Many of these recent forks are being done because people won't want AWS/GCP/Azure to slap a UI on top of their free open-source product and resell it, making tens of millions of dollars per day in the process. I can't really blame them.
"It works on my machine!"
"Then we'll ship your machine"
Docker: https://miro.medium.com/v2/resize:fit:720/format:webp/1*Ibnw...
I disagree—I think support of deployment tooling (like Atlantis) is the bigger proof. If you are running terraform on your local machine it is likely a very small company.
Opentofu hasn't shipped a 1.7 stable with removed blocks yet, whilst terraform is already on 1.8 with provider functions
Just to clarify, provider-defined functions are coming in OpenTofu 1.7, along with e2e state encryption. Generally, I recommend not comparing version numbers of Terraform and OpenTofu post-1.6.
Implementing the e2e state encryption was non-trivial, and we wanted to make sure we get it right, so that's why the release took us a while. We also got a slight additional delay due to needing to handle the C&D letter OpenTofu got from HashiCorp[0], but that's all sorted now.
The beta for 1.7 however is coming out this week, with the stable release planned in the next ~3 weeks.
[0]: https://opentofu.org/blog/our-response-to-hashicorps-cease-a...
I won't blame them for regretting their past actions, but I hope the lesson would be learned: if you want to put limitation on the use of your software, you shouldn't have licensed it in a way that doesn't allow such. You can't recall a gift because you don't like how the recipient is using it. Though you are more then welcome not to gift them ever again.
That's actually an accurate description of what's happening with these re-licensing dramas. Redis versions from before the split are still BSD-licensed. They can't recall those gifts. The re-licensing only applies to newer versions.
Of course, it wasn't just people employed by Redis, Inc. who were providing the gifts. My (vague) understanding is that a lot of contributions came from people at AWS, etc. Technically, AWS was providing those "gift" contributions to Redis -- because Redis, Inc. maintains the copyright for community contributions -- and Redis was then re-gifting those contributions to the world, via the BSD license. That's all fine and dandy until the big contributors realized they're actually fiercely competing with each other for cloud customers, and it's not realistic for Redis, Inc. to compete with the largest cloud provider on Earth without any technical moat whatsoever. Hence the re-licensing.
I think the breakdown in trust for Redis, Inc. is overblown. By far the biggest contributor to valkey (madolson) is employed by AWS. Does the OSS community really think that's a better organization to back in the long term?
But if you mean that you can't recall a gift without making people mad, then yep, that's true! But keeping people from being mad is not the only thing that matters.
But the real problem I have with, "I hope the lesson will be learned" is that the lesson people are learning is "don't try to build ambitious software requiring a lot of work from a dedicated core team using an open source license; you're going to find yourself damned if you do and damned if you don't".
And I think that really sucks! And sadly the ship has already sailed here. I'm certain we're going to see way fewer products with open source licenses because of all of this. And I think it's unlikely we'll even see as many products with "source available" licenses because, how is it worth the hassle to release source when the community has shown more good will to projects that are entirely proprietary?
I really think I'm going to look back at the last 15 years or so in awe at how often I had the luxury of digging into the behavior of software I rely on, by reading the code.
Fighting to change those systems and norms is a Good Thing™, but I'm too pessimistic to act today as if the change is coming tomorrow. I'll both work to change those systems, AND act as if they're here to stay.
This, thousand times. Looks like FOSS advocates feel so threatened by "source available" licenses that they will do everything possible to keep them from gaining momentum (see Commons Clause).
It's a shame really. It would be nice to have a standard and well known license that would both allow users to use software freely (for using and adapting) and still protect makers from their competitors (AWS comes to mind) undercutting them with their own product. Oh well.
EDIT: ...and here comes the first (anonymous) downvote. Proves my point about FOSS sentiment, I guess? Come on, it's a discussion, you can do better than that.
Yeah, for things running server-side that could be used by Amazon and Microsoft, they should use SSPL from the start. In this case everything is clear and everybody knows what to expect. For regular users, there is absolutely zero difference between SSPL and OSI-certified licenses.
To people starting projects today, you have no excuse, we know better. Don't use OSI open-source unless it's entirely a labor of love that you're giving away free.
OSI Open-source business models are dead. Don't make that mistake.
According to antirez, he understood the implications of licensing Redis as BSD: https://news.ycombinator.com/item?id=39863371
I am curious for examples of any projects now *starting( with one of these non-open-source rights-to-profit-reserved licenses, now that is clearly "understood". Are there any examples? Are they successfully attracting users? Contributors?
Well, know what your secret sauce is. I think performance is really the best differentiator. Make a fully behaviourally compatible (maybe not bug for bug) version available and then sell a proprietary faster version.
Think an compiler that doesn't due any optimisation and outputs naive code. You know have a useful OSI project, and a clear value add, and a clear boundary between the two.
This is really applicable for databases, and it still leaves you with something useful for learning small projects, and for developers to run locally on their own machines.
You can probably set up a decent privately-funded venture to deal in OSI software. The problem comes (as it always does) when the founders think they're the reincarnation of Steve Jobs and deserve a nine-or-ten-figure net worth for making a few nice, but ultimately not earth-shattering, software tools. Then they have to enshittify to get ready for the IPO.
I'd say Elasticsearch is still the comparison to make here for a product that clouds just resold, then again, Redis the company didn't build Redis the software and their latest marketing smells more of VC hawkery than any reasonable pitch
Would love some data in support of this statement. Not saying you're wrong necessarily, just it feels like a perception vs. reality comment potentially.
https://old.reddit.com/r/devops/comments/eaq8bh/terraform_em...
The vast majority of projects that I've come across at work just had the tf CLI wrapped in a CI/CD pipeline + some bucket, but the managed competitors seemed to come up more often (compared to other tools/platforms) when people wanted to use/were using something as a service. Perhaps it's really just a perception thing, I never checked their financials
edit: I think I went off-track from the point. The point was that the ones selling managed versions were not the hyperscalers, but people building wrappers and similar around it. The other commenter with the list of fork-backers illustrates that nicely.
https://opentofu.org/supporters/
For more details, you could listen to:
If it wasn't open-source it won't be as popular as it is in the first place, Redis is also using ton of open source software or libraries for free.
Not defending AWS/GCP/Azure, I actually got my software used when i was young by a large company for free (not even a mention- Still using it i think, 5M+ Play Store Downloads), but that is the spirit of open source
If AWS/Azure/GCP/et al. ran a cloud version of X and the main company supporting the open source project was a going concern, I doubt many would have a problem with the entire scheme.
However, in reality, every enterprise support dollar that goes through a third party cloud-managed offering is one that doesn't go to the first party.
In which case, what dollars are left to pay the independent company that creates and supports the software?
Granted, there are a lot of nuances to the above, but I think it's generally fair to say that third-party cloud companies are making more off managed open source offerings than they're paying to contribute to them.
The only losers are people who are engaging with the Open Source community in bad faith, viewing it as something to steal from, rather than participate in.
I don't think anything else open source I've done has been widely deployed, but if I save a bit of someone's time because they can use something I did, or save some users' cpu and bandwidth, it doesn't matter to me if that's a user of a free service or a propriatary one, I still helped their user.
IIRC, it only need libc and OpenSSL (the latter only if you build TLS) on your system, and provide their forked copies of Jemalloc, LUA, fpconv, HiRedis, Linenoise and Hdr_Histogram.
for example, something like jemalloc is highly nontrivial
I might be in a bubble of course, but from what I've seen, I've been positively surprised by the uptake of OpenTofu so far!
I do also expect OpenTofu 1.7 to be more interesting for people to migrate to, as it'll include a bunch of OpenTofu-exclusives.
I vaguely remember the news about the Microsoft guy that was called out on twitter and I’ve read the issue and looked at some cli/api parameters and was stunned. So much possible flags. I hope that I will never need to deal with it.
But still kudos for all the maintainers. It works and has probably support for all codes and all options of these codes.
Then build that UI yourself and sell it and make millions of dollars per day yourself, noone is stopping them.
Ah but you see there are 2 problems: 1/ "UIs" are harder than people think, especially by those that use that term derisively like you did. There are PLENTY of popular products that are basically just UI on existing data.
2/ AWS/GCP/Azure aren't slapping UIs. They're offering "managed operations" for these products. What is it? And sure, Hackernews is likely to scoff at that - we know how this site feels about dropbox -> https://news.ycombinator.com/item?id=9224
But if it didn't offer value, people wouldn't pay for it. Redis engineers are good at building a key value storage. AWS/GCP/Azure engineers are good at building managed operations. Combine them together and you've got the best of both worlds.
AWS/GCP/Azure aren't making money off Redis, they're making money off their experience in operating cloud infrastructure. And the free market wants to pay them to do so.
They are generally a good thing, save for the poor souls that will end up maintaining a project that was started with them while they were still active. The success of the fork doesn't matter so much as the direction it inevitably pulls the original project.
The io.js drama gave us a huge step forward with NPM once their hand was forced. Hopefully some good ideas come of this too.
https://devboard.gitsense.com/redis?id=f66d8a46ef&nb=all
For a longer case study, you might be interested in Elastic and OpenSearch
https://devboard.gitsense.com/opensearch-project?id=e766e581...
Both projects are quite healthy, but Elastic is still clearly more popular.
Redis? I'm not sure. Like you say, they don't want Big Tech to slap a UI on it and profit. And, really, once they start competing on price (which they might sooner rather than later to keep people from going back to on-prem) you can guess they might use something that's free so they don't have to pay the license on a per-server instance.
Important to note that the "people" in this case is the company that bought the rights to the Redis trademark from the original creator and then took on $350M in VC funding. The community that created and supported Redis since its inception was not involved in the decision, and isn't getting any of the benefit.
For Redis there could be space for both, but if I want anything larger than a single instance I'd just sooner use MS Garnet[0].
Do you know what the main differences are and whether it is worth switching?
Whats funny about this one is as follows:
1. The license: BSD? LGPL? Do both... nothing says that you cant make the product available under both licenses. You prevent another rug pull...
2. The platform: Do both, Run the thing on GitHub like it always has been and back it up to the other platform. If MS makes GitHub into the next source forge... then you're already half way out.
3. The name: Not a hill any one should die on. Pick three, ask amazon legal to clear them or FSF legal to clear them and vote. Redict and valkey are both fucking stupid names... Yea you might have to live with storage mcstoreface but that would be better than either of the current options.
As for FOSS drama... Lacking any clear leadership, peoples ability to self organize is limited. These sorts of things happen all the time (systemd, x vs waylaid, how many unix forks?) The winning side is almost always the one with clear leadership.
I can.
Free software is, at its core, wage theft. It is truly unfortunate that so many people don't understand "big picture" economics, not the $2 for a loaf of bread economics, but the creation of value, it's consumption, and allocating resources to maximize creating the "right kind" of value. Most programmers "get" that writing code has value, hell tech companies will pay $5,000/week in total compensation just to do that, of course "coding for money" isn't the same as "coding on something you love", or are invested in, or does something you want. But here is the detail that so many miss, it is still $5,000/week "worth" of value. Whether or not someone is paying you to do it, there is still value there. And when you think about it is it all that surprising that putting that value into a thing doesn't make it something others might value too? Others who don't have the chops or the time to make it themselves? THAT is economics. And there are so many people who can see that value just sitting there and say, "Hmm, I bet I know someone who would value that, and I could get them to pay me some of that value in cash money in exchange for hooking them up." And it's game on buddy. And what is that game? Stealing the 'value' that would have been returned as a wages to a coder if they had been hired and keeping it for themselves.
You might as well decorate your front lawn with $100 bills and put up a sign that says, "These bills are decoration I forbid you from using them to go buy things for yourself." Sure some folks would respect that sign but a whole lot more would say, "Uh, good luck with that, and thanks for the cash."
If you write code for "free", no matter what license you try to put it under that "prevents" people from profiting off of it, they are gonna profit. You can either make it possible for them to profit and cut you in on some of that, or you can decide for yourself that you're okay with all of that value you created funding someone else's lifestyle.
That's not true though. Cloud vendors can choose to pay Redis Ltd to continue to offer "official" Redis as a managed product. Azure is doing this. AWS and GCP just chose not to.
Even if Azure Redis is cheap now, just wait until the next low-performing quarter at Redis Ltd, and they'll raise Azure's fees to make their offering more attractive.
They are the monopolist now, no one can force them to have fair prices.
They don't want to use big (especially US) cloud hosters.
Funnily enough, it also means most of those "buy hosted only from us" setups with hashicorp or redit are also dead in the water.
So it's build from scratch or fork or go for project that has clearer leadership on what it's for and isn't going to rug pull.
OSS companies are fighting against cloud vendors to survice.
https://zilliz.com/blog/Redis-tightens-its-license-How-can-a...
Cockroach, Materialize, and MariaDB were all also relicensed without massive backlash, I think. But I think that's because they had fewer users at the time.
But Mongo's was the one relicense event that didn't produce so much shock that a new fork came out of it. And Mongo's stock is doing great, if that's a good proxy for their overall success.
I wonder what the difference is.
Mongo was always AGPL and relicensed to SSPL. This had the following consequences:
* Very few companies and zero large cloud companies ever attempted to run the MongoDB codebase in production as a managed service, other than MongoDB the company.
* Mostly because of the above, MongoDB did not receive many code contributions that did not originate from within the company. There were some, but not nearly to the extent of the others you listed
* The difference between AGPL and SSPL is not nearly as large as the difference between BSD and SSPL or Apache and SSPL.
Other people that didn't own the copyright to any mongodb source code of course had the right to take the source code and fork it under the AGPL. But there would have been no choice about the license under which to distribute that fork because of how strict AGPL is. By insisting on copyright transfers, Mongodb was able to dodge that and re-license the entire code base without having to require permission from anyone because they owned all of it.
For the same reason, there never was much of a community of contributors outside of Mongo. Most large companies would have steered clear of that legal mess and declined to contribute or fork. The flip side of course is that this strong ownership marginalized mongodb as a community even before the license change. It simply didn't matter much to most large companies as they would have steered clear of it anyway.
With Redis, this is not the case. Redis the company was an active contributor to the code base but most of the contributions actually came from the outside and they never owned the copyright to those contributions. The BSD license allows anyone (including Redis Inc.) to redistribute the code under whatever license. Which is why Redis can do this. But for the same reason everybody else can continue as is using Valkey without having to worry much about Redis the company having retired from what otherwise is a thriving OSS community.
If SSPL is effective as a poisonous pill against AWS and Co. but SSPL is not, that's a big difference in my book.
I believe it takes an organization a huge inertia to be stuck with it, possibly if you managed to grow your company really quickly. But most projects I've seen that used mongoDB ended up being rewritten/thrown away
I find it astonishing when I see how much mongoDB has managed to grow its revenues, now its like $2B trailing when literally nobody needs it
RDBMS's can be scaled to "planetary" scale and once you throw in a few other noSQL DBs to fill in other gaps (like Redis), you literally will never need to pay a license
MongoDB's success is probably a similar case to Oracle, there are many OSS alternatives but some old businesses have the foundation of its business on that db and moving out would have a huge cost, so they accept shredding millions to software that OSS have even better alternatives
Many people who "start" with those database choices either (1) "end up" elsewhere or (2) are perfectly content with treating their database as a SaaS business expense.
Their communities have self-selected into a [profitable] niche that excludes the kinds of people (like the author of this blog post) who are both capable and motivated to maintain a fork.
The author of TFA would probably categorize MongoDB as "software I hate" (a category he touches on in the article), to put it in perspective.
You may be thinking of their separate MaxScale proxy product, which uses the Business Source License, which MariaDB created.
I am pleased that Valkey has made the decision to remain independent from the competing Redict fork project. The dogmatism on display in that thread is frustrating. It is one thing to stand by your own principles and opinions, it is entirely another thing to aggressively push your opinions onto others. With the two projects remaining independent, we will get to see which kind of community stewardship results in project success and longevity. The alternative, I fear, might have been technically minded people being railroaded by ideologically driven zealots.
