#opentofu (2024-04)

Discuss OpenTofu-related topics

2024-04-04

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

2
2

2024-04-07

Hao Wang avatar
Hao Wang
OpenTofu may be showing us the wrong way to forkattachment image

Disagree with a license? Fork the project, but don’t lift the code and say it was always publicly available. Compare HashiCorp code and license to OpenTofu’s version.

Hao Wang avatar
Hao Wang
OpenTofu may be showing us the wrong way to forkattachment image

Disagree with a license? Fork the project, but don’t lift the code and say it was always publicly available. Compare HashiCorp code and license to OpenTofu’s version.

Hao Wang avatar
Hao Wang

the author is neither a good lawyer or a good open source developer

Hao Wang avatar
Hao Wang

we all know Hashicorp is going to sell itself, I don’t think it can replicate the same success as Mysql

Hao Wang avatar
Hao Wang

my 20 minutes > money behind this post Lol

Hao Wang avatar
Hao Wang

if you are one of the TF contributors, you may notice this post doesn’t mention there is a group of contributors behind Terraform, now and then

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
OpenTofu may be showing us the wrong way to forkattachment image

Disagree with a license? Fork the project, but don’t lift the code and say it was always publicly available. Compare HashiCorp code and license to OpenTofu’s version.

Hao Wang avatar
Hao Wang

yeah, started with this post and dived into the codes

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(meant to highlight the thread)

1
Hao Wang avatar
Hao Wang
Mark Atwood (@_Mark_Atwood) on X

I will be direct: Matt is incorrect. OpenTofu has not “misappropriated”. Infoworld needs to issue a retraction. I looked at the code, the ways they are similar are entirely functional, and the ways they are different tell me it’s a different implementation.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Nice,

Hao Wang avatar
Hao Wang

exactly, the above link I shared is the file history and it looks to me it’s kinda re-implementation (80%? hard to tell), it may be a lesson for forked projects not to be blackmailed by the original project, but for now there is no legal case to define the boundary

Hao Wang avatar
Hao Wang

for leaders of Hashicorp kind companies, it is better to hide the sale intention, changing license should always happen after being acquired. from my long term of observations, Hashicorp will fail with no exceptions, especially after this post got published

Hao Wang avatar
Hao Wang

not related to Hashicorp, for those people who would like to weaponize law system/opensource projects etc, will fell very hard

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I know you feel very strongly about HashiCorp and the license changes and rightfully so. Personally, I do not bear ill will against them. I want them to succeed and HashiCorps demise only serves to make business harder for us. As much as I don’t like how they went about it and disagree with the decision, I do want providers kept up to date, greater exposure of Terraform, enterprises adopting HCL for IaC, training, education, documentation, etc all to continue to flow and get developed. I think this campaign against OpenTofu is fishy but, as others have said, rather predictable. War is good for no one. Just hope these little skirmishes will be behind us and everyone can get back to business and fair competition.

Hao Wang avatar
Hao Wang

sorry, my expression sounds strong my native language is also strong to Chinese speaking audience, I know it is definitely not welcoming. most of time, just trying to convey the prediction and give some hopes to the opensource contributors who didn’t see what I have seen

Hao Wang avatar
Hao Wang

this is the mindset that Hashicorp like companies are visioning, people don’t like the pain in short period, the community is worsening after IBM acquired Redhat, in a long run, the door of open-source is closing or is already closed. actually redhat is the bait that IBM released…

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Yes, I feel like “open source” as a whole is under attack. I feel like we’re losing our role models. The billion-dollar companies that painted a dream that building a company on pure open source is possible. Now with MongoDB, Redis, ElasticSearch, HashiCorp, and just announced - Gravitational (makers of Telelport), all changing licenses it sets trust back in open source 15-20 years.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I remember when trying to use MySQL in a company was a HARDSELL! Of course, that time has come on gone and then some. It feels like using open source became the default for a lot of enterprises.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

My fear is enterprises and businesses alike, begin to distrust open source, especially open source backed with commercial interests as “bait and switch”

Hao Wang avatar
Hao Wang

my life was changed by open source, that is why I stand up for it, people have to dare to stand up to the big companies, when I started the journey, people in open source community don’t care about what big companies did or said

Hao Wang avatar
Hao Wang

otherwise, for our next generation, opensource will not be this friendly

2024-04-08

2024-04-09

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

My fear is enterprises and businesses alike, begin to distrust open source, especially open source backed with commercial interests as “bait and switch” @Erik Osterman (Cloud Posse) I’m not sure that’s the case. Most of the leaders I talk with are juggling a few factors: capabilities, risk and cost. Pure open source solutions aren’t free as in beer, they’re free as in puppy. There are still costs around building and maintaining solutions. There is risk around supportability and variance between solutions. If a team can build a solution with the highest amount of capability for the business with the lowest risk and cost, that solution will win, regardless of it is built on OSS or not.

