Weekend bump and price drop – open to sensible offers too by the way. This was £2,500 brand new just over a year ago and has warranty until July 2022 so I think the price for that and the mint condition it is in, (both cosmetically and such little wear on the battery), is fair but can certainly be discussed.
HI Mat, I’ll get some pics up when I get home. Bit of an open ended question, if you want to play it in 4k @ Ultra settings then no, but at 1080 i would say easily yes. The Vega 56 is equivalent of a 1070 and recommended spec for smooth settings is a 970 with 8gb memory. this has very decent 16gb of memory and a Ryzen 5 processor so “should” easily be capable at high settings in 1080. Probably best to do your own research to ensure you are going to be happy but as with all games if you want 4k at monster settings you need to spend considerably more than this PC just on the GPU.
Integrated Media Technologies Inc. popped open a SoDA with the launch of its new software division.
SoDA, which stands for Software-Defined Archiver, is a data management and movement application for unstructured data. It can move data between SMB and NFS files and S3 object storage, either by set policy or on-demand. SoDA also has filtering capabilities to help find the data that needs to be moved. The tool also has insight and reporting capabilities so that a system administrator knows the speed and cost of the data movement before it happens. Although designed to optimize the cost of moving data between on-premises and cloud storage, SoDA can move data from one NAS to another NAS as well.
Integrated Media Technologies (IMT) sells SoDA as SaaS, with a monthly subscription that includes unlimited data transfer.
IMT’s core business is as a managed service provider (MSP) for media and entertainment companies, specializing in consulting, backup and recovery, security and archiving. The company was founded in 2007 and has over 800 customers, and according to IMT president Jason Kranitz, it sold over half an exabyte of storage systems last year. IMT launched a new software development division, called IMT Software, and SoDA is its first product.
Kranitz said SoDA had been in development for two years prior to launch. He said he noticed a need for an intelligent data mover as customers started using the cloud more. That need has only grown over time and has reached a boiling point because of the COVID-19 pandemic.
“People are moving to the cloud faster than ever because of COVID-19,” Kranitz said.
IMT Software is solely focused on SoDA for now, Kranitz said, as there are already demands for more capabilities. SoDA currently works with AWS, with Azure and Google Cloud integration on the immediate roadmap, followed by other public clouds and private cloud vendors. Kranitz added he is also receiving customer requests for multisite and multi-cloud support, as well as for tying in AI capabilities.
Scott Sinclair, senior analyst at Enterprise Strategy Group, said unstructured data growth is especially prevalent in media and entertainment, which is IMT’s core business. Sinclair described the entertainment industry as a business model where the creation of the data — the gathering of the raw footage — and the transformation of that data into the final product often happen at different places. Not only is remote work up significantly, but movie theaters have closed due to COVID-19, increasing a desire to consume media at home. This change in how the final product is distributed to consumers is an additional challenge for the media industry.
“This is an industry where demand has increased, but the operations to create content have become more difficult,” Sinclair said.
Sinclair said there are similar products to SoDA for categorizing unstructured data and moving it intelligently across a heterogeneous environment, from vendors such as Data Dynamics, Aparavi and Igneous Systems. He said one of the ways SoDA stands out is that it removes egress charges for customers by wrapping it into its subscription fee.
Sinclair said the biggest problem with unstructured data growth is it’s something businesses tend not to address until it reaches a breaking point. Not enough companies prioritize it in their budgets because the traditional solution was to throw hardware at it. Improperly managed data can lead to longer and unnecessary backups, wasted high-performance storage for infrequently used data and other inefficiencies. Unfortunately, it’s often impossible to pinpoint when the cost of not having data management tools becomes higher than investing in those tools.
“It’s a problem every company runs into when they reach a certain scale,” Sinclair said.
Sinclair said the best ways for a new product in this market to flourish would be to focus on a specific vertical and remain as hardware-, software- and cloud-agnostic as possible. One of the ways SoDA can carve out its niche is by becoming the perfect unstructured data management tool for media and entertainment, because those needs are likely different for genomics or healthcare.
Google launched Open Usage Commons last week and donated the trademark for its Istio service mesh project to the new organization, deepening ongoing industry debate about the project’s governance and long-term future.
Service mesh, which distributes network performance and security management workloads among a network of sidecar containers, has emerged as an important networking approach amid the rise of Kubernetes container orchestration and microservices. Istio, initially the brainchild of Kubernetes creator Google and IBM, captured immediate market attention when it emerged in 2017.
Industry buzz about potential problems with Istio’s open source governance first became widespread last fall when Google announced it would not donate another Kubernetes-related project, Knative, to an independent open source foundation. The company didn’t address Istio in that statement, but industry watchers concluded it, too, would not be destined for a foundation, and so far, that has been the case.
As a result, discussion about Knative at last year’s KubeCon was muted, and it became clear that Istio had not yet achieved the market domination of Kubernetes container orchestration, as competitors such as Linkerd and HashiCorp Consul Connect remained competitive among early service mesh adopters.
Now, debate about Istio’s governance has returned to a high pitch with the release of Istio’s trademark to the Open Usage Commons (OUC), an organization created by Google last week with the promise of improved trademark management for open source projects. In official blog posts about OUC, to which it also donated its Angular and Gerrit trademarks, Google indicated the organization will focus solely on trademark management for projects governed by other open source foundations.
“Foundations do great work, and the OUC is not trying to mirror existing foundations, running conferences, etc.,” said Chris DiBona, head of open source for Google and its parent company, Alphabet, in a statement provided by a Google spokesperson this week. “The OUC is focused on a very specific pain point we see in open source — trademarks.”
Industry observers noted that trademarks have historically been an underserved aspect of open source governance.
“The industry has typically handled them via common consensus rather than explicit legal mechanisms as it has for, say, copyright,” wrote RedMonk analyst Stephen O’Grady in a blog post last week.
But trademarks can be just as important when it comes to dictating how open source software is used, and they have been the cause of contention in open source communities in the past — for example, Elastic Inc.’s legal complaint against AWS for its Elasticsearch service focuses on trademark infringement.