Dogmatism and zealotry are words we probably mostly associate with religion, but I think they apply exactly to the kind of people I would proactively exclude from any public community I was trying to build.
1. https://github.com/valkey-io/valkey/issues/18#issuecomment-2...
"Fair" is somewhat loaded. The developers certainly have a right to change their product and charge for it, but it's not nearly as cut and dry in my opinion. How many contributions were made because of the completely open nature of the product? Is it "fair" to those people that the controllers of the project want to change how it's offered at a later date? Some people are happy to feel like something they have contributed is in use by a lot of people regardless of whether someone else is making money from it.
There are often lots of entangled assumptions in open projects like these. Ultimately, people have a right to offer their work as they want, so I see no problem with projects trying to request additional restrictions on how their work is used, but I also don't see a problem with companies using open projects as offerings. It was offered for free, and it's not like the cost of the offering isn't usually just the cost of the underlying resources plus some additional amount for ease of management.
AWS revenue is about $90.76B, though most of it isn't from Redis, I'd assume. But let's be generous, and assume 10% of that is. So about $10mm. For the recent version, Redis-the-company contributions to Redis-the-software were less than third of the code base, so let's say they get $4mm. That's very little revenue for a company that has a valuation of over $2B.
The vast majority of these projects didn't seem to have a problem with large companies like Netflix using their software, even if it was put on a cloud server, as long as it was managed by Netflix. Now that the management portion is moved to the cloud provider, along with some amount of possible profit, it's a large problem? Was it not a large problem when the companies were using these projects directly? Was there not some assumption and hope these companies would use these projects by the people contributing to them?
You are pushing away potential customers with this behavior.
Are these redis forks just vocal terminally online internet people fighting, like most people don't resell redis and don't care, don't comment or get involved?
To answer sibling comment by theamk: I think such projects should just disclose their rates up front.
So it seems obvious that this fork which will be part of linux dependencies, has backing of big corps and core maintainers isn't going anywhere and is likely the 'new redis'.
https://www.linuxfoundation.org/press/linux-foundation-launc...
Do you mean the foundation uses it to serve some marketing sites or it's part of some build farm/infra or something?
I'm, generally, a mobile dev so I'm not familiar with redis. My handwave-y understanding is its a in-memory key/value DB.
I don't understand how that brings anything to the table for genAI. Couldn't the pitch read the same if you were mongoDB, postgres, whoever?
Also, my goodness, my eternal enemy, the idea a vector DB is something different than keeping a store of file -> pair<string, list<double>>.
The odds you need a vector DB unless you're doing insanely high scale stuff with AI are very low. If you're doing consumer stuff, please use ONNX and keep the pair, and thus the file, local and private.
The queries it's good at are not "what vectors map to this filename", but "what pieces of text are closest to this vector, and what metadata do we have about them?" This is a non-trivial problem to solve if you don't want your queries to be O(n) where n is the dataset size.
This is useful because AI models can transform any kind of content (usually text or images) into vectors, in a way that content similar in meaning is transformed to vectors that are close to each other. This can be used e.g. find all documents related to your search query, even if your search keywords are never directly mentioned, to find articles similar to the one you're currently reading, to search images by their descriptions, or even to see how closely a user submission matches "undesirable" content, like spam or porn.
I agree that specialized vector databases are a little silly though, considering that Postgres and others have vector extensions now.
There is a new type of vector database that combines the best of both worlds, which is MyScale, the SQL vector database. You can refer to the following blogs to see the comparison. our comprehensive benchmark evaluation reveals that MyScale exceeds other products in terms of filtered vector search accuracy, performance, cost-efficiency, and index build time by a long way. Importantly, MyScale is the only product tested that delivers healthy search accuracy and QPS across various filter ratios.
https://myscale.com/blog/myscale-outperform-specialized-vect... https://myscale.com/blog/myscale-vs-postgres-opensearch/
I think we're getting to the heart of my confusion, and I only assume it's because of different use cases/expectations on privacy.
Lets say I'm CEO of Mousetrap Inc., and I got this .txt file, our top secret plan for a better mousetrap.
I want genAI to pick out the parts about the new metal alloy.
I upload the file to B2BAI LLC, who turns it into List<String>, then we give it to the model and get back List<List<Float>>.
Vector DBs store the List<String> and the List<List<Float>> for retrieval.
I, the top secret mouse-trap inventor, do not want my plan stored on any 3rd party computer.
But, this app I use puts it in an a16z approved Vector DB™.
The vector DB provider now has the embeddings (List<List<Float>>) and the chunks (List<String>), which violate my desire to not have my top secret mousetrap plan stored at rest anywhere .
Big companies who are extremely protective of their secrets use the cloud. Even the US government isn't afraid to store classified information in AWS, and they're not joking around with secrecy.
Unless you're acting specifically against American interests, I can't imagine a situation in which a cloud company would actually steal your secrets.
If anything, I'd be afraid of a vector DB vendor getting hacked, but I don't think that most non-tech companies who want to use vector embeddings for their documents can provide better security themselves.
It is all about performance; latency and recall.
https://discuss.elastic.co/c/announcements/security-announce...
However I think the RESP is going to become even more of a standard protocol that many viable implementations support moving forward. Microsoft is working on Garnet, and I can imagine other major cloud providers having their own implementations or forks at least.
AGPL ensures no one will serve your software via network without also showing their code (which they can avoid by buying commercial licenses and thus funding the project) and no CLAs ensures that the project can not be relicensed without every contributor agreeing. (after all, if really every person can agree it is a good idea there might be some merit to it).
But regardless I sell your code under FooOSS until the cows come home without paying anymore else a dime. If I couldn’t, then it wouldn’t be OSS. Now, depending on the FooOSS I might have to share any changes I make… but you cannot revoke my license to your’s.
People need to put food on the table, period. I’ve had people take my work and make more money from it than I have, with no attribution or credit.
Then I pulled it down and got a lot of people asking why it’s no longer free, when I tell them I can sell them a license they don’t even reply.
I care more about my family than your FOSS ideals. End of story.
We won't make change until enough people are willing to sacrifice to make it, and most people just aren't willing to bear that load when going with the existing system, while broken, alleviates that pain while unfortunately also acting as a network multiplier to not just perpetuate, but also strengthen, the status quo.
Make no mistake, the existing system is built with features made explicitly to limit your freedom. You simply can't live without selling your labor. If you look at a lot of people trying to start their own businesses (FLOSS or not), they're trying to use the system to earn their freedom in a system where true self-determination and financial independence are synonymous.
That's all the FLOSS ideology is, buying our common self determination through leveraging the power of computing. And looking at how much money it's generated, you can't say that was an impossible dream, but we're losing the war.
Also, for what it’s worth, I’ve forgone millions of dollars in compensation over the years to work on socially beneficial projects, and literally just left $250k on the table last year alone. But yeah, wanting to support my family makes me greedy.
I actually find it pretty interesting that there's so much hostility towards my posts when I attempt to start a discussion on alternatives to our present and decaying society. Like, it is a lack of imagination? A resignation to reality? Belief that this is the best we can do?
Personally, I /can/ envision a future without landlords, banking info, and retirement accounts, where we direct the immense productivity of our people away from one that necessitates a focus on money. I guess I'll just need to work on my pitch.
Maybe, but the priority is to put food on the table. You can't benefit humanity if you're dead.
But there just aren't enough professors, grad students, or young people with plenty of extra time on their hands, to build all this stuff for free.
Academic peer review doesn’t include code review.
You've all agreed what can and can't be done with your code based on the license you used.
If you want to make money with software, it's proprietary or dual-licensed (A)GPL with CLA. Anything else you'll bait and switch on people.
These aren’t hard concepts.
Even if the product continues to get features and active development, like Oracle poured into MySQL after its acquisition, a database or framework going less open source is still a death knell.
The mainstream programmers will move on and use something else. Anything else. Who who has heard that the license can change would now pick it for a new project?
I've always thought the "we're just hosting a server with our modified version of this OSS code, so we don't have to share the source" argument was trash.
If you want perfect reliability, use the standard library of a language and nothing else. It’s actually possible.
Ironically, the best open source projects are the ones that have no other dependencies beyond the standard library.