Also, the practitioners have their own biases. I’ve seen plenty of cases where top-down driven solutions have failed because the folks that inherited those solutions weren’t capable or motivated to use them. The vast majority of good leaders will allow their practitioners to select the best solutions, again, regardless of how they got to those solutions as long as risk and cost are optimized.

I’ll give you an example from $lastJob. Consul was a mission critical part of our ad delivery system. We botched an upgrade and had a six hour outage. At the time, there wasn’t a commercial version of Consul, hence no support. Also, it was late at night and, even though we got a response through community channels, they came in the next day. The amount of money we lost in those six hours greatly exceeded what our license costs would have been could we have bought a product.

Even with all of that, our leadership still allowed us to continue to build our solutions on OSS projects. They did open up the ability for us to buy products if we chose, but at the time, few of the OSS projects we used had commercial versions available (we were also early K8s adopters). We did pay for commercial Hadoop and OpenStack because they were available.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)


Pure open source solutions aren’t free as in beer, they’re free as in puppy.
Wow, that summarizes it nicely.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Jake Lundberg (HashiCorp) can you reset the context on which point in particular “that” refers to?
I’m not sure that’s the case.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Because the previous point was
My fear is enterprises and businesses alike, begin to distrust open source, especially open source backed with commercial interests as “bait and switch”
And wasn’t sure if that is what you were referring to.

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

I’ll relocate in a thread.

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

I kept it separate as this isn’t a commentary on this article, more my observations on open source in general.

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Thanks! I have to step away for a few hours and will get back.

Malcolm Matalka (Terrateam) avatar
Malcolm Matalka (Terrateam)

@Jake Lundberg (HashiCorp) If I understand your comment correctly, I think it’s addressing something different. Nobody thinks you can’t charge for support around an open source project, I believe @Erik Osterman (Cloud Posse)’s point is that people might not trust that OSS software isn’t a malicious strategy to get users and then monetize them by changing the terms.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)


Nobody thinks you can’t charge for support around an open source project,
Correct, this is taken for granted (although those who pay for support vs use free channels are <<< 1%)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)


people might not trust that OSS software isn’t a malicious strategy to get users and then monetize them by changing the terms.
Correct, although I wouldn’t use the term malicious, so much as maybe “disingenuous” or “duplicitous”

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)


There are still costs around building and maintaining solutions.
Business are making long term investments into using the open source . They need to trust the licensing won’t change.

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

Oh, I was just using an example of a case where there was real risk in using a purely open source project, but in that case, there wasn’t a commercial option. If there was, we’d have been happy to pay it because the downside risk of an outage had much larger financial impact than paying for licenses/support.

But my point was: Enterprises (at least the ones I’m talking to) are willing to pay for software that is critical to their operations. Whether they’re purely paying for support, or for other enterprise features or hosted SaaS solutions, or whatever. Almost all of the companies that have altered their open source licenses to some other license still allow folks to use the community editions for free. Free as in puppy that is.

And so, enterprises still have the same choice as they had before: Potentially take on higher risks for support issues, realize costs associated with the care and maintenance of open source projects or pay a vendor to help them alleviate risk and/or toil.

There’s a big difference between the license changes on the impact to the community and the impact to the folks paying for software.

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

BTW, it’s worth noting, I’m not talking about this in the context of any one company (HashiCorp included) but the overall perception of open source in the eyes of customers I talk with.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Enterprises (at least the ones I’m talking to) are willing to pay for software that is critical to their operations. I want to believe this is true, but I don’t see it happening that much for the “Cloud Posse”

It relates to this.

If a team can build a solution with the highest amount of capability for the business with the lowest risk and cost, that solution will win, regardless of it is built on OSS or not. There’s truth to this, but procurement in enterprises can be a major PIA.

On the other hand, if they go with open source, they can skirt all that red tape. Get started today.

Then, because they used open source to skirt the red tape, they also don’t end up buying support because of the procurement process. So no open source ends up needing to pay to support them.

Malcolm Matalka (Terrateam) avatar
Malcolm Matalka (Terrateam)

I mean, again, I think this is just a totally separate point. I think everyone agrees companies are willing to pay for services, but the question is these moves will make people just not trust OSS

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Yes, I think there are a few things being discussed here to your point @Malcolm Matalka (Terrateam)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

The core issue that started this was:
but the question is these moves will make people just not trust OSS

Malcolm Matalka (Terrateam) avatar
Malcolm Matalka (Terrateam)

As an example, take most languages people use: would people be so willing to build their company on Go if they thought all of a sudden the team might change the license that restricts how they can use it? This question is totally separate from support because very few people pay for Go support.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)


because very few people pay for Go support.
(Is there even commercial support offered?)

Malcolm Matalka (Terrateam) avatar
Malcolm Matalka (Terrateam)

Not from the team, AFAIK, I think at best you can find consultancies that will help you

Malcolm Matalka (Terrateam) avatar
Malcolm Matalka (Terrateam)

At least as I understand you @Erik Osterman (Cloud Posse) (of course correct me where wrong), I think this scenario gets closer at what you’re wondering.

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

And I’m saying I do not experience trust issues with enterprises because of the OSS license changes. Enterprise leaders want stability in their business partners. They want reduced risk for mission critical applications. And they’re willing to pay for it. If they’re already paying for it, nothing changed for them.

As long as firms don’t drastically raise their prices. But with other open source, community and commercial alternatives, that’s hard to do.

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

Now, all that said, I do know a bunch of practitioners that are upset about the license changes. And in some cases, they’ve decided to go with alternatives. And as long as the leadership at those companies feel the solutions being built on alternatives are both cost and risk effective and produce similar or better results, I don’t think they actually care.

Malcolm Matalka (Terrateam) avatar
Malcolm Matalka (Terrateam)

Definitely enterprises have a range of views. If we’re talking specifically about Terraform here, I do see enterprises that are concerned about it, but given I’m a competitor, that is the kind of sample I would be more likely to come across.

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

Yeah, and my entire point is: If someone is paying you for software already, changing OSS licenses, regardless of the product, doesn’t change anything for them. And in most cases, it doesn’t change anything for them if they weren’t paying for any product. So there aren’t many trust issues in the vast majority of enterprises around adopting OSS software in general IMHO.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)


And I’m saying I do not experience trust issues with enterprises because of the OSS license changes. Enterprise leaders want stability in their business partners. They want reduced risk for mission critical applications. And they’re willing to pay for it. If they’re already paying for it, nothing changed for them.
So let clarify this some more.

Overall, I don’t think customers of HashiCorp have “trust issues” with HashiCorp because it changed it’s license. I’m sure many here will disagree with me and make strong/valid counterarguments, but for the most part, the BUSL change was a NOOP for users of HashICorp products from my POV. So, @Jake Lundberg (HashiCorp) we might be in agreement here.
I do not experience trust issues with enterprises because of the OSS license changes.
I am worried that “Open Source” as an industry has a chip on its shoulder. That it is developing an “image” problem.

The image problem is commercially backed open source projects starting that way to gain adoption (Ycombinator is churning these types of companies out every quarter)

Then, when the projects get popular enough, or have say AWS/Google/Azure offering it as a managed service, then it activates an implicit “trigger” to change license.

While I don’t presently agree with these changes, I understand them from a shareholder/business/capitalistic point of view. I understand why the changes happen and the temptations to do so. So this is not a judgement on that. (Note, I do subscribe to the argument that Terraform is a langauge therefore the language shouldn’t have changed license, but that’s a new topic)

So my concern right now is strictly on the image of open source.

Malcolm Matalka (Terrateam) avatar
Malcolm Matalka (Terrateam)

I’ll just reiterate: that has not been my experience. But, as a competitor, I’m more likely to see the sample of customers that are turned off by this kind of behaviour.

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Yeah, and my entire point is: If someone is paying you for software already, changing OSS licenses, regardless of the product, doesn’t change anything for them. And in most cases, it doesn’t change anything for them if they weren’t paying for any product. So I don’t personally disgree with @Jake Lundberg (HashiCorp) on this point. And I think, this might be where @Malcolm Matalka (Terrateam) and I might not be on the same page because as he says, they are directly competitive with HCP. No judgement from me on either side. I see the points.

But I think @Malcolm Matalka (Terrateam) and I probably are still on the same page when it comes to open source (the industry) developing an “image” problem.

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

I do think there’s a fundamental different conversation around trust from the community and trust from enterprise customers. I think one of the bigger risks to the community in general is how much effort folks are going to be willing to contribute to open source projects in the future with the fear that their work might get commercialized in a way they don’t agree with.

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Here’s an analogy. Google is always releasing some cool projects. But these days, they are dead to me. I know “for a fact” they are just going to sunset it in 2-3 years. Because that is what happens to every google product. Google has an image problem.

Now that is a “company”. While I am talking about “open source” as an industry, having a similar problem: “as soon as they reach critical mass, they are going to just switch license”

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)


I think one of the bigger risks to the community in general is how much effort folks are going to be willing to contribute to open source projects in the future with the fear that their work might get commercialized in a way they don’t agree with.
Yes, this is part of it

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

I think we need some method for compensating all folks who contributed to all software composed of open source components. So if someone makes money on a product composed of those projects, everyone gets paid something.

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

Software is the weirdest thing in that it’s about the only product (aside from those created under adverse conditions like slavery) where the cost of goods is zero in many cases.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I think we need some method for compensating all folks who contributed to all software composed of open source components. I love that you brought this up. Because I was just thinking about this.

I feel like Open Source is having it’s “Spotify” moment. While open source was always “free” and music was being pirated, music was “free” (illegally) for listeners. PirateBay was the “GitHub” of music. Again, my analogy is not perfect here. Then Spotify comes out. They are going to fix this once and for all. It was a huge deal. But in the end, there’s still a big backlash because it hasn’t changed the lives of most muscians on the platform. They still cannot afford to pay their bills based on the music. Then this week, they just annoucned they would demonitize all tracks under 1000 plays.

Then I saw this comment on HN. And it really struck home. In some way, GitHub Sponsors (patreon, et al) were supposed to be the answer to this. But it isn’t, or it requires a skill in and of itself to market. We make $90/mo from GitHub sponsors. Granted we could probably do a lot more, introduce more tiers, and more promotions, but it’s so far off from the tens of thousands we spend every month managing our open source. So in the end, I’m very skeptical of any system will solve it, just like Spotify didn’t solve it for music.

Malcolm Matalka (Terrateam) avatar
Malcolm Matalka (Terrateam)

I tend to agree with apenwarr on this topic. In that, I don’t think we need to come up with a way to compensate open source contributors because open source is about giving a gift. If you want compensation, we have a model for this: it’s called a business. What I, personally, think needs to change is this sense of entitlement on open source contributors having to respond to support requests, high priority bug fixes, etc.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)


we have a model for this: it’s called a business.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Agree. It should some down to capitalism.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)


sense of entitlement on open source contributors having to respond to support requests, high priority bug fixes, etc.
The sense of entitlement that users of open source have to receiving support, etc

Malcolm Matalka (Terrateam) avatar
Malcolm Matalka (Terrateam)

I think OSS has, through a lot of factors, come to believe this idea that they need to provide business like service for their free work, and now we’re sort of seeing the reaction to that where if they are going to be treated like a business then they should make money like one

1
Malcolm Matalka (Terrateam) avatar
Malcolm Matalka (Terrateam)

@Erik Osterman (Cloud Posse) Yes sorry, that’s what I meant by “on” but rereading it it reads funny

1
Malcolm Matalka (Terrateam) avatar
Malcolm Matalka (Terrateam)

I also think that Terraform feels different than Redis. Redis is an API you interact with, and lots of things that implement that API, and you can migrate from it to something else as well. But languages and their ecosystem feel different. I think one can make good-faith arguments either way on if it actually is different or not. But I think if you buy that Terraform is a language + ecosystem, then if you think about how you’d feel if Go decided to change the license in a way to shut down competition, I think that if we’re being honest, many people would find that to be an unpleasant reality and also many people would be for forking Go and keeping it open source.

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

That’s probably a topic for another thread.

Malcolm Matalka (Terrateam) avatar
Malcolm Matalka (Terrateam)

That’s why I’m much more on the fence about how I feel about Redis, Mongo, Elastic, and even Vault, Consul, etc. They feel different to me, they have a clear boundary, whereas you’re “inside” languages when you use them, they surround you

this1
Malcolm Matalka (Terrateam) avatar
Malcolm Matalka (Terrateam)

So I don’t know how much those changes will impact what @Erik Osterman (Cloud Posse) said about trust in OSS

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

I can see that from a developer stand point. But that’s not the same as enterprise concerns.

Software has functional capabilities. It either provides those functions at a cost you’re willing to pay (price, engineer time, etc) or it doesn’t. In almost all cases with these license changes, the enterprise still largely has the ability to use the software for “free” while building their own scaffolding or buying that scaffolding from the vendor.

Based on the fact that a lot of these enterprises have some of this tooling in critical path infrastructure, they’re far more concerned with the health of those technology partners than anything.

I don’t know how many times I hear leaders say “If you disappeared tomorrow, we’d be f’d”.

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

The biggest friction I see right now, especially in large orgs that have lots of operations engineers is that there are always some open source-only advocates on their staff. That’s definitely causing some friction on those teams where those folks have a larger voice.

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(also, for clarify, I meant to emphasize his message after about 35seconds, not specifically calling out hashicorp, but the larger trend)

Malcolm Matalka (Terrateam) avatar
Malcolm Matalka (Terrateam)

I think if one works at HCP it’s worth being aware of the clear sampling bias in customers. I can say we see the other side of the sample in companies who have lost trust due to the license change and it impacts their decision.

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

Who has the larger sample set?

Malcolm Matalka (Terrateam) avatar
Malcolm Matalka (Terrateam)

If ones sample is biased, sample size isn’t going to help your argument

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

One biased towards enterprises? Or ones biased to our enterprise software? Or some other bias?

Malcolm Matalka (Terrateam) avatar
Malcolm Matalka (Terrateam)

Your customers.

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

Ok, but you don’t have the same bias?

Malcolm Matalka (Terrateam) avatar
Malcolm Matalka (Terrateam)

I have a bias in my sample, absolutely. And I’m aware of it and open about it

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

But are your enterprise candidates and customers concerned about adopting your solution because it’s based on open source software?

Malcolm Matalka (Terrateam) avatar
Malcolm Matalka (Terrateam)

No, because they are using OpenTofu in this case which will always be open source.

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

So you’re agreeing with me that enterprises aren’t losing trust in open source software?

Malcolm Matalka (Terrateam) avatar
Malcolm Matalka (Terrateam)

OpenTofu is not “corporate open source”, which this discussion is about, as LF is not a corporation. And the biased sample I have access to has lost trust in HCP because of their open source moves, so no, what I am saying does not agree with your statement.

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

Lost trust in HashiCorp is very different than lost trust in open source software in general, or even those backed primarily by one vendor.

Malcolm Matalka (Terrateam) avatar
Malcolm Matalka (Terrateam)

Ok, and? Your statement is that people don’t actually care about these changes based on your customer feedback. I’m providing a counter point that is some people do care. You are correct that my claim does not show people are losing trust in corporate OSs in general. I did not intend to claim that point so I apologize for my lack of clarity.

Malcolm Matalka (Terrateam) avatar
Malcolm Matalka (Terrateam)

And I think if you contemplate what the path to distrust of corporate open source in general is, it’s obviously not a switch that gets flipped one day. It’s a series of events, such as HCP changing it’s stance on OSS that slowly corrodes the public opinion. So we’ll see what happens in the long run but I think if one does genuinely care about OSS then examples of specific companies should be something to think on more deeply

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

I think we can all agree that Open Source is in a transition phase. Adam Jacob fucked up at Chef, and figured out what not to do at System Initiative. And because he’s seen how it’s hard to monetize OSS properly, unless you’re Redhat basically, he was smart enough to not go to market until he’d actually build a product on top of the open source project he’s built it on. It won’t be long now until he comes to market with a Terraform alternative and then tries to completely burn the rest of the Terraform market to the ground. He’s already teeing it up now.

The amazing thing about open source until now is that it’s the only raw resource where the cost of goods is zero. No other industry has this phenomenon. That it’s survived this long in its current state is somewhat amazing.

If we’re to look back at the inflection point, I’d say it was Amazon’s takeover of Elasticsearch. And then Mongo’s switch to SSPL license model. I’m not blaming them, it’s just that the businesses they were running were far different because the market and the players changed drastically. Investors aren’t altruist for the most part. They want to get paid back for their investments.

I think we’re in the middle ground and one that will likely just disappear in the long run. Future companies based on Open Source software will likely follow the Red Hat/System Initiative path from the get go and “rug pulls” won’t happen anymore.

But I’ll stand by my statement that enterprises, and I mean that by a whole entity, not the biases of a small number of their folks, don’t really care about the state of open source trust in vendors. They care about solving functional business problems in the most cost effective way. If that’s adopting products based on open source projects, or the projects themselves, or closed source, COTS software, or SaaS software of some kind, the most cost effective functional components that delight them are the ones that win. And they want stable partners they can work with to build viable businesses in the long run.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

That’s really insightful @Jake Lundberg (HashiCorp) . I agree that as an open-source founder, it can be hard to add on a product later when it wasn’t designed that way from the beginning. That’s a smart move by SI. Commercialization becomes difficult when everything of value is designed from the beginning in the core. Leaving those features out, one is then criticized for crippling the product; on the other hand, including them in the core, reduces the value of the paid offering and then the value-add product is criticized as a weak paid offering, not worth the high ticket sales price. Plus, it’s also a disadvantage from a competitive standpoint: the cost of having to support all the open source puts one at a disadvantage since there are competing businesses that don’t have that overhead and can focus almost entirely on making a better mouse trap.

One of the things I respect from one of our competitors is that they started closed-source and built a successful business on top of that. It shows that businesses (who are willing to pay), like you say, care more about solving their problems and less about whether the code is open or closed. While everything we do is out in the open, but we have very few options for direct monetization.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

There’s something interesting about open source. It attracts businesses with really smart people, who can build anything they want on top of it. They also really tend to value open source on principle. But those same businesses are also less inclined to pay, because they can just do it themselves and were seeking out a free alternative. It’s very different to build a product that is not open source, that naturally attracts people who will pay to make their problems go away. It’s a different customer profile and a more profitable business :-)

Hao Wang avatar
Hao Wang

I tent to not think of something through, which is my limit, for example, when early days k8s chose etcd instead of consul, my thought was why the community chose a product from CoreOS (acquired by another company), why they don’t choose Consul, from then great company and stable team/feature development, and now we know the things changed, and I realize my limit as well. The point is when people are saying or supporting one good thing, the bad actor is acting to change the good to bad, but the actor will never realize it, instead he/she/they(Lol) will always defend it, one day when he/she realizes, that is the cost for him/her/them to pay back a bigger failure than the success.

