Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: How much does Amazon contribute to the open source community?
91 points by andrewstuart on Apr 11, 2015 | hide | past | web | favorite | 53 comments
Amazon seems a big consumer of open source technology.

Does it give much cash in support to open source projects?

Does it contribute much in other ways?

It's really hard to guess at Amazon's code contributions; I don't know what weird corporate anti-pattern causes this, but I've received patches from Amazon in emails which say "here's a bug fix but don't tell anyone that this came from Amazon", and I know other people who have received similar contributions.

In a more financial sense, they have been generous in supporting my work on FreeBSD/EC2 -- not with cash, but lots of free EC2 usage for development and testing.

Colin, when I was at AWS (6+ years, left in 2014) I was a big supporter of FreeBSD on EC2, and I did my part in convincing people that we should support you - happy to see that you are grateful for that, and thanks again for your support.

Simone, thanks for all your help over the years! I don't think we ever talked directly, but I was certainly aware of and very grateful for your influence.

Yeah there's a weird internal thing where Amazon employees are not supposed to publicly contribute to open source projects but I don't know the reasoning behind that...

Former Amazonian here.

When I was employed:

To do ANY FOSS work as an individual unrelated to the company (And I mean ANY: private projects that may be on Github, projects with nothing to do with Amazon) required a one-off application for permission.

To actually contribute something to some FOSS project that is in use at Amazon (For example, to fix a bug) requires even more special permissions (I think it is once per submission but cannot remember).

This is to "protect Amazon IP"; you can imagine why people try and skip the hassle.

I'm a prolific open source contributor, and I found it strange when Amazon tried to recruit me.

Let me get this straight: you're scouting me because of all this open source stuff which you will now insist I abandon.

You don't have to abandon. You just have to check your ego and contribute anonymously, with full corporate backing.

I would rather work for a company that appreciates the value of my open source involvement and encourages me to develop it further.

This is bad advice and creates a liability for the project. Many large FOSS projects require you to identify yourself and sign a committer's agreement.

You forgot to mention the blanket "no game development" policy, which apparently includes activities such as discussing game ideas or giving feedback to friends that are developing their own games.

Lately I've been hearing that we (Amazon employees) are required to get approval to take any online courses, such as offerings from Coursera. Something about you may write code that gets shown to someone outside the company blah blah blah.

The way things are playing out seems a bit ridiculous. I do wonder some times if Amazon is going to start trying to say that you can't contribute funds to a certain organization because it may "compete with the interests of Amazon."

Is this in your contract / some IP agreement you sign? I wonder if they would drop this as fast as they dropped the warehouse employee anti-compete agreement if it was publicized.

It would also be interesting to hear from a lawyer with relevant expertise if that is actually enforceable for most employees.


It's in pretty much every employment contract in the software industry. Washington has code 49.44.140 which makes such terms unenforceable unless:

>(a) the invention relates

> (i) directly to the business of the employer, or

> (ii) to the employer's actual or demonstrably anticipated research or development,

>or (b) the invention results from any work performed by the employee for the employer

California has section 2870, which is almost identical.

The problem is that those terms are vague enough that they can be construed to apply to pretty much any software. The big companies have varied enough business that (a) is hard to get away from, especially if it's Web based and you work for Amazon/Google/Facebook, and software techniques are generalizable that they could probably claim (b) as well. As a result, all of those companies have various internal processes to request that the company either release IP for side projects or allow it to be open sourced with the company as the copyright holder but the employee listed as the author.

This clause was the sticking point of the last employment contract I signed. I tried to insist that they separate the compensation they were offering me into the portion for my general employment and the portion for these outside ideas so that I could decide which to accept. They never would do that, but I ended up getting a 30% higher offer through this negotiation.

"The problem is that those terms are vague enough that they can be construed to apply to pretty much any software."

Bingo. Amazon has it's fingers in everything. Games, machine learning, language development, OS development, distributed computing, general algorithm development, video... It's pretty much impossible to find anything that doesn't "compete" with the company.

As an Amazonian, I was shocked one day by telling my colleagues about some javascript widget I am working on and a plan to open source it, I got warned that pretty much everything that developed on my laptop belongs to the company, thus I need my manager's permission to open source something that is not pretty much not related to anything in do in my fulltime job....

Same rules apply now.

This mostly begins and ends with fear of liability. Amazon has lots of assets, tiny margins, and a lot of deep-pocketed competitors more than happy to fund legal battles by proxy, to say nothing of smaller trolls. (What other company is going head-to-head with Walmart, Microsoft, Google, Bertelsmann, and Apple in different market sectors at the same time?)

Restricting "official" contributions is really about limiting the legal attack surface.

That seems like a pretty empty justification.

- Amazon already has immense attack surface

- software is generally distributed without warranty and includes liability disclaimers

- They wouldn't even be distributing any of the software. Any lawsuits based on contributions like that should be thrown out at the nuisance level, and they must already have an army or lawyers dealing with those.

(I only play a lawyer on the internet)

One of the major fears every company faces today is patent trolls. Regardless of whether you are in the right or not, a patent infringement lawsuit will be an immense cost to fight. Opening up internal source code or having public record of which tools/libraries you use by contributing back to them significantly increases the attack surface for patent trolls. Many companies, like Netflix, are willing to take on that risk. Many other companies are not willing to take on that risk.

(Also not a lawyer)

You put it better than I could.

Now, one might argue that many of the other attack surfaces are necessary byproducts of markets they want to operate in, and software development isn't a market they're profiting from, therefore they shouldn't unnecessarily open themselves up to potential litigation.

However, given how much so many other large companies already contribute, publicly, sometimes to the very systems Amazon may be using, it does seem a pretty hollow claim.

If some of Amazon's system failed because of some patch that Google contributed to project X, would Amazon's first reaction be to sue Google?

Another former employee here.

When our company was acquired, all of the engineers were given these guidelines immediately (signing/agreeing was a non-negotiable precondition of keeping your job).

It was essentially a blanket ban on any programming outside of work. No open source contributions, game development, or work on any software used in current (or future!) Amazon markets. The language was such that even learning (courses, books, writing a single line of test code, etc) was a prohibited.

Some of this was surely just liability reduction gone mad, but the totality of it felt like a tool to limit the career options of employees. Some kind of Kafkaesque talent retention strategy.

No. An analysis of contribution patterns would signal to GCE, Azure, etc., what they're up to, in advance. Not a good strategy.

At another big online — and offline — book retailer the reason for this type of behavior was because of the legal department and upper management. For legal, there was a huge fear that anything we released or contributed to could open us up to liability; so there was a huge, undefined, process to get anything approved. With upper management, I think the issue was that by releasing something we might be giving away a competitive advantage or insights into our operations — that's the impression I was given but can't say absolutely.

It's not a far stretch to imagine similar corporate thinking at Amazon.

Gotta love "old company" mentality/paranoia

But maybe some people contribute indirectly/do it like a personal contribution instead of a "corporate" one?

>>But maybe some people contribute indirectly/do it like a personal contribution instead of a "corporate" one?

like in one of those parent comments of this , it seems very unlikely given :

>>>>To do ANY FOSS work as an individual unrelated to the company (And I mean ANY: private projects that may be on Github, projects with nothing to do with Amazon) required a one-off application for permission.

And a few more regulations on even things such as taking courses!

You think that amazons competitors would not use this sort of attack hint the walmarts and supermarkets of this world have along record of being ultra aggressive ask any Farmer about how suppliers are bulled.

Generous is easy when it's providing computing resources which effectively costs them nothing. It's disgraceful that Amazon haven't offered you significant financial support.

They get the benefit of your hard work and you don't see a cent of the bajillions Amazon is making.

Generous is easy when it's providing computing resources which effectively costs them nothing.

Bandwidth and storage and compute time doesn't "effectively cost Amazon nothing".

It's disgraceful that Amazon haven't offered you significant financial support.

Amazon has tried to hire me, and I'm sure that if I accepted their offers FreeBSD/EC2 is one of the things which I would be working on. But I'm not looking for a job. What I want from Amazon is access to information and to not be spending my own money on this.

They get the benefit of your hard work and you don't see a cent of the bajillions Amazon is making.

I like to think that FreeBSD users get the benefit of my hard work.

Same here. I've seen them contribute to a project I work on but it's rarely with code.

One of the things that I am aware of them Open Sourcing are their chef cookbooks used for opsworks(https://github.com/aws/opsworks-cookbooks). Unfortunately the activity on the repository is a sad read. A lot of issues and PRs created that solve real problems for users of opsworks and in some cases fixes security issues. Most of these sits ignored and unmerged and some, such as one of mine(https://github.com/aws/opsworks-cookbooks/pull/231), have been rejected elsewhere(on Twitter in this case). There are in fact many PRs dealing with SSLv3 and POODLE besides mine for example https://github.com/aws/opsworks-cookbooks/pull/291 and https://github.com/aws/opsworks-cookbooks/pull/281. So while these cookbooks might be open source they are nothing but a read only representation as PRs are very rarely accepted.

Amazon doesn't contribute much to the open source community. Most of their contributions happened around the XEN project which they use to power EC2.

Even there though, isn't it mostly bug fixes? Has Amazon contributed any major functionality back? They do a ton of custom stuff and I don't really see any of that showing up like you do with say, Google and cgroups.

Sounds like "not much". Amazon is an open source leech.

I have heard both good and bad things about Flipkart, the obvious Amazon competitor in India, but something that makes them quite attractive to me is their healthy open source portfolio https://github.com/Flipkart From what I have heard from people working at the place is that it isnt any well thought out strategic decision to attract developers, just something that felt right to them because they use quite a bit of open source stuff. If anyone knows more I will be quite interested to learn.

Amazon has assume the Linux Kernel developers (~20) from AMD in Dresden/Germany a few Yeats ago and is still hiring Kernel Developers in Germany.

When the Echo came out, I created a proxy to add functionality (http://alexaho.me). One of those functionalities was a Hue integration, which Amazon integrated natively this week.

All of my code was open sourced. I never received any credit or compensation from Amazon for my idea or code, if they happened to look at it and frankly, I wouldn't try to fight them. Who would try to fight a company with such a large legal team?

Even a thank you for my idea would've been nice...

They integrated your code or the idea?

Honestly, I have no way of knowing.

I know that in an effort to provide SDK's for their services, they have also produced some greate high quality supporting Libraries.

Guzzle, an http library for PHP came out of their PHP SDK: https://github.com/mtdowling is the author, and participates in the php framework interop group on behalf of Guzzle.

On the 'liability' angle...

Was the legal team really ready to bring lawsuits against any other open source project that was used internally that may have broken or caused a problem (like anything from Apache, for example)?

If not, why would they think they'd be sued as well?

This sounds like a great argument for AGPL.

They don't. They're classic free riders.

Richard Stallman's personal site has lots of information about Amazon.


Richard Stallman's website (which is ironic, because he doesn't use a web browser) is full of extremist opinion about lots of things, most of which are irrelevant to this discussion

Stallman does use a web browser, just locally. His workflow is that he works offline, but when he runs across mentions of webpages that he might find useful, he queues them up to be wgetted via a proxy, then later points his browser at them. So it doesn't seem too ironic to me that he might put up web pages that others can retrieve (and indeed he's been doing so since the early days of the web). If he had some kind of crazy AJAXy webapp that can't be viewed offline, that might be inconsistent, but he doesn't.

However, I agree that page doesn't much have to do with whether Amazon contributes to free software.

I never knew he did this, I sometimes do the same with websites I enjoy so I can have archived backups.

He has a bit on how he works here: https://www.stallman.org/stallman-computing.html. He freely admits that a lot of it is pretty idiosyncratic, though.

If you're using Firefox, try ScrapBook. Very useful addon to save and organize websites.

Yes, but that doesn't really answer the question. His site also has a lot of information on Apple, Google, and Microsoft, but none of it is about their considerable open source contributions.

Apple's considerable open source contributions?

WebKit and clang, for example. For WebKit, they started with a fork of KHTMP, which is under LGPL, and some have tried to say that this means it does not count since they were forced to open source it, but that is not correct. They were only required to open source a subset of it. They could have made the rest closed. Instead, they opened it all.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact