Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is Amazon's AWS Approaching 'War' for Control of Elasticsearch? (datanami.com)

Posted by EditorDavid on from the world-domination dept.

Long-time Slashdot reader jasenj1 and Striek both shared news of a growing open source controversy. "Amazon Web Services on Monday announced that it's partnering with Netflix and Expedia to champion a new Open Distro for Elasticsearch due to concerns of proprietary code being mixed into the open source Elasticsearch project," reports Datanami.

"Elastic, the company behind Elasticsearch, responded by accusing Amazon of copying code, inserting bugs into the community code, and engaging with the company under false pretenses..." In a blog post, Adrian Cockcroft, the vice president of cloud architecture strategy for AWS, says the new project is a "value added" distribution that's 100% open source, and that developers working on it will contribute any improvements or fixes back to the upstream Elasticsearch project. "The new advanced features of Open Distro for Elasticsearch are all Apache 2.0 licensed," Cockroft writes. "With the first release, our goal is to address many critical features missing from open source Elasticsearch, such as security, event monitoring and alerting, and SQL support...." Cockroft says there's no clear documentation in the Elasticsearch release notes over what's open source and what's proprietary. "Enterprise developers may inadvertently apply a fix or enhancement to the proprietary source code," he wrote. "This is hard to track and govern, could lead to breach of license, and could lead to immediate termination of rights (for both proprietary free and paid)."

Elastic CEO Shay Banon responded Tuesday to AWS in a blog post, in which he leveled a variety of accusations at the cloud giant. "Our products were forked, redistributed and rebundled so many times I lost count," Banon wrote. "There was always a 'reason' [for the forks, redistributions, and rebundling], at times masked with fake altruism or benevolence. None of these have lasted. They were built to serve their own needs, drive confusion, and splinter the community." Elastic's commercial code may have provided an "inspiration" for others to follow, Banon wrote, but that inspiration didn't necessarily make for clean code. "It has been bluntly copied by various companies and even found its way back to certain distributions or forks, like the freshly minted Amazon one, sadly, painfully, with critical bugs," he wrote.

26 of 62 comments (clear)

  1. All I see here by Rosco+P.+Coltrane · · Score: 4, Interesting

    is a much of giant megacorps making a lot of money leveraging open-source work they paid virtually nothing for.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    1. Re:All I see here by drinkypoo · · Score: 3, Interesting

      In a way, it's sad. And in other ways, it's great. I'd like to see the authors get more of the pie, but I like that the corporations are motivated to keep the pies coming.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:All I see here by drinkypoo · · Score: 4, Interesting

      "I like that the corporations are motivated to keep the pies coming. " Oh? What IS their motivation, did you ever stop and think about that? It varies - considerably. The original authors' motivations no longer apply.

      Commercial entities have contributed a lot of code where it served their interests, and due to the licensing, we get to use that code for our own purposes, regardless of their motivations. I think that's pretty cool.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    3. Re:All I see here by EvilSS · · Score: 2

      If they want to get paid, they can get day jobs. They knew when they contributed to an open source project there was right to expect to be paid anything.

      --
      I browse on +1 so AC's need not respond, I won't see it.
    4. Re:All I see here by drinkypoo · · Score: 1

      And were those interests your own also, coolguy?

      Mostly not. I worked for IBM for a little while, but at a time before they had contributed much open source.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    5. Re: All I see here by brunes69 · · Score: 2

      You talk about Elastic like it is some kind of altruistic charity. It's a 6+ billion dollar company.

      Trust me, all of the developers get paid, handsomely.

    6. Re:All I see here by Paradise+Pete · · Score: 1

      And were those interests your own also, coolguy?

      What's that got to do with it? The code is there, and it doesn't care one way or the other about the interests that created it.

  2. Open Source business model by Anonymous Coward · · Score: 2, Insightful

    In general, the open source business model is to be open source enough to be included by distros and thus have widespread distribution, and monetize a small percentage of that.

    This model has a few flaws:
    - Maybe nobody wants to pay, especially if 3rd parties make free alternatives to the commercial hooks.
    - The business value of open source is 99% free and 1% open.
    - Hard to sell off the business because anybody, including the owners of the company, can just make a copy of the source and resume business after selling it off (see MariaDB). Someone would be stupid to acquire an open source company unless it can be fully covered by existing support contracts or there is a greater scheme at play than the value of the company (see RedHat).
    - Business fully vulnerable to the likes of Amazon and Microsoft. IMO, at this point for any successful open source company it's just a matter of time before Amazon takes it over. Jeff Bezos didn't grow his fortune by giving back.

    So, I think it's better to either plan on growing the pie and immediately accept that many other players/competitors will take a slice and therefore adjust expectations accordingly, or not think of open source as a business model at all. These two options are probably more inline with open source philosophy anyway.

    1. Re: Open Source business model by art123 · · Score: 2

      I didn't see any whining. The parent poster simply stated an opinion on the business flaws of a creator monetizing open source.
      You on the hand added zero value to the conversation.

    2. Re:Open Source business model by phantomfive · · Score: 2

      The business value of open source is 99% free and 1% open.

      In my experience, that's not true. At least, companies I've worked for have been willing to pay for open-source libraries. Getting closed-source (or closed to me) libraries have caused me serious problems in the past, though.

      As an example many people are familiar with, Google was willing to pay Sun for using Java. It wasn't about money. Sun didn't want to let Google change Java though, which is what Google wanted.

      --
      "First they came for the slanderers and i said nothing."
    3. Re:Open Source business model by Anonymous Coward · · Score: 1

      Absolutely this. Even for licensed libraries, try to get a license that at least allows you to see the source. I have had untold problems with closed libraries, to the point it was faster rewriting the functionality.

    4. Re:Open Source business model by tlhIngan · · Score: 1

      - Business fully vulnerable to the likes of Amazon and Microsoft. IMO, at this point for any successful open source company it's just a matter of time before Amazon takes it over. Jeff Bezos didn't grow his fortune by giving back.

      Or perhaps you based your business model on making people pay for a "cloud services" set up - knowing the popularity of services like AWS and Azure. So you decide to sell support on how to use your software in such a configuration and make people pay for it.

      Problem is, AWS and Azure want your software to work with their services as well, and they also know making their customers pay you for support isn't good business for them. So they'll go and make a version of your software for their service - it's in their interest to provide your software for their service for their customers, and it's in their interest to do so for free.

      And that's the real issue - the companies provide official paid support, but the cloud providers provide free versions they've developed that bypasses said support.

      Of course, the real support would be to sell improved performance - more searches for less money. Since AWS and Azure charge by the CPU cycle, if your paid version can help save large installations money over the default free option...

  3. Yes, they are by MikeRT · · Score: 2

    And the response to Mongo should have had people very angry at AWS and scared for the future of the FOSS economy.

    What it has established is that if you make a successful FOSS app, AWS will immediately jump in and offer a badly supported cloud version to all of your users. They will not collaborate on making sure they and the engineering team that made it succeed together on some meaningful level.

    And if you fight back a la Mongo, they'll just build a proprietary, API-compatible version and tell you to go eff yourself.

    1. Re: Yes, they are by reanjr · · Score: 4, Insightful

      Then why didn't you build your own AWS AMIs for your users who all want to use your software on AWS anyway? Why didn't you properly package your software for `yum` and `apt`? Why did you make setting up your software so difficult and bespoke that it's easier to use someone else's version?

      Why did you release your software as open source without understanding the business model behind the license you chose?

    2. Re: Yes, they are by phantomfive · · Score: 1

      in some circles, where software is a much higher quality

      Which circles are those? I want to join.

      --
      "First they came for the slanderers and i said nothing."
    3. Re:Yes, they are by Richard_at_work · · Score: 1

      I didn't understand the hate for AWS about Mongo, for several reasons.

      Firstly, these companies (Mongo et al) spent years giving their product away and trumpting that - no licenses required, free software, have at it. And now they are complaining about others taking advantage of the free and open software - as if others are obligated in some way, as if Mongo et al have an entitlement to *anything*.

      Secondly, of course if threatened, Amazon will strike back - and they did so quite correctly by ditching Mongo entirely and going with a compatible API. And people really complained about this - except that Microsoft have had this in production for years as part of Azure and DocumentDb, in that they have a Mongo compatible API for people who want to use it.

      If you want to control your software, the license is the place to do it - complaining about people "taking advantage" just makes you look like a whining pathetic baby.

      Fuck Mongo, fuck Elastic, fuck Redis. You aren't entitled to anything, you dug your own hole and you aren't entitled to be helped out of it.

  4. GPLv3 by 110010001000 · · Score: 3, Insightful

    Maybe you should have listened to the GPL folks and chose GPLv3 for your license. This is EXACTLY what they were talking about. Now it has happened. All of these proprietary cloud services are running open source code and selling it and not giving back.

    1. Re:GPLv3 by Anonymous Coward · · Score: 1

      This usage is perfectly GPLv3 compliant. AGPL even.

    2. Re:GPLv3 by joe_n_bloe · · Score: 1

      List of companies that will use GPLv3 code and thus might consider paid support:

      (end of list)

    3. Re:GPLv3 by DeVilla · · Score: 1

      I still remember when the list of companies who would use GPLv2 code was just as long.

  5. ES sucks for the cloud by reanjr · · Score: 2

    The problem is ES was not well designed with cloud computing in mind. It's super painful to secure and tune in the cloud. So, of course Amazon is going to try to bridge those deficiencies when all their customers keep using Amazon support resources to walk the complicated tightwire. ES should build better packaging and management tools. It's that simple. Elasticsearch sucks.

    1. Re: ES sucks for the cloud by reanjr · · Score: 1

      By default nothing can access an AWS classic ES cluster. The newer VPC clusters are only accessible to the VPC.

      ??? how is that left open?

    2. Re: ES sucks for the cloud by joe_n_bloe · · Score: 1

      As far as I remember, you've had to double opt in, in order to create a wide open AWS ES cluster for some time, since shortly after the first highly public wave of ES/Mongo/... "ransomware" breaches occurred a while back. (PSA: They didn't ransom anything. They just did a DELETE * of your indices. Hope you didn't send them any bitcoin.)

      VPC clusters have been around for a while, and I think there is some new endpoint name header matching feature now that makes IP scan based access of open clusters mostly unworkable.

  6. False assumptions about open source. by bavarian · · Score: 2

    Unfortunately a lot of developers and companies who are publishing code under open source licenses do not get what open source means to their code: You are giving away a lot of control. The less viral the license, the more control you give up. Up to the point where you are basically donating them to the public with no moral or actual right to be compensated for it.

    If you want to fully control monetization, keep your code proprietary. But then good luck with having to pay developers for every single line of code and every tiny little bugfix. No standing on the shoulders of giants.

    Face it: If you want to build a business on open source, trying to fight others who make use of your code is futile. It is often unfair itself as well: Because there hardly is a successful open source project that has been possible without countless other open source projects that came before it. Projects that created the tools, programming languages, libraries and frameworks that make your own work possible.

    If you take that upstream code for granted (which you would have to make or buy if it was not open source), you should also take for granted that others will take your open source code for granted and make money with it without caring for your precious montetization strategy. This is not unfair. It is playing by the rules. The rules just are not built to protect the interests of the original authors of the code, but to protect the freedom of the code itself.

  7. What? by dohzer · · Score: 4, Informative

    For anyone else wondering:

    Elasticsearch is a search engine based on the Lucene library. It provides a distributed, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents. Elasticsearch is developed in Java.

    1. Re:What? by MrKaos · · Score: 1

      For anyone else wondering:

      Elasticsearch is developed in Java.

      I sense Larry.

      --
      My ism, it's full of beliefs.