Matt Gowie avatar
Matt Gowie

We just launched our blog post on switching from TF => OpenTofu. Should be a good read for folks here since it involves atmos + Cloud Posse module usage: https://www.linkedin.com/feed/update/urn<i class="em em-li"</i>activity:7183494705052090369/>

Matt Gowie on LinkedIn: #terraform #opentofu #infrastructure #iac #terraform #opentofu #tofu…attachment image

I posted about this weeks ago and it&#39;s finally ready! Check out our latest blog post on making the switch from #Terraform to #OpenTofu! It&#39;s now live on our…

6
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Would love to discuss on #office-hours when you’re ready

Matt Gowie on LinkedIn: #terraform #opentofu #infrastructure #iac #terraform #opentofu #tofu…attachment image

I posted about this weeks ago and it&#39;s finally ready! Check out our latest blog post on making the switch from #Terraform to #OpenTofu! It&#39;s now live on our…

1
Matt Gowie avatar
Matt Gowie

Yeah, happy to do so. I’m free tomorrow – I’ll stop in.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I suspect this thread might take up a lot of time: https://sweetops.slack.com/archives/CHDR1EWNA/p1712257748357129

OpenTofu may be showing us the wrong way to forkattachment image

Disagree with a license? Fork the project, but don’t lift the code and say it was always publicly available. Compare HashiCorp code and license to OpenTofu’s version.

Matt Gowie avatar
Matt Gowie

Yeah – Good point. Next week then?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

yea lets plan on that

1

2024-04-11

Kuba Martin avatar
Kuba Martin

Hey everybody, OpenTofu core team member here,

On April 3rd, OpenTofu received a Cease and Desist letter from Hashicorp claiming copyright infringement on the part of one of our core developers.

The OpenTofu team vehemently disagrees with any suggestion that it misappropriated, mis-sourced, or otherwise misused HashiCorp’s BSL code. All such statements have zero basis in facts.

You can find our response, along with the cease & desist letter, our response letter, as well as the source code origin document resulting from our investigation in this blog post: https://opentofu.org/blog/our-response-to-hashicorps-cease-and-desist/

Despite these events, we have managed to carry out significant development on OpenTofu 1.7, and we will be releasing a new pre-release version next week, including provider-defined functions!

6
Hao Wang avatar
Hao Wang
Hao Wang avatar
Hao Wang
Hao Wang avatar
Hao Wang

above: gemini free, below: chatgpt 3.5

Hao Wang avatar
Hao Wang

Has Hashicorp done something unprecedented in open source history? I never remember one open-source project sued the other. Please correct me if I missed. You may be very successful in the current business, but what Hashicorp is doing will take away future opportunities of your future generations. 10000%

Malcolm Matalka (Terrateam) avatar
Malcolm Matalka (Terrateam)

Terraform is no longer open source. But yes there are historical examples of non open source projects sueing open source versions

1
jose.amengual avatar
jose.amengual

this is not new, pretty common, and usually you do not see it

1

2024-04-12

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Linux Foundation is leading fight against fauxpen sourceattachment image

Shifts its transmission from vendor neutral into open source gear

3
1

2024-04-17

Hao Wang avatar
Hao Wang
#34984 v1.8 is ~3x slower than v1.7.x

Terraform Version

$ terraform --version
Terraform v1.8.0
on darwin_arm64
+ provider registry.terraform.io/hashicorp/aws v5.39.1
+ provider registry.terraform.io/hashicorp/local v2.4.1
+ provider registry.terraform.io/hashicorp/null v3.2.2
+ provider registry.terraform.io/hashicorp/random v3.6.0

Terraform Configuration Files

...terraform config...

Debug Output

n/a

Expected Behavior

$ time terraform validate
Success! The configuration is valid.


real	0m1.452s
user	0m2.379s
sys	0m0.318s

Actual Behavior

$ time terraform validate
Success! The configuration is valid.


real	0m9.720s
user	0m2.701s
sys	0m0.444s

Steps to Reproduce

  1. git clone <https://github.com/philips-labs/terraform-aws-github-runner.git>
  2. cd terraform-aws-github-runner/examples/multi-runner/
  3. time terraform validate

Additional Context

Terraform v1.8 is ~~~3x slower than v1.7 and consumes ~~~5x more memory.

References

No response

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
OpenTofu on LinkedIn: opentofu/WEEKLY_UPDATES.md at main · opentofu/opentofuattachment image

OpenTofu Weekly Updates

Hey! We&#39;re thrilled to be back in full swing with our engineering efforts!

Check out the full update and more details:…

1
Hao Wang avatar
Hao Wang
On April 3, InfoWorld published a post by Asay, MongoDB's vice president of developer relations, in which he claimed OpenTofu, the group that forked Terraform, the widely used Infrastructure as Code product, "lifted Terraform code related to a new removed block feature first implemented in Terraform V1.7, which was released under the Business Software License (BUSL) a few months after the OpenTofu fork was created."
Hao Wang avatar
Hao Wang
OpenTofu vs. HashiCorp Takes Center Stage at Open Source Summitattachment image

Jim Zemlin, head of The Linux Foundation, took up for OpenTofu’s fight against code theft allegations in the event’s opening keynote.

Hao Wang avatar
Hao Wang

Today got some free time, and took a look at Tofu’s issue, https://github.com/opentofu/opentofu/issues/1490. It looks when the data inside check block is included in hcl.Traversal.

#1490 Adding a "data" block to a "check" stores the data in the state

OpenTofu Version

OpenTofu v1.6.1
on darwin_arm64

OpenTofu Configuration Files

check "app_pods_running" {
  data "kubernetes_resources" "app_pods" {
    api_version    = "v1"
    kind           = "Pod"
    namespace      = "appnamespace"
    field_selector = "status.phase=Running"
    label_selector = "app.kubernetes.io/name=appname"
  }
  assert {
    condition     = length(data.kubernetes_resources.app_pods.objects) > 1
    error_message = "Not enough application pods running"
  }
}

Debug Output

(none needed, there’s nothing going wrong)

Expected Behavior

As the data is only used during the checking/assertion, I would assume the data lived in memory for the time needed and was discarded afterwards. There is no way to assess the checks afterwards, as there is no tofu check alike tofu output … (this would be a good addition btw).

Actual Behavior

The data is saved to the state. This seems wrong to me, as the data is only used during the checks, and is useless afterwards.

In this specific case, this results in a new state change on every plan/apply, as the data from “kubernetes_resources” with the specific selectors is changing very often (due to kubernetes scaling, kubernetes-state changes…).

Steps to Reproduce

Use the above check against a recent kubernetes cluster, and apply a couple of times. Each run gives differences on the data object.

Additional Context

none

References

none

Hao Wang avatar
Hao Wang
func parseResourceInstanceUnderModule(moduleAddr ModuleInstance, remain hcl.Traversal) (AbsResourceInstance, tfdiags.Diagnostics) {

2024-04-18

Release notes from opentofu avatar
Release notes from opentofu
01:44:40 PM
github3 avatar
github3
02:21:12 PM

:warning: Do not use this release for production workloads! :warning:

It’s time for the first beta release of the 1.7.0 version! This includes a lot of major and minor new features, as well as a ton of community contributions!

The highlights are:

• State Encryption (docs) • Provider-defined Functions (docs) • Declarative removed blocks (docs) • for_each in import blocks (docs) • … and much, much more!

Please take it for a spin and let us know your feedback!

See our release blog post for all the details!

For all the features, see the detailed changelog.

You can find the full diff here.

Release notes from opentofu avatar
Release notes from opentofu
02:34:36 PM

v1.7.0-beta1 Do not use this release for production workloads! It’s time for the first beta release of the 1.7.0 version! This includes a lot of major and minor new features, as well as a ton of community contributions! The highlights are:

State Encryption (docs) Provider-defined Functions (<a href=”https://1-7-0-beta1.opentofu.pages.dev/docs/language/functions/#provider-defined-functions“…

State and Plan Encryption | OpenTofuattachment image

Encrypt your state-related data at rest.

Functions | OpenTofuattachment image

An introduction to the functions which can be used to transform and combine values in expressions.

1
Hao Wang avatar
Hao Wang

please thump up or give positive emoji to OpenTofu issues and PRs, I believe this will help foster a better community

1
Hao Wang avatar
Hao Wang

Got a quick question about the projects that Terraform depends on, e.g. https://github.com/hashicorp/hcl/tree/main, why are the licenses of the similar projects not converted by Hashicorp?

Kuba Martin avatar
Kuba Martin

I think you’ll need to ask them, but my own understanding is that they changed the license on projects that they see as “products”, not on libraries.

Hao Wang avatar
Hao Wang

got it

Hao Wang avatar
Hao Wang

that explains the mindsets of business people lol

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
OpenTofu vs. HashiCorp Takes Center Stage at Open Source Summitattachment image

Jim Zemlin, head of The Linux Foundation, took up for OpenTofu’s fight against code theft allegations in the event’s opening keynote.

1
Hao Wang avatar
Hao Wang

now the investors are showing up, even though Mongo db was not successful, they did know how to lobby big companies, but this time I believe there is no chance for Hashicorp to cash out, it is just a question how fast the shrink can be

OpenTofu vs. HashiCorp Takes Center Stage at Open Source Summitattachment image

Jim Zemlin, head of The Linux Foundation, took up for OpenTofu’s fight against code theft allegations in the event’s opening keynote.

2024-04-20

Hao Wang avatar
Hao Wang
OpenTofu forges on with beta feature that drew HashiCorp ire | TechTargetattachment image

OpenTofu fended off a HashiCorp legal threat and shipped its 1.7 beta release with the disputed feature intact, along with client-side state encryption.

Hao Wang avatar
Hao Wang
Initializing and Migrating | OpenTofuattachment image

Learn how to use the OpenTofu CLI to migrate local or remote state to a Cloud Backend.

2024-04-24

Release notes from opentofu avatar
Release notes from opentofu
11:44:40 AM

v1.7.0-rc1: Versioned docs: replacing docs links with relative variants (#1537) Signed-off-by: Janos [email protected] (<mailto:[email protected]>) Signed-off-by: Damian Stasik [email protected] (<mailto:[email protected]>) Signed-off-by: Roman Grinovski [email protected] (<mailto:[email protected]>) Co-authored-by: Damian Stasik <a…

Release notes from opentofu avatar
Release notes from opentofu
01:04:36 PM
github3 avatar
github3
01:31:22 PM

Today, we’re releasing the first release candidate of OpenTofu 1.7. If all goes well, this very version will be released next week as a stable release. This includes a lot of major and minor new features, as well as a ton of community contributions!