However, O’Grady lamented Google’s decision to involve Istio in OUC, saying it created an unnecessary distraction from these issues.
“Predictably, discussions of the foundation have been colored by impressions of Google’s stewardship of and behavior around the Istio project,” O’Grady wrote. “In many cases, perhaps the majority of cases, discussions of the OUC devolve into a referendum on Istio rather than the trademark foundation.”
This could also be because there isn’t much material to discuss yet on the trademark front; OUC has not yet published a specific trademark policy, or detailed guidelines for third-party participation in the organization. Nor has the organization specifically addressed what pains exist with current open source trademark policies at open source foundations including The Linux Foundation / Cloud Native Computing Foundation (CNCF), or how OUC will be different.
Google reps this week also declined to specify a time frame for publication of more detailed trademark policy and third-party participation guidelines.
Istio uncertainty gives some users pause — but not all
The OUC news surprised even Google’s major Istio partner, IBM, which registered its objection to the move in a terse company blog post. In it, IBM indicated Google had reneged on an early promise to donate Istio to the CNCF, which Google co-founded with IBM and other tech giants to house Kubernetes five years ago.
“IBM continues to believe that the best way to manage key open source projects such as Istio is with true open governance, under the auspices of a reputable organization with a level playing field for all contributors, transparency for users, and vendor-neutral management of the license and trademarks,” wrote IBM cloud platform vice president Jason McGee in the IBM post.
The CNCF also published an explanation of its approach to trademarks, which did not specifically mention OUC, but which was posted July 8, the same day OUC was launched.
One enterprise IT pro highly involved in open source communities said his company has begun to experiment with Istio service mesh, but hasn’t yet put it into production in part due to ongoing uncertainty about the project’s governance, including the lack of detail about OUC’s trademark policy so far.
“There are probably venues where they could’ve prompted this discussion [about open source trademarks] in existing organizations, but they went off and created this thing and made a big splashy announcement without any actual meat behind it,” said the IT pro, an engineer at a large enterprise who requested anonymity because his company does not want to take a public stance on Open Usage Commons yet.
While much of the initial reaction to OUC, and Istio’s presence within it, was negative, another Istio early adopter dismissed the controversy as misinformed. In a less-heralded move, Google has also been working behind the scenes to change Istio’s project charter to add end user members to its steering committee. Istio’s technical oversight committee also already has members from companies other than Google, including IBM, Red Hat, Aspen Mesh and Tetrate, said Nicolas Chaillan, chief software officer for the U.S. Air Force.
“I put Google a little bit on the spot and said I’d stop using Istio within a year if they didn’t give it to a foundation, particularly the trademark,” Chaillan said.
However, OUC and the proposed changes to the steering committee charter are enough to assuage Chaillan’s concerns about the project’s governance.
Nicolas ChaillanChief Software Officer, U.S. Air Force
“Trademark ease of access is critical, and it’s important that other companies can use the project name and build products around it,” he said. “If one company controls the trademark, by definition it makes it something we can’t use.”
Google has yet to accept any non-Google projects into OUC, but the OUC’s board of directors includes members from outside the company, including academic organizations, other open source foundations and one cloud service provider, SADA Systems. End user members have also not yet been elected to Istio’s steering committee, and Istio contributors must sign a Google-specific contributor license agreement, but Chaillan said he’s convinced the project is on a path to open governance, with or without the CNCF.
“What matters is the outcome, not which foundation it goes to,” Chaillan said. “Once they take care of the steering committee changes, it checks all the boxes for me.”
Multi-cloud outlook still, well, cloudy
Another potential obstacle to widespread Istio adoption is a major architectural change introduced in version 1.5 earlier this year. Coupled with uncertainty around the specifics of the OUC, as well as proposed but not-yet-official changes to the project’s governance, the overall outlook for Istio is mixed at the moment, according to one IDC analyst.
“Among customers with whom we’ve spoken recently … [these factors have] caused them to look more broadly at options,” said Brad Casemore, vice president of data center networks at the analyst firm in Framingham, Mass. “It’s caused them to ask more questions and be more open to looking at competitors.”
The architectural change in Istio 1.5 was the right move and done for the right reasons, Casemore said, but it has made prospective users more cautious in their evaluation of the service mesh framework.
Continued uncertainty about Istio’s governance won’t be a showstopper for every enterprise, he added, since many companies choose technology based on support from a major cloud provider or trusted vendor, such as IBM.
However, IBM’s clear displeasure at Google’s OUC move leaves open the question of whether it might eventually switch support to another service mesh project. Similarly, if Istio is seen as a Google-controlled project, cloud provider competitors will likely move forward with their own service mesh control planes rather than signing on with Istio.
None of this means Istio won’t remain viable, Casemore said, but it’s increasingly unlikely it will reach the same industry-standard status as Kubernetes. This would complicate the multi-cloud portability vision for Kubernetes if the market for multi-cloud networking remains fragmented, and potentially shift enterprise vendor lock-in into the multi-cloud management layer, he said.
“Kubernetes was the clear winner from a long way out,” Casemore said. “There doesn’t seem to be a similarly universal service mesh.”
Distributed SQL database vendor Yugabyte updated its open source platform with a new release on Wednesday that added enhanced capabilities to improve scalability and performance.
YugabyteDB 2.2 is the second major release of the distributed SQL database in 2020 from the vendor, based in Sunnyvale, Calif., and the release follows a pair of recent corporate milestones. On May 19, the company publicly introduced its new CEO, Bill Cook, and then followed up on June 9 with a $30 million Series B round of funding.
The update integrates a number of new features including transactional distributed backups that can help to improve the efficiency of data backups. The release also provides an online index build capability that enhances the scalability of database table indexes. YugabyteDB 2.2 also continues to improve on the multi-API compatibility for both the Apache Cassandra and PostgreSQL open source database platforms.
Merv Adrian, a research vice president at Gartner, said providing support for multiple APIs aligns with trends that Gartner is seeing in the database market. He noted that Gartner is seeing more user interest in supporting SQL and stored procedures for geo-distributed transactional database management systems, to engage with data on a global scale. While the market for distributed SQL is competitive, there is opportunity for Yugabyte, Adrian said.
“There is ample opportunity for Yugabyte to attract tire-kickers; they can play in larger companies who want to control their own platform, of course — and many of them have tried multiple other offerings already,” he said.
Merv AdrianResearch vice president, Gartner
As an open source technology, YugabyteDB can be freely deployed by any organization on its own. Yugabyte also offers a managed service that provides multi-cloud support, which can appeal to organizations that otherwise would be looking at one cloud service provider’s system, Adrian noted.
Multi-APIs support distributed SQL database deployment
The 1.x release series of Yugabyte in May 2018 started with an API that is compatible with the Apache Cassandra database. The Yugabyte 2.x series that debuted in September 2019 introduced a second API that brings compatibility with PostgreSQL.
The vendor’s goal with multi-API support is to give users of Cassandra and PostgreSQL a way to move to a distributed SQL platform that provides more scalability than what they might currently be running, said Karthik Ranganathan, co-founder and CTO of Yugabyte.
“In a distributed SQL system, you have to think a little differently about what network hops exist, how data flows and how much data can be stored in the database as a scalable database,” Ranganathan said.
Online index builds boost distributed SQL database capabilities
Among the key new features in YugabyteDB 2.2 are online index builds. With online index builds, the database can build a secondary index, based on the data in the table, while including all the incoming write requests, without the need to first stop the database to create the new index, Ranganathan said.
When developers build applications, they query databases according to various properties. However, an application developer might not know what properties are needed from the database from the start, when building the application and the database back end.
“You don’t know what indexes to create because you haven’t really built your app or your app evolves over time,” Ranganathan said. “So what online index build does is it lets you access the code or query the database efficiently by a different access pattern that you didn’t know ahead of time.”
The need for online index builds is also important to help support streaming data as well. With streaming data, from Apache Kafka or other event data stream sources, data is continuously coming into a database and developers generally don’t want to stop a database to build a new index.
“This feature [online index builds] let you not turn off the incoming pipe but still process everything that has landed in the database,” Ranganathan said.
Open source vendors SUSE and Rancher Labs are joining forces, at a time when analysts say enterprise storage containers are poised for mainstream use.
SUSE this week said it agreed to acquire Rancher Labs to combine the companies’ hybrid cloud infrastructure technologies. Financial terms were not disclosed, but CNBC reported SUSE will pay between $600 million and $700 million. The companies said the deal is expected to close by October.
The SUSE storage software provides back-end capacity with data management that could serve Rancher’s Kubernetes-managed clusters.
“Saying that containers are red-hot right now might be an understatement. This is the future of the data center. It doesn’t surprise me that SUSE is making investments to improve its container management capabilities,” said Scott Sinclair, a storage analyst at Enterprise Strategy Group, based in Milford, Mass.
The proposal signals the latest evolution at SUSE, which private equity firm EQP Group acquired for $2.5 billion from Micro Focus last year. SUSE first launched in 1992. Micro Focus acquired SUSE from Novell, which acquired SUSE for $210 million in 2003.
Based in Germany, SUSE provides one of the earliest Linux distributions. Its software helps companies build software-defined IT services on commodity gear. The SUSE Enterprise Linux Server operating system is built on the Linux kernel for mainframes, servers and workstations. SUSE Storage Enterprise is a commercially supported version of open source Ceph that supports block, file and object storage.
Founded in 2014, Rancher Labs developed the Enterprise Kubernetes Management platform, which is one of several orchestration tools certified by the Cloud Native Computing Foundation. Rancher is based in Cupertino, Calif., and claims more than 300 corporate customers.
Enhanced SUSE CaaS in the works
IBM acquired one of SUSE’s chief rivals, Red Hat, last year for $34 million. Rancher Kubernetes Management engine competes with Red Hat Open Shift and other orchestration tools used to deploy large container farms that need persistent storage.
“We have a market-leading product, but we don’t have a very wide enterprise-grade distribution. That’s what SUSE gives us. SUSE runs a lot of mission-critical workloads and has a footprint that is probably 10 times larger than ours,” said Rancher Labs CEO Sheng Liang, who will join SUSE as president of engineering and innovation.
Applications that use Kubernetes orchestration need access to persistent storage. This is done either through the Container Storage Interface to back-end physical storage, or as dedicated software-defined storage that presents itself to users as block devices.
Rancher could use SUSE storage to support containers, although Rancher in June made its Longhorn distributed block storage generally available. Portworx and StorageOS offer competing products to Rancher Longhorn. Also, VMware is in the midst of reconciling its Pivotal Software acquisition, which includes the Kubernetes-based Pivotal Container Service.
SUSE CEO Melissa Di Donato wrote in a blog post that SUSE will integrate Rancher technology in the SUSE containers-as-a-service product. SUSE declined interview requests, citing regulatory approvals.
“With our first acquisition as an independent company, we are paving the way for two leading companies with so many complementary strengths to become even stronger together,” Di Donato wrote in the blog.
COVID-19 and containers
The purpose of the deal was not apparent to all industry experts. Greg Schulz, the senior analyst at Server and Storage IO, said he was surprised at the reported price tag for Rancher Labs.
“It’s a hit of a head-scratcher. I’m not sure what to make of it. Were Rancher investors looking for a way out? Is SUSE trying to chase the market now that it’s independent and [needs to] stay out of IBM’s Red Hat shadow?” Schulz said.
More companies are seriously considering containers to speed up digital transformation, especially in light of COVID-19.
“Almost one-third of the companies we interviewed say they plan to use more containers and modern application elements to make their apps more portable across multiple clouds, whether on or off premises,” Sinclair said.
Liang said SUSE plans to retain Rancher’s 250 employees.
Open source contributions can disrupt corporate culture under traditional terms, but over the last year, would-be contributors in enterprises also contended with growing pains in open source communities themselves.
Over the last two years, two major debates in open source communities, about business sustainability and community ethics, have given rise to new types of open source licenses, each of which has presented new challenges to enterprises still learning how to overcome legal concerns about corporate IP and contribute more freely to projects.
“The No. 1 issue [in enterprise open source] is still licensing,” said Kevin Fleming, who oversees research and development teams in the office of the CTO at Bloomberg, a global finance, media and tech company based in New York. “But it isn’t the licensing discussion that everybody was having five to 10 years ago — now, the licensing discussion is about really important projects that enterprises depend upon deciding to switch to non-open source licenses.”
The legal outlook for enterprises has also been further complicated by varied approaches among vendors and open source foundations to copyright agreements, and a general lack of legal precedents to guide corporate counsel on open source IP issues.
Coraline Ada Ehmke
While Bloomberg’s Fleming, and many other enterprise open source contributors, believes new license types such as the server side public license (SSPL) and the Hippocratic License clearly fall outside the bounds of open source, in the wider community, those aren’t entirely settled questions.
“Open source is bigger than licenses,” said Coraline Ada Ehmke, software architect at Stitch Fix, creator of the Hippocratic License and founder of the Ethical Source Working Group. “Focusing the definition of open source on licenses is a very narrow slice that’s only important to business stakeholders and enterprises and not the lived experiences of millions of developers worldwide.”
Business licenses look to protect open core firms
In late 2018 and early 2019, awareness began to grow about the risks of relying on open core software vendors, whose revenue depended on value-add features and enterprise-level support for otherwise freely available software products. Red Hat built a business worth billions on that model, but in the decades since it was founded in 1993, open source software became ubiquitous among enterprises.
Enterprise developers gained the skills to modify and support it themselves and major cloud providers began to offer their own highly successful versions of the same core code. And where Red Hat had success, other businesses built around open source components, such as Docker Inc., struggled to create long-term revenue streams, in part because their core product was free and they faced opposition from partners in some of their attempts to create proprietary value.
Concerns about open core business longevity, especially as major cloud providers such as AWS launched their own versions of open source products such as Elasticsearch without cutting in their original creators, prompted vendors such as MariaDB Corp., MongoDB and Redis Labs to adopt new versions of open source licenses in 2018 and 2019. These licenses were known by multiple names — business source license from MariaDB, SSPL from Mongo, and source available license from Redis, but all sought to protect these companies’ open source IP from poaching by potential competitors.
MongoDB’s SSPL was submitted to the Open Source Initiative (OSI), a nonprofit group that maintains the widely referenced Open Source Definition (OSD), in October 2018, under the OSI’s license-review process. Had it been formally considered by OSI, SSPL might have challenged the nature of the OSD itself, but MongoDB withdrew the submission in early 2019.
“I understand what happened; the companies that said, ‘We provide tools that allow other companies to make billions of dollars and we don’t get anything’ — I am sympathetic to their position,” said Italo Vignoli, affiliate member of the OSI board of directors and PR director for the LibreOffice project in Italy. “But I don’t think that it is by changing the open source license that you solve the issue.”
Bloomberg’s Fleming also understands the reasons behind these open source license changes, but said they still prevent his company’s developers from contributing to projects that adopt them, often to the frustration of developers who had previously contributed.
“We don’t give away our IP to commercial entities — we only give it away to open source projects, that are then going to turn around and freely share it with the rest of the world,” he said. “You’re not going to go to Oracle and say, ‘Hey, can you give us the source code for the Oracle database, we want to spend an extra two months adding a new feature and then give it to you for free?'”
While these open source license changes have caused upheaval in the last year to 18 months, some open source experts believe that their popularity is fading and may eventually disappear.
“Yugabyte, Vitess and other newer distributed database startups, they’ve all gone fully open,” said Chris Aniszczyk, COO & CTO at the Cloud Native Computing Foundation (CNCF), which incubates the Vitess project. “Competitors [to MongoDB, MariaDB and Redis] are actually going more permissive, and over time, they may have to change their [business source] strategy.”
Ethical source challenges open source definition
Most of the furor over open core business licenses has died down in the last six months, but debate still rages about the ethics of technology and whether the open source community can codify and enforce ethical consensus through licenses.
Introduced in 2019, the Hippocratic License is an attempt to do both those things. Named after the Hippocratic Oath taken by medical professionals that states, “First, do no harm,” software projects licensed under Hippocratic language specifically prohibit any use that violates the United Nations’ Universal Declaration of Human Rights.
Ehmke, the Hippocratic License’s author, also seeks to have it approved by OSI, and came in fifth in the OSI Board of Directors election in March with 82 votes. Only the top two vote-getters were elected, but Ehmke said she intends to continue the fight to get the Hippocratic License approved under the OSD.
Ehmke argued that the restrictions in the Hippocratic License do not violate the OSD’s prohibition on discrimination against any group or field of endeavor, since they apply to specific activities, rather than groups of people or fields of work.
“Human rights abuses are not ‘a field of endeavor,'” she said. “If elected I would have worked very hard to update the OSD, which was created in 1998 — it’s a very different world now.”
Bloomberg’s Fleming watched the OSI Board elections with keen interest, concerned that the election of candidates such as Ehmke would signal that the OSI community was willing to consider formally adding ethical source language to the OSD.
“None of us are saying that we want to violate anyone’s human rights or that any of our customers want to violate human rights,” Fleming said. “But if we were to build into the license agreement for software that we sell to banks something that said, ‘By the way, you have to agree that you will never do anything that the U.N. would classify as a human rights violation,’ they would never use our software — legally, they can’t take that risk.”
Ehmke sees nothing wrong with that.
“I don’t want my software used by a bank that is scared of making that guarantee, and I really wonder why he would want to do business with them,” she countered.
