Is Amazon's AWS Approaching 'War' for Control of Elasticsearch?

Long-time Slashdot reader jasenj1 and Striek both shared news of a growing open source controversy. "Amazon Web Services on Monday announced that it's partnering with Netflix and Expedia to champion a new Open Distro for Elasticsearch due to concerns of proprietary code being mixed into the open source Elasticsearch project," reports Datanami.

"Elastic, the company behind Elasticsearch, responded by accusing Amazon of copying code, inserting bugs into the community code, and engaging with the company under false pretenses..." In a blog post, Adrian Cockcroft, the vice president of cloud architecture strategy for AWS, says the new project is a "value added" distribution that's 100% open source, and that developers working on it will contribute any improvements or fixes back to the upstream Elasticsearch project. "The new advanced features of Open Distro for Elasticsearch are all Apache 2.0 licensed," Cockroft writes. "With the first release, our goal is to address many critical features missing from open source Elasticsearch, such as security, event monitoring and alerting, and SQL support...." Cockroft says there's no clear documentation in the Elasticsearch release notes over what's open source and what's proprietary. "Enterprise developers may inadvertently apply a fix or enhancement to the proprietary source code," he wrote. "This is hard to track and govern, could lead to breach of license, and could lead to immediate termination of rights (for both proprietary free and paid)."

Elastic CEO Shay Banon responded Tuesday to AWS in a blog post, in which he leveled a variety of accusations at the cloud giant. "Our products were forked, redistributed and rebundled so many times I lost count," Banon wrote. "There was always a 'reason' [for the forks, redistributions, and rebundling], at times masked with fake altruism or benevolence. None of these have lasted. They were built to serve their own needs, drive confusion, and splinter the community." Elastic's commercial code may have provided an "inspiration" for others to follow, Banon wrote, but that inspiration didn't necessarily make for clean code. "It has been bluntly copied by various companies and even found its way back to certain distributions or forks, like the freshly minted Amazon one, sadly, painfully, with critical bugs," he wrote.

All I see here

[Rosco+P.+Coltrane]

is a much of giant megacorps making a lot of money leveraging open-source work they paid virtually nothing for.

Re:All I see here

[drinkypoo]

In a way, it's sad. And in other ways, it's great. I'd like to see the authors get more of the pie, but I like that the corporations are motivated to keep the pies coming.

Re: All I see here

Dis iz reel und wikkid klevver /z

Re:All I see here

"I like that the corporations are motivated to keep the pies coming. " Oh? What IS their motivation, did you ever stop and think about that? It varies - considerably. The original authors' motivations no longer apply.

Re:All I see here

[drinkypoo]

"I like that the corporations are motivated to keep the pies coming. " Oh? What IS their motivation, did you ever stop and think about that? It varies - considerably. The original authors' motivations no longer apply.

Commercial entities have contributed a lot of code where it served their interests, and due to the licensing, we get to use that code for our own purposes, regardless of their motivations. I think that's pretty cool.

Re:All I see here

[EvilSS]

If they want to get paid, they can get day jobs. They knew when they contributed to an open source project there was right to expect to be paid anything.

Re:All I see here

" I think that's pretty cool. " - I agree, fellow kids. Radicool Corporate contributions to open-source are so DOPE. Corporate code will certainly save Open-Source from itself with an insatiable profit motive, also very cool. /s

"Commercial entities have contributed a lot of code where it served their interests" - And were those interests your own also, coolguy? Or were you just trying to sidestep that and hope nobody followed up.

Re:All I see here

[drinkypoo]

And were those interests your own also, coolguy?

Mostly not. I worked for IBM for a little while, but at a time before they had contributed much open source.

Re:All I see here

Well at least you get there in the end.

Re: All I see here

Oh thanks. The evil SS has spoken. What the hell would a nazi know about something complicated like software?

Re: All I see here

[brunes69]

You talk about Elastic like it is some kind of altruistic charity. It's a 6+ billion dollar company.

Trust me, all of the developers get paid, handsomely.

Re:All I see here

You realize the point of opensource is to allow others to use your work for free. That was the license they chose to use. If they didn't want others to use it, they would have kept it to themselves. Don't get mad if someone utilizes it better.

Re:All I see here

[Paradise+Pete]

And were those interests your own also, coolguy?

What's that got to do with it? The code is there, and it doesn't care one way or the other about the interests that created it.

Re:All I see here

Shows the limit of the Apache license.

If it were GPL then mixing in proprietary code would be prevented... or the proprietary code would ALSO become public.

Open Source business model

In general, the open source business model is to be open source enough to be included by distros and thus have widespread distribution, and monetize a small percentage of that.

This model has a few flaws:
- Maybe nobody wants to pay, especially if 3rd parties make free alternatives to the commercial hooks.
- The business value of open source is 99% free and 1% open.
- Hard to sell off the business because anybody, including the owners of the company, can just make a copy of the source and resume business after selling it off (see MariaDB). Someone would be stupid to acquire an open source company unless it can be fully covered by existing support contracts or there is a greater scheme at play than the value of the company (see RedHat).
- Business fully vulnerable to the likes of Amazon and Microsoft. IMO, at this point for any successful open source company it's just a matter of time before Amazon takes it over. Jeff Bezos didn't grow his fortune by giving back.

So, I think it's better to either plan on growing the pie and immediately accept that many other players/competitors will take a slice and therefore adjust expectations accordingly, or not think of open source as a business model at all. These two options are probably more inline with open source philosophy anyway.

Re: Open Source business model

Whining via essay? Nothing you said matters. You must have interpreted "90% of life is showing up" with "90% of life is blathering".

Re: Open Source business model

[art123]

I didn't see any whining. The parent poster simply stated an opinion on the business flaws of a creator monetizing open source.
You on the hand added zero value to the conversation.

Re:Open Source business model

[phantomfive]

The business value of open source is 99% free and 1% open.

In my experience, that's not true. At least, companies I've worked for have been willing to pay for open-source libraries. Getting closed-source (or closed to me) libraries have caused me serious problems in the past, though.

As an example many people are familiar with, Google was willing to pay Sun for using Java. It wasn't about money. Sun didn't want to let Google change Java though, which is what Google wanted.

Re:Open Source business model

Absolutely this. Even for licensed libraries, try to get a license that at least allows you to see the source. I have had untold problems with closed libraries, to the point it was faster rewriting the functionality.

Re: Open Source business model

Shut up, Ivan.

Re:Open Source business model

[tlhIngan]

- Business fully vulnerable to the likes of Amazon and Microsoft. IMO, at this point for any successful open source company it's just a matter of time before Amazon takes it over. Jeff Bezos didn't grow his fortune by giving back.

Or perhaps you based your business model on making people pay for a "cloud services" set up - knowing the popularity of services like AWS and Azure. So you decide to sell support on how to use your software in such a configuration and make people pay for it.

Problem is, AWS and Azure want your software to work with their services as well, and they also know making their customers pay you for support isn't good business for them. So they'll go and make a version of your software for their service - it's in their interest to provide your software for their service for their customers, and it's in their interest to do so for free.

And that's the real issue - the companies provide official paid support, but the cloud providers provide free versions they've developed that bypasses said support.

Of course, the real support would be to sell improved performance - more searches for less money. Since AWS and Azure charge by the CPU cycle, if your paid version can help save large installations money over the default free option...

Yes, they are

[MikeRT]

And the response to Mongo should have had people very angry at AWS and scared for the future of the FOSS economy.

What it has established is that if you make a successful FOSS app, AWS will immediately jump in and offer a badly supported cloud version to all of your users. They will not collaborate on making sure they and the engineering team that made it succeed together on some meaningful level.

And if you fight back a la Mongo, they'll just build a proprietary, API-compatible version and tell you to go eff yourself.

Re: Yes, they are

[reanjr]

Then why didn't you build your own AWS AMIs for your users who all want to use your software on AWS anyway? Why didn't you properly package your software for `yum` and `apt`? Why did you make setting up your software so difficult and bespoke that it's easier to use someone else's version?

Why did you release your software as open source without understanding the business model behind the license you chose?

Re: Yes, they are

Usually because people release fairly benign (no future) software under a permissive license. A lot of people are unhappy about that sort of thing but in some circles, where software is a much higher quality nobody cares much about copying or licenses because they could write something just as good in half the time themselves. The upshot is that nobody cares who matters.

Re: Yes, they are

[phantomfive]

in some circles, where software is a much higher quality

Which circles are those? I want to join.

Re: Yes, they are

You can't join. You were already in or you can't get in. It's like the laws of physics. No buying a title.

Re:Yes, they are

[Richard_at_work]

I didn't understand the hate for AWS about Mongo, for several reasons.

Firstly, these companies (Mongo et al) spent years giving their product away and trumpting that - no licenses required, free software, have at it. And now they are complaining about others taking advantage of the free and open software - as if others are obligated in some way, as if Mongo et al have an entitlement to *anything*.

Secondly, of course if threatened, Amazon will strike back - and they did so quite correctly by ditching Mongo entirely and going with a compatible API. And people really complained about this - except that Microsoft have had this in production for years as part of Azure and DocumentDb, in that they have a Mongo compatible API for people who want to use it.

If you want to control your software, the license is the place to do it - complaining about people "taking advantage" just makes you look like a whining pathetic baby.

Fuck Mongo, fuck Elastic, fuck Redis. You aren't entitled to anything, you dug your own hole and you aren't entitled to be helped out of it.

Re: Yes, they are

Lick those corporate boots!

GPLv3

[110010001000]

Maybe you should have listened to the GPL folks and chose GPLv3 for your license. This is EXACTLY what they were talking about. Now it has happened. All of these proprietary cloud services are running open source code and selling it and not giving back.

Re: GPLv3

Open source software is so bad it's like a piss poor romance novel that writes itself and nobody wants to read

Re:GPLv3

This usage is perfectly GPLv3 compliant. AGPL even.

Re: GPLv3

Clearly you dont use any opensource, but yet feel a need to contribute to a thread on it?

Do you often opine on things that you dont seem to care about?

Re:GPLv3

Except AWS is giving back this ElasticSearch Distro under an open source licence. It's on github.

At the moment it seems to just be upstream ElasticSearch plus upstream SearchGuard. But even so the security features from SearchGuard are very nice.

Re: GPLv3

Say's Microsoft's PR department and absolutely nobody else.

Re:GPLv3

[joe_n_bloe]

List of companies that will use GPLv3 code and thus might consider paid support:

(end of list)

Re:GPLv3

[DeVilla]

I still remember when the list of companies who would use GPLv2 code was just as long.

ES sucks for the cloud

[reanjr]

The problem is ES was not well designed with cloud computing in mind. It's super painful to secure and tune in the cloud. So, of course Amazon is going to try to bridge those deficiencies when all their customers keep using Amazon support resources to walk the complicated tightwire. ES should build better packaging and management tools. It's that simple. Elasticsearch sucks.

Re: ES sucks for the cloud

FOSS - since it literally isn't owned by anyone - is subject to ridiculous claims that fuel endless message board fodder. The reality is that almost no open source project has any of the advertised substance. Such projects are usually just what the original programmer wanted in a tool, nothing more, nothing less. The capacity of such code is limited both by design (why would you open source something if it were so darn valuable?) and by the software development environment it exists in. Don't you think if these FOSS projects were so great you'd have thousands of them being used and not just a couple dozen? I mean by now it would be a completely moot point if any of the claims about any FOSS were true. How many years have these licenses been around? The only people who give a crap are people who worry that their programmers are copying code and they just tell the programmers not to copy and they're covered. It's a clusterfuck in a teapot.

Re: ES sucks for the cloud

I hope you are trolling. Next time you load up a game or app see what open source tech they rely on.

I opened up league of legends and went to the "Liscence" page. They use about 20-30 open source projects/tools just in their client alone.

Re: ES sucks for the cloud

PROPRIETARY - Since everyone bickers over what they own in IP-whoring lawyer fights - is subject to ridiculous claims that fuel endless litigation, threats and settlements that drive up costs of entry to insane levels. The reality is that most proprietary code is crap, just obfuscated crap nobody can touch hidden behind a corporate veneer of budget-grade QA and a few dozen help-desk operators who know nothing about it. The capacity of such code is limited both by design (why would you closed source something if you wanted to ensure it was secure, keeping eyeballs off it?) and by the software dev env it exists in, (also OSS, lol). Don't you think if these PROPRIETARY code projects were so great you'd have zero bugs in the "final" products? I mean by now it would be a completely moot point if any of the claims of the closed-zero-eyeball nutjobs were true. How many years have these IP-fights and obfuscated major-level disaster bugs been around in proprietary code without ^ this idiot noticing? The only people who give a crap are people who have an axe to grind with FOSS and are dishonest cunts on ^ that basis, their rants are clusterfucks that self-teabag in the end.

Re: ES sucks for the cloud

Shut up

Re: ES sucks for the cloud

No. U.

Re: ES sucks for the cloud

Amazon has been happy to leave ES wide open to the world by default for years. Because they a) didn't want to give anything because to the guys who wrote ES. And b) they didn't give a fuck about their users' security enough to come up with their own solution.

I've been an AWS customer for years. Overall I'm still fairly happy with the service. But DAMN is that Jeff Bezos a real nazi asshole. His spiteful contempt for open source developers may yet be AWS's downfall.

Re: ES sucks for the cloud

[reanjr]

By default nothing can access an AWS classic ES cluster. The newer VPC clusters are only accessible to the VPC.

??? how is that left open?

Re: ES sucks for the cloud

[joe_n_bloe]

As far as I remember, you've had to double opt in, in order to create a wide open AWS ES cluster for some time, since shortly after the first highly public wave of ES/Mongo/... "ransomware" breaches occurred a while back. (PSA: They didn't ransom anything. They just did a DELETE * of your indices. Hope you didn't send them any bitcoin.)

VPC clusters have been around for a while, and I think there is some new endpoint name header matching feature now that makes IP scan based access of open clusters mostly unworkable.

Alternatively, use a license that requires payment

Today's FLOSS licenses were not created by divine intervention. They were a good start, but not the end of the story.

There is no fundamental reason why a more insightful and fair open license could not align rewards more strongly with the profits being made. The capitalists who want all of the rewards but none of the costs will of course reject the idea entirely, but ultimately they are powerless.

Create better licenses. The MIT/BSD ones enshrine the unpaid slavery of developers to those making billions in profit, and even the GPL does not distinguish between good end evil use, nor reward developer effort.

If you find today's unpaid abuse of developers unfair, make better free and open licenses and use them.

Re: Alternatively, use a license that requires pay

Developers don't release quality code under open source unless it was paid for by a corporation. Who do you think makes all these projects? Unemployed software engineers? No. Developers don't license their off hours work to corporations. That's why all the free software is literal garbage except for the few that believe in open source. Both because developers don't use other people's projects and developers believe their own projects superior, as another AC stated.

Re: Alternatively, use a license that requires pay

"Developers don't release quality code under open source unless it was paid for by a corporation." - Ok, who stepped in the corporate bullshit? Check your shoes.

Re: Alternatively, use a license that requires pay

"Developers don't release quality code under open source unless it was paid for by a corporation."
Try again.
"Developers don't release quality code under open source unless it was paid for."

The majority of software developers do what they do in order to make a living. Idling away in your parents basement writing code for free isn't going to get you out of the basement anytime soon. Do you know who makes the most money in the opensource world? It's the opensource evangelists who are already financially well off telling everyone that giving away your work for free is socially responsible. The only way to make a living off of opensource is to work for a company that pays you to do it. Did you know MS has the largest staff of opensource developers in the world? Or that MS has lead all others in the amount of opensource code released into the ecosystem?

False assumptions about open source.

[bavarian]

Unfortunately a lot of developers and companies who are publishing code under open source licenses do not get what open source means to their code: You are giving away a lot of control. The less viral the license, the more control you give up. Up to the point where you are basically donating them to the public with no moral or actual right to be compensated for it.

If you want to fully control monetization, keep your code proprietary. But then good luck with having to pay developers for every single line of code and every tiny little bugfix. No standing on the shoulders of giants.

Face it: If you want to build a business on open source, trying to fight others who make use of your code is futile. It is often unfair itself as well: Because there hardly is a successful open source project that has been possible without countless other open source projects that came before it. Projects that created the tools, programming languages, libraries and frameworks that make your own work possible.

If you take that upstream code for granted (which you would have to make or buy if it was not open source), you should also take for granted that others will take your open source code for granted and make money with it without caring for your precious montetization strategy. This is not unfair. It is playing by the rules. The rules just are not built to protect the interests of the original authors of the code, but to protect the freedom of the code itself.

Re:False assumptions about open source.

"No standing on the shoulders of giants."
Well... Not all giants make a living writing open source.

Re:No elasticsearch in Federal prison.

I get the feeling you are fisting yourself thinking about the prospect of anally raping guys.

What?

[dohzer]

For anyone else wondering:

Elasticsearch is a search engine based on the Lucene library. It provides a distributed, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents. Elasticsearch is developed in Java.

Re:What?

[MrKaos]

For anyone else wondering:

Elasticsearch is developed in Java.

I sense Larry.

Kettle, pot

Neither did yours. Good going.

Re: Kettle, pot

Congrats. You won the internet. Your mom must be proud.

I feel Elastic's pain ... but ...

But ... Elastic is much more proficient at releasing code with "critical" bugs than AWS ever has been, in addition to being pretty black-boxy. So this particular complain of Bannon's outright fails the laugh test.

Meanwhile Elastic has always led AWS, obviously, with releases by weeks or months, and has its own AWS-hosted service, with its own pricing model, so there's been plenty of opportunity for Elastic there.

Meanwhile, it's not trivial to upgrade an ES cluster. Even if the cluster-side upgrade is solid, there can be breaking client-side changes (json content-type I'm looking at you). Many (most?) customers stick with the ES that they are running that works for them, even if it's a 2-3 year old 1.x. Nor is the value prop of the non AWS supported features obvious when you get down to it due to the lack of integration with the rest of the computing and cloud ecosphere.

So, I dunno. There was probably a way for this to work out better. At this point I'm not even sure which entity has more coders working on the relevant ES code. It's true that AWS hasn't committed a lot of code to OS projects in the past. I don't know how that will work out in the future. Apparently AWS thinks that this is an important service, though, and is motivated, at least this once, to deliver on the blockers.