 was meant to fight Tivoization, but it never anticipated providers providing services on an OSS product without contributing significantly, in combination with the companies that develop the OSS hoping to make money off the same hosted service that the former undercuts.
Basically, monetization strategies for OSS are few, and one that is beneficial for both the company and the consumer is providing hosted services. A third company that doesn't have to develop the software is usually a good enough competitor, but since the developer has the obvious support/knowledge advantage, they can still compete. This breaks down when Amazon comes in with its lock-in advantage and sucsk all the money away from the developer.
This is why we're seeing these new licenses, because there's no way currently to be "OSS except Amazon". I think we do need to figure out some way.
> Yes, GPLv3 was meant to fight Tivoization, but it never anticipated providers providing services on an OSS product without contributing significantly
Well, the so-called "service provider loophole" was certainly well-known when GPLv3 was drafted. That's why AGPLv2 was created some years prior. IIRC early GPLv3 drafts contained AGPL-style language, but several of the companies involved in the GPLv3 drafting process (such as Google) objected, and those clauses were withdrawn from the final GPLv3.
But imagine where we'd be if this discussion had happened 30 years ago, in the days when the monetization model was charging a distribution fee. How much of the modern Internet would have had to be excluded from free software licensing to protect that? I have no issue with tweaking OSS licenses to respond to the circumstances of the times, but tweaking them in order to ensure I can make lots of money seems anti-competitive and anti-innovative.
I believe in a previous thread, someone suggested OSS except companies having this much of a revenue (since market cap is a bit of a variable metric). Why wouldn't that be a viable model?
I wouldn't use software like that. Imagine you build a company using some software, and it was free until you hit $X in revenue. One day far down the road, your company is doing well and you start to get close to $X. You realize you have to acquire a license, ask them for one, and now... you just have to pay whatever they ask for? You're locked in to someone who could quote you whatever price they want. Unless it's really easy to rip out this software, it seems like a huge pain.
I would love that, and think it's a great model (basically "you don't have to pay us if/while you aren't making money from this"), but as far as I understand it, it's hard to enforce. Amazon can just make a subsidiary that makes less than that amount (or no money at all) and skirt that requirement.
It would be a much stronger restriction than they're looking for. If no developer at Amazon, Google, etc. is allowed to even use Elasticsearch, that severely impairs the viability of the project. (Depending on the revenue threshold, it could end up being a problem for Elastic too - they're not exactly a small company.)
> many people were outraged by even this limited requirement
It isn’t a limited requirements. There is a very real legal risk that using GPL software in an enterprise code base means you have to open source of your entire code base. That is an unacceptable risk for almost any business so GPL software doesn’t get used.
> That is an unacceptable risk for almost any business so GPL software doesn’t get used.
And this, right there, is how MySQL AB was purchased for a billion dollars in 2008: you dual-license your software. Release it under a copyleft license that bigco's don't want to touch (AGPL3 is tempting today!), and offer a commercial license that gives your customers the freedom to use it as they need.
Well .. yes. That's the license fee. If you incorporate Oracle code or Nintendo characters in your software you'll get sued as well. So no you can't use GPLd libraries without contributing forward. This is intentional and the purpose of copyleft.
GPL allows you to "use" but not "make derived works".
And most companies have decided that the fee of opening their entire code base to use a single GPL library isn’t worth it. That is heft license fee if you have invested billions into creating your company’s source code.
Linux system libraries are released under Lesser GPL and/or have exemptions for linking that the general GPL does not have. I worked at $bigtechco$ and anything GPL/AGPL was expressly forbidden by the lawyers.
This is FUD. The worst case for GPL software is that you're not complying with the license and you're liable for statutory damages for copyright infringement. Not coincidentally that's also the worst case for every other license, including BSD/MIT, commercial proprietary licenses, and everything in between.
You're sadly right that many big enterprises purport to believe there's some special extra risk unique to the GPL, but you're wrong to say it's a "very real legal risk"; there's no reasonable basis for believing that at all.
> Elastic could have released ES as closed source, but they didn't, and the OSS ecosystem is better for it.
Except elasticsearch was created before the company Elastic even existed. They couldn’t have released it as closed source because they weren’t there to release it at all.
It was written by one guy and it was based on previous open source code in Lucene.
I am ok with them making money off their project, but it isn’t like they are owed a billion dollar company for their work.
>It was written by one guy and it was based on previous open source code in Lucene.
That "one guy" is the CEO and founder of the company. You are making it seem like some guy developed an open source database, and a company later came around and built a business out of it, when that wasn't the case.
At least as per the wikipedia page[1], there is a lag of 2 years between product and company, and there prior history of him working on similar products. So I think it is reasonable to give benefit of the doubt that open source product was created in good faith and commercial interests only got explored later.
Most open source to commercial success stories like Kafka, Mongodb, and Elastic do seem to follow similar path.
No, but my point is one guy wrote it and has made a lot of money from it. He has been more than compensated for his work.
Any money made from here on out is not based on the work of creating the software, but on helping people use it. If Amazon does a better job of that than Elastic, than they should win the competition.
Elasticsearch offers _a lot_ above and beyond what you get out-of-the-box with Lucene. For sure, the Lucene library is used by Elasticsearch but this comparison is way off base.
In my opinion, the phrase "based on" implies that a lot of the Elasticsearch functionality is actually Lucene functionality. I disagree that this is the case, I think there is a lot of functionality that Elasticsearch brings that is really othogonal to the Lucene project (sharding, multi-tenancy of indexes, clustering, managing nodes, etc.) Again, you my opinion, definitely enough for it's own project.
If that isn't what you meant then perhaps we are in agreement. :-)
Since you have mentioned this I have read three more articles and short blurbs about this kerfuffle and _they all_ have used the same "based on Lucene" text when describing Elasticsearch. As you say, Wikipedia seems to be the one true source of this phrasing!
> I am ok with them making money off their project, but it isn’t like they are owed a billion dollar company for their work.
Because no other companies build on a foundation of open-source software today? I think that describes every company. Yes, the actual core product is the open-source software, not just components of it, but does that really matter?
I don't understand the distinction you're trying to make here.
Complaining about AWS building off open source software when you did too seems a bit awkward. I'd be willing to bet AWS has spent at least as many person-hours developing their service as has been put into ES itself.
I don't really know where I fall on this subject. Companies need a route to monetize when developing open source products. It feels like AWS has been closing many ways to do that. Short term it might feel good for us end users, but long term it's probably bad for the ecosystem.
My distinction is that I don’t think they are being abused. They want to build a business around an open source tool just like AWS wants to also build a business around an open source tool.
I am happy to let them compete to see who can offer the best value.
I don't think there's "right" and "wrong", but bizarre (entitled?) expectations. A natural part of Open Source is that someone may come in and make way more money off of something than you do. In fact, Amazon makes way more money off of Linux than Linus ever did. But you don't even have to go that far, many completely unrelated YC companies made way more money off of Linux than Linus did, and could arguably have not pulled that off without Linux being a free OS that you don't even have to think about since it's so ingrained in hosting. But when the intent of Open Source is "to increase the quality of software around the world", this is considered a good result. However, when the intent of Open Source is some nebulous initial hyper-growth to then hope you can offer hosting, the expectations just aren't set correctly. Unfortunately, the open source strategy does not magically offer the right result based on the intent of the author.
If Linus all of a sudden woke up tomorrow and said "Hey, I just realized that I'm not being paid a cut by literally every single company in Silicon Valley, that is NOT OK, I am going to shift gears and remove non-contributor code and start releasing Linux as closed source from now on", I feel people would be less forgiving than they are to these much less impactful companies. But Linus would be as "right" as they are, arguably more so.
Many of these companies are simply learning that maybe all those "dinosaurs" of the 90s might have been onto something with commercial licensing, which ultimately seems to be what they actually want: to charge money for their software. Sure, it doesn't get you free contributions and ready-made communities, but it gets you money, which is what a company is supposed to do. And that's fine! It's just not Open Source.
Linus' original license did forbid making any money off the kernel:
> - You may not distibute[sic] this for a fee, not even "handling" costs.
Also I think the GPL was pretty important to the kernel, since many companies, especially in the 90s, probably would have kept contributions private and their code closed without that gentle push.
Maybe they would still be around in some form, yes, although the mass market advantages of x86 would still have killed of the traditional RISC Unix workstation market etc.
OTOH maybe eventually most people would have switched to FreeBSD (or whatever free *BSD would have been the "mainstream" choice), just like they switched to Linux in our universe, since they thought that whatever value add provided by some proprietary unix wasn't worth it anymore.
In a hypothetical copyleft-free universe, sure, there would be a lot more companies using OSS to create proprietary products without having to think about what is a derivative work, linking and distribution restrictions. OTOH all those proprietary companies playing the "commodify your complement" game against each other would ensure that the quantity and quantity of OSS would continually be increasing as well, forcing those companies to continually innovate lest they lose their market to the free OSS alternatives. To repeat, hypothetically speaking, as we don't have an alternate universe to run such experiments in.
But we kind of do, BSDs are enjoying lots of upstream changes from Apple and Sony.
And in what concerns x86, they would just support it as well, as Solaris did. HP-UX and Aix also have supported a couple of CPU architectures, as did some of the others.
Just Irix was kind of married with MIPS.
Or Windows would just have won the x86 server room instead.
In any case, there are a couple of major surviving GPL projects, all competition against Linux on the IoT space are BSD/MIT FOSS POSIX clones, ironically one of them being sponsored by Linux foundation (Zephyr), so those around in 20 years will get to appreciate how much of GPL will still be left around.
I don’t see these as comparable. If Microsoft packaged up Linux and started selling Linux licenses, maybe? Elastic search being used in a product seems different from elastic search being the product. It’s not black and white, but there are real differences.
I can’t imagine anything closer to “selling THE product” when it comes to Linux than AWS EC2. It’s Linux as a service on different virtual hardware options. It’s directly comparable to the AWS Elastic search service, which is Elastic search as a service on different virtual hardware options. The fact that this isn’t immediately obvious shows how much we take Linux for granted.
Perhaps you mean when comparing to the “all Silicon Valley companies” I mentioned, but that still leaves AWS, GCP, Azure, Heroku, and every serverless provider out there as direct comparisons to this situation.
Ah yeah, I meant the comment about “literally every single company in Silicon Valley,” but now I see that was entirely ambiguous. I thought you meant like Facebook, google (minus GCP), Uber, Airbnb, etc profiting off of linux (and pandas and gcc and pytorch and Cpython and ...).
> Elastic could have released ES as closed source, but they didn't, and the OSS ecosystem is better for it.
A relevant question is "would they have been that successful if Elastic were 'just another closed source enterprise product'."
Elastic was successful because a lot of companies tried it out for free and then purchased licenses, or because hobbiysts used it on their personal project and then pushed for it at work.
> A relevant question is "would they have been that successful if Elastic were 'just another closed source enterprise product'."
> Elastic was successful because a lot of companies tried it out for free and then purchased licenses, or because hobbiysts used it on their personal project and then pushed for it at work.
That model is not actually incompatible with closed source. You can always distribute binaries with a liberal usage license. And if your model is selling support, that might actually be helpful, since it's even less practical for a 2nd or 3rd party to support software when they don't have access to the source code, so you'd sell more support contracts
I think Amazon's behavior may end up just harming open source, by punishing the idealism that leads companies to try to make commercialized open source business models work.
You would be surprised how many third party companies support closed source software product of another company. This is very common in enterprise world. It is also a common way for a vendor to get their foot into an enterprise entrenched with a competitor's product.
> You would be surprised how many third party companies support closed source software product of another company. This is very common in enterprise world. It is also a common way for a vendor to get their foot into an enterprise entrenched with a competitor's product.
I'm aware of that, and have even worked with such companies. However, IMHO it's way harder (and less effective) than supporting an open source product. For instance, it's way harder for a 2nd or 3rd party to diagnose and patch a bug if they don't have the source.
> by just installing and maintaining that product as a service?
You are seriously underestimating the value Amazon provides by "just installing and maintaining" those services. Maintaining a service at the scale they offer is a huge undertaking.
You get the high-availability, the hundreds of engineers working to keep those services up and make them talk to other AWS services easily. You get teams of engineers on-call to react to any failures.
I agree with you that this has a bad effect on the companies that originally created those projects, but I do see a huge value in what Amazon offers.
> ...they can install and maintain but don't have to develop it too.
As someone building distributed systems, I'd think you'd appreciate that merely "installing" Elasticsearch wouldn't simply cut it for the scale AWS operates at.
I wish Elastic would have focused on their differentiated offerings instead and had let go of their iron grip on Elasticsearch itself (perhaps by creating a Foundation around it).
> companies are formed, invest a whole lot of resources into creating a product, open-source it, and then have Amazon eat into their profits by just installing and maintaining that product as a service?
Why should we be mad at Amazon for adhering to the terms of the license that the ES developers chose?
Software isn't born under the terms of Apache 2/MIT/BSD/a similarly permissive license. The people who developed it chose that license.
Because while it's true that Amazon is following the terms of the license, it's having real repercussions in that the people actually maintaining the Software are seeing decreased ability to grow the product because a huge company, belonging to the second richest man in the world, is offering it as part of their vertically-integrated oligopoly.
Reducing it to an issue of following license terms is short sighted, it's having negative repercussions on the software ecosystem and it's a dimension that has to be considered beyond merely a discussion on copyleft and the extent of it.
> Reducing it to an issue of following license terms is short sighted
It's really not: the license terms are the root of the problem you are pointing out. We can either voice our (righteous, but ultimately pointless) anger or we can try to analyze what's happening and how to fix it. So let's do the latter.
Amazon offers a fully managed ElasticSearch service running on the core ES code because ElasticSearch was, up to this point, released under the Apache 2.0 license which fully supports Amazon's right to do this.
Amazon offers a fully managed MongoDB compatible database called DocumentDB. It is not based on MongoDB – Amazon reimplemented the core functionality but maintained the MongoDB API layer.
MongoDB Inc. makes the forceful point that it is not a drop in replacement[1] but a rather crippled product that lags behind what MongoDB can do and continues to diverge. This is likely very good marketing for MongoDB and probably helps their company succeed :)
Why did Amazon do this? Why would Amazon use the core ES code but go through a more difficult reimplementation for Mongo?
Because MongoDB's core was licensed under the terms of the AGPL3, but all the drivers that implemented the API functionality were implemented under terms of the Apache 2.0 license.
> the people actually maintaining the Software are seeing decreased ability to grow the product because a huge company, belonging to the second richest man in the world, is offering it as part of their vertically-integrated oligopoly.
When you choose an OSS license, you're giving permission to any company or person to exploit your product in any way they want, this is how OSS works.
Amazon is not the only one that can do this and I would be surprised if other cloud vendors didn't also offer ES and other popular OSS software to their customers.
Do you expect that just because you created some OSS you deserve some kind of exclusivity on profits made from it?? If you do, you need to understand you need to use a non-OSS license. This seems to be what Elastic has finally realised, but a bit late.
Yes but that's what I'm talking about. That's a core principle in OSS so far but you can't sweep the issues of fairness to the people doing the actual work nor the issue of contributing to increasing the power of organizations whose interests are more likely counter to people's freedom and welfare.
I know that prominent figures in FOSS have expressed the sentiment that you have to suck it up, but you know, the people actually living through this have a say.
Thus, licensing changes and a conversation on their moral standing.
You cannot release your software under the terms of a permissive license, then when faced with a large company following the terms of the license, complain that you should get first crack at monetization.
That seems to be the fundamental problem with this whole tempest in a teapot: people have decided on an idea of what "free software" means in their hearts, and many people think it's about "fairness" and "protecting the little guy". That is noble and good, but isn't extensible to an existing large body of software with licenses that clearly spell out how free they are or are not.
But what is great is that if you don't like the state of affairs you don't have to suck it up: you just have to pick a license that is better suited to your goals.
I have a handful of open source projects on my public Github. They fall into two categories for me:
* Software that is trivial, uninteresting, or easy to replicate: these I've released under the terms of the ISC license (2-clause BSD). I have no expectation it will ever come to much, so I'm happy to free it – if it ever turns up in the license file of the iPhone or a Tesla or something I'll say "cool!" (but it won't because it's not that good ;)) Hopefully someone uses it and it makes their life easier.
* Software that is non-trivial, interesting, or difficult to replicate: I've freed it all under the terms of the AGPLv3 and placed a "business use? contact me about the license" note at the top. If I ever decided to work towards building a product around the software (but I won't because it's not that good ;)) I'd look at a dual-licensing strategy, but in the meantime it's out there for anyone to extend and carry forward and build things on. But I know that the AGPLv3 essentially means FAANG will never touch it because the risk is disproportionate for the reward of using it.
This feels right to me. Your calculus may be different so you can license as you'd wish.
> Why should we be mad at Amazon for adhering to the terms of the license that the ES developers chose?
We shouldn't. But you can't have your cake and eat it too, and say "well these are the terms you chose so why be mad at someone following them" and then ALSO say "hey, you can't change your terms!".
They're their terms, they can change them if they want to.
> But you can't have your cake and eat it too, and say "well these are the terms you chose so why be mad at someone following them" and then ALSO say "hey, you can't change your terms!".
I haven't said that. And as far as I know, Amazon hasn't either. Have I missed something from them?
You seem to be the only person passing value judgements:
> Amazon hinders that, period. I don't think Elastic is in the wrong here, I think Amazon is.
This is incorrect: Amazon used Elastic per terms of the license. Elastic didn't care for an infringement on their business, so they've relicensed. No one is in the wrong here.
> I haven't said that. And as far as I know, Amazon hasn't either. Have I missed something from them?
I'm talking about the general sentiment here. Either Amazon have been playing by the rules and Elastic is within their rights to change those rules, so no problem anywhere, or Amazon has been harming a part of the OSS ecosystem and forced Elastic to make an unpopular change.
> Amazon used Elastic per terms of the license
Maybe I shouldn't have used "in the wrong" and said "is the problem" instead. I don't so much care about whether the rules are being followed as I care that more companies are encouraged to release their software as OSS because they can make money for it. That's a win-win situation to me.
> I care that more companies are encouraged to release their software as OSS because they can make money for it.
But they can't! Tell me how many companies make profit off purely OSS... RedHat maybe? What else?
And even if they can, they shouldn't be surprised when competitors use their OSS for their own benefit because OSS explicitly allows for that. Making money off OSS is a red herring, just because it works in a couple isolated cases, doesn't mean it's a viable business strategy.
Fundamentally, there's no "profit" to be made in OSS, nor public goods in general. If you try to charge for more than "at cost", someone else can and will come along and undercut you.
Why the scare quotes? Well, I don't mean all profit according to definition, but specifically the "returns for investors" type. Company profits. Technically you can run a sole proprietorship, and make (say) $100k in profit.. or you could structure as a corporation, pay yourself a $100k salary, and make no profit. It's all the same money, but it's two ways of looking at the portion that I would like to describe as fair compensation to a human for the work they do. When I say "at cost", I don't mean that it's fundamentally impossible to make a living working on OSS; I mean it's fundamentally impossible to get filthy rich with it.
And in my opinion that's a good thing. In my experience, "getting filthy rich" / providing outsized returns to investors almost always comes at someone else's expense. Usually the little guy. It happens when the poor sod paying you can't afford to switch to a competitor, so you're able to wring them dry. The counter-argument goes that we need the "filthy rich" incentive to motivate people to make these things. I think it likely increases the rate of innovation, but I think the amount of cool and useful OSS written by people in their spare time is evidence enough that profit is not a requirement in that area, only financial security.
There is a problem, though, where it's currently very difficult to even make a living wage working on OSS (again, or public goods in general). I think can be solved, and I am working on a project trying to solve this (as a volunteer; we could use help). I'll cut it here (I spent far too much time writing this comment already...), but you can read more at https://wiki.snowdrift.coop
Well past the edit window now, but I discussed this with someone else yesterday and they pointed out the word I'm looking for to describe "at cost, including cost of living", non-exploitative part of income is earnings.
The main problem is not Amazon using the Elasticsearch product, but using the Elasticsearch trademark without permission, even creating a fork with that trademark in it. That is not OK.
And then doing stuff like this:
> When Amazon announced their Open Distro for Elasticsearch fork, they used code that we believe was copied by a third party from our commercial code and provided it as part of the Open Distro project.
That makes it all the more dodgy. The fact that AWS is also the only cloud provider they complain about, and explicitly name others where they don't have these issues with, paints a pretty clear picture imho...
I slice it this way: as a company that is highly invested in AWS it is easier for us to deploy AWS ElasticSearch service than to use Elastic's cloud offering or set it up ourselves. But that doesn't mean I like it. Or are you talking about a different end user?
I don't think of it that way at all. Nothing is free. The servers cost money. It costs money (resources) to manage servers. The cloud offerings appeal to us because we do not want to manage servers. AWS ES appeals to us because it is hard for us to sign contracts to buy software outside AWS. The trajectory of the software is definitely something we factor into the decision, but it is very often outweighed by the other factors. To me it is AWS Elastic vs Elastic Cloud vs hosting our own Elastic. Or use something else entirely.
From a purely utilitarian perspective, I can live without Elastic far easier than I could live without AWS. From a legal perspective, AWS are faultless in using OSS for their own purposes. The only losers are Elastic's investors. And there's no way they couldn't have seen this coming with their business model as it is.
I think Amazon infringed on the trademark. I’m not sure how that didn’t lead to an agreement between ES and Amazon. Perhaps Amazon just had the better lawyers.
Don’t forget the CEO has cashed out ~$200M in stock the last two years alone and still holds $1B worth of stock, yet complains about AWS making money and changes the license so he can make even more. He likes to quote a tweet from 2015 from the CTO of AWS when they launched the Elasticsearch service in AWS. That was 6 years ago! They have had time to build a better offering with heir commercial licenses have failed. Elastic is trying to sell security now, what happens when they lose there too, change the license so any SIEM or analytics vendors have to pay them too? Elastic made a promise that the code would ALWAYS be Apache 2.0 and they went back on that promise, they lied to the community that helped build it, their customers, employees, partners and investors. The blog post about the license titles “Doubling Down on Open” is an insult to peoples’ intelligence, they are trying to play the victim because AWS is a mean bully. Well that’s business, if the CEO/founder didn’t see it coming then maybe he shouldn’t CEO? Take his billion dollars and go start something else and hand the company leadership over to someone who knows what they are doing.
I don't see this at all. The "extinguish" phase is usually done when a product is acquired by a direct competitor to acquire it's customers. Amazon doesn't have a competing product. And their platform is well-known for supporting multiple competing software products (look at their array of databases for example). And the fact that they are now supporting their own JVM to protect users from Oracle's newly aggressive licensing.
This is, perhaps, exploitation but it seems unlikely they'll kill Elastic ever.
> No matter how you slice it, I think Amazon is bad for us end-users, and Elastic is good.
I don't think that's clear. I (and the team I work with) use AWS, like so many of us do. (And the ones who don't very likely use Azure or GCP.)
Why do we give money to AWS (and their kin) every month? I'd submit it's because we're getting value from it. If AWS was actually bad for end users then we, as end users, would walk away.
If you were right, and AWS was bad and Elastic is good, this would be an easy problem. But actually, they're both good. The issue is people who paid AWS to host ES instead of Elastic, and you know who those people are? Us. And with reason!
The core of Elastic-search is Lucene, another OSS. I'm sure the ES team contributed a lot to Lucene, but do they share their profits with all the Lucene developers? You can think about Elastic as a hosted service around Lucene.
1. The scope of the change. My understanding is that Elasticsearch may use Lucene under the hood, but extends it in ways and for use cases that Lucene was not designed for. The same can not be said about AWS taking Elasticsearch and running it as a drop-in replacement.
2. Perhaps most importantly, Elasticsearch didn't build on top of Lucene, and then decide to call itself Lucene. If you think there is so little differentiation between the product you built and the product you built off of, that you are better off highjacking the name, then I question if you made any meaningful differences.
3rd BONUS difference: It is my understanding that a large part of the core Lucene team works at (or at one point worked at) Elastic[0].
1. No one says you need to modify/extend something in order to sell a service around it. That's why we have licenses that list exactly what you can do and cannot do with the software.
2. Amazon adds value here by providing hosting solutions for companies using the elastic search software. So it makes sense to call it "Amazon Elasticsearch Service" since that's what it is. I think interpreting this as Amazon built a new competing product but calling it the same name is not the right interpertation. If that's confusing then maybe modifying it to "amazon elasticsearch hosting service" would be the OK thing to do. Not sure if that would make Elastic happy.
3. That's nice of them (really!). Sounds like win-win. But again, it doesn't make anything they do more justifiable.
The only obligation that Easticsearch has to the Lucene project is to donate back improvements to Lucene itself. I believe the Elasticsearch project has done this in the past.
No one is asking Amazon to share profits with Elastic. Many people do expect Amazon to honor trademarks of other companies. Many people expect Amazon not to package proprietary features as if they were free and open source.
Lucene is a library that makes it easier to provide indexing and searching of "stuff". It's not a commercial product with a sales and consulting team. I can't think of a more apples and oranges comparison.
I don't know anything about this story so cannot comment about them packaging proprietary features. But here's my thought about the trademarks claims from Elastic. The only info I have is the blog post they shared.
Elasticsearch is a name of an open source project. Why is calling something "Amazon Elasticsearch Service" a trademark issue? It's not Amazon's fault they called their company after the name of an open source software (the OSS came first btw). Also, IMHO calling it "Amazon Elasticsearch Service" is fair since it represents exactly what it is. Would it better if they instead took the code, made some closed modifications and then released a service around it with a new name? My thought is no.
The open source project trademarked the name of the project. Because it is trademarked, Amazon requires permission to use the name of the project.
This isn't unusual, many other open source projects trademarked the name of their project. Google has some guidance on why a project might want to do this.
I don't really want to get into the moral rabbit-hole of who's right and wrong as that's clearly super controversial and subjective.
But I did want to add my personal anecdote to serve as a canary-in-the-mine on what effect the status quo could perceivably have on the proliferation of open source software over the long term:
I think we can all agree on the basic premise that having more open source software is a good thing for society.
For the longest time I dreamed of creating my own open source tools and products and simultaneously monetizing it to create a comfortable life for myself and maybe even eventually turning it into something bigger, and leave my mark on the world.
However, as the years past and events like ElasticSearch v Amazon unfolded, I became more and more disillusioned on the realistic prospects of such an outcome.
Today, I'm in the process of building something that would probably see more success in terms of adoption and do more good in the world if it's released as open source software, but at this point I've basically made up my mind to release it as proprietary software to have a realistic shot of monetizing it to achieve financial independence and eventually build a company around it.
Basically I've weighed the tradeoffs and chose to put my own ability to capture the value of what I created over trying to maximize the value my software could create if open sourced.
This was not a easy decision for me to make, but I suspect I'm not alone in having thought about these tradeoffs and reaching these same conclusions. And as more and more people witness the struggles of companies trying to build viable businesses on top of open source software, more and more people could make the same decision, and thus society would be robbed of all the value that having these pieces of software as open source could have created.
I think the chilling effect these kinds of case studies have on the proliferation of new open source software, and the loss incurred by society as a whole as a result, is at the core of what we should be trying to figure out a solution for, not some philosophical discussion around who's in the right or wrong.
I think both are at fault. Amazon for provoking this and Elastic for over-reacting like this and totally break with the open source licensing, when that isn’t necessary to stop Amazon. They could do like MariaDB rather than follow MongoDB: https://perens.com/2017/02/14/bsl-1-1/ Would be much more appropriate and alienate the open source community much less.
Code converts to an open-source license after X (e.g. 4) years in BSL. Time will tell how it works out, especially for mature products it could just mean that everyone targets the 4 year old version.
Time will also tell how eg. SSPL will work if eg. Elastic becomes bankrupt, what happens if I can't get a commercial license for it anymore in 10-20 years? BSL:s expire clause ensures that old code never gets unavailable because the business entity has vanished. Does SSPL have any similar protection?
If you ask me, these license changes are bait and switch. If they had started with this license it wouldn't have the same adoption, now they are pulling it.
On the one hand I don’t like the idea of a company like Amazon exploiting (in the classic sense) open source. I’ve not seen Amazon give much back to open source relative to what they’ve gained.
On the other hand if you open source something with a license that permits selling the software, well... what do you expect? You gotta hand it to Amazon. They’ve really hustled the industry by hosting open source code. The code is free, literally anybody else could have done this, but Amazon did it especially well.
Elasticsearch became popular on back of being F/OSS. The "our code" Shay talks about is community's too: All the evangelizing through blog posts, talks; and the countless hours spent reporting bugs or even fixing them. If anyone thinks a community's contributions are any less than their own company's, then they don't get to claim to be torch-bearers of F/OSS (which Elastic is without realizing the irony).
Shay keeps claiming "our users" aren't affected, but who's he fooling? They say, AWS cornered them to adopting dual-license SSPL, what's to say they woudln't do an Oracle in the future (like Sun did with Java and continue to do with their DB offerings?). Slippery slope, sure, but it is indeed slippery for a company struggling to compete with competition and seeking predatory avenues as last ditch attempt to stay alive.
I believe, in all my naivety, that Elastic could have created an Elastic Foundation (like Joyent did with NodeJS, who btw didn't throw a hissy-fit at AWS for Lambda) and invited developers from all walks to shoulder the burden of the core software (which they themselves commoditized by F/OSSing it) so that they could focus on SaaS (like AWS).
I'd like to think, Elastic's real problem is they have hard time competing with AWS in terms of pricing for SaaS (of course, AWS owns infrastructure and so it is a tough battle-front), but if they were paying any attention, AWS Elasticsearch Service was very poor in 2015 and continued to remain so for a long time (it sucks less now), but Elastic's own service wasn't up to the mark, either. I think they misplaced their priorities (see GCP's flawless execution with k8s, managed-k8s, and Anthos) and were caught asleep at the wheel when they could have captured SaaS market away from AWS in those interim years (2015-19) by focusing solely on differentiated features and not on the core Elasticsearch software (which was libre and hence undifferentiated).
Of course, Shay and Elastic know better than I do and I am indeed a grumpy developer who's upset, but I want Elastic to give up their misleading messaging viz. 'doesn't affect / nothing changes for our users'. They're being hypocritical and not doing anyone any favours.
> And to be clear, this change most likely has zero effect on you, our users. And no effect on our customers that engage with us either in cloud or on premises.
No, Shay. It does affect the community, who are also the users of the software.
> We created Elasticsearch; we care about it more than anyone else. It is our life’s work. We will wake up every day and do more to move the technology forward and innovate on your behalf.
I see a lot of "We"s and "Our"s. And that's the problem with CLAs and stealing someone else's work. Companies can't tell anymore who's stealing from whom.
If not AWS it could have been anyone. This is an inherent vulnerability in the open source business model: there's no particular reason that upstream developers would be the best at hosting or consulting on their own stuff. You can afford to give the client more attention/hardware for their money if you don't have to also pay developers.
Amazon came in and took a bunch of that money while not giving anything back.
Amazon is giving a lot back to the community, though. They are providing a really valuable service when they provide open source software as a service. They aren't giving back to Elastic the company, but it's important to note the difference, because Amazon isn't being a bad actor here. I think it's reasonable for both Amazon and Elastic to act the way they do, and I think the competition between their respective business models will end up in a better set of products available to developers.
I would bet that if Elastic disappeared we'd see this offering stagnate. Amazon has put time and energy into work making the service but little (AFAICT) into the Elasticsearch product itself.
In my opinion this is a short-sighted way for Amazon to do business. If Elastic makes every new feature unusable by Amazon, do to licensing restrictions, Amazon's product will fall behind.
No, many SaaS providers have discovered that it’s the back door in the GPL, Google were the leaders in this field. AWS is egregious but they didn’t invent doing this.
What's the point of "open sourcing" if you get annoyed at people redistributing your work? Honest question here.
I'm really not interested to know who's in the "right" or in the "wrong". I want to know, what's the motivation for opensource if not "reuse my code please"
That question makes the wrong assumption. You assume "OSS" is a given and "getting annoyed at Amazon" is the issue. In reality, "getting annoyed at Amazon" is the given and "OSS" is the issue.
Then, you can ask "if they get annoyed at Amazon, why open source?" and the answer is "indeed, and now that they realized their mistake they're changing it".
> Then, you can ask "if they get annoyed at Amazon, why open source?" and the answer is "indeed, and now that they realized their mistake they're changing it".
Notably, they're changing it after building a business off the back of many contributors, many of whom expected to be contributing to OSS. Sure, there's a CLA so there's no legal issue, but I'm not sure it's any more morally virtuous than what Amazon's doing. Both are versions of "trying to make billions of dollars off the backs of other people's work".
There's having cake, and then there's eating it. Either you want to retain control over something so you can monetize it to the max, or you want to particpate (and benefit from) the OSS community and build something that benefits everyone.
> Amazon came in and took a bunch of that money while not giving anything back
Amazon took no money from them; they competed on potential revenues.
I think people are upset, not because they don't clearly understand Elastic's motivations, but because Elastic is trying to paint Amazon as the bad guy for using the license Elastic offered. Amazon benefited from Elastic's open license, but so did Elastic. Being open source has greatly benefited Elastic's own business and growth.
That isn't to say that Amazon's size and practices around open source aren't cause for concern, just that Elastic come across as very disingenuous when they try to lay all the blame on Amazon while proclaiming how dedicated they are to "openness".
Amazon has become known for copying products and selling them as Amazon Basics. They either kick the original product off their platform or undercut the prices so drastically the original seller goes out of business.
I think I have grown a rather hard stance on this over the years: putting an open source license on a product isn't a business model. It's, by and large, a part of a larger business model.
A license is a choice. It means you choose to not gain revenue by directly licensing the IP. Instead, you choose to put the code out there without any further legal obligations on your part as well as those who use that code.
It also means that you have to find alternate ways of making revenue e.g. by providing consultancy, building services or licensing the trademark (which is an entirely different ball game from open sourcing the code!).
The trouble isn't that Amazon decided to use ElasticSearch in their own offering. The trouble is that Amazon simply out-competes ElasticSearch with their own product when it comes to consultancy, services, etc.
To add insult to injury, Amazon made the mistake of leveraging the ElasticSearch brand a few times too many in ways that just rub the ElasticSearch people the wrong way.
Of course, the founders of ES could never predict how successful their product would become after a decade. There are plenty of open source products engineered by commercial companies that never catch the eye of behemoths like Amazon.
> Amazon simply out-competes ElasticSearch with their own product when it comes to consultancy, services
You're kind of right about this, but it's the issue that AWS just has a massive head-start with any client that already uses AWS. They don't really out-compete, they just use their existing vendor lock-in to gain an advantage. And really, by using your dominance in one "market" to gain an advantage elsewhere ends up feeling like a bit of a grey area.
> To add insult to injury, Amazon made the mistake of leveraging the ElasticSearch brand a few times too many in ways that just rub the ElasticSearch people the wrong way.
You're phrasing this in a way like Amazon "leveraging the ElasticSearch brand" isn't a trademark issue. Is "leveraging the trademarks of another company" suddenly okay (as long as you don't do it 'a few times too many') as long as you're Amazon? What if Amazon started selling smart thermostats by "leveraging" the Nest brand?
At my job, we evaluated moving from AWS hosted ES to several of the Elastic offerings. Many of them were more expensive than AWS was before taking hardware into account (as in comparing cost of Elastic licensing vs the whole cost from AWS). This made it exceedingly difficult to justify the move. It's not only the headstart with the client (billing relationship in place), but the cost that hampers them.
But isn't a big part of the reason Amazon can offer better pricing because of the scale of their existing client base? I'm not saying that they are doing this, but they could if they chose operate on very thin margins or even at a lost to keep their hold on clients and make up with it on other products in their ecosystem.
Hmm. Operating on thin margins to gain market share and drive competitors out of business, then making up the difference by creating sales in related businesses in their ecosystem doesn't sound much like Amazon...
In my experience it is that Elastic does not understand the market.
About four years ago we have attempted to get their software . It felt like I was dealing with Cisco sales people circa 1998. They were clueless on how to do a multi hundred thousand dollar deal - think slow, inefficient, inflexible, unwilling to compromise on extra $500 add on that would have ended up being a rounding error.
That's how it is for a lot of companies, not just Elastic. We have to deal with jfrog, who has separate billing teams for SaaS and on-prem so for us to switch from on-prem to SaaS is a pain in the ass. If AWS ever offers artifacts storage with more artifact types, then obviously we're switching. And that's just 100% so we don't have to deal with jfrog's dumb ass contracts anymore, never mind pricing.
ugh the pain that comes from negotiating our contract every year. Or the pain that comes from trying to get trial licenses. Or the pain we're seeing now from switching to SaaS.
And that's why AWS eats their lunch. Execs of Elastic ( and other companies ) should deal with their inept sales force rather than point fingers at AWS.
> You're kind of right about this, but it's the issue that AWS just has a massive head-start with any client that already uses AWS. They don't really out-compete, they just use their existing vendor lock-in to gain an advantage. And really, by using your dominance in one "market" to gain an advantage elsewhere ends up feeling like a bit of a grey area.
I'm not sure if it's actually a gray area, since I'm pretty sure leveraging your market dominance in one area to compete in another is illegal anti-competitive behavior. Isn't that what the whole Microsoft antitrust case was about? It's too bad the government pretty much gave up on enforcing antitrust law for 20 years, since it feels like similar practices became normalized due to lack of enforcement.
British Airways only had a 38% market share when they were sued for abusing their dominant market position in 1998 (which was upheld by the Court of Justice in 2007)
Presumably they could. I mean, if the EU legislators had intended for a monopoly to be necessary to be considered “dominant”, then they could have written “monopoly”, couldn't they? They didn't write that, so it seems safe to presume they didn't intend that. And if anyone is dominant, then who, if not the market leader?
> Leveraging your monopoly to compete in another area is illegal. Leveraging a strong position isn’t and Amazon is a long ways from a monopoly.
That really depends on interpretation, which has shifted over time and continues to shift. IIRC, recent interpretations of some types of anti-competitive behavior have been rather literal and required something very close to a literal monopoly, which has had the effect of neutering antitrust law in all but the most blatant of cases.
My understanding is that it's arguable that it's anti-competitive to leverage market share advantages more broadly (e.g. antitrust law could be used to constrain/break-up a duopoly).
The grey area here is more about what the "market" is defined as here. It's not entirely clear that the existing dominance that AWS has is different enough from "hosted search services" to be considered a different market (from an anti-trust point of view)
Open source works fine, and does quite well as a business model (use it as free advertising).
What has happened here is a plain old case of monopoly.
Once markets are no longer efficient, the model breaks down. Amazon can use its resources to extinguish competition with their own product.
This is why we need antitrust law.
It's not a failure of capitalism, its not a failure of the businesses involved its just what happens when you run a freeish market. That is, things get out of whack to the point we the people feel it is unjust, it would eventually right itself but this would take a long time and likely do more interim damage than its work allowing, so we fiddle with it, hopefully not breaking anything in the process.
> its just what happens when you run a freeish market... it would eventually right itself but this would take a long time
If we think of the system as a delicate natural balance that we should try our best not to disturb too much I think we've immediately taken a very specific stance which itself shouldn't be above critical examination. It is, after all, just a social system and all social systems involve some level of design whether we like that fact or not.
In theory, we could conceive of the possibility of an economic system that both preserves the autonomy and independence of its actors while also preventing monopolies from emerging in the first place. Its a hard problem to wrestle with but its preferable to acquiescing to the blind faith in the invisible hand. We should never give up on an effort to understand how we could evolve our current systems into ones that work better (imagine if we took the same stance with technology).
I think there's a subtlety in the way Amazon as a company markets what they do and leverages the brand that's important here.
Take for instance Amazon RDS which is a family of managed relational database services. I don't think "Amazon RDS for MySQL" is an unfair use of the "MySQL" trademark, even if Amazon haven't asked Oracle's permission. The reason here is that it's much clearer in the way RDS is branded that it's not endorsed by the database engines it supports, it uses their trademarks to describe the engines they integrate with which seems reasonable in my view. Amazon RDS is still its own independent brand.
"Amazon Elasticsearch Service" crosses the mark in my opinion because it blurs the line between the two brands and in many ways implies that Amazon actually made Elasticsearch themselves.
>> Amazon simply out-competes ElasticSearch with their own product when it comes to consultancy, services
> You're kind of right about this, but it's the issue that AWS just has a massive head-start with any client that already uses AWS. They don't really out-compete, they just use their existing vendor lock-in to gain an advantage.
Can't client run his own Elasticsearch inside AWS? By installing and maintaining it yourself (or contracting someone to do it for you).
Then I don't see vendor lock-in sense: "We choose AWS to host us, now we have no real choice but to use Amazon Elasticsearch Service". Am I missing something here?
> They don't really out-compete, they just use their existing vendor lock-in to gain an advantage.
For the customer, the biggest advantage of AWS' SaaS offerings over a 3rd party's (hosted on AWS) is the billing. AWS Marketplace negates that. Maybe at some cost to the provider, but I just found ScyllaDB and RedisLabs there, so it must be working for some.
> but I just found ScyllaDB and RedisLabs there, so it must be working for some.
No, it doesn't work for RedisLabs. Amazon offers managed Redis called AWS EC Redis and recently someone I knew decided to move their entire Redis (multiple) clusters from RedisLabs to AWS EC. RedisLabs lost hundred of thousand dollars.
RedisLabs is probably the vendor that foot the bill for Redis software development end-to-end.
While I understand that some people viewed a successful OSS project is akin to Wordpress: lots of hosting providers, rich ecosystems, _and_ Wordpress main company is still making good money out of it; this is not apple to apple comparison (can't compare Redis and Wordpress).
Redis belongs to the group of MongoDB, ElasticSearch, etc.
They don't outcompete. AWS's ES is a steaming pile of crap and everyone I've ever met with a real usecase that needs ES on AWS rolls their own on their own EC2 instances.
I quake to think of how bad ES's own managed service must be if it still gets customers then. I don't know anyone that uses the services offered by ES so I can't ask directly.
> The trouble is that Amazon simply out-competes ElasticSearch with their own product when it comes to consultancy, services, etc.
I don't know if it out-competes them on those terms exactly, rather than the advantage of "Well I'm already on AWS and they offer an ES service so why not just use that".
true - but that's exactly how it out-competes. It's a repeating pattern. Setting up an agreement with a 3rd party provider has friction. The bigger the client, the higher the friction. If $BIGCO has an enterprise agreement with $BIGCLOUD, then $SERVICE hosted on $BIGCLOUD is nearly always going to win against $SERVICE's own commercial offering.
Right, but that's the sort of setup that's detrimental to society and therefore we ought to consider regulating or otherwise setting up an environment that is disadvantageous to it.
Why do enterprises make it difficult to add a new vendor? Because they are careful with their data and legal obligations. Regulatory and auditing obligations are no joke and onboarding a new vendor is a nontrivial problem to do in a compliant fashion. The only aspect of this which is "detrimental to society" arguably is the legal requirements, but even then you might argue its better for a large organization to pay attention to other companies' licenses instead of stepping on them.
spot on. The lesson for would-be companies formed around open source is pretty stark: if your stuff is any good, then assume the clould vendors will offer it. If they do, it's going to be really hard for you to compete with a separate commercial offering.
Not only has the cloud vendor already gone through the hoops of getting an enterprise agreement in place. They're also big, and recognised, and know how to deal with Procurement. And Risk. And Compliance. And Legal.
Not saying I like that situation. It does seem unjust that the big guys can just cherry-pick good products and monetise them without giving anything back. It offends my sense of fairness. But that's commercial reality, at least in today's markets.
The whole reason I would choose an open-source tech against closed source is so that I can go to whoever I want for support and future enhancement, that I'm not dependent on this tiny company for my business continuity. Sometimes that tiny founding company may not be the best to offer the kind of support and enhancements I need.
A real personal example I experienced: at one time, the founding team behind a project I happened to use at work actually told me they didn't want to do the enhancement I was asking for because my particular scale-out needs were too niche and none of their other paying customers need that and they didn't have the engineering bandwidth to build my feature (the opportunity cost for them was too high to abandon building features needed by their other customers).
So I had to solve this scale-out problem by myself - which was painful (we had high opportunity cost too).
In that situation, if my cloud vendor were to say they would solve that problem for me as they would be willing to invest whatever engineering bandwidth required to make it happen, then I would go with them.
Now if that happens a few times, the cloud vendor's service offering will be much superior to the original project founding team's offering.
Over time, the cloud vendor's offering will also be cheaper.
Of course the trick here is to be watchful of being sucked into a lock-in by the cloud vendor. You will have to insist that all of the features they are doing for you are actually open-source and portable to another cloud. Many companies define such requirements as part of their procurement process and audit for it.
As more companies start to push for such guardrail requirements to prevent cloud lock-in, the open-source commercial support model may still have a chance – but unfortunately that doesn't necessarily mean the project founding company will do well.
> In that situation, if my cloud vendor were to say they would solve that problem for me as they would be willing to invest whatever engineering bandwidth required to make it happen, then I would go with them.
Aren't cloud vendors generally less willing then smaller SAAS companies to do custom engineering work for their customers?
The other way in which they are detrimental to society is by taking revenue away from companies such as elastic that are actually developing technology. In general there is economic hazard with any large company. There are also benefits and I don't think they should be eliminated entirely. But I do think they should be curtailed and the economy biased towards smaller companies.
The key enabler here is IAM and data (at rest and moving).
If we want to encourage free markets, the GDPR et al. need to be very careful to disincentivize "traffic within different parts of the same entity."
As is, if my regulatory compliance is satisfied through AWS's data and IAM handling, then if an Amazon-hosted service better integrates with those components, it strictly dominates competition.
That's a pretty unregulatable quality, and one easily optimized by Amazon (for itself), and impossibly by everyone else (on Amazon).
This weaponizes data protection regulation into a moat around large everything-and-the-kitchen-sink I/PaaS providers.
There needs to be balance between (a) protecting data & (b) ensuring a competitive ecosystem with multiple viable solutions.
I interviewed at Amazon, and researched their offerings to better prepare.
Until reading this news, I never realized ElastiSearch wasn't an Amazon product, I always believed ElastiSearch was Amazon's invention, because of how Amazon employees talk about (always "Amazon ElastiSearch" phrase, often dropping the "service" part of it, so is easy to assume it is "Amazon's ElastiSearch" like "Microsoft Windows")
So it is not just... "a few times too many", if I am interviewing for the company and got extremely confused, how other people wouldn't be confused too? And that is the whole point of trademark laws!
The problem here is that Amazon is infringing on copyright, using the "Elasticsearch" trademark and lying about a partnership in a tweet.
> A license is a choice. It means you choose to not gain revenue by directly licensing the IP. Instead, you choose to put the code out there without any further legal obligations on your part as well as those who use that code.
Open source doesn't mean you can infringe on its copyright and use trademarks everywhere you like.
> It also means that you have to find alternate ways of making revenue e.g. by providing consultancy, building services or licensing the trademark (which is an entirely different ball game from open sourcing the code!).
You didn't read the whole article?: "I took a personal loan to register the Elasticsearch trademark in 2011 believing in this norm in the open source ecosystem."
Please don't confuse trademarks and Copyrights - they are entirely separate things. Using a trademark is not infringing Copyright. It may or may not be infringing the trademark, but that's a whole different thing.
In general, anyone can use your trademark as long as they are using it about you or your product. I can say "I like Coca Cola, it tastes great" or even "Coca Cola is disgusting" but if I put Coca Cola on the menu but give you Pepsi, that's infringing.
This is why some projects have generic names and brand names for the commercial version. PhoneGap and Cordova, RedHat and Centos, etc. Amazon can offer a machine and say "This is Centos, it's mostly the same as RedHat", but they can't say "This is RedHat" unless they pay for actual RedHat.
Trademark law is very different than copyright law. You are allowed to use trademarks in certain circumstances. You can’t imply a relationship that doesn’t exist, but AWS saying - this is a hosted version of Elasticsearch would probably be okay (but IANAL).
Where they’d get into trouble is if they said they offered a hosted Elasticsearch, but under the hood it was something else. But, even then they could probably say that their offering was Elasticsearch compatible.
The real question is: was AWS misleading customers? I don’t make any claims one way or the other about this specific case. But I wanted to point out that you don’t always need permission to use another’s trademark.
From [1]:
> Nominative use permits the use of a trademark – even in commercial contexts – if it is the most accurate way to refer to a good or service without misleading consumers as to its source.
> if it is the most accurate way to refer to a good or service without misleading consumers as to its source.
But if you're buying a service from AWS the source is not Elastic.
You might be able to say compatible with elastic search. But using the name in your own product name seems unlikely to hold.
I think this is shortsighted on Amazon's part, because it probably wouldn't cost all that much to make a joint offering.
I would be curious to know where those lawsuits went. Because it seems like something that should have been resolved, and for which you could get an injunction.
The problem is clearly that people think they are getting a service supported by ES, when they are getting a look-a-like copy service. Which is what trademarks are intended to resolve.
In hindsight, maybe it would have worked better for ES, had they called the open source product something else, like how centos isn't called RedHat.
> clearly that people think they are getting a service supported by ES
Something like this is also asserted in the OP. However, I'm not so sure that is the case. I don't think it's clear at all.
Knowing that Elasticsearch is (was) open-source, I'd assume that I'm getting an AWS hosted installation of Elasticsearch... which is entirely accurate. If you can install the software on your own server, and AWS offers a managed version of it, I have no expectation that the original developers are involved at all.
Ever since the original release, it looks like AWS has been much better at avoiding any mention of Elastic.co. The original announcement Tweet was definitely misleading.
> In hindsight, maybe it would have worked better for ES, had they called the open source product something else, like how centos isn't called RedHat.
I think this is the major problem, and you're right. Elasticsearch was the original trademark and is the accurate mark for the software. They only formed Elastic.co later, and this is where a lot of confusion originates. Elasticsearch != elastic.co
It might be better for AWS to just include a disclaimer like "AWS Elasticsearch Service includes the open source Elasticsearch software, but is not supported by the original developers." Something like that...
Kubernetes is a little different here... it seems a bit more nebulous from an installation/instance point of view. It's a bit like saying we use "Linux". Which Linux? Debian? Ubuntu? RHEL? SUSE?
Because that Trademark is owned by the Linux Foundation who are very well positioned and financed (AWS themselves are Platinum members) and published clear usage instructions.
You don't fix trademarks disputes by changing software licenses. Elastic appear to have a sound argument on the trademark front but to conflate that with changing the license of their product is disingenuous.
The damages and ramifications for violating software copyright are much clearer than the nuanced world of trademark infringement.
The change in ElasticSearch license here is well publicised. If AWS were to continue to incorporate new changes to ElasticSearch it would be obvious they had deliberately violated the terms of the license and it's much easier to pursue a legal case.
> The trouble isn't that Amazon decided to use ElasticSearch in their own offering. The trouble is that Amazon simply out-competes ElasticSearch with their own product when it comes to consultancy, services, etc.
I kind of disagree here, the main reason it outcompetes is based on the network of linked self serve services in the ecosystem. We spend a ton of money on Amazon in general, and I would not tout thier consultancy as being anything but ok if not underwhelming.
> it outcompetes is based on the network of linked self serve services in the ecosystem
You have to differentiate between business concerns.
First, the concern of those who are willing to buy an IP license because they think the product is useful to them (akin to buying a Windows license key).
ES doesn't make any revenue here. They don't sell IP licenses. That's a direct consequence of putting an open source license on your product. Anyone can just get a copy of the code and spin up their own instance, no strings attached.
Second, the market of those who are looking towards assistance in using the product (consultancy, support, servicing, hosting,...). You can spin up your own instance and do all the work yourself independently. But for organizations, operating software is an expense: often it's cheaper to outsource those costs towards specialists... such as ES offering consultancy services.
The product license and the type of support you want/need are different business concerns. You can choose to an open source product and host everything yourself, you can choose a closed source product and host it yourself, or you can outsource hosting and support to a partner like ES or AWS.
> We spend a ton of money on Amazon in general, and I would not tout thier consultancy as being anything but ok if not underwhelming.
Don't get me wrong here... But the moment you open up your wallet for AWS, you've already contributed to AWS' market position against ES.
Sure, your experience with AWS might be underwhelming, and that's totally valid. But that doesn't matter if you still go ahead and choose to pay for their services.
A market position isn't tied to the quality of service. It's tied to how much potential customers a business can sweep up and convert into hard revenue. The quality of the service is tangential to that.
You can create an absolutely shoddy user experience, and still dominate a market if you happen to position yourself at the right time, with the right product to the right people.
We actually were customers of Elastic's offering for a while, but they went down 3 times in a quarter, which was simply unacceptable. We had to switch, and have been okay since. Our bill is also more than half of what it used to be.
The AWS implementation is quite limited in many ways, and there could be a point where we switch back or host it ourselves.
In a way it's hinting at the need for anti-trust barriers similar to how India barred Amazon from both running a product marketplace and offering it's own products in the same marketplace.
I can see both sides of it though. If there are an anti-trust barrier between running AWS and offering major services on top of it, there would be a better overall segregation and likely more innovation overall. On the other hand, putting up a barrier there would be both complex and leaky, and cause missing out on sorts of efficiencies from close integration of cloud platform + services.
What’s the difference between what Amazon does with Elasticsearch vs what someone like Redhat does with the Linux kernel? Or what every hosting provider including AWS does with the Linux kernel, sell access to a service that is running that software.
I get that Elasticsearch wants to run their own company, but I really have no sympathy for their arguments here. They released open source software and now are mad that it is taking on a life of its own that they don’t 100% control. That’s the whole point of open source as far as I’m concerned, other people can do stuff you might not have expected with your code.
Now they’re making it more closed going forward, which is fine and is certainly their right to do. But this argument is so bizarre, instead of saying that we tried to do this open source but unfortunately it makes it too difficult for us as a business so we’re closing things off, they’re trying to spin it as they are the true, good defenders of open source fighting against the forces of evil by closing off their licensing further.
The real problem that Elastic doesn't like is that amazon reimplements features as part of their core offering that ES tries to charge for. I'm sure they would have no problem contributing back but Elastic doesn't want these features to become part of the core offering.
This sounds like the Docker Inc and Red Hat dance again. Red Hat wanted tighter integration with systemd, Docker Inc not. The debate ended with Red Hat doing:
> I'm sure they would have no problem contributing back
Why the heck would you feel sure of that? What evidence makes you think anything in Amazon's DNA would go in that direction? Amazon is blatantly missing from every open source conversation or ecosystem I've ever encountered. They give essentially NOTHING back except cheap infra as a service, and we pay dearly for it with the losses we get from their predatory behaviour toward any competing products
I use Amazon. But they're garbage for ecosystems.
imho Amazon is only good for Amazon (in the larger timescale), and maybe also for finding whatever economic McGuffin lies at the bottom of whatever race they happen to be in.
Amazon literally started an open source distribution of elastic search and kibana in 2019, one that has been adopted and contributed to by other companies and clouds because it includes feature that are only in the commercial variant of elastic’s offerings. This fact is included in elastic’s blog post as a third party contributed a plug-in to Amazon’s version that Elastic believes copied source code from their commercial product.
The existence and usage of “Open Distro for Elasticsearch” is not debatable. Whether it infringes trademarks is in court and whether a third party infringed elastic’s copyrights is also in court.
Sorry, I was a little too indignant there. Apologies.
But also, that's contributing "out", not contributing "back". It's the difference between working with your neighbours, vs leaving your extra shit around your house on the curb for someone else to take.
The mechanics of how they relate to the groups from which they filter wealth, that matters imho.
When I get frustrated about how they don't really contribute, it's that I'm intensely cynical about the worldview from which their offerings come.
Anyhow, thanks for the generous comment, and the chance to reflect :)
This. Elastic produced a product that is popular because it's open source. (The closed source version of ES is called Splunk or DataDog.) Now they are pissed off that they can't profit from its popularity. I feel their sadness, but I don't think Amazon is the problem. Even before Amazon many non-Elastic hosted ES offers appeared (logz.io ?).
I would hate to be in their shoes, but it brings a valuable lesson to future entrepreneurs: Do fill the "unfair advantage" box in your business canvas.
Did you read the blog post? They are mad about trademark violation and an allegation that their commercial code has been ripped off by Amazon through a third party. They have Elasticsearch trademarked and you can't use their name with your name on it. In their mind, it is a violation.
Yes but how does changing their license affect a trademark? If they are legally in the right and this is a violation of their trademark they should win their lawsuit about it regardless.
Also my initial question was not purely rhetorical, I would assume "Linux" is also trademarked so I'm wondering what is the difference there and why Redhat selling RHEL has not been the same problem.
I don't think Redhat could have built their whole business on the just the implied understanding that Linus is cool with it. I'm more talking about the trademark issue, did they legally get the right to use the Linux trademark in some way that Amazon Elasticsearch didn't? Just curious if there is any substance to what Elastic is claiming here or if it's purely a PR stunt.
Edit: based on the Linux Foundation link in another comment, it seems they have a clear process for sublicensing the trademark. So I guess Elastic is claiming AWS just launched their ES service without their legal team ever having bothered looking into the trademark? That seems very strange for such a large company.
In addition to redhat employing a large number of kernel contributors, ElasticSearch is a complete product the Linux kernel is just a piece of the overall redhat product. The kernel in and of itself is useless. Also redhat provides source rpms for every non-proprietary app/utility that makes up the redhat product.
A more comparable situation would be redhat and centos, and to the point that Elastic is making, redhat is very protective of their trademarks with regards to the CentOs project, they have never stood for and would never stand for a situation like this.
Exactly. I was confused why the Elasticsearch blog is ranting about Amazon when the actual issue is in Elasticsearch license change which makes the source code closed which was open source.
Elastic's other blog post with a clarification about their recent license change is also interesting: https://www.elastic.co/blog/license-change-clarification. Apparently, they're considering further license changes such as MariaDB's Business Source License in which code is usable for anything other than offering the product itself as a service but becomes fully open source (including SaaS) after 3-5 years. That makes it pretty clear that it's meant strictly for competition with AWS.
I kept feeling like I was reading the same thing over and over and just not finding out what exactly Amazon is doing now that it won't be able to do in the future. Skimming the links to the blog post and FAQ didn't help much.
Whatever it is it's pretty deep in the weeds. It looks like the intent is for most users to be unaffected; non-AWS cloud providers to be unaffected; even AWS's Elastic Cloud to be unaffected; but AWS has to stop doing something with specific regard to Elastic Search and I can't figure out what it is.
That’s fair, if perhaps a bit pedantic. I suppose I was expecting some explanation of why the language of the new license would address these “whys” as opposed to just a list of grievances.
> hack the source code to grant yourself access to our paid features without a subscription, or the use of modified versions in production.
I think the change that you can’t modify the code and use it yourself in production is a big change that is glossed over. ES is now free as in beer. You can look at the code but you can’t touch it or change what it does.
Edit: I was wrong about this. The license itself does not say this, but the blog post seemed to indicate that it was a change. I think it’s an exclusive inclusive or problem.
This is false. License [0] clearly states the conditions under which you can do it and they seem pretty reasonable. Nothing that a normal user, faced with an issue they want to fix, wouldn't accept. I imagine Amazon would have trouble accepting those and other terms, but that's the whole idea.
No, you are both correct. You are talking about the SSPL, the parent poster you are replying to is talking about the Elastic License which does in fact prevent you from modifying the code and running it in production:
With the dual-licensing you have a choice of Elastic license or SSPL, but they both have terms you might not like. And if you use the binaries you automatically use the free as in beer Elastic license.
> Then after a period of time, typically 3-4 years, but not more than 5 years, the restrictions lapse, and the source code automatically converts to an Open Source license, in our case Apache 2.0.
I’m not familiar with this type of license. Any idea how/when this time frame is decided? Is it 3-5 years from software release?
I guess I’m confused by the use of “automatically converts” with a vague timeline. If it’s automatic why isn’t the time of “automatic” conversion more definitively known? What’s the event that triggers the change?
It’s from the day that the code is released under the license and the four years is the max under BSL (so that people know roughly what the “worst case scenario” it a BSL licensed software would be) but can be specified to be shorter by the one releasing code under it.
Not sure if it's still the case but Ghostscript is or was like this - a licenseable current version possibly with extra commercially relevant features (e.g. PCL) plus an open source older version.
I run Apache licensed storage library. It is not big, but consulting fees cover my living.
Some time ago I changed development model. Public facing version is still Apache 2 licensed. But now there are no unit tests and no integration tests, those are proprietary now. And I extensively use code generator which is also not public.
It is still possible to fork/modify code. Merging pull request is bit more difficult for me (backport stuff to code generator). But it works great and nobody noticed anything.
Practically any serious use of my library has to go through me now. And I am the hero because my code is virtually without bugs. Magic!!! :)
I become disillusioned long time ago. Also people told me several times unit tests do not matter... but in reality they are most valuable part of know how.
> And I extensively use code generator which is also not public.
2. Source Code
The program must include source code, and must allow distribution in source code as well as compiled form. Where some form of a product is not distributed with source code, there must be a well-publicized means of obtaining the source code for no more than a reasonable reproduction cost, preferably downloading via the Internet without charge. The source code must be the preferred form in which a programmer would modify the program. Deliberately obfuscated source code is not allowed. Intermediate forms such as the output of a preprocessor or translator are not allowed.
I think the author means he is the developer/license owner, in which case he can do whatever he wants, it's just other people that have to follow the license.
That applies to licensees not to the copyright owner (a person or other entity), though the copyright owner would be wise on requiring a CLA for contributions.
I distribute output from code generator. It is fully readable with comments. I also receive some patches on generated code, which I port back to generator.
I agree it does not fit strict definition of OS, but it fits Apache 2 license.
> This is a pretty interesting approach, but what is the point of it being open at all if it is prohibitively difficult to develop on without tests?
Personally, I wouldn't use a proprietary library/framework unless absolutely necessary. I think it's a great strategy, actually; OP is sacrificing outside contributions while making it much more difficult for someone to just fork the project and bypass them entirely.
I am not sacrificing much. Project was fully open for a while, bot no coauthor emerged. I only get minor patches. Contributions are happening outside core project, some people build pretty awesome stuff on my library, I also get connectors etc...
I would say this approach fits great for one-men projects.
That's interesting, i am big fan of generating code. Right now i am using handlebars for generating code but i am curious about your approach, what are you using?
That's fine but that's not "Open Source" as the open source community sees it. That's just source-available. It's great: when I choose proprietary software, I'm much happier when I get the source code along with it since it can help with diagnostics and advanced cases. But it isn't "Open Source".
Could this potentially drive users to the Amazon fork? If I'm a business that may be impacted due to the licensing change, it would seem my safest (legal) option would be to freeze on the last version with a friendly license and then transition to the Amazon fork, since it will probably stay under a more open license. While maybe not the smartest technical decision, from a business standpoint it seems like a reasonable insurance policy, at least until someone else tests the waters in court.
Amazon doesn't have any interest in making their version closed because they want the money from hosting. Even if the product isn't that great, it's super easy if I'm already 100% in on AWS anyway (not necessarily reality, but it is an easy conversation to have and the service should be big enough to warrant investment from AWS).
I applaud the stand they are taking and it will be interesting to see how this plays out.
> Could this potentially drive users to the Amazon fork?
Um, about that...
> When Amazon announced their Open Distro for Elasticsearch fork, they used code that we believe was copied by a third party from our commercial code and provided it as part of the Open Distro project. We believe this further divided our community and drove additional confusion.
It's interesting that they phrased it like that. If they were confident about this, they would easily be able to prove this in court and it would be a very simple case of copyright infringement right?
If IBM v. SCO taught us anything, it should have taught us that "easily... prove" and "in court" do not belong in the same sentence. The case SHOULD have been thrown out in 5 minutes due to lack of merit, which ANY programmer could see. Instead, it took FOURTEEN YEARS to decide, and is STILL working through appeals. Microsoft funded the litigation, and the scumbag executives of SCO continued to get paid through most of this charade. It all still makes my blood boil.
Yeah I'm not sure how much weight this holds, especially considering one paragraph later they transition into accusing Amazon of being "inspired" by their commercial features.
They have a lawsuit open against the third party. I would presume that "inspired" is covering themselves from libel until they have a judgment that this happened (assuming it appears).
The notion of Open Distro for ES being "a fork" is, in my opinion and as of last I checked, overblown. Yes, they bundle a bunch of freely licensed stuff to make up for features that Elastic themselves have paywalled off (or sealed behind their free-to-use, but non-libre, custom license where they don't show/include sources either), but they rely on and effectively install the (hitherto) Apache-licensed upstream release of ElasticSearch, as published by Elastic.
Also, if you take a closer look at Open Distro, you will quickly come to the conclusion that you really do not want to deploy what drops out of there. The RPM package does CRAZY stuff that made me exhale audibly enough for coworkers to notice - like spawning a postinstall shellscript that `wget`s a .so for/from an optional library that the Open Distro release team put into an S3 bucket, and then `mv`ing that downloaded file (iirc even without any content verification; so the content could be your proxy's captive portal markup, for all they know) into (again, iirc) /usr/lib. That is from WITHIN AN RPM PACKAGE, mind you, where you could and should really just carry that file yourself.
That and other minor troubles with the tooling surrounding the actual product (ES) made me abandon Open Distro fairly quickly. Which is a shame, since a really freely licensed spin of ES with "Enterprise" features would indeed be very nice to have.
TLS in enterprise settings is commonly intercepted by TLS/HTTPS proxies that create trusted (by the OS's local trust store) certificates for proxied peers on the fly. Banks often do this - the one I work for, for instance.
The McAfee-based proxy we have SOMETIMES (I guess it depends on the content-type and the length of the upstream response) renders a kind of "intermediate" HTML document as the response body, where the human user is supposed to click on a link that makes the UA download the originally requested resource from an internal, ad-hoc mirror. I guess that is due to some virus scanning snake oil.
At any rate, what the packages at Amazon did there is just right up in "that is crazy"-territory.
Though there's no confirmation I could find, there's an indication that they may/are:
Let’s take a quick look at the features that we are including in Open Distro for Elasticsearch. Some of these are currently available in Amazon Elasticsearch Service; others will become available in future updates.
> Could this potentially drive users to the Amazon fork?
If they're dumb, yes.
As stated in their blog, changes apply pretty much only if you're either embed or redistribute elasticsearch/kibana. And these are two specific use-cases btw.
Amazon illegally uses the ElasticSearch trademark. Amazon illegally uses and distributes proprietary Elastic's code. Why do people in the thread keeps repeating that it's OK while it's very obviously abuse by a too-powerful company?
More generally I can't understand (and can't stand either) why people keep defending monopolists on HN. Monopolies are bad, morally, economically, in all sort of ways. They fuel abuse and everyone loses in the end but the handful of plutocrats that control Amazon, Google, Facebook, Microsoft etc.
Neither of these issues have anything to do with the license.
Either Elastic's code used by Amazon is indeed stolen proprietary code and no licensing change is needed to obtain reparation, or Amazon is making lawful use of FOSS source code and the question boils down to "if I publish code under a FOSS license, can anybody use it?", to which the answer is obviously yes. And if you'd prefer it to be "no" then don't publish FOSS.
Regarding the trademark, this indeed seems (to my non-lawyer eyes) to be an infringement (or extremely borderline at the very least) but isn't related to licensing.
The trademark has to do with licensing insofar as if a major reseller of your OSS licensed product will infringe on your trademark, the easiest solution might be to modify the license. Especially when the alternative is lengthy trademark disputes with a huge company with a lot of lawyers.
At the end of the day offering an OSS license becomes less viable when it seems like major players aren’t playing fairly.
Typically the standard for trademark cases is whether or not customers will confuse the two competing names/products/brands.
It's quite possible that because both companies target developers, architects, etc who're more than able to distinguish between the two companies' offerings... that Elastic's lawsuits didn't go anywhere
Sophisticated Users are definitely one factor that weight in favor of developers, but in my view it’s outweighed by the degree of similarity of the two marks, the similarity of the services, the uniqueness of Elastic as a mark, evidence of actual confusion (before reading Elastic’s complaint, I was confused by the names, and I’ve been involved in making decisions about the use of these kinds of services.)
Trademark law goes by category. Elastic uses theirs for a software product as well as a service, whereas Amazon is using it for their cloud services (not as a standalone software product). This is why Apple Corps (music, Beatles) and Apple Computer Inc. were allowed to coexist.
This situation is a very fine line between the technicalities that the trademark law was written for. Amazon knows this, and they have the money to set legal precedent in court to have it their way. And so stomping on Elastic's trademark is the route they chose to further benefit from that company's reputation.
If it ends up being ruled that Amazon infringed on Elastic's trademark (their case here is pretty flimsy) or copied Elastic's proprietary code then Amazon deserves to get raked over the coals for copyright infringement.
But Amazon offering hosted Elasticsearch and forking the project is something that I think is okay. It sucks for Elastic but it's good for customers. Amazon is driving the cost of hosted Elasticsearch down closer to its real costs which will always out-compete Elastic who's trying to use their margin to fund development as well. So many businesses fall into the trap of not charging for their actual value and get eaten when someone else is better at their paid complementary services. Elastic's value is the software, not their hosting abilities.
> It sucks for Elastic but it's good for customers.
Everyone is seemingly happy with ES not being able to monetise the product they build for the community, to subsidise the thousands of developer hours spent on it, so their company can save a few dollars. They (you) would rather than money go to Amazon for providing.. nothing to the ES community.
No, I would rather ES built a sustainable business selling their software with a normal licensing model that makes sure they're getting paid no matter who's hosting it. In that world it doesn't matter if AWS or Google or Microsoft or anyone else want to offer hosted versions of it because ES still gets their cut.
But co-opting open source to grow your user-base and then switching your license because you don't like the reality of what open source actually entails leaves a bad taste in everyone's mouth.
but the elephant in the room is that there are perfectly acceptable ways to make money off of an open source project and HELP them keep afloat by regular DONATIONS/man power/hosting/etc.
> Amazon illegally uses the ElasticSearch trademark.
If we accept Elastic's interpretation of trademark law, all retail is illegal.
I bought some break cereal at Walmart this morning that clearly displayed a "Kellog" trademark. Walk down any isle of the store, unauthorized use of trademarks as far as the eye can see. NOT OK.
If you try to open a series of stores with Kellog in the name, you'll get slapped down right away. And that's obviously the problem here, putting it right in the name in a way that gives no hint it's someone else's trademark.
I read that article and it is very redolent of what SCO argued back in the day. If they had actual proof, they would take legal action against the author of that plugin.
They share a similarity: the Floragunn litigation is unresolved (and clearly Floragunn continues to distribute their plugin). SCO, too, failed to resolve their litigation favorably to SCO.
That is a very tenuous connection. Floragunn has not resolved the litigation in their favour, either.
If we are going off similarities, Napster also continued to distribute their software while their lawsuit involving the RIAA was unresolved. The court still ruled against them eventually.
Amazon's violation of Elastic's trademark is an issue between two companies: Amazon & Elastic. Elastic has the courts available to them to pursue their case.
Elastric's change of license affects the larger open source and technical communities and it's understandable that contributors who supported the open source project are upset when Elastic changes the nature of the relationship.
Elastic is a 14 billion dollar company[0] with 43% revenue growth YoY[1]. Amazon may be eating into their SaaS market share but Elastic are hardly struggling. Relicensing for competitive business reasons is absolutely fine, but it's silly to pretend that they are doing this for any motive other than making more money. Certainly this is not some altruistic move on the behalf of the open source community.
I think that this attempt to take a popular open-source project proprietary is going to blow up in their faces. Users will flock to OpenDistro and this will be the beginning of the end of Elastic unless they reverse this decision.
It's really hard to have sympathy for anyone here. On the Amazon side, they of course are pushing on that ethical gray line by using Elastic's name and track record to build their own offering based on Elastic's Open Source software.
On the Elastic's side they simply seem to be mad that Open Source is working exactly as it's supposed to work in favor of a big company that happens to be a competitor. It's like they want to have discretionary control on who benefits from Open Source and who doesn't.
I believe this is the real driver of this decision. $ESTC's PE is -100 and PC is -2500, they need to drive a lot of business to their hosted cloud or sell many more licenses to support their valuation [^1], and they're not getting the subscriptions they need from the platform add-ons like Machine Learning, APM, and SIEM (43% YoY revenue growth is great, but I don't believe it's sustainable, and this licensing decision suggests neither does Elastic).
Base Elasticsearch and Kibana are sufficient for a large portion of use cases, including mine. Many other of the "ecosystem" tools they sell have other, established commercial or open-source options (e.g. Splunk vs SIEM, Jaeger/OpenTracing vs APM), and these options won't tie you into the Elastic environment.
> I think that this attempt to take a popular open-source project proprietary is going to blow up in their faces. Users will flock to OpenDistro and this will be the beginning of the end of Elastic unless they reverse this decision.
100% agree. We're going to see an open-source fork, whether from Open Distro (which may have too much baggage) or a new, rebranded project, and many users who don't need Elastic's value-adds will flock there.
^1: Admittedly everything tech is severely overpriced right now.
Elastic’s arguments are problematic considering the history of the codebase.
They didn’t invent “elasticsearch” from scratch, rather they took someone else’s codebase (Lucene) and made it better. Fundamentally that’s what AWS did too... they took open source code and improved on it to offer a very popular managed service. Elastic seems annoyed that AWS has executed better on the managed service front but aren’t offering up strong reasons for this being “NOT OK”. Elastic was happy to use code and concepts from others to build their product but seem annoyed when others did the same to them. I don’t get it.
The brand name thing might have more weight but it will come down to if they were truly enforcing the name the whole time they owned it or are just annoyed with AWS. If the name fell into common use they they likely won’t have much luck protecting it.
I'm really starting to dislike this notion of "Oh well Elastic deserves this since they build on an open source project, Lucene!"
There are two main differences here.
1. The scope of the change. My understanding is that Elasticsearch may use Lucene under the hood, but extends it in ways and for use cases that Lucene was not designed for. The same can not be said about AWS taking Elasticsearch and running it as a drop-in replacement.
2. Perhaps most importantly, Elasticsearch didn't build on top of Lucene, and then decide to call itself Lucene. If you think there is so little differentiation between the product you built and the product you built off of, that you are better off highjacking the name, then I question if you made any meaningful differences.
Lucene is a pretty low-level search library. It has no concept of clustering etc. etc. What ElasticSearch built on top is far from trivial. Furthermore, ElasticSearch pays a number of people to contribute back to the Lucene project.
As far as I know AWS hasn't contributed any code of note back to ElasticSearch or Lucene.
Their license literally says they have the right to use this code as they're doing, shouldn't be mad at them for that.
Imagine putting a sign on your lawn that says people can walk on your lawn and are even allowed to poop on it if they feel like it and then getting mad at them when they do so.
That being said, I support their right to change their license to whatever they like if it helps them survive as a business or for whatever reason they see fit obviously, more power to them.
These things seem like Amazon went beyond just selling their hosted version of Elasticstack:
"When the service launched, imagine our surprise when the Amazon CTO tweeted that the service was released in collaboration with us. It was not. And over the years, we have heard repeatedly that this confusion persists. NOT OK."
"So imagine our surprise when Amazon launched their service in 2015 based on Elasticsearch and called it Amazon Elasticsearch Service. We consider this to be a pretty obvious trademark violation. NOT OK."
"When Amazon announced their Open Distro for Elasticsearch fork, they used code that we believe was copied by a third party from our commercial code and provided it as part of the Open Distro project. We believe this further divided our community and drove additional confusion. "
> "When the service launched, imagine our surprise when the Amazon CTO tweeted that the service was released in collaboration with us. It was not. And over the years, we have heard repeatedly that this confusion persists. NOT OK."
This just means their CTO was sloppy, Amazon legal department would have never allowed that tweet.
> "So imagine our surprise when Amazon launched their service in 2015 based on Elasticsearch and called it Amazon Elasticsearch Service. We consider this to be a pretty obvious trademark violation. NOT OK."
This is a trademark violation indeed though IANAL, it doesn't require a change to the license to attack them for that. Definitely an abuse of power by Amazon though, completely not ok as they don't care about paying a fine for that, they have all the money in the world. But again, not related to the license thing.
> "When Amazon announced their Open Distro for Elasticsearch fork, they used code that we believe was copied by a third party from our commercial code and provided it as part of the Open Distro project. We believe this further divided our community and drove additional confusion. "
Elastic was known to mix proprietary and open source code and it got to a point where few people knew what was open source and what was not. Many people were not happy with this situation and elastic.co was abusing the situation to charge paid licenses as people were scared of using proprietary code without knowing. The work amazon did to remove all proprietary code from they fork was actually welcomed by the community though I'm not surprised they missed some as it was really hard to tell.
It sounds like their whole issue was about confusion in the marketplace, though, and when someone does an oopsie that results in that kind of confusion, it may not be enough to take care of it quietly, on the side. So it seems now Elastic is making more noise, in an effort to clarify things more publicly.
>This just means their CTO was sloppy, Amazon legal department would have never allowed that tweet.
Surely the legal department would have issued some sort of retraction. Can you find it?
>Definitely an abuse of power by Amazon
Yeah, that's what we're saying.
>people were scared of using proprietary code without knowing...I'm not surprised they missed some as it was really hard to tell.
Amazon is a trillion dollar company that has every capability of doing their due diligence. Sloppy communication, abuse of trademarks and stealing proprietary code are all inexcusable behaviors by a company with the size and power that Amazon has.
You're describing the problem as if it were the excuse. Amazon abused their power, stole proprietary code, abused a trademark, and violated the culture of the open source community whose code they were leveraging for profit. There's no excuse for it, even if it was somehow legal - and I don't suspect it was. I suspect that Amazon knows it's not legal - they just figure they can get away with it.
> This just means their CTO was sloppy, Amazon legal department would have never allowed that tweet.
Sure, but we are not talking about "the intern tweeted something incorrect, gather your pitchforks until they delete it".
We are talking about a prolonged time span where AWS completely abused their massive size and market tower to basically do the legal and PR equivalent of laughing in the face of another company they were using and abusing. Details aside, that is a pretty grim view for the world of software, no?
> "So imagine our surprise when Amazon launched their service in 2015 based on Elasticsearch and called it Amazon Elasticsearch Service. We consider this to be a pretty obvious trademark violation. NOT OK."
I don't understand. If I have an ISP and I offer mysql servers, can't I call that offering "Eznzt MySQL Service"?
Given that Elastic are describing that they've tried every option, I including legal ones and Amazon elasticsearch service is still named as such, it would seem it at least isn't as clear cut as elastic believes
Last time I checked, no, you couldn't.
You could instead call the offering "Eznzt Service for MySQL".
A long time ago I had an open source project to manage mysql replication topologies, and I called it mysql-ha. At some point, they reached out to me about the trademark infringement.
They were nice about it, I did not get a legal notice or anything, just a contact from a MySQL employee pointing me to their policy (as in my response to your example: I could have called it ha-for-mysql), and requesting that I changed the name to make it compliant. I ended up with a full rename (called it highbase) and they were kind enough to give me a one year free subscription to MySQL Enterprise as a token of appreciation for my change.
In way that I think is interesting regarding the AWS and Elastic situation, what MySQL's trademark policy intended was to avoid the situation in which a third party could be confused by a product or project name (mysql-ha in my case) as to believe that MySQL, the company, was behind the offering. So any use of the trademark that made it clear they were not involved (as in the "X for MySQL" vs. "MySQL X") was ok.
I’m confused too. IANAL but this seems like it’s a clear use of trademark.
Amazon sells Hershey bars through its site. I don’t think it needs to get permission to say “here’s the subscribe and save service to buy Hershey bars.”
I think the confusion is whether ElasticCo is endorsing or part of the service offering. So it should be clear that the offering isn’t by ElasticCo.
Back to the chocolate example, as long as Amazon doesn’t make it seem like Hershey is endorsing their site or offering the product they should be clear. I’ve seen this tucked into the fine print on stuff where it says that just because they are selling Hershey it has nothing to do with Hershey the company.
It seems odd that the company wouldn’t want it to be called AWS ElasticSearch as that’s what it is. ElasticSearch software sold as a service by AWS. Calling it something else is more confusing.
It's a bit more muddled then that since AWS isn't using the true ElasticSearch bits but rather an OpenDistro fork of it that they created themselves. So is it still ElasticSearch? Mostly, but it's not exactly the same thing either. But of course AWS would want to leverage the name recognition of ElasticSearch...
Opendistro is not a fork, it’s a collection of plugins that work with the open source elasticsearch distribution, basically it replaces what used to be called x-pack (security etc.)
IANAL, but my understanding is that including the software package in the product/service name this would potentially open your company up to a trademark suit, because it potentiates customer confusion regarding the things that Elastic is complaining about w/r/t Amazon's offerings of Elasticsearch.
Personally, I find that thinking about this issue seems more intuitive when imagining tangible physical products. Imagine that Amazon decides to enter the Cookies as a Service market, and starts launching service offerings with names like 'Oreos by Amazon'. At a glance, would one not assume that this was some sort of collaborative effort between Nabisco and Amazon? I think the average consumer would. And the same probably applies in a situation involving a software product.
Specifically to your example (I think), see "Company, Product or Service Names
", where it states the following:
> Do not use Oracle trademarks or potentially confusing variations as all or part of your company, product or service names. If you wish to note the relationship of your products or services to Oracle products or services, please use an appropriate tag line as detailed above. For example, "XYZ for Oracle database" not "OraXYZ or XYZ Oracle"
Glancing at the referenced lawsuits[1,2], the point of contention is not that Elastic's open source code is being used. It's that a.) Elastic feels its trademark is being abused in a manner that misrepresents the relationship between Elastic and Amazon, and b.) that Open Distro incorporates code in a manner that explicitly violates Elastic's licensing.
That tweet about the partnership is a pretty damning exhibit to a trademark infringement suit.
And yeah, "Amazon Elasticsearch Service" completely fooled me for about a week until Google searches revealed enough about how elastic.co isn't just a site promoting Elasticsearch, but was a provider of instance configuration.
> Imagine putting a sign on your lawn that says people can walk on your lawn and are even allowed to poop on it if they feel like it and then getting mad at them when they do so.
I mean, sure. Someone can poop on the lawn.
There is a difference between that, and some business coming along with a dump truck full of shit that they then dump on the lawn, and I'm sure you understand that.
This is meaningless analogy; no one is pooping here.
Whats happening is they’re selling the same product; legally they’re entitled to do so.
They’re selling it in a deceptive (perhaps even legally dubious way), and thats not ok; but forget that, this has nothing really to do with being the good guys for open source and amazon being the bad guys, thats just the narrative that the elastic PR folk are putting out.
What’s happening here is being out-competed by people selling the same product, because despite being technically inferior (in my view) the competition can sell more of it more cheaply and not really care about the margins.
So... yes, I’m sympathetic, but this PR dance we go through every time pains me.
Just say it: we’re struggling. We cant compete with Amazon on equal terms, so we’re changing the license to force them to pay us royalties, or stop selling it.
You’re not doing it from the goodness of your heart, and if amazon wasn’t kicking your ass, you wouldn’t care, you’d just be laughing at them “trying to run a cloud version of elastic, ha!”. ...but amazon is very very good at that, actually, and very good at selling it.
Who’s going to judge you for not having amazons scale? No one; but they’re not being dicks, they’re doing their jobs, very successfully.
If you don’t like losing, that’s perfectly ok, no one does... but it doesnt make them bad, it just means they’re better at it than you.
Changing things to preserve your competitive edge is totally ok; but I don’t think its right to spin this us-them AWS is the evil empire narrative; youre in this situation because of the decisions you made, take a bit of humble pie and acknowledge responsibility for it as well.
Why do we need to forget the trademark infringement?
If Amazon is engaging in trademark infringement, lying about their connection\collaboration with the trademark holder, and including commercially licensed technology in an open source fork of a project, they are acting very poorly. Your argument of Amazon just being able to execute better falls flat if these facts are true and it means they're cheating, and that deserves some recognition.
Why do you feel the need to to free PR work for Amazon? Amazon has no respect for its business partners, let alone competitors or employees; why should the Elastic team have an obligation to not be mad? Mad is a human emotion.
While the imagery is evocative, scale of usage isn't a factor in open source licenses, so the metaphor sort of breaks apart. Sun found that out the hard way -- IBM probably profited off Java way more than pre-acquisition Sun.
> "There is a difference between that, and some business coming along with a dump truck full of shit that they then dump on the lawn, and I'm sure you understand that."
Is there a difference? The sign never said how much shit could be deposited on your lawn.
I don't believe the issue most are taking here is the license itself that elasticsearch now has, I think its the relicensing of existing contributions (ironically including those from AWS and their employees) which were originally under a true, well-accepted and liberal FOSS license.
If elasticsearch had this license from day one, that would be fair enough, but many people do not freely contribute time and effort to improving something which is not freely available to all others (whether individual or large corporation).
Elasticsearch is self-victimising here when they are arguably exploiting FOSS contributors good will (though due to the CLA what they are doing is most definitely legal).
> ironically including those from AWS and their employees
Does AWS ever contribute anything that isn't an AWS integration? I'm not asking rhetorically -- those are the only kind of "contribution" I've ever seen from them.
You are correct, sorry my wording was clumsy and inaccurate. I should have clarified that the project itself is now under a different license, though I believe the net effect is similar to relicensing the original code, as forks are unlikely to be sustainable.
I'm just a bystander in this regard as it's not really my domain, but have played around with AWS a bit and I must admit, I didn't realise that ElasticSearch wasn't Amazon's own product per se.
Seems to me that Amazon has grossly overstepped fair play here.
This isn't really the spirit of Open Source though. The point of Open Source is that reuse and modification isn't just technically allowed legally, it's encouraged.
I fully support their right to change their licensing, and I understand they may not have thought through the implications of their license -- and I empathize with that. I also empathize with criticism that Amazon isn't doing a great job of supporting the ecosystem that supports them, it would be nice if they did more. And it goes without saying, but I also strongly empathize with the frustration about the borderline trademark infringement that's happening here. That's a completely separate problem.
But I don't like the implication that Open Source licenses are a legal technicality rather than a specific philosophical choice to allow reuse. People don't need to feel guilty about following Open Source licenses, the idea is to encourage reuse -- even by corporations.
We do harm to that movement when we try and backtrack from that philosophy or say, "sure, you have the legal right to reuse the code, but we're going to try and implement social/technical barriers to you doing so." There are plenty of decent source-available licenses projects can use if that's their intent. They carve out exceptions for small-scale reuse while trying to limit companies like Amazon from capitalizing on the ecosystem. And maybe more projects should use those licenses since they more accurately reflect the outcomes that the authors seem to want. There's nothing wrong with having projects that allow only small-scale reuse.
But if someone releases their project as Open Source I'm going to treat it like Open Source, because that's what the movement is about, and trying to reverse the legal progress we've made by constructing new moral barriers in front of reuse is harmful to that movement. When we say that people have a moral right to reuse, adapt, and share our code, we mean it.
Open source may be a moral system, but Karl Popper had a thing or two to say about actors who take advantage of the morality of a system for immoral ends. At some point, whether you or I appreciate it, the open source world was bound to have to reinvent a solution to that.
There is a solution to that already, it's called using source available licensing instead of Open Source.
But the point of Open Source is that reciprocity of code/money/value is not required. That's literally the scenario that many of us are trying to build.
It feels like the difference here is that you're looking at "someone builds a giant public hosting service off of our code" as an immoral end. But I'm saying that's not immoral, that is an acceptable result.
It's obviously not the result Elastic wanted, and I empathize with that, but... I don't know, maybe we need to educate people more about what Open Source actually means. Maybe we need to encourage more people to use source available licenses if there's a disconnect in how people understand the actual goals of the movement.
We believe that people have an intrinsic, moral right to share and reuse code. Not just good citizens who help build up the system and support us -- everybody.
I will define freeloading by those with the capacity to do otherwise as immoral any day of the week (and AWS functionally does a lot of that), yes, and I will define it in those moral terms regardless of the legal letter of a license. There is an implicit social contract that open source software absolutely and without question relies upon--and yes, large actors owe more in response than small ones in that calculus. When the social contract is abrogated by an actor who is beyond the capacity for shame or for criticism to change their ways--that's absolutely a problem. This shift of what open source means away from "Amazon, please co-opt and strangle at your leisure" is inevitable, and I don't really think it's wrong.
(I also don't like Elastic as a company, to be clear, and wouldn't shed many tears if they disappeared tomorrow, there's just a hierarchy of dirtbags and they're not near the top.)
As far as encouraging those source-available licenses--that sounds great, except that, in my experience, people with the temerity to offer source-available licenses get treated like shit anyway because they aren't giving away the farm. So I don't know where we go there, either.
Reusing code is not freeloading in the Open Source (capitalized) movement -- at least, not the kind of freeloading that we'd like to discourage.
I don't know what else I can do as an Open Source developer in my projects and my terminology to imply that when I say, "you can reuse my code for any reason" I actually mean it. I guess traditional Open Source advocates could abandon the entire term and go off and create a brand new movement where we try to make that even more explicit, but people are just going to follow us there and then try to coopt the term again.
> people with the temerity to offer source-available licenses get treated like shit anyway because they aren't giving away the farm
I will call out people who are doing that.
But really, the only comments I have about source available products are:
A) they don't offer all of the advantages of Open Source (although they offer many more benefits than fully closed-source software), and I think that pointing that out is not a moral judgement, just a statement of fact about what the licenses do and do not allow.
B) people who offer source available licenses need to stop saying that they're basically the same as Open Source, or that they're just a subset of Open Source, or that they exist because Open Source has lost its way.
Because the licenses are not the same. All other debates aside, both us at this point in the conversation recognize this, right? You and I are disagreeing about a fundamental philosophy on what rights and moral responsibilities people have around code. You fundamentally disagree with me about whether or not large companies have the right to completely freely reuse permissive code, or whether they have an obligation to pay for it. That disagreement is so large that it affects our attitudes about whether offering large-scale commercial hosting of an Open Source product is moral.
And it's fine that you and I disagree on that point, but we can look at that disagreement and say that clearly your goals when licensing software are different than mine. So to me, it seems pretty reasonable that people who have this fundamental disagreement with the OSI should acknowledge that instead of acting like the Open Source movement is broken. It's not broken, it disagrees with you about the goals are in making code available to other people.
It's not people being stubborn, it's not that the OSI doesn't understand the consequences of Open Source, it's that it does understand the consequences of Open Source and it disagrees with you about what consequences are desirable. The Open Source movement doesn't need shared source advocates to 'save' us, we need them to acknowledge that their goals are different than ours.
What’s your stance on Dual licensing? I honestly have had mixed Opinions on this, but I finally settled on Dual licensing and/or BSL 1.1 as a nice compromise. I think open source developers create a lot of value, and should have the facility to be compensated and have their passion become their job. Plus this whole Re-Licensing trend toward SSPL/BSL/Dual is IMHO the natural evolution of open-source strategies.
Dual licensing (using the GPL and a separate proprietary license) is kind of a hack solution that takes advantage of the fact that business hate the GPL. It can introduce some problems (it effectively bars you from accepting contributions unless you use a CLA, which many contributors won't do). However, while community is an important part of Open Source, the most important part of Open Source is the lack of restrictions on how people use/modify/share the code, so while people can debate whether or not dual licensing is a good idea, that doesn't mean the GPL stops applying.
Any code that is GPL licensed is Open Source. It might be distasteful to some people to force contributors to sign a CLA, you might get some criticism from some segments of the community, but it's not problematic in a way that means it's fundamentally non-FOSS.
BSL on the other hand is not Open Source, but becomes Open Source at the point where the BSL license expires and is replaced by an Open version.
----
Personally, I might get some pushback on this, but I actually kind of like BSL more than dual licensing. Dual licensing relies on the fact that people find the GPL toxic. It feels much more to me like a temporary solution, and one that only works by kind of dragging the GPL through the mud. Even among people who don't hate the GPL, it encourages them to think of it as a tool to enforce 'fairness', rather than as a complicated way to use copyright to push towards a world where every user has the rights guaranteed in the GPL for every program they run.
TBH, I vaguely suspect that some of the movement towards SSPL is an evolution of people's attitude towards dual licensing, where they thought that the un-attractiveness of the GPL was the point of the GPL, and now feel like it's not living up to it's 'promise'. The fact that Amazon is able to use GPL code to provide commercial services is seen by those people as a bug, not a feature.
Many of the downsides and restrictions around community contributions with BSL are also present in dual licensing because of the implicit CLA requirements in dual licensed projects. So it's not clear to me that BSL is more harmful to community-built software than dual licensing, and given the above trend, it seems a bit more honest (for lack of a better word).
Because dual licensing doesn't really affect companies like Amazon, it kind of encourages people into these arm races where people say that the GPL has failed in its job because some companies don't hate it (again, the point of the GPL is not to be impossible for companies to use). BSL on the other hand is very straightforward, and because it's upfront about its goals, it's not subject to the same kinds of weird arm races and escalations. You release software as proprietary, we all recognize that it's proprietary and that you want compensation for it, and then at some point it becomes Open Source. That's a really simple model to think about and build around.
----
But all that being said, code that is licensed under the GPL is Open Source, period, regardless of what other licenses it is simultaneously offered under.
BSL licensed code before it expires is not Open Source or FOSS: it's proprietary code that later is Open Sourced once a certain amount of commercial value has been extracted from it.
What's the immoral end? That more people are taking advantage of the technology offered in Elasticsearch? To me that seems like a moral and intentional end.
Or is the problem that Elastic can't effectively monopolize that technology which they purposely offered to the world for free? Well, of course not... how can both of those be true at the same time? The choice to release a product as open source is to intentionally prevent it from being monopolized.
> I think they are saying that when you tell people something is acceptable, then they can only assume it actually is acceptable to you.
I think that is false. Most things that are said assume that the listener will self-moderate. If I have Crohn's or IBS and I post a sign on my front-lawn saying "bathroom free to use for those in need" I'm not expecting you to pull up a tour-bus full of tourists, move into it and use it as housing, or a sex den for turning tricks. I mean, I should clarify my sign, but honestly if you don't meet me half-way with self-moderation, you are the reason we can't have nice things.
Above all, make sure you always leave money on the table, _especially_ if you are the bigger party.
Sure, there is something to be said for reciprocating the generosity offered to you by taking only what you need.
I think this can become a complicated game of accounting though. Did Amazon take more than they need or did they just build a useful cloud service on top of a widespread open and free product that was released intentionally under those terms?
When Elastic chose the Apache license, what was the goal? Was it to allow as many people to benefit from the software as possible? If so, Amazon is clearly advancing that goal, not hindering it.
Or is the idea that Amazon is somehow blocking Elastic from competing in the cloud search space? Elastic is growing quite rapidly and Amazon's use of ES seems to have only accelerated that growth, so I don't really buy that either.
Furthermore consider this: Is Elastic reciprocating the generosity offered by Apache and the Lucene project, to which they basically did the same thing that Amazon did to them?
Really? If someone comes over and you say "help yourself to anything in the fridge" you shouldn't expect that someone will take a snack and not clear out your fridge and load up there car with groceries for the week?
It's more like having the sign say "feel free to do what you like" then someone poops on the lawn and you sigh and have to update the sign to say "no pooping, though".
Most free/open source software licences come from a different time. In most cases they are applied because the authors want to do open source and it's expected that the licence is enough to uphold that spirit. But it's not enough and hasn't been for a long time now. The AGPL was created for this reason but oddly developers have gone the opposite direction and "permissive" licences have become the fashion. Many of them are now realising there was a reason for licences like GPL and AGPL after all.
> Their license literally says they have the right to use this code as they're doing, shouldn't be mad at them for that.
Apache 2.0, section 6:
> 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
Most of the issues in the article were about misuse of the Elasticsearch trademark. This seems like a fairly simple problem to deal with. AWS should not be competing with Elasticsearch using it's own trademark. The licensing changes really do nothing to solve the bad behavior by Amazon.
The license for the main Elasticsearch is that, but they have some proprietary features (Machine Learning etc.) which are under a proprietary license. Amazon copied code from another project which had stolen this proprietary code from Elastic and resold it under their own banner. https://www.elastic.co/blog/dear-search-guard-users
Another view, they opened/maintained a lawn wherein you can come have picnic and may buy some drinks from the store, which covers the cost. Now a super chain opens next to them and uses park as free seating for its customer. So they are adding rule against that.
Use the code yes, but not use the trademarks. And also not publicly claim to collaborate when they actually do not give back. That's what they complain about.
> Our license change is aimed at preventing companies from taking our Elasticsearch and Kibana products and providing them directly as a service without collaborating with us.
The main value of open source to businesses is that support is truly commodified and there is no one with a stranglehold on it. ElasticSearch is trying to remove what makes open source appealing to businesses. No one wants to build their infrastructure on something with expensive IBM/Oracle-costing support. Basically, from now on, ElasticSearch has removed that benefit from their product and businesses are at risk. It's now much less appealing... is the remaining niche profitable? Only time will tell.
Note, why businesses find open-source appealing is not why developers find it appealing, or private individuals.
I'll be honest, I've never heard a single business say the reason they use open source is because support is commodified. It's generally cost or functionality, and quite frankly they want a go-to support expert, not a list of support options.
Redhat didn't become huge because people had all sorts of options for third party support. In fact, I can't say I've ever come across a single enterprise who: uses third party support for their RHEL installed base, has asked for third party support for their RHEL installed base.
CentOS and WhiteBox Linux were 3rd party sources of RHEL and to a large part Linux distros are interchangeable which makes them commodities. Not perfect commodities, but still close. RHEL with subscription vs Debian & burdening yours ops guys are choices available. VMS has no such choice.
But he didn't say: businesses use open source because they can find compatible binaries from multiple entities. He said it commodified support. CentOS and WhiteBox never promised or offered enterprise support agreements that I'm aware of. And if they did, I can't say I ever ran across anyone utilizing it in the wild.
I'm not surprised, having had the exact same debate about MongoDB a couple of years back.
Elastic has iterated over and over, taking years to remove obvious problems with their products, building heavily on the community for input about their needs, but still managing to ignore them for a long time. I still remember searching for anything that's not Kibana since their interface has been dreadful (and probably still is). I remember people turning away from Logstash to Fluentd and others pretty early, but don't know the exact reasons. I remember when pretty important and frankly "core" stuff like authentication and authorization among others moved into Shield and other specialized commercial plugins.
They have leveraged almost a decade of developer good-will to cope with their inherent architectural problems and to fight for introducing "weird open source software" in their respective companies and ultimately give them their street cred of "logging aggregation == ELK". Now, after most of their stack "just works" like people expect it to, they throw it all away, putting people who fought for them in license jeopardy while pointing the finger at Amazon? I don't have any sympathy for this. It's your business, if it fails, nobody is at fault but yourself, especially if you a 14B behemoth. May the exodus begin, it's long overdue.
> We think that Amazon’s behavior is inconsistent with the norms and values that are especially important in the open source ecosystem.
It is not, Elastic does not have a monopoly on what open-source is or mean.
> Our license change is aimed at preventing companies from taking our Elasticsearch and Kibana products and providing them directly as a service without collaborating with us.
Therefore they admit that their market strategy was bad to being with. A lot of open-source technology is being used extensively by AWS/Azure/GCP. I don't see the maintainers of Kubernetes, MariaDB, [insert your favorite OSS project] or even Linux arguing that they are somehow owed money for a product they voluntarily distributed under a permissive license.
> When Amazon announced their Open Distro for Elasticsearch fork, they used code that we believe was copied by a third party from our commercial code and provided it as part of the Open Distro project. We believe this further divided our community and drove additional confusion.
Then sue them and be done with it.
Every time this particular subject comes up I get slightly riled up because it is just a display of misplaced after-the-fact outrage over poor business development planning. Elastic grew because of that open source license and benefitted from a wide adoption because of it. Now that they realized that giving away software isn't a great way to make money they pull this bait-and-switch and expect "the community" to blame the big bad company.
I really like Elasticsearch. I run it myself hosted in a Kubernetes cluster using the Kubernetes Operator developed by Elastic, so I'm one of the people who uses Elasticsearch extensively without being a paying customer, but to be fair that is part of the reason why I opted for it. I think Elastic has become victim of its own success if I may say so. Running Elasticsearch self hosted is fairly easy, either on actual hardware or VMs or in a container cluster. Their documentation is exceptionally good and the wide adoption means that a lot of issues people might run into have already been solved or answered on StackOverflow and other online forums. If Elasticsearch wasn't such a great product then Amazon would also struggle more with providing a managed version in their cloud.
I think trademark violations are pretty bad and a real punch below the belt, but I'm not a lawyer so I don't know if that is actually happening. Amazon also offers Redis as a service, so does Azure. They both have Redis in the name. They also offer MS SQL as a service, however that has a proprietary license which the end customer pays for so it's an unfair comparison. I wonder if the monetisation strategy, which is basically Elastic Cloud, is the best option for Elastic. They are essentially providing a mini managed Elasticsearch cluster which is away from the rest of the infrastructure which development teams are already maintaining. Of course they will be competing with Amazon then and likely going to lose, since Amazon has so much more. Other OSS products have found more lucrative and less costly monetisation models than operating your own cloud hosting provider. I hope Elastic will find a way to sustain themselves in a way which makes the owners happy, because their product is really good.
I never understood why its so hard for Corporations (specifically, US Corporations) to just give back to these projects via corporate charity contributions. I know, this takes away from other worthy causes too in some ways, however, I think we could get massive boosts that help all tides in the long run.
After all, US corporate giving, from a cursory search, in 2019 alone was 21.09 billion USD[0] if even 1% of that made it toward open source, that would fund an overwhelming amount of projects overnight. Just 1%. And it would be extremely effective per dollar in terms of what society gets back in return.
I don't know why tech companies don't see it this way in particular.
The whole issue with OSS software is there isn't any money coming in with significant quantity to fund projects, many, many of which are fundamental to technologies we all take for granted, take the OpenSSL story for example, as alluded to in this press release when corporations got shamed for taking advantage of this project with little funding:
Now imagine if projects like this could receive real, significant ongoing funding. Maybe charity isn't right, (non profit would be a better word here I think). I see it as a net gain.
It doesn't mean it wouldn't be complicated and add more overhead to certain projects of x size though.
Please do elaborate more though if you think it would strongly result in a net negative.
Speaking to the broader issue this pertains to though, I think my point still has some merits on that basis. This is really a proxy for an industry wide problem, whether is a for profit company or not behind the open source software
Given that aws just built DocumentDB, I am not sure if the licensing changing anything. I would even say that this choice actually hurts MongoDB because I am less likely to choose it since they have less practical hosting solutions.
If Oracle wins against Google, presumably DocumentDB would be infringing in the same manner, as DocumentDB also is a drop-in replacement adhering to the same API.
I don't understand how the SSPL is substantially different enough from AGPL to warrant being called "non-OSS" as has been done multiple times in this thread.
It is literally the AGPL, with even stronger copyleft provisions. It is anti-proprietary in the strongest conceivable way. How is that not open source? It does not infringe upon, and goes out of its way to protect, the four freedoms.
That doesn't parse. The SSPL does not discriminate against a person, a group, or a field of endeavor, any more than the GPL "discriminates" against people who distribute modified versions of a program by requiring them to distribute the source code of the changes. Further, the requirement of the SSPL does not cover "distributing with", so point 9 doesn't seem to make sense either.
"If you make the functionality of the Program or a modified version available to third parties as a service, you must make the Service Source Code available via network download to everyone at no charge, under the terms of this License."
This clearly violates point 9, as it impacts "service" source code, not just the program source code. Also as others have pointed out, what exactly is "service" source code is entirely unclear. But it is clear enough to know it isn't Open Source.
Also, it is clear from Elastic's blog post that they are switching to the SSPL in order to discriminant against fields of endeavor.
Those posts are a mere re-statement of the conclusion, not the reasoning that led to it.
1. The OSI definition applies to the license itself, not the company's motivations for its use, so that point is irrelevant.
2. I do not see how point 9 amounts to a restriction, for four reasons:
a. The "other software" is packaged together as a service by the company offering the service, not by the SSPL. The SSPL, in other words, recognizes what already exists. It does not create a new thing.
b. The example given by OSI relates to other unrelated programs simply sharing the same media. The SSPL targets programs that are bound together to provide a service. GPLs already recognize linking, for instance, so how does this not apply as a different kind of linking? It's merely happening at the next layer up.
c. Open source is not a restriction - it is the opposite of a restriction. The entire point of free software licenses is to, as the preamble of the GPLs say, "guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users".
It beggars belief that integration of a program into a packaged product, modified for and made available over the network, should override that protection. If the SSPL is not "open source" for this reason, then neither is the AGPL.
d. Legal ambiguity is not a reflection on the open-source-ness of the license. All FOSS licenses are "ambiguous" until tested in court multiple times.
The argument that it's vague indeed makes sense, but I can't make heads or tails of the one that claims it's not an open source license at the end of the day. If anything, it's more open source than the AGPL.
It kind of hit home for me because I recently had an issue with an unrelated company that has gotten 100 million+ in funding take advantage of my work by removing my name from the content, openly discredit my work under false claims and attempted to steal money from me multiple times while I've done nothing but help grow their business and ask for nothing in return other than our agreed upon compensation.
What I got from this write up is there's always going to be people and corporations out there who do their best to take advantage of you for the sake of profiting off your work using whatever means necessary, even if it's maybe illegal. I pity companies like this, especially the people who are making the decisions because that's the legacy they are leaving behind and if they happen to have children, they are probably forcing that mindset onto them as well.
Trademark law is complicated enough that I can imagine several scenarios where owning "Elastic" does not allow you to prescribe Amazon's use of "Elasticsearch Service", or at least where there's enough of a question of law as to allow the matter to proceed to rather expensive litigation.
Also:
>Our efforts to resolve the problem with Amazon failed, forcing us to file a lawsuit. NOT OK.
This and several other sentences alleging illegal behavior on the part of Amazon seem suspicious to me. When I hear someone say that they had to sue another company, but provide no further details of the suit, then I can only assume that their lawsuit was summarily dismissed by the judge. Otherwise, they'd talk about the litigation - there is no legal condition I could think of where you would be allowed to disclose the existence of a lawsuit and make general allegations about a company, but not disclose the existence of at least a settlement agreement, if not a legal judgment.
Does anyone know if Elastic's Amazon lawsuit went anywhere?
I'm not a lawyer either, but as I understand it, a trademark is violated if it's likely to confuse people into thinking the product/service is from the trademark holder when it actually isn't. If Amazon's CEO experienced such confusion himself, that does sound like a slam dunk to me.
FTA: When the service launched, imagine our surprise when the Amazon CTO tweeted that the service was released in collaboration with us. It was not. And over the years, we have heard repeatedly that this confusion persists. NOT OK.
It does seem tricky. On on hand, they want to stop AWS using "Elasticsearch" in a product name because it isn't in partnership with Elastic co., but on the other hand AWS's product really does contain Elasticsearch, which is why they are changing their license. If AWS had a product called "Elasticsearch Service" which didn't contain Elasticsearch, then it would be pretty clear cut as that would be very confusing, but a product called "Elasticsearch Service" that really does contain "Elasticsearch" seems pretty self-explanatory.
Does it really contain ElasticSearch? It is a fork right, so can you still call it ElasticSearch? I don't think you should be able to use the name in this case, and you definitely can't say you are "partnered" with a company when you most definitely aren't.
But what are they confused over? "Amazon RDS for SQL Server" seems no more and no less confusing to me than "Amazon Elasticsearch Service".
As a user, I don't care in the least about the business relationship behind the product. I care about whether Amazon RDS works like SQL Server and whether Amazon Elasticsearch Service works like Elasticsearch. What financial arrangements, if any, are behind the scenes are not a concern to users.
I think the original link and the CTO disagrees with what "colloboration" means.
From Amazon's perspective, if they contributed a single fix, or asked a single question of ElasticSearch on the issue tracker, then this is a product born from colloboration.
It's difficult to think anyone is going to think that Amazon ElasticSearch is by anyone other than Amazon.
It was a bad choice of name by Amazon. They should have created "Amazon Search Services" and ElasticSearch would be one of multiple available options ala RDS and its many database options. I'm no lawyer but it appears to me that they are blatantly in violation of ElasticSearch's trademark.
Doesn't elastic also use Amazon trademarks in their code and documentation? (e.g. ec2, etc..)? I'm not a licence expert, but maybe if you have a have a legal licence to run it, you probably can also name it like that?
As mentioned in another discussion, I used to be a Copyleft Zealot, but I've come to realize an absolutist insistence on "Free as in Freedom" and the "Four Freedoms", without allowing businesses a viable path to profitability, is an obsolete attitude. It has become incredibly easy and cheap to distribute copies of large programs, even as a service over the internet.
Sure, hobbyist projects and foundations for FOSS software still exist, but important infrastructure projects like Mongo, Redis, and now Elastic have all recently changed their licenses from "true" FOSS to "some rights reserved".
One might argue that the point of FOSS is not to make money. But GNU/FSF have said repeatedly that it's OK to "sell" your software. How do you do that when a FAANGMO can easily out-scale you and put you out of business?
If I were to start an actual software company, I would give very serious consideration to licenses like Polyform[0] over "true" FOSS, at least for the important, money-making parts where it would be impossible to compete with a FAANGMO.
This blog post strikes me as poorly written, overly emotional, and light on reasons to care. While not Amazon-sized, Elastic is itself a rather large company. Am I supposed to be upset that you're having difficulty getting even larger because of Amazon? Considering you're the experts on this product, shouldn't you be confident in your ability to differentiate from someone offering it as an afterthought? If anything, Amazon's poor support of their Elastic offering amounts to lead gen for a properly run solution. Finally, feel free to change your license now that your original license is no longer conducive to your growth aspirations, but whining that "not OK" Amazon forced you to do it just comes across as sour grapes.
> shouldn't you be confident in your ability to differentiate from someone offering it as an afterthought?
They are. What they aren't confident in is their ability to differentiate from someone who offers it moderately competently, while not having to pay a single cent in development costs, unlike Elastic, which have to pay for almost all of them.
I have to agree and came here to say this - the “Not OK” thing feels like we are all being lectured. This is an (one) unfortunate side effect of social media. The author doesn’t hear how he sounds, and can’t see the cringe on some of the audiences to realize it’s an awful (cringeworthy) tactic.
Could have come across better, but otherwise I support the authors assertions.
They probably aren't worried about not becoming larger so much as getting swallowed whole by AWS. AWS has the economies of scale to severely undercut pricing. Especially considering they aren't spending anything on development cost. They can just let elastic search deal with that.
A lot of comments here are discussing the greater implications of OSS and the like - which is appropriate. But can we take a minute to talk about AWS' specific, egregious behavior?
Blatantly stealing the trademark, not even entering negotiations. Lying on Twitter about being in a partnership with a company when they are not is the kind of behavior I expect from a shady sneakers reseller on Reddit, not AWS. In my book, this is shockingly unprofessional and indicates some serious rot as a company...
I recently ran a project to compare AWS Elasticsearch and Elastic-hosted ES.
Surprisingly, we found that AWS did better for our use-case. Better IaC - easy to set up clusters with Terraform, and associated alerts. Better monitoring and easier setup. Better price/performance. AWS is obviously lower friction from a purchasing point too once you're already an AWS user.
This makes me curious if Elastic are shooting themselves in the foot a bit here.
Why would they be shooting themselves in the foot? From their perspective, Elastic doesn't get anything out of your going with the AWS offering, and Amazon's behemoth-level resources allow it to outcompete Elastic's own hosted offering, as you found, while contributing nothing back to cover development costs of the software itself.
I have been using Elasticsearch for over ten years and have seen a few of the hosted versions. For many years, AWS was running way behind. A few major versions behind, almost no options. No one used it. The ES version was not great, but it was way better than the AWS version.
Fast forward to 2021 and the AWS version is as seamless as most of their offerings. Works with the VPC, backing stores. You can set it up with CloudFormation/CDK. ES has stagnated.
In a more general way, the Elastic/AWS case proves a more fundamental vulnerability of Open Source as a business model. A couple of weeks ago, I wrote this article called "Why I wouldn't invest in open-source companies, even though I ran one." trying to make this case and point out a couple of systemic pitfalls in OS as a business model (Apologies for the self-promotion, but I felt this might be relevant): https://www.linkedin.com/pulse/why-i-wouldnt-invest-open-sou...
In your post you talk briefly about licensing -- effectively (1) MIT/Apache are common and very permissive (2) AGPL sometimes gets shut down by legal (3) Changing licenses is hard.
Given these primitives, do you think one solution to the problem is just what we see here, a new licensing structure for some types of open source? Elastic's move here, attacking the issue through licensing, is one way that this sort of business model is becoming more robust over time and would be instructive for other founders looking to create revenue generating software that is also open source.
As a developer, the main reason I _love_ open source is that I help patch issues or inspect the code to get a better understanding. Which is great because the changes Elastic are making to their license are orthogonal to the value prop for your average developer.
I wouldn't assume Elastic-style licenses to be a solution going forward. Elastic can use this license model now that they've already achieved considerable popularity and success - but I doubt that they would have gotten to where they are, had they started out with this license.
I think your historical assessment is fair, as usually legal has an allow-list of licenses and anything else is non-trivial to integrate. Moving forward, though, with multiple companies trying to solve issues via licensing (Mongo, Elastic, Confluent), I think we could see some of the new licenses become legal allow-listed (Which allows for some of the moment open-source can give as you mentioned in the link).
Honestly, I think the biggest issue with Elastic-style licenses moving forward is API compatibility. It is just a question of how much money is at stake for a company like Amazon to go from just operationalizing ElasticSearch to running and maintaining an API-compatible fork, just as they've done with Mongo. It would actually be a bit hilarious if Amazon open-sourced said fork with a more permissive license, given that their buck is usually made off of ops.
So I guess the options are now to use the “OpenDistro” [0] or the SSPL distro maintained by Elastic.
It’s too bad that Elastic is no longer open source, but respect the companies choice to close source their stuff.
Will be interesting if Amazon just maintains their fork or abandons it to make something else.
I’m not familiar with elastic as a project and not sure how many community contributions they have, but expect that to shrink as I’m not sure many OSS developers will freely contribute to non-OSS projects.
As for trademark stuff, I expect a renaming like Hudson/Jenkins.
I think you are grossly over estimating the contributions that the general community has to open source. Theres a company behind this project and they do most of the maintenance work.
Yep, this happens with alot of open source. Either a big company maintains a project through paid engineers. OR some poor guy gets burnt out because everyone is demanding free changes to some OSS package constantly without providing PR/MRs.
Exactly, which is why I hope Elastic manages to beat Amazon wih this tactic since it then can be a playbook for OSS companies. In general OSS is fantastic whether free or paid and I genuinely want companies like Elastic to succeed. This whole free software thing is stupid and it is sad to see talented devs getting burnt out because people are cheap to pay for software.
I make products that use that package. I want all the packages I depend on to be compatible with my license. I don’t want to run into an audit years from now during due diligence that I have some liability from an incompatible license.
I can’t afford lawyers to determine compatibility today. And I suspect that they would say “not compatible, pay to be safe.”
This sounds more like an issue with the licensing world itself than with this license, which by itself is pretty simple and won't affect you except in the case you offer your products containing Elastic as a service to third parties.
Elasticsearch B.V. owes you nothing. The source code is still open source, but you should pay for re-selling or providing hosting services around it. They have salaries to pay. Period.
Too many open source "believers" find themselves out of pocket, taking time away from their families and lives, only for companies like Amazaon and other WAANKs out there to make billions in profit. Time for this to stop. Starve them of your hard work and make them pay if they want to use your software. For sharing knowledge, code can still be freely readable, but should not be free of charge.
> The source code is still open source, but you should pay for re-selling or providing hosting services around it. They have salaries to pay. Period.
That's not what Open Source is.
What's actually happening here is that people disagree with the goals of the FOSS movement, which is fine, but then instead of going out and joining any of the many other movements around software licensing that are better suited for them -- instead of releasing products as source available or shared source or noncommercial-reuse/creative-commons or just under any generally permissive license -- instead they act like this is our problem to solve.
The point of Open Source is not to share knowledge, it's to allow people to reuse/share code. There are other movements that are better equipped to solve your problems if your goal is primarily just to share knowledge. But we're not going to drop everything we've worked to build just to accommodate you.
Nobody is forcing you to be a part of this movement. Nobody is forcing you to release your software under MIT or GPL licenses. You can do whatever the heck you want with the software you build, just leave us alone and stop acting like it's our problem that our movement isn't accommodating your goals.
Agree, the amount of people who license things as MIT is terrifying. There has been a couple of posts/rants on HN about this. A large company doesn't care about you, and licensing your code as MIT doesn't mean they're going to pay you. GPL actually gives you some teeth.
The argument is that those people were never going to pay you money anyway so don't cater to them. All you can do is try to make it seem like it is cheaper to pay you for a license exception than it is to reimplement, but some places will reimplement anyway.
Yup, pretty much the life story of open source. Some people always tend to get upset that individuals/companies either don’t spend every waking second on a project or want to get paid for their work if used in commercial products.
The impression this thread gives me is that most commenters are shills hiding behind a concern for "open source values", which are not being touched in any sense.
Actually, moves like what elastic is doing are necessary to preserve the FOSS ecosystem.
> We have differentiated with proprietary features, and now we see these feature designs serving as "inspiration" for Amazon
I am sympathetic to many of Elastic's complaints, but not this one. If you make an open-core product, you have to expect that others will attempt to make competing, possibly open source, alternatives to your proprietary components.
"And to be clear, this change most likely has zero effect on you, our users. It has no effect on our customers that engage with us either in cloud or on premises."
No, that's just not true. So many users, from small hobby side-projects, to large open source projects, and mega-corps care about the licensing of dependencies, each for their own reason, and will not want to build on top of proprietary software that imposes draconian licensing terms.
It doesn't matter what they say, read the license. It's vague and there is no legal precedent. It's a big risk for anyone who cares about licensing issues for their projects.
I find these kind of obscure, “don’t worry” posts to increase my worrying. Part of the simplicity of open source is that it’s available for easy audit. Having to hire lawyers to use a product means I probably won’t use it.
I also think having people saying “we’re open, but read the fine print” is not good for open source collaboration as it increases confusion and complexity.
Elastic is moving the way of a commercial software company. That’s perfectly fine as it’s their company, but it’s just different than open source.
Yup. If you, understanding your product, your users, and your licensing, write a post for your users not to worry, it means that you thought about your changes and came to a well informed position that there was reason for worry.
Well, you try to make it sound unlikely, but it's exactly like corporate messaging that there are no plans for layoffs in the wake of bad financial news.
The idea that a license change made to prevent competition and enable a business model centered around extracting monopoly rents from customers has no effect on customers is ludicrous. It's whole point is to have an adverse effect on customers.
Or you might have a history of people being mad at you (for good reasons, like the story of security of the ELK stack). They know very well everybody will get mad again, so they precede all explanations by "don't worry".
> It doesn't matter what they say, read the license.
I would love to but the terms within the ElasticSearch codebase on Github are quite confusing. Here's the text of the LICENCE.TXT file.
Source code in this repository is covered by one of three licenses: (i) the
Apache License 2.0 (ii) an Apache License 2.0 compatible license (iii) the
Elastic License. The default license throughout the repository is Apache License
2.0 unless the header specifies another license. Elastic Licensed code is found
only in the x-pack directory.
The build produces two sets of binaries - one set that falls under the Elastic
License and another set that falls under Apache License 2.0. The binaries that
contain `-oss` in the artifact name are licensed under Apache License 2.0 and
these binaries do not package any code from the x-pack directory.
Aside from not showing copies of the applicable licenses, it seems you have to read the code headers to determine which source file has which license. There are a lot of ways to respond to competitive threats from Amazon, but this approach is increasingly chaotic the closer you look.
The license change to the dual-license with SSPL and Elastic License hasn't happened — this is the state so far and all the code outside the `x-pack` folder is Apache v2 licensed.
Does this even work? ES was considered 'one work' at some point, right? It's developed together, not file-by-file. How is it possible then to license it file-by-file? Wouldn't most of those files be derivative works of the old 'one work' anyway? (Meaning they have to keep the original license, meaning "the default license, Apache License 2.0"?)
Sure, at some point someone started to create a plugin for ES (let's say the security/ACL thing in x-pack, used to be called Shield or something like that), they used the ES API and they used runtime linking. (I have no idea if that's okay or not, has been tested in court or not. I know the US Supreme Court will say something about that in June.) But when developing any feature in that plugin nobody thinks of just that plugin. Folks think about ES as a whole, indexes, shards, documents, terms, maybe even in terms of low-level Lucene primitives.
I think it's practically impossible to wear the OSS and the proprietary hat at the same time. (Or separately but on the same project.)
If ES is the sole copyright holder, they can license it to whomever they wish under whatever license they wish. IANAL, but it seems perfectly coherent to me that they can say "If you build the software this way, we release it to you under X license. If you build it that way, we release it under Y license."
Open-source and free software licenses don't imply that the source must remain served on some site, and it doesn't imply that the license for the code cannot change for future versions of that code necessarily- as it depends on the license and/or other factors.
But if you have a copy of the license and the code and it permitted use of it perpetually, then it can continue to be used. That's my understanding.
If you're a paying customer, you are probably fine.
If you're using SSPL'd Elastic (or Mongo DB, the risks are the same) for anything serious -- i.e. beyond a hobby, get legal advice ASAP.
SSPL isn't an OSI certified license; many would call it at best a 'shared source' license because of the riders attached.
[DELETED because, as user `gpm` points out, OSI doesn't own 'open source' as a trademark, sorry about that -- the need for legal advice doesn't go away, however.] In fact given their kvetching about Amazon and their trademark, Elastic's cheerleading of open source in this and the original blog post seems to be a bit misleading and doing OSI's trademark a disservice.[/DELETED]
Trademarks are not a requirement for defining terminology. The word "cake" is not trademarked, but if I sell you a used car tire when you buy a "cake" from me, I still lied and misled you about the product.
I don't think we really need that. The current solution works relatively well: anyone using open source in a sense other than that described by the OSI, is reliably met with a hailstorm of criticism on HackerNews for being disingenuous. That's as it should be. It's a term of art in the software world, and we don't insist on legal enforcement of every term of art.
I tend to capitalise the term, Open Source, to emphasise that I'm using it an a precise way. I do the same with Free Software. Not ironclad, but I figure it probably helps.
With all of that said, I don't think anyone should be permitted to deliberately mislead people when they're pushing a product. It's obviously right that false advertising is forbidden by law.
That’s what I used to think, but now more companies use “open” with non-OSI licenses and they aren’t run out of town and told STFU.
Personally, any project using “open” in the name that’s not OSI, I pretty much ignore. But it seems to be growing (eg, “open core”, “openai”, stuff like this taking about open with non-open licenses).
It’s getting hard to filter out. One of the benefits I think to CCn is that it clearly lets users know what is and is not allowed. Having OSIn might help with people who don’t read licenses for fun.
I think "OSI Approved Open Source License" could easily be an OSI trademark, if it's not already.
Ironicallly, like many other organizations, Elastic themselves have used OSI's approval as a benchmark for 'open source'[1]:
> Is X-Pack now open source?
> Updated on 2018-04-24 with a link to the Elastic License
> Open source licensing maintains a strict definition from the Open Source Initiative (OSI).
> As of 6.3, the X-Pack code is open under the Elastic License. However, it will not be 'open source' as it will not be covered by an OSI approved license. The interaction model for open X-Pack will be identical to the open source Elastic Stack, including the ability to inspect code, create issues and open pull requests via our existing GitHub repositories.
> I think there are valid differences in opinion in what “open source” means
Disagree. It's a well standardised term of art: it means what the OSI define it to mean. It's pretty precise, and is not a meaningless marketing term like premium. Similarly free software (and especially Free Software) means what the FSF defines it to mean.
When people start using these terms to mean whatever they feel like it should mean, it muddies the waters for those of us trying to have serious discussions about these topics. Tellingly, such redefinitions are generally broader than the accepted OSI definition, so as to include whatever product someone is trying to push.
> Tellingly, such redefinitions are generally broader than the accepted OSI definition, so as to include whatever product someone is trying to push.
I disagree. In fact I'll present the counter example of "myself". I don't agree with the OSIs definition of open source, I think it run contrary to the plain meaning of the term, and is contrary to pre-OSI use of the term. I've argued that numerous times on this forum (and I'm going to avoid repeating these arguments in depth here, just google "gpm Open Source site:news.ycombinator.com"/"gpm Open Source site:lobste.rs" and you will be able to find the arguments).
I have never pushed a product claiming to be open source that does not meet the OSIs definition, nor do I anticipate I ever will, since that seems to be a great way to make discussions about the product devolve into arguments about licensing, which is terrible advertising.
The fact that these arguments usually only come up when there is a reason to argue, i.e. someone has used the term in a way outside of the OSIs definition, does not mean that people only think the right definition of the term is something else when it's for their own benefit.
Frankly I don't get why OSI proponents are so angry about the use of the term Open Source, when they can just unambiguously use "OSI Approved License" instead.
It's borderline gatekeeping and it irks me to no end.
No, it's a term-of-art. When people muddy the waters and try to undermine the standard terminology of a field, it's not some righteous struggle to liberate a term, it's just an obstacle to clear communication.
In aviation, flap is a precise term-of-art, and is never used interchangeably with aileron, despite that an aileron is plainly a kind of flap (in the colloquial sense). If you adopt your own definition of flap, to refer to both flaps and ailerons, no-one is going to sue you, but no-one is going to know what you're talking about. Your use of the term will be considered not merely different, but wrong.
Similarly, you could try telling a physicist that you consider the words power and force to be interchangeable. They're not going to sue you, but they're also not likely to entertain your deliberate misuse of standard terms.
Are pilots and physicists gatekeeping by being so insistent that you use their terms their way?
But it’s not a term of art, when it was first used it had a broad scope for more or less anything where source was made available to users of software.
The OSI definition is a newer more narrow definition adopted long after the term was in broad use.
And fundamentally, the literal meaning of the words open and source do not have connotations beyond the source being available for viewing.
> when it was first used it had a broad scope for more or less anything where source was made available to users
I'm not sure the early history of the term really matters. Presumably early aeronautical engineers and early physicists had to all agree on the terms of their field. It's fortunate that they did so, and now that their field is mature, their terms are clear and unambiguous.
Someone without an education in physics might not be able to intuit that physicists use the terms strength, hardness, and toughness in distinct and precise ways.
> The OSI definition is a newer more narrow definition adopted long after the term was in broad use.
I'd say it's a more considered, more precise, more meaningful definition.
> the literal meaning of the words open and source do not have connotations beyond the source being available for viewing
I already gave the example of flap, a precise term-of-art in aviation that reuses a non-technical English word in a way that cannot simply be intuited.
I also don't see that open needs to be a synonym of viewable. I think it's fine that open be used to refer to something broader, as in the Open University for instance. [0]
Apparently the OSI was founded February 1998, the same month the term open source was first coined [0][1]. The OSI says [2] The Open Source Definition was then created during the launch of the OSI in Feb. 1998 by revising the DFSG and removing Debian-specific references.
This seems to indicate that the OSI's precise definition was pretty much there from the beginning, unless they didn't really coin the term open source and it was floating around beforehand. I've heard from others that open source was in use before the OSI definition, so perhaps that's the case.
As I mention in my response though, I don't think the term's early history much matters.
You say you’ve heard that but you cannot find the proof, because if it was in use, it was only used occasionally. They coined the term and they gave it the definition.
It's especially ... ironic, that they think Amazonification is not-ok, but Enterprizificaion (open core) is a-ok.
That said hosting ES is basically the same as building a carwash, or a gas station, or let's say a printing house. You get the machinery and build your own support services around it.
Even the unit economics are not that different. AWS spent probably millions of dollars to push the marginal price down. The initial cost of procurement for machinery might be zero for ES as opposed to buying a printing press, but none of the aforementioned sectors are limited by the cost of machinery. In case of brick and mortar services the cost of land, labor, construction, and logistics are all a lot more important.
Yes, okay, but what about AWS's advantage, their "moat"? Elastic will never be able to match that. This is the same problem that plagues the browser, phone OS (and other) markets. Google can easily spend a billion USD each year on fiddling with Chrome and Android. Mozilla, Canonical, KDE, and others can't.
AWS has the platform advantage, Google has money.
It seems these market forces virtually force ES to become a "public good" like the Linux kernel. (Or Elastic could try to fork it and stop using any kind of free/open/available license. And try to find business niches.)
But at this point the cat is out of the bag. Likely no amount of license engineering will be sufficient to overcome AWS' advantage.
The cloud providers would just build a competing service if they couldn't co-opt an existing popular open source solution. Or anoint an adjacent solution, like solr in the case of elasticsearch. But what can be done and we really haven't seen a "open-core" type infra component try this yet: is require open-sourcing changes. The opendistro approach sorta gets us there, in a hard-fork sense, but seems in adequate and is really only being done for connivence rather than licensing requirements. But we already have a licensing solution: the AGPL. But no enterprise or saas startup wants to touch AGPL software for the fear of it contaminating proprietary code. So it seems to me the solution is a hybrid APGL for cloud providers and apache/mit for others approach. Such a license seems feasible to write and would be superior to open-core for most users.
... a bit theoretical, but how is the GPLv3 with the anti-Tivo provision okay?
OSI definition 10: License must not restrict interface, and def. 9. License must not restrict other software it gets distributed with. (So I can't put my encrypted bootloader and verifier into the same thing.)
The open source world needs to come together and create a license that is well crafted. Otherwise we will keep seeing these less suitable licenses.
So far the FOSS world seems to be pretending this problem doesn’t exist. Pretending a problem doesn’t exist doesn’t make the problem go away. It makes you go away as you become irrelevant.
There is the AGPL, but it's not quite right. It also has the letters G-P-L in it, which spooks a ton of people still influenced by Microsoft's billion dollars worth of anti-GPL FUD. (I'm convinced you could just rename the GPL and all those problems would go away.)
> The open source world needs to come together and create a license that is well crafted.
It has created several.
It hasn't created licenses well-crafted for purposes directly contrary to the purpose of having open source software, because that's not what the open source community is interested in.
> So far the FOSS world seems to be pretending this problem doesn’t exist.
From the point of view of the FOSS world, the issue here is not a problem; creators having an exclusive ability to monetize software as a service isn't a purpose open source is intended to serve; in fact, avoiding the lock-in that results from such exclusivity is a big part of the point.
> From the point of view of the FOSS world, the issue here is not a problem; creators having an exclusive ability to monetize software as a service isn't a purpose open source is intended to serve; in fact, avoiding the lock-in that results from such exclusivity is a big part of the point.
If the creators get nothing, then why bother? Why slave away to make software just to give free labor to billion dollar companies while you get nothing? Is free labor for Amazon what open source is about?
If open source refuses to adapt to the realities of today's software ecosystem, it will die out... or at least "serious" open source projects will die out and all that will remain is hobbyist level stuff, abandonware, and half-done academic projects.
Personally I do think FOSS in its present form is going to die for most major projects. You'll still see FOSS libraries, building blocks, academic projects, and some major projects that really are large and old enough to have enough real grassroots contributors to keep them going. For major projects in the future you're going to have something more like a shareware model but with source-available.
Nobody creating a new large-scale project today is going to give it a license that they know will result in somebody else productizing it, making a fortune, and giving them nothing. At least Amazon acknowledges where things came from... in some cases the productizers even rename the project and don't even give the author credit.
FOSS and its gift culture ethos just isn't working in today's world. The software market of today is a dark forest.
> FOSS and its gift culture ethos just isn't working in today's world.
It absolutely is working the same way it always has (to which “gift culture” matters only around the edges). It doesn't work for people who want to start a business with a business model of using copyright law to extract monopoly rents, but then, it never has, and that's always been the point.
And, yes, it's not, for that reason, a good fit for narrow software entrepreneurship, but that's always been the domain of proprietary software.
What's new is startups building on OSS to build mind share, and then trying to shift to rent extraction while wanting to pretend to still be interested in OSS.
I don't think I totally disagree, but here's the problem: if OSS is not a good fit for software entrepreneurship, then it puts a really severe cap on how advanced, polished, easy to use, or well supported OSS can be, because pushing really hard on software development and implementing tens of thousands of hours of fine-grained polish is far beyond what the vast majority of people can afford to (or are willing to) volunteer for free.
It places really polished products beyond the realm of OSS. If you're fine with that, then there's no problem. Perhaps OSS has achieved its goal, namely creating a free and open software ecosystem for nerds and by nerds.
I can't think of a single OSS project used (directly) by a large number of the general public that does not have a company behind it. I think that says something.
> if OSS is not a good fit for software entrepreneurship, then it puts a really severe cap on how advanced, polished, easy to use, or well supported OSS can be, because pushing really hard on software development and implementing tens of thousands of hours of fine-grained polish is far beyond what the vast majority of people can afford to (or are willing to) volunteer for free.
Even if they start out as labors of love, OSS that gets beyond the niche stage tends not to have most work done “for free”, it's done (or paid for) by people/firms who are using the software in their business, but where the software is supporting, not the thing being sold. (Whether the OSS is infrastructure that is invisible to customers, or whether what is being sold is support and professional services tied to the OSS software.)
Very few OSS projects get popular enough and are structurally amenable to that kind of group contribution scenario. Of those that are, in most cases it results in an unusable hodge podge of crap rather than a well crafted product.
> Very few OSS projects get popular enough and are structurally amenable to that kind of group contribution scenario.
Yes, very few open source projects ever move out of the fringes of relevance. That's always been true. The idea that there has been some radical change making OSS less relevant is just false; what has happened is that OSS has gotten enough mindshare that people who want to use business models that OSS has never been a good fit want to use OSS as an early marketing gimmick, and then pivot out of it without paying a price for not being OSS. And are upset that people who do care about OSS are calling them on their B.S. when they try it.
I think we have a very different view about the goals of OSS then, and I think your idea of its goals is narrower.
I wish all software could be at least source-available and preferably available under even more liberal terms if that could be made to work. That way we could see how things work, learn from things, debug with the benefit of source, port things to different platforms or fix platform problems without waiting for the vendor, contribute if for no other reason than experience, and preserve software after vendors go belly-up without having to resort to emulating old platforms whole cloth.
I also wish there was mainstream adoption of open software for privacy and security reasons. I wish people could use operating systems, web browsers, messengers, and so on whose source could be audited so people could understand privacy implications.
That would all give us more freedom and more transparency, but it also requires a business model to sustain those kinds of projects. As it stands nobody outside geekdom uses open source software because there is no business model to sustain OSS with the degree of polish demanded by end users.
Yep, it's also incompatible with virtually all copyleft open source licenses. So if you were using any AGPLv3 code with elastic you now have to switch to Amazon's fork.
Yes, it's incompatible, although you might be fine if you aren't distributing it or running it as a service. SSPL requires re-licensing of all code to the SSPL, GPL has provisions that disallow re-licensing.
> the simple requirement that if you provide the product as a service, you must also publicly release any modifications as well as the source code of your management layers under SSPL
This provision is effectively impossible for anyone to comply with in practice. Calling this a "simple requirement" is a barefaced lie.
Especially that no independent party with any authority (ie. a court) determined what's covered under "management layers". If I use a custom kernel (that's optimized to run the JVM and has filesystem and block storage optimizations for ES), do I have to provide the source for that? (It seems trivial that it's not "management", but naturally Elastic's interest lies in arguing that yes, that are covered under management layers too.)
The problem of the known open source licenses (vs this no-precedent one) is that they were made long time ago for other situations and they do a poor job at protecting open source authors from the abuse that we see from Amazon and similar.
I'm confused by the "abuse" part. If I think the author of the GPLed project "foobar" is a jerk, and I fork it and maintain it without colaborating with foobar's original author, am I "abusing" the GPL?
Personally, I don't think so, and I think I should have the right to do so. I wonder how this is different from Amazon behavior here. (I want to make clear that I'm not saying Shay or anybody at elastic is anything. This is for the sake of the example.)
Now foobar's author can stop me from using his project name by registering a trademark on it. But the GPL is working as intented.
At the end, "maintaning" a fork of Elastic is wasted engineering effort and time, it would be better to collaborate. But I personally think Elastic should just ignore Amazon and keep doing what their doing, instead of making their product proprietary.
I never said forking is abusing. But if you fork it, position it as an official product with the same name on your platform and lie on twitter saying that your foobar was a collaboration with the original foobar author then yes, you are definitely abusing your power.
On the other point: "the GPL is working as intented" yes but not as the authors want, hence the change of license! Nothing wrong with that IMHO.
So what would be your advice for them in this situation? They are developing a product for Amazon for free, Amazon is making tons of money on it and they don't receive anything back.
This lack of clarity in law will likely result in huge issues in the sale of your startup if you ever go that route. Who wants to buy a potential lawsuit because of a database selection?
>We have seen that this trademark issue drives confusion with users thinking Amazon Elasticsearch Service is actually a service provided jointly with Elastic, with our blessing and collaboration. This is just not true. NOT OK.
I do not understand why they're not suing Amazon for a trademark violation. Imagine if they called themselves Elastic Amazon Search... Amazon would send them a cease and desist within a week.
Also, if you don't protect your trademarks, you will lose them! They're playing with fire here by not taking action. [1]
Anyway, send them a cease & desist for misusing your trademarks, Elastic!
SSPL is NOT an open source license.
OSI (Open Source Initiative) released a statement to clarify that, and also respondED to Elastic's claims.
https://opensource.org/node/1099
The community has invested in Elasticsearch and in Kibana, and we need to keep it open source. really open source.
From time to time, I see some cool application and I really want to see how they done it. It's ok if it's "truely OSS" I just want to see how they did it, what trick they made.
An example, a few years ago I saw a few mac app that show you network metered in status bar and little snitch. I don't know how they did that. I wish I can read their code, even if it's truely OSS.
To me, the value that ElasticSearch give to us is great. And when I do some cool thing, I myself want to share too but I don't want other to take my code and make money off it without contributing back to me.
I think Elastic, as a company, doing a good thing here, and AWS is the bad actor here, they even lie about their collaboration between them and Elastic.
This is the huge issue with open source. The way to make money is to offer support or hosting. However, many businesses would prefer support and/or hosting from a big enterprise. For example, a lot of CTO’s would prefer Amazon Elastic Search vs a separate agreement with Elastic if for no other reason than that there is a single bill and a single entity to call for support. You don’t want Elastic saying it’s an AWS issue and Amazon saying it’s an Elastic issue.
In addition, the fact that API’s are not copyrighted makes this even more in favor of the big enterprises like Amazon, as they can release something with the same API.
Honestly, the problem of how to sustain an open source business in this environment is an open question.
As an AWS user, it bums me out how much vendors don’t integrate better with the marketplace and cloud formation stacks etc.
What I’m after is being able to pay a 3rd-party vendor to do all the work of setting up a cluster of machines, deal with HA, backups, upgrades, support etc - but stay out of my data, so that I don’t have to force all our enterprise clients to sign updates to our DPA.
I would gladly pay elastic.co for such a service. The only vendor that I’m aware that does is Cognitect with Datomic Cloud: https://docs.datomic.com/cloud/index.html
Since AWS implies that Elastic is involved in the offering, I'd sue AWS for defamation. Having your name associated with a AWS service, and such a shitty service at that, cannot be good for your business.
That way Amazon couldn’t use their code to provide a SaaS until after 4 years and after that time it would be business as usual and be proper open source.
The license they used now is forever non-opensource, which is a much larger change than what’s merited here I think.
It's worth noting that MongoDB made the same change to their licensing due to a similar move by AWS 2 years ago... it made them a stronger business though (and enabled them to create even more value for their current/future customers).
I don't think you can have an open source product. In this particular case, Elasticsearch is an open source project that Elastic is a custodian of and has been monetising by building products around it: support, consulting, proprietary extensions, hosting and maybe other things.
Now an industry behemoth has decided to directly compete with one of their products. That's tough, especially that it's done in a typically heavy handed way, but... Elastic's reaction seems highly disingenuous, basically a PR dance around "we love open source but we didn't realise it allows competition to eat into our revenue stream".
Elasticsearch is great precisely because it's an open source project, not a product. Otherwise it would be a yet another proprietary black box thingy, with a hefty price tag and a bunch of corporate users. As a project, it thrives, enjoys trust, dedicated community, contributions, enthusiast adoption effect, and so on.
I'm sure they could still make plenty of money from their other products, introduce new ones, maybe even get a huge new stream of support contracts from AWS customers. Instead they decided to cannibalise the main source of their success: their brilliant open source project.
Don’t forget the CEO has cashed out ~$200M in stock the last two years alone and still holds $1B worth of stock, yet complains about AWS making money and changes the license so he can make even more. He likes to quote a tweet from 2015 from the CTO of AWS when they launched the Elasticsearch service in AWS. That was 6 years ago! They have had time to build a better offering with heir commercial licenses have failed. Elastic is trying to sell security now, what happens when they lose there too, change the license so any SIEM or analytics vendors have to pay them too? Elastic made a promise that the code would ALWAYS be Apache 2.0 and they went back on that promise, they lied to the community that helped build it, their customers, employees, partners and investors. The blog post about the license titles “Doubling Down on Open” is an insult to peoples’ intelligence, they are trying to play the victim because AWS is a mean bully. Well that’s business, if the CEO/founder didn’t see it coming then maybe he shouldn’t CEO? Take his billion dollars and go start something else and hand the company leadership over to someone who knows what they are doing.
Think this is just where tech is headed. Software eating itself. Big OSS will need to shift if their value is in providing licensed commercial versions.
This is like a new modern evolution of internet. Cloud, data, apps, etc all becoming utilities in a highly-automated/converged platform.
For the platform providers, it looks like a new oracle lock-in era, but instead of dotcom boom for the rest, its a net-negative because developer jobs and integrators will find most of their work automated (not necessarily a bad thing, just, whats next?).
--- tangent ---
AI becoming a commodity should really open our eyes. Need to realize that most enterprise and commercial apps facilitate a digital process. Our need to "build", "analyze", or "iterate" through processes are becoming areas of automation / embedded analytics.
Cool potential for new user experiences and capability in new era modern apps. Also wonder what the future need for digital apps even encompasses vs augmented reality experiences.
That's incredible. After two years and many other databases really going non opensource, Redis, the only one that really stayed BSD, is still victim of this misinformation that claims it is no longer open source. Folks, we are supposed to be a bit more informed than the average person here. We can do a little better.
Redis itself is proper open source. There are a few modules, completely separate from the Redis code base, that aren't open source (even though Redis Labs will claim they are, like how Elastic claim Elasticsearch is open source).
The other non-open-source-but-wants-open-source-clout is Mongo.
I think it's more about the source of the revenue stream. Redis (from what I know, which is minimal) relies more on support - they have a hosted solution but support/licensing of modules is where they really make money. Elastic relies on hosting - they've invested a lot in infrastructure.
This isn't true. Modules are free (unless you're a hosting competitor) so there is no licensing revenue there. They might be charging a handful of enterprise customers for special module support, but that isn't their main revenue stream. Their revenue is from Redis Enterprise which is a Redis hosting solution (managed cloud, unmanaged cloud or on-prem). Redis Enterprise is entirely closed-source, but it's an infrastructure management system and not a data store (it isn't Redis).
No, the difference is that Elastic is a massive $15 billion company which needs more revenue to survive, while Redis is still largely run by one person.
While it is true that Salvatore retired last year, Redis is still FOSS under the BSD license, and it has a new governance team. Redis Labs is in the drivers seat with 3 of the 5 members, including 2 Project Leads. But there are members from Alibaba and AWS https://redis.io/topics/governance
If Redis Labs were to do something stupid with the Redis OSS license, Alibaba and AWS would fork it faster than you can HyperLogLog.
I have never seen the Redis maintainer(s) complain about it though.
Would be interesting to compare/contrast, what leads to the difference.
They do the same with lots of products really. Postgres and MySQL too for instance. Also never seen postgres or mysql maintainance teams complain about it.
What are the contextual differences that make it a point of conflict with authors/maintainers in one case but not others?
Plenty people spending a lot of their time working on Postgres have complained about Amazon's style of using open source. Among them myself (long before working for an AWS competitor). Most of us don't have problems, or even the opposite, with companies making loads of money with Postgres. What I/we am severely disappointed with is that they barely put resources towards contributing back. Every now they make grand statements about their community support, but in the end little materializes.
If your organisation uses the Apache v2 licensed Elasticsearch or Kibana in its projects or products, it must now assume that it is at risk one way or another. It can upgrade to version 7.11 of these projects, thereby accepting the terms of SSPL and potentially also being required to release the code for its entire stack (a great deal of which it will not have the copyright over and will be unable to release, thereby potentially being in violation of SSPL). It can remain on version 7.10, but then it will no longer receive future updates, including important security fixes, thereby taking on another sort of risk.
Switching to SSPL feels more like retribution than a fix for the problem. But sadly nothing can be done if Amazon is willing to flagrantly steal your trademark.
At least switching to SSPL might bubble the related trademark issue up to a higher-paid set of lawyers within the Amazon monstrosity, and maybe it'll get resolved.
AWS is basically just rebranded open source on a centralized admin dashboard, there's an infographic somewhere breaking it down.
True genius is always making someone else's blood and sweat into a package that gracefully solves a big pain point and Amazon building up AWS has been nothing but genius.
> We collaborate with cloud service providers, including Microsoft, Google, Alibaba, Tencent, Clever Cloud, and others. We have shown we can find a way to do it. We even work with other parts of Amazon. We are always open to doing that; it just needs to be OK.
I'm not sure if I'm reading too much into this but it sort of feels like they don't want/expect to keep offering the proper AWS integration that their elastic.co product has now. I know at work we have something hosted by them in AWS and I assume that's inside our VPC and we'd need that feature to keep using them.
If they do still think that feature is important then saying they "work with other parts of Amazon" feels like it's really under-selling that collaboration/integration with AWS.
Another angle:
Elasti Co gives away their IP presumably as a marketing ploy to get adoption and lock in. AWS comes along and uses free software to build a platform users want. Elasti Co gets mad they aren't in full control of the software they gave away and now want to control its usage
Some other thoughts
Where do you draw the line between "cloud", consulting, and just hiring your own engineers to run it. One is fully outsourced and one insourced but the result is the same (someone is managing an Elasticsearch cluster and making money doing it)
It's in Amazon's interest to contribute some of their changes back or they end up with an incompatible product that becomes a less attractive "Elasticsearch" alternative.
So what happens with https://sematext.com/ ? Outside of AWS, they use open-distro and do compete with elastic.co. Will they just go out of business by not being able to upgrade elastic?
It's no secret AGPL was written to solve "the Google problem". SSPL tried to solve "the AWS problem" with copyleft, rather than just banning the use case, which is what Commons Clause did.
In short, Amazon don't follow law of trademarks. Then, Elastic instead of enforcing their rights in court, changes license in hope that Amazon will follow law of copyright. How do they expect it will work? I don't get it.
Elasticsearch has to enforce their trademark otherwise they will lose it. This is crucial.
Preserving their trademark will forbid Amazon from advertising their service as elasticsearch which may
help them find and retain customers.
Elasticsearch should lobby for an antitrust investigation into AWS. Here the market is cloud computing is AWS. This is similar to antitrust in the mainframe market or the PC market etc... However, right now it's not clear what the antitrust remedy will be. In those markets things evolved, most recently from desktop PCs to cloud delivered web apps etc...
Beyond that Elastic needs to innovate or join up with someone bigger.
It seems like Amazon is using their retail strategy here. It is basically white labeling the product. Just find a popular product. Copy the apis and call it amazon x. Open source license make it even easier.
Can someone help clarify something: the ES license change only affects future releases, right? The previous releases under the previous license are still valid, right?
If so, then my bet is Amazon will begin to treat ES like they do Aurora, namely, they will run their own fork of ES that from this point forward will be a separate code base and will evolve independently but will be "compatible" with anything that would otherwise expect the server to be a normal ES server (like how Aurora is compatible with MYSQL).
I have a hard time understanding the point of the author.
If Amazon is infringing a trademark (which indeed seems to be the case in my non-expert eyes), reparation should/could be obtained before a court regardless of the license of the code.
If the author has a problem with his FOSS software being used by an entity he doesn't like then he is in disagreement with the FOSS ideal at its core, this is a perfectly respectable opinion but don't blame it on Amazon.
I remember there being a few posts about companies/foundations relicensing their code in about the last three months. Their approach was relicense to be AGPLv3 for their OSS license and allowing interested parties to pay for a commercial license. However, contributors had to license their code as both AGPLv3 and BSD if I remember correctly.
Does anyone using the above approach have any comments about how well this approach is working for them?
I don't understand why companies obstinately keep adopting the SSPL when it's obvious it makes no legal sense and it is unenforceable. The only reason why nobody has shut it down in court yet is because the companies they are complaining about have plenty of resources to maintain their own forks. By adopting the SSPL they are just pushing corporate developers away and weakening their offering.
I am working on SAAS, and I want to open source the codebase. But I'd like to avoid a big commercial entity to run my software as a competitive service.
What is the best license to use for this use case? I want to allow as many uses of my code as possible, like on premise deployment, schools, ... But with the exception of using it commercially to run the same service as me.
https://news.ycombinator.com/item?id=25833781&p=2