The winning candidates in the individual OSI Board elections, Megan Byrd-Sanicki of Google and Josh Simmons of Salesforce, whose publicly posted platforms included no mention of the Hippocratic License, declined to comment for this story. Tobie Langel, principal at UnlockOpen, an independent open source strategy consulting firm in Geneva, was also a candidate this year. He was not elected this round, but said he intends to keep advocating for ethical source within the open source community.
“Open source, from its origins, is a movement that is essentially built around ethical notions,” he said. “The idea is to allow people to have agency and power over the software that they use to accomplish the tasks that they want to do.”
However, OSI affiliate board seat winner Vignoli said he does not believe that such licenses fit the OSD.
Tobie LangelPrincipal, UnlockOpen
“It’s not software that is going to stop people with bad intentions,” he said. “In some cases, they think they’re ethical, and in others, they don’t give a damn about not being ethical, so they would use the software anyway.”
This is where, Ehmke argued, the creator of the software would make that determination and be empowered to stop a bad actor through the Hippocratic License. But Bloomberg’s Fleming worries that the activities prohibited by the license are too broad and subjective to be consistently enforced.
“We just can’t agree to those terms,” he said. “No one knows what they actually mean, and they’re not something that a court could even decide — it would be on a case-by-case basis.”
For Bloomberg, a project’s switch to a Hippocratic license, as version 5.1 of a popular Ruby gem called VCR did last year, does little to advance technology ethics, and only creates disruption for developers.
“I immediately had to reach out to all of our teams that I could think of that might use [VCR] and say, ‘When you run your builds, if you request a version of VCR that is version 5.1 or higher, it’s going to be denied,” Fleming said.
Beyond open source licenses: Copyright agreements
Even standard open source licenses often come with various types of copyright stipulations that can also stymie enterprise contributions, depending on how they are worded.
The world of contributor license agreements (CLAs) is an alphabet soup of acronyms, including the individual contributor license agreement (ICLA), corporate contributor license agreement (CCLA), the Software Grant Agreement (SGA) and developer certificate of origin (DCO). All certify in different ways that a contributor to an open source project has the legal right to donate their code, and that the code will not be subject to copyright dispute later.
Even experienced legal departments can experience confusion when dealing with the different forms of CLAs used by the various open source software foundations, as well as the governance rules that determine when and how they are used.
For Walmart Labs, this confusion surfaced during a discussion on an Apache Software Foundation (ASF) mailing list in April 2019. The company took over code repositories associated with Takari, an Apache Maven plugin now being integrated into the main Maven project. At the time, Walmart Labs counsel said she was confused about why the foundation had asked her company to sign a separate SGA for the code.
“Since the two Takari projects are already open sourced under the Apache 2.0 license, ASF in theory already has all the legal rights it needs to the code,” Walmart senior associate counsel Sue Xia wrote on the mailing list thread. “I do not understand why this additional Grant is needed.” Xia did not respond to requests for comment on the matter this spring, and ASF officials declined to comment on the specific case. But generally, according to Roman Shaposhnik, vice president of legal affairs at ASF, SGAs are used when a large body of code is being donated to the foundation. “This is the Foundation’s policy,” he added. “It has nothing to do with the Apache Software License.”
Other open source foundations, such as The Linux Foundation, may accept code under an Apache Software License with different governance requirements, according to Shaposhnik.
Further muddying the waters for would-be enterprise contributors is a broader ongoing debate about the merits of CLAs that stretches back years in the open source community. Some companies, such as Red Hat, take a strong stance against their use.
Richard FontanaSenior commercial counsel, IBM Red Hat
“[SGAs and CLAs] impose friction in the contribution process that probably is not necessary from a legal risk perspective, because the risk is really very, very low in all of this,” said Richard Fontana, senior commercial counsel at IBM’s Red Hat.
Elsewhere, Fontana has argued specifically against the use of CLAs, instead favoring DCOs to address copyright concerns.
ASF’s Shaposhnik agreed there has been little litigation to date on open source licensing and copyright issues, but that does not eliminate potential future risks. Asking for CCLAs on top of ICLAs is a “belt and suspenders approach” from a legal standpoint, Shaposhnik acknowledged. But the ASF still views its various copyright agreements as necessary to mitigate potential risks, legal and otherwise, when it accepts code donations from commercial entities.
“If we see just a few contributions here and there, just a few trickles, there’s not much to negotiate. If we see a flood of contributions … that would be a pretty significant body of code to keep hostage if it turns out maybe the individual didn’t have the right to contribute it,” he said. “We want that initial guarantee that we will not be wasting our time and the time of our communities working on a project, only to have the corporation come back like, ‘Yeah, you know what, we’ve decided not to open source [it].”
Enterprises must align legal and IT, but with few precedents
Ultimately, IT pros contributing code to open source projects must defer to the legal expertise of their corporate counsel. But enterprise legal departments are still working with few legal precedents and past case law regarding open source licenses and copyrights.
One high-profile software copyright case now waiting to be heard in the U.S. Supreme Court is “Google LLC v. Oracle America Inc. ,” but that concerns the copyrightability of APIs, rather than anything to do with open source licenses. Previously, a federal appeals court ruled in favor of Oracle that its Java Enterprise Edition API is protectable by copyright, but that decision could be overturned by the Supreme Court when it hears the case this fall.
While many in the open source community are following the case and considering its possible ramifications for their projects, it won’t be enough to establish precedent on its own, according to Red Hat’s Fontana.
“It’s clear to lawmakers and the people involved in the legal system that copyrightability of APIs is actually a bad result for the industry, but as far as I can tell, they’re continuing with the assumption that we’ve had for many years that APIs are, from a copyright perspective, in the public domain,” he said.
Meanwhile, the paucity of legal references contributes to the friction enterprises encounter as they become open source contributors. For now, corporate legal departments must draw on open source community consensus instead. Various open source foundations, including The Linux Foundation and Free Software Foundation Europe, look to foster such discussions among corporate legal professionals exploring open source licenses. But these won’t take the place of court rulings in the long run.
“They say you have to tolerate uncertainty if you’re going to be a lawyer, but I think a lot of lawyers, especially coming from more conservative industries, have trouble with that,” Fontana said. “And they will probably welcome additional guidance from the court system on open source licensing.”
Enterprises’ increased reliance on open source software has brought pressure on them to contribute back to open source communities — a dynamic that has prompted new thinking about the business value of giving things away.
The initial appeal of open source software (OSS) to mainstream enterprises was in its price tag — freely available to companies with the expertise to implement it, in contrast to costly proprietary software from traditional IT vendors. Mainstream enterprises have also discovered that open source contributions are necessary to recruit and train scarce developer talent, as DevOps and cloud-native technologies increasingly rely on familiarity with open source software.
The connection between open source and DevOps is not coincidental, experts say.
“The way open source [projects] are built and designed and the ethos behind [them] are actually extremely close to the DevOps culture,” said Tobie Langel, principal at Unlock Open, an independent open source strategy consulting firm in Geneva. “It comes essentially from the same places, and there’s a lot of overlap — a lot of the tools of DevOps are essentially open source tools. And there’s a reason for that. [Open source] is just more practical; it goes faster.”
Open source users become open source contributors
OSS use has increased dramatically among mainstream enterprises in the last decade. According to the 2020 Open Source Security and Analysis Report by IT security firm Synopsys, 99% of the 1,253 enterprise codebases it audited last year contained open source components; in nine of the 17 industries it tracked, 100% of codebases contained open source parts. Overall, open source components made up 70% of the audited codebases.
By comparison, a similar 2017 Synopsys report said that when the company began its examination of open source usage in 2006, it tracked a total of 120 open source software projects. By 2017, it monitored more than 4,600 active projects.
“Open source components and libraries are [now] the foundation of literally every application in every industry,” according to the 2020 report.
But open source communities used their increased clout to enforce their custom of giving back as enterprises sought to donate to their projects.
Companies such as Amazon Web Services, for example, have been accused of taking more than they give to open source communities, and as a result, company leaders have had to fight against the perception that they’re poor corporate citizens. AWS has countered by launching its own distro of Elasticsearch and denying Elastic’s claims, saying Elastic is the one with too much proprietary code in its project and that the AWS-led Open Distro for Elasticsearch is the truly open version of the code. However, other companies such as MongoDB and Redis have expressed similar concerns about AWS and changed their licensing to try to protect their revenue from it and other major cloud providers that might offer a service based on their projects.
Meanwhile, rival Google has made bold bets on open source donations that have massively paid off, from widely used AI and data analytics utilities such as Tensorflow to the now-ubiquitous Kubernetes container orchestration platform. Google also made clear that it views OSS as the future of its business when it made open source skills part of its summer internship programs for budding engineers this month.
Enterprise developers steeped in open source culture also pressured enterprises from within to be able to make contributions to OSS projects that had become essential parts of the infrastructure.
Richard FontanaSenior commercial counsel, IBM Red Hat
“There’s a generation of software engineers now, working in all sorts of companies, for whom open source is just the most natural way to think about how to do software development,” said Richard Fontana, senior commercial counsel at IBM Red Hat. “They’re bringing that kind of outlook to the companies they’re working for, which may be very conservative and not otherwise inclined to get involved in open source.”
Thus, for mainstream enterprises, a dilemma emerged as open source usage began to evolve into open source contributions. The expectation that companies would give away corporate intellectual property (IP), the fruits of paid employees’ labor, for free to the wider world — including, potentially, to competitors — initially created culture shock among business stakeholders, particularly legal and compliance departments tasked with protecting corporate assets and minimizing business risk.
Until as recently as three years ago, changing corporate culture to embrace open source contributions required a painstaking struggle, according to enterprise IT pros who have established open source programs.
“When Bloomberg was created, no one had even considered whether employees would need to be able to contribute IP to projects outside the company,” said Kevin Fleming, who oversees research and development teams in the office of the CTO at Bloomberg, a global finance, media and tech company based in New York. “That’s one of the reasons that the position I have was created. … I’ve been here almost seven and a half years, and the first five of those years, [nobody] has said Bloomberg seems to be a forward-thinking company in this area. … It took a long time to get there.”
Enterprise IT pros navigate corporate IP concerns
Still, this stance has softened considerably among even the most conservative enterprises in the last three years, at least when it comes to contributing code to existing projects. A 2019 Linux Foundation survey of 2,700 IT practitioners found that 52% are involved in a formal or informal open source contribution program, or their company is planning to create one.
Why the change? Companies that have established open source programs say the most important factor is developer recruitment.
“We want to have a good reputation in the open source world overall, because we’re hiring technical talent,” said Bloomberg’s Fleming. “When developers consider working for us, we want other people in the community to say ‘They’ve been really contributing a lot to our community the last couple years, and their patches are always really good and they provide great feedback — that sounds like a great idea, go get a job there.'”
While companies whose developers contribute code to open source produce that code on company time, the company also benefits from the labor of all the other organizations that contribute to the codebase. Making code public also forces engineers to adhere more strictly to best practices than if it were kept under wraps and helps novice developers get used to seeing clean code.
“It’s something experienced developers want to participate in and it’s a great way to coach and mentor people early in their career,” said Chris Judson, VP of engineering at Choice Hotels, a hotel chain based in Rockville, Md. “It also helps us improve our own practices — the more quality code someone sees, the quicker they learn as a developer.”
Moreover, no testing system can replicate a community’s collective eyes on a piece of code, catching bugs and correcting errors, IT pros say.
“You can have thousands of engineers looking at it to find bugs that you never noticed,” said Christopher Maher, software engineering manager at Alaska Airlines, which says it has the largest GitHub presence of any U.S.-based airline. “From a security standpoint, it’s almost like free QA.”
Christopher MaherSoftware engineering manager, Alaska Airlines
A network of fellow developers that can help solve problems is increasingly crucial for software engineers to maintain a quick pace of feature releases and bug fixes, Langel added, and can make a marked difference in how quickly an enterprise can resolve incidents and keep customers happy.
