#opentofu (2024-04)

This file is created back to 6 years ago, https://github.com/opentofu/opentofu/commits/36d0a50427309875e9f7e8084936072db055e[…]ved.go&original_branch=e9fe0f1118e77c0ba8a78dad264fcafbccebb1b0

the author is neither a good lawyer or a good open source developer

https://github.com/opentofu/opentofu/issues/1469

we all know Hashicorp is going to sell itself, I don’t think it can replicate the same success as Mysql

my 20 minutes > money behind this post Lol

if you are one of the TF contributors, you may notice this post doesn’t mention there is a group of contributors behind Terraform, now and then

https://sweetops.slack.com/archives/CHDR1EWNA/p1712257748357129

yeah, started with this post and dived into the codes

(meant to highlight the thread)

https://twitter.com/_Mark_Atwood/status/1775923047478034672?utm_source=substack&utm_medium=email

Nice,

exactly, the above link I shared is the file history and it looks to me it’s kinda re-implementation (80%? hard to tell), it may be a lesson for forked projects not to be blackmailed by the original project, but for now there is no legal case to define the boundary

for leaders of Hashicorp kind companies, it is better to hide the sale intention, changing license should always happen after being acquired. from my long term of observations, Hashicorp will fail with no exceptions, especially after this post got published

not related to Hashicorp, for those people who would like to weaponize law system/opensource projects etc, will fell very hard

I know you feel very strongly about HashiCorp and the license changes and rightfully so. Personally, I do not bear ill will against them. I want them to succeed and HashiCorps demise only serves to make business harder for us. As much as I don’t like how they went about it and disagree with the decision, I do want providers kept up to date, greater exposure of Terraform, enterprises adopting HCL for IaC, training, education, documentation, etc all to continue to flow and get developed. I think this campaign against OpenTofu is fishy but, as others have said, rather predictable. War is good for no one. Just hope these little skirmishes will be behind us and everyone can get back to business and fair competition.

sorry, my expression sounds strong my native language is also strong to Chinese speaking audience, I know it is definitely not welcoming. most of time, just trying to convey the prediction and give some hopes to the opensource contributors who didn’t see what I have seen

this is the mindset that Hashicorp like companies are visioning, people don’t like the pain in short period, the community is worsening after IBM acquired Redhat, in a long run, the door of open-source is closing or is already closed. actually redhat is the bait that IBM released…

Yes, I feel like “open source” as a whole is under attack. I feel like we’re losing our role models. The billion-dollar companies that painted a dream that building a company on pure open source is possible. Now with MongoDB, Redis, ElasticSearch, HashiCorp, and just announced - Gravitational (makers of Telelport), all changing licenses it sets trust back in open source 15-20 years.

I remember when trying to use MySQL in a company was a HARDSELL! Of course, that time has come on gone and then some. It feels like using open source became the default for a lot of enterprises.

My fear is enterprises and businesses alike, begin to distrust open source, especially open source backed with commercial interests as “bait and switch”

my life was changed by open source, that is why I stand up for it, people have to dare to stand up to the big companies, when I started the journey, people in open source community don’t care about what big companies did or said

otherwise, for our next generation, opensource will not be this friendly

Pure open source solutions aren’t free as in beer, they’re free as in puppy. Wow, that summarizes it nicely.

@Jake Lundberg (HashiCorp) can you reset the context on which point in particular “that” refers to?
I’m not sure that’s the case.

Because the previous point was
My fear is enterprises and businesses alike, begin to distrust open source, especially open source backed with commercial interests as “bait and switch” And wasn’t sure if that is what you were referring to.

I’ll relocate in a thread.

I kept it separate as this isn’t a commentary on this article, more my observations on open source in general.

Thanks! I have to step away for a few hours and will get back.

@Jake Lundberg (HashiCorp) If I understand your comment correctly, I think it’s addressing something different. Nobody thinks you can’t charge for support around an open source project, I believe @Erik Osterman (Cloud Posse)’s point is that people might not trust that OSS software isn’t a malicious strategy to get users and then monetize them by changing the terms.

Nobody thinks you can’t charge for support around an open source project, Correct, this is taken for granted (although those who pay for support vs use free channels are <<< 1%)

people might not trust that OSS software isn’t a malicious strategy to get users and then monetize them by changing the terms. Correct, although I wouldn’t use the term malicious, so much as maybe “disingenuous” or “duplicitous”

There are still costs around building and maintaining solutions. Business are making long term investments into using the open source . They need to trust the licensing won’t change.

Oh, I was just using an example of a case where there was real risk in using a purely open source project, but in that case, there wasn’t a commercial option. If there was, we’d have been happy to pay it because the downside risk of an outage had much larger financial impact than paying for licenses/support.