The highlights are:

• State Encryption (docs) • Provider-defined Functions (docs) • Declarative removed blocks (docs) • for_each in import blocks (docs) • … and much, much more!

Take it for a spin today!

See our beta release blog post for all the details!

For all the features, see the detailed changelog.

You can find the full diff here.

2
Release notes from opentofu avatar
Release notes from opentofu
01:44:40 PM

v1.7.0-rc1 Today, we’re releasing the first release candidate of OpenTofu 1.7. If all goes well, this very version will be released next week as a stable release. This includes a lot of major and minor new features, as well as a ton of community contributions! The highlights are:

State Encryption (docs) Provider-defined Functions (<a…

Release v1.7.0-rc1 · opentofu/opentofuattachment image

Today, we’re releasing the first release candidate of OpenTofu 1.7. If all goes well, this very version will be released next week as a stable release. This includes a lot of major and minor new fe…

State and Plan Encryption | OpenTofuattachment image

Encrypt your state-related data at rest.

Kuba Martin avatar
Kuba Martin

Our live stream starting in 10 mins https://www.youtube.com/watch?v=6OXBv0MYalY

1
Hao Wang avatar
Hao Wang

great job, remember you are doing something great to fight back dictatorship :)

1
Hao Wang avatar
Hao Wang

as said before, there is no way for the current Hashicorp employees to survive in next wave of layoff, time to embrace OpenTofu

Hao Wang avatar
Hao Wang

I have experienced similar and ever been optimistic during last economic downturn

Hao Wang avatar
Hao Wang

why TF was great, mainly AWS, will IBM cloud make TF great again, 90% is a no

2024-04-25

Hao Wang avatar
Hao Wang

I’m also on OpenTofu Slack channel to answer questions take a look there if you’ve got any

1

2024-04-26

2024-04-28

2024-04-29

2024-04-30

Release notes from opentofu avatar
Release notes from opentofu
01:54:40 PM
github3 avatar
github3
03:44:24 PM

We’re proud to announce that OpenTofu 1.7.0 is now officially out!

What’s New?

• State Encryption - Protect your precious state files with end-to-end encryption. • Dynamic Provider-defined Functions - Author custom functions as part of providers. • Declarative removed Blocks - No more fighting with the CLI, execute your removals declaratively! • Loopable Import Blocks - Streamline importing multiple resources. • …and much, much more!

See the launch post on our blog: https://opentofu.org/blog/opentofu-1-7-0/

For all the features, see the detailed changelog.

You can find the full diff here.

Release notes from opentofu avatar
Release notes from opentofu
03:54:35 PM

v1.7.0 We’re proud to announce that OpenTofu 1.7.0 is now officially out! What’s New?

State Encryption - Protect your precious state files with end-to-end encryption. Dynamic Provider-defined Functions - Author custom functions as part of providers. Declarative removed Blocks - No more fighting with the CLI, execute your removals declaratively! Loopable Import Blocks - Streamline importing multiple resources. …and much, much more!

See the launch post on our blog: <a…

Release v1.7.0 · opentofu/opentofuattachment image

We’re proud to announce that OpenTofu 1.7.0 is now officially out! What’s New?

State Encryption - Protect your precious state files with end-to-end encryption. Dynamic Provider-defined Functions…

Kuba Martin avatar
Kuba Martin

Hey, OpenTofu 1.7.0 is out with state encryption, provider-defined functions, and a lot more: https://opentofu.org/blog/opentofu-1-7-0/!

8
Hao Wang avatar
Hao Wang

This post reminds me to think, https://newsletter.goodtechthings.com/p/why-didnt-google-cloud-buy-hashicorp, when I looked into Terraform and put up a couple of PRs before, I found there are many Google engineers working actively on Terraform, Google must have done audits for the potential acquisition but didn’t do it with their reasons. If you put my 2 cents with this article, you will be convinced that how bad the Hashicorp’s decision of license change is.

Why didn't one of the big clouds buy HashiCorp?attachment image

On the surface it seemed like a match made in heaven.

Hao Wang avatar
Hao Wang

again to the wellness of the current Hashicorp engineers, make your decision now

Why didn't one of the big clouds buy HashiCorp?attachment image

On the surface it seemed like a match made in heaven.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)


Oh yeah, plus—you’re already expending resources on the Google Cloud Terraform provider. But now you’re stuck having to support and co-maintain providers for a pile of other partners, including your biggest competitors. You are effectively paying for AWS and Azure to use your $6.4 billion dollar toy for free.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Interesting read… makes sense why a mainstream cloud provider didn’t acquire them

1
Hao Wang avatar
Hao Wang

I worked on a hackathon for a provider before, it seems it is mainly from the cloud provider, and maintainers of provider repos will do some management work most of time

    keyboard_arrow_up