“When you know the right person … that can solve a problem for you, and that person actually knows you and answers your email, solving the problem is going to take you half an hour,” Langel said. “If you don’t know who to ask or what the problem is, you can literally spend a week on it.”
A mark of open source maturity: Wholesale IP donations
Recent research suggests that open source contributions ultimately have a significant positive impact on the business, and that impact is increased by the size and significance of those contributions.
A July 2018 research study by an assistant professor at Harvard Business School, Frank Nagle, examined 56 public companies that used open source software, and found that those that contributed to open source gained an employee productivity boost of 100% over those that did not.
“Measuring contribution at a more granular level — the number of contributors and the types of contributions — reveals that firms that contribute more to OSS gain more from their use of OSS than those that contribute less,” the research report adds.
Moreover, the research shows that companies whose employees contributed substantive content to open source projects, rather than smaller editorial changes such as error corrections, benefited most of all.
However, most mainstream companies, even those that have already made a substantial number of open source contributions, are still navigating the process of creating a formal open source advisory council or open source program. Most companies are also focused on contributing to existing projects rather than building communities around open source projects of their own.
“We have a preliminary pattern that we’ve established where anybody with an open source contribution, essentially, has some criteria that they have to go through,” said Alaska Airlines’ Maher. “We have an internal review board that will look at any project an employee wants to be open sourced.”
However, Maher said, the airline has yet to establish a formal rubric for evaluating open source contributions. Choice Hotels is also still working on establishing an organizational process to ensure key corporate IP isn’t exposed in open source contributions, according to Judson.
But while change within traditional enterprises is a slow process, it is possible, as demonstrated by companies such as Bloomberg and Comcast, which have established open source contribution processes that pull in collaborators from all levels of the business.
At Comcast, that culture began with chief software architect and senior fellow Jon Moore, whose early open source contributions inspired other engineers within the company, including John Riviello, now a Comcast fellow and a member of the company’s Open Source Advisory Council.
In 2011, Riviello developed a novel way to connect multiple open source projects used by Comcast IT that required a contribution to upstream codebases to work and began the process of getting approval for that contribution, which took months.
“People saw me do that, and over the next year, a couple people approached me to say, ‘Hey, how did you actually make that happen?'” Riviello recalled. Eventually, the company established the Open Source Advisory Council and put in place an open source contribution approval process that draws on business managers, legal staff and IT security teams as well as software engineers and has resulted in a more than tenfold increase in the number of open source contributions made by Comcast employees since 2013.
Now, the overwhelming majority — more than 90% — of proposed open source contributions are approved by the council, said Nithya Ruff, the head of the Comcast open source program office. Under the current advisory council process, once engineers are approved to contribute to existing projects, they can make further contributions without having to go through the process all over again, according to Ruff. The process typically takes a few days at most. And since 2016, Comcast has donated several entire projects to open source, such as its Traffic Control CDN and Web PA client-server interface.
The case against IP overprotectiveness
Some bleeding-edge IT practitioners have begun to reconsider the overall value of IP ownership, especially when weighed against the business gains to be had in increased developer productivity and faster incident resolution from open source contributions.
Proponents of this view, including Langel, point to a 2018 Business Insider interview with Facebook chief AI scientist Yann LeCun, in which he stated that owning IP has become less important than delivering innovative products at scale as quickly as possible.
Tobie LangelPrincipal, Unlock Open
“Essentially, practices that help speed up the development process and the deployment process are well worth trading in IP,” Langel said. “[IP] is no longer where the core of the business is.”
Bloomberg has mostly contributed code to open source projects that aren’t customer-facing, five or six layers deep in the IT infrastructure, but recently, that has changed with some contributions to open source of IP related to Jupyter notebooks, which are a significant component of the company’s customer-facing financial terminals.
“So even in that case, even where the function is a client-facing part of our primary product that company makes, it was still the right choice for us … to contribute [it] to the rest of the world,” Fleming said.
This is because, as many enterprises on the cutting edge of open source contributions have discovered, maintaining a proprietary version, or fork, of an open source codebase isn’t worth the trouble in the long run.
“Maintaining a fork has a long-term cost,” Fleming said. “If you create a fork, and then a year later, the community of that project has decided to change some fundamental aspect of the software — the kind of thing that open source projects do all the time — and you have 40% of your code sitting on top of it, you’re going to have to rewrite all of it.”
Comcast engineers declined to comment on the long-term value of corporate IP, but the company made a similar decision to Bloomberg’s Jupyter notebook donation when it open sourced its Traffic Control CDN via the Apache Software Foundation in 2016.
“It’s core to the company’s business, but we felt that it’s better to have it thrive and work in a global open source setting, where it’s maintained by Comcast and a number of other [contributors],” said Comcast’s Ruff. “[We don’t contribute IP] in very, very few cases and frankly, it’s a matter of time before things get opened up again, because technology keeps moving forward.”
In recent years, organizations of all sizes have increasingly come to rely on open source database technologies, including Apache Cassandra.
The complexity of deploying and managingCassandraat scale has led to a rise in database-as-a-service (DBaaS) providers offering managed Cassandra services in the cloud. Among the vendors that provide managed Cassandra today areDataStax,Amazonand Instaclustr.
Instaclustr, based in Redwood City, Calif., got its start in 2013 and has grown over the past eight years to offer managed services for a number of different open source data layer projects, including Kafka event streaming, Redis database and data caching as well as Elasticsearch data query and visualization.
In this Q&A, Ben Bromhead,co-founder and CTOof Instaclustr, discusses the intersection of open source and enterprise software and why database as a service is a phenomenon that is here to stay.
How has Instaclustr changed over the last eight years?
Ben Bromhead:Our original vision was wildly different and, like all good startups, we had a pretty decent pivot. When the original team got together, we were working on a marketplace for high value data sets. We took adata warehouseapproach for the different data sets we provided and the access model was pure SQL. It was kind of interesting from a computer science perspective, but we probably weren’t as savvy as we needed to be to take that kind of business to market.
But one of the things we learned along the way was there was a real need for Apache Cassandra database services. We had to spend a lot of time getting our Cassandra database ready and managing it. We quickly realized that there was a market for that, so we built a web interface for a service with credit card billing, wrote a few blog posts and within a few months we had our first production customers. That’s how we kind of pivoted and got into the Cassandra database-as-a-service space.
Originally, when we built Instaclustr the idea was very much around the idea of democratizing Cassandra for smaller users and smaller use cases. Over the years, we very clearly started to move into medium and large enterprises because they tend to have bigger deployments. They also tend to have more money and are less likely to go out of business.
There are a few Cassandra DBaaS vendors now (including Amazon). How do you see the expansion of the market?
Bromhead: We’re very much of the view that having more players in the market validates the market. But sure, it does make our jobs a little bit harder.
Our take on it [managed Cassandra as a service] is also a little bit different from some of the other vendors in that we really take a multi-technology approach. So you know, not only are we engaging with our customers around their Cassandra cluster, but we’re also helping them with the Kafka cluster,Elasticsearchand Redis.
So what ends up happening is we end up becoming a trusted partner for a customer’s data layer and that’s our goal. We certainly got our start with Cassandra, that’s our bread and butter and what we’re known for, but in terms of the business vision, we want to be there as a data layer supporting different use cases.
You know, it’s great to see more Cassandra services come in. They’ve got a particular take on it and we’ve got a particular take on it. I’m very much a believer that a rising tide lifts all boats.
How does Instaclustr select and determine which open source data layer technologies you will support and turn into a managed service?
Bromhead:We’re kind of 100 percent driven by customers. So you know, when they asked us for something, they’re like, ‘Hey, you do a great job with our Elasticsearch cluster, can you look after our Redis or a Mongo?’ That’s probably the major signal that we pay most attention to. We also look at the market and certainly look at what other technologies are getting deployed side by side.
Ben BromheadCo-founder and CTO, Instaclustr
We very clearly look for and prefer technologies where the core IP or the majority of the IP is owned by an open source foundation. So whether that’s Apache or theCloud Native Computing Foundation, whatever they may be. It’s one thing to have an open source license. It’s another thing to have strong governance and strong IP and copyright protection.
What are the challenges for Instaclustr in taking an open source project and turning into an enterprise grade DBaaS?
Bromhead:The open source versus enterprise grade production argument is starting to become a little bit of a false dichotomy to some degree. One thing we’ve been super focused on in the open source space around Cassandra is getting it to be more enterprise-grade and doing it in an open source way.
So a great example of that is: We have released a bunch of authentication improvements to Apache Cassandra that typically you only see in the enterprise distributions. We’ve also released backup and audit capabilities as well.
It’s one thing to have the features and to be able to tick the feature box as you kind of go down the list. It’s another thing to run a technology in a production-grade way. We take a lot of the pain out of that, in an easily reproducible, repeatable manner so that our support team can make sure that we’re delivering on our core support promises. Some of the challenges of getting stuff set up in a production-grade manner is going to get a little bit easier, particularly with the rise of Kubernetes.
The core challenge, however, for a lot of companies is actually just the expertise of being skilled in particular technologies.
We don’t live in a world where everything just lives on an Oracle or aMySQLdatabase. You know, more and more teams are dealing with two or three or four different databases.
What impact has the COVID-19 pandemic had on Instaclustr?
Bromhead:On the business side of things it has been a mixed bag. As a DBaaS, we’re exposed to many different industries. Some of the people we work with have travel booking websites or event-based business and those have either had to pack up shop or go into hibernation.
On the flip side, we work with a ton of digital entertainment companies, including video game platforms, and that traffic has gone through the roof. We’re also seeing some people turn to Instaclustr as a way to reduce costs, to get out of expensive, unnecessarylicensing agreementsthat they have.
We’re still in a pretty good path for growth for this year, so I think that speaks volumes to the resilient nature of the business and the diversity that we have in the customer base.
Editor’s note:This interview has been edited for clarity and conciseness.
Microsoft Teams will soon let users open chats, calls and video meetings in separate windows. The long-sought feature will help people multitask in the team collaboration app.
Microsoft plans to finish rolling out pop-out chats this month. Teams will get multiwindow support for calls and video conferences sometime in June.
Nearly 20,000 people have asked Microsoft to add multiwindow capabilities to Teams since the first request in 2016. It’s yet another example of an essential feature of Skype for Business that’s still missing in Teams.
“It’s like not being able to open multiple Word or Excel documents at the same time,” said Andrew Dawson, an IT professional based in the United Kingdom. “Archaic!”
Without the ability to open multiple windows, users can only do one thing at a time in Teams. The limitation forces some companies to use other communications apps in conjunction with Teams.
Jacques Detroyat, an IT manager for a company based in Switzerland, said one common workaround is for users to message on Skype for Business or WhatsApp during Teams meetings.
The setup is not ideal, Detroyat said. “It’s a bit like writing with a badly sharpened pencil or trying to have a conversation in a noisy environment: You can do it, but the experience won’t be great.”
Some users want the company to support multiwindow viewing in even more scenarios. For example, Microsoft could let users edit a document in Teams in one window while searching for information they need in another. But the company has not committed to doing so.
Users will be able to open multiple Teams windows only in the Windows and Mac desktop apps. Microsoft has not said whether users of the web app will eventually get the upgrade.
The launch of multiwindow support will not solve another problem that users face. People want to be able to open separate Teams windows for different accounts on desktop. Microsoft has committed to letting users sign in to multiple accounts at the same time. But it has not provided an update on the feature in months.
Teams has attracted millions of new users during the coronavirus pandemic. The app grew from 20 million daily users at the end of 2019 to 75 million daily users in April.
The increased usage of Teams has made its shortcomings more aggravating to users. Complaints include the app not having a large enough group video display or a robust calendar.