But my point was: Enterprises (at least the ones I’m talking to) are willing to pay for software that is critical to their operations. Whether they’re purely paying for support, or for other enterprise features or hosted SaaS solutions, or whatever. Almost all of the companies that have altered their open source licenses to some other license still allow folks to use the community editions for free. Free as in puppy that is.

And so, enterprises still have the same choice as they had before: Potentially take on higher risks for support issues, realize costs associated with the care and maintenance of open source projects or pay a vendor to help them alleviate risk and/or toil.

There’s a big difference between the license changes on the impact to the community and the impact to the folks paying for software.

BTW, it’s worth noting, I’m not talking about this in the context of any one company (HashiCorp included) but the overall perception of open source in the eyes of customers I talk with.

Enterprises (at least the ones I’m talking to) are willing to pay for software that is critical to their operations. I want to believe this is true, but I don’t see it happening that much for the “Cloud Posse”

It relates to this.

If a team can build a solution with the highest amount of capability for the business with the lowest risk and cost, that solution will win, regardless of it is built on OSS or not. There’s truth to this, but procurement in enterprises can be a major PIA.

On the other hand, if they go with open source, they can skirt all that red tape. Get started today.

Then, because they used open source to skirt the red tape, they also don’t end up buying support because of the procurement process. So no open source ends up needing to pay to support them.

I mean, again, I think this is just a totally separate point. I think everyone agrees companies are willing to pay for services, but the question is these moves will make people just not trust OSS

Yes, I think there are a few things being discussed here to your point @Malcolm Matalka (Terrateam)

The core issue that started this was:
but the question is these moves will make people just not trust OSS

As an example, take most languages people use: would people be so willing to build their company on Go if they thought all of a sudden the team might change the license that restricts how they can use it? This question is totally separate from support because very few people pay for Go support.

because very few people pay for Go support. (Is there even commercial support offered?)

Not from the team, AFAIK, I think at best you can find consultancies that will help you

At least as I understand you @Erik Osterman (Cloud Posse) (of course correct me where wrong), I think this scenario gets closer at what you’re wondering.

And I’m saying I do not experience trust issues with enterprises because of the OSS license changes. Enterprise leaders want stability in their business partners. They want reduced risk for mission critical applications. And they’re willing to pay for it. If they’re already paying for it, nothing changed for them.

As long as firms don’t drastically raise their prices. But with other open source, community and commercial alternatives, that’s hard to do.

Now, all that said, I do know a bunch of practitioners that are upset about the license changes. And in some cases, they’ve decided to go with alternatives. And as long as the leadership at those companies feel the solutions being built on alternatives are both cost and risk effective and produce similar or better results, I don’t think they actually care.

Definitely enterprises have a range of views. If we’re talking specifically about Terraform here, I do see enterprises that are concerned about it, but given I’m a competitor, that is the kind of sample I would be more likely to come across.

Yeah, and my entire point is: If someone is paying you for software already, changing OSS licenses, regardless of the product, doesn’t change anything for them. And in most cases, it doesn’t change anything for them if they weren’t paying for any product. So there aren’t many trust issues in the vast majority of enterprises around adopting OSS software in general IMHO.

And I’m saying I do not experience trust issues with enterprises because of the OSS license changes. Enterprise leaders want stability in their business partners. They want reduced risk for mission critical applications. And they’re willing to pay for it. If they’re already paying for it, nothing changed for them. So let clarify this some more.

Overall, I don’t think customers of HashiCorp have “trust issues” with HashiCorp because it changed it’s license. I’m sure many here will disagree with me and make strong/valid counterarguments, but for the most part, the BUSL change was a NOOP for users of HashICorp products from my POV. So, @Jake Lundberg (HashiCorp) we might be in agreement here.
I do not experience trust issues with enterprises because of the OSS license changes. I am worried that “Open Source” as an industry has a chip on its shoulder. That it is developing an “image” problem.

The image problem is commercially backed open source projects starting that way to gain adoption (Ycombinator is churning these types of companies out every quarter)

Then, when the projects get popular enough, or have say AWS/Google/Azure offering it as a managed service, then it activates an implicit “trigger” to change license.

While I don’t presently agree with these changes, I understand them from a shareholder/business/capitalistic point of view. I understand why the changes happen and the temptations to do so. So this is not a judgement on that. (Note, I do subscribe to the argument that Terraform is a langauge therefore the language shouldn’t have changed license, but that’s a new topic)

So my concern right now is strictly on the image of open source.

I’ll just reiterate: that has not been my experience. But, as a competitor, I’m more likely to see the sample of customers that are turned off by this kind of behaviour.

Yeah, and my entire point is: If someone is paying you for software already, changing OSS licenses, regardless of the product, doesn’t change anything for them. And in most cases, it doesn’t change anything for them if they weren’t paying for any product. So I don’t personally disgree with @Jake Lundberg (HashiCorp) on this point. And I think, this might be where @Malcolm Matalka (Terrateam) and I might not be on the same page because as he says, they are directly competitive with HCP. No judgement from me on either side. I see the points.

But I think @Malcolm Matalka (Terrateam) and I probably are still on the same page when it comes to open source (the industry) developing an “image” problem.

I do think there’s a fundamental different conversation around trust from the community and trust from enterprise customers. I think one of the bigger risks to the community in general is how much effort folks are going to be willing to contribute to open source projects in the future with the fear that their work might get commercialized in a way they don’t agree with.

Here’s an analogy. Google is always releasing some cool projects. But these days, they are dead to me. I know “for a fact” they are just going to sunset it in 2-3 years. Because that is what happens to every google product. Google has an image problem.

Now that is a “company”. While I am talking about “open source” as an industry, having a similar problem: “as soon as they reach critical mass, they are going to just switch license”

I think one of the bigger risks to the community in general is how much effort folks are going to be willing to contribute to open source projects in the future with the fear that their work might get commercialized in a way they don’t agree with. Yes, this is part of it

I think we need some method for compensating all folks who contributed to all software composed of open source components. So if someone makes money on a product composed of those projects, everyone gets paid something.

Software is the weirdest thing in that it’s about the only product (aside from those created under adverse conditions like slavery) where the cost of goods is zero in many cases.

I think we need some method for compensating all folks who contributed to all software composed of open source components. I love that you brought this up. Because I was just thinking about this.

I feel like Open Source is having it’s “Spotify” moment. While open source was always “free” and music was being pirated, music was “free” (illegally) for listeners. PirateBay was the “GitHub” of music. Again, my analogy is not perfect here. Then Spotify comes out. They are going to fix this once and for all. It was a huge deal. But in the end, there’s still a big backlash because it hasn’t changed the lives of most muscians on the platform. They still cannot afford to pay their bills based on the music. Then this week, they just annoucned they would demonitize all tracks under 1000 plays.

Then I saw this comment on HN. And it really struck home. In some way, GitHub Sponsors (patreon, et al) were supposed to be the answer to this. But it isn’t, or it requires a skill in and of itself to market. We make $90/mo from GitHub sponsors. Granted we could probably do a lot more, introduce more tiers, and more promotions, but it’s so far off from the tens of thousands we spend every month managing our open source. So in the end, I’m very skeptical of any system will solve it, just like Spotify didn’t solve it for music.

I tend to agree with apenwarr on this topic. In that, I don’t think we need to come up with a way to compensate open source contributors because open source is about giving a gift. If you want compensation, we have a model for this: it’s called a business. What I, personally, think needs to change is this sense of entitlement on open source contributors having to respond to support requests, high priority bug fixes, etc.

we have a model for this: it’s called a business.

Agree. It should some down to capitalism.

sense of entitlement on open source contributors having to respond to support requests, high priority bug fixes, etc. The sense of entitlement that users of open source have to receiving support, etc

I think OSS has, through a lot of factors, come to believe this idea that they need to provide business like service for their free work, and now we’re sort of seeing the reaction to that where if they are going to be treated like a business then they should make money like one

@Erik Osterman (Cloud Posse) Yes sorry, that’s what I meant by “on” but rereading it it reads funny

I also think that Terraform feels different than Redis. Redis is an API you interact with, and lots of things that implement that API, and you can migrate from it to something else as well. But languages and their ecosystem feel different. I think one can make good-faith arguments either way on if it actually is different or not. But I think if you buy that Terraform is a language + ecosystem, then if you think about how you’d feel if Go decided to change the license in a way to shut down competition, I think that if we’re being honest, many people would find that to be an unpleasant reality and also many people would be for forking Go and keeping it open source.

That’s probably a topic for another thread.

That’s why I’m much more on the fence about how I feel about Redis, Mongo, Elastic, and even Vault, Consul, etc. They feel different to me, they have a clear boundary, whereas you’re “inside” languages when you use them, they surround you

So I don’t know how much those changes will impact what @Erik Osterman (Cloud Posse) said about trust in OSS

This sums up my concern https://sweetops.slack.com/archives/CB2PXUHLL/p1714151122418519

I can see that from a developer stand point. But that’s not the same as enterprise concerns.

Software has functional capabilities. It either provides those functions at a cost you’re willing to pay (price, engineer time, etc) or it doesn’t. In almost all cases with these license changes, the enterprise still largely has the ability to use the software for “free” while building their own scaffolding or buying that scaffolding from the vendor.

Based on the fact that a lot of these enterprises have some of this tooling in critical path infrastructure, they’re far more concerned with the health of those technology partners than anything.

I don’t know how many times I hear leaders say “If you disappeared tomorrow, we’d be f’d”.

The biggest friction I see right now, especially in large orgs that have lots of operations engineers is that there are always some open source-only advocates on their staff. That’s definitely causing some friction on those teams where those folks have a larger voice.

(also, for clarify, I meant to emphasize his message after about 35seconds, not specifically calling out hashicorp, but the larger trend)

I think if one works at HCP it’s worth being aware of the clear sampling bias in customers. I can say we see the other side of the sample in companies who have lost trust due to the license change and it impacts their decision.

Who has the larger sample set?

If ones sample is biased, sample size isn’t going to help your argument

One biased towards enterprises? Or ones biased to our enterprise software? Or some other bias?

Your customers.

Ok, but you don’t have the same bias?

I have a bias in my sample, absolutely. And I’m aware of it and open about it

But are your enterprise candidates and customers concerned about adopting your solution because it’s based on open source software?

No, because they are using OpenTofu in this case which will always be open source.

So you’re agreeing with me that enterprises aren’t losing trust in open source software?

OpenTofu is not “corporate open source”, which this discussion is about, as LF is not a corporation. And the biased sample I have access to has lost trust in HCP because of their open source moves, so no, what I am saying does not agree with your statement.

Lost trust in HashiCorp is very different than lost trust in open source software in general, or even those backed primarily by one vendor.

Ok, and? Your statement is that people don’t actually care about these changes based on your customer feedback. I’m providing a counter point that is some people do care. You are correct that my claim does not show people are losing trust in corporate OSs in general. I did not intend to claim that point so I apologize for my lack of clarity.

And I think if you contemplate what the path to distrust of corporate open source in general is, it’s obviously not a switch that gets flipped one day. It’s a series of events, such as HCP changing it’s stance on OSS that slowly corrodes the public opinion. So we’ll see what happens in the long run but I think if one does genuinely care about OSS then examples of specific companies should be something to think on more deeply

I think we can all agree that Open Source is in a transition phase. Adam Jacob fucked up at Chef, and figured out what not to do at System Initiative. And because he’s seen how it’s hard to monetize OSS properly, unless you’re Redhat basically, he was smart enough to not go to market until he’d actually build a product on top of the open source project he’s built it on. It won’t be long now until he comes to market with a Terraform alternative and then tries to completely burn the rest of the Terraform market to the ground. He’s already teeing it up now.

The amazing thing about open source until now is that it’s the only raw resource where the cost of goods is zero. No other industry has this phenomenon. That it’s survived this long in its current state is somewhat amazing.

If we’re to look back at the inflection point, I’d say it was Amazon’s takeover of Elasticsearch. And then Mongo’s switch to SSPL license model. I’m not blaming them, it’s just that the businesses they were running were far different because the market and the players changed drastically. Investors aren’t altruist for the most part. They want to get paid back for their investments.

I think we’re in the middle ground and one that will likely just disappear in the long run. Future companies based on Open Source software will likely follow the Red Hat/System Initiative path from the get go and “rug pulls” won’t happen anymore.

But I’ll stand by my statement that enterprises, and I mean that by a whole entity, not the biases of a small number of their folks, don’t really care about the state of open source trust in vendors. They care about solving functional business problems in the most cost effective way. If that’s adopting products based on open source projects, or the projects themselves, or closed source, COTS software, or SaaS software of some kind, the most cost effective functional components that delight them are the ones that win. And they want stable partners they can work with to build viable businesses in the long run.

Would love to discuss on #office-hours when you’re ready

Yeah, happy to do so. I’m free tomorrow – I’ll stop in.

I suspect this thread might take up a lot of time: https://sweetops.slack.com/archives/CHDR1EWNA/p1712257748357129

Yeah – Good point. Next week then?

yea lets plan on that

above: gemini free, below: chatgpt 3.5

Terraform is no longer open source. But yes there are historical examples of non open source projects sueing open source versions

https://thenewstack.io/opentofu-vs-hashicorp-takes-center-stage-at-open-source-summit/

https://github.com/opentofu/opentofu/blob/f38b805357384fdfe6250b5431b975b4d39e14ce/internal/addrs/parse_target.go#L70

from https://github.com/opentofu/opentofu/blob/f38b805357384fdfe6250b5431b975b4d39e14ce/internal/addrs/checkable.go#L162

I think you’ll need to ask them, but my own understanding is that they changed the license on projects that they see as “products”, not on libraries.

got it

that explains the mindsets of business people lol

now the investors are showing up, even though Mongo db was not successful, they did know how to lobby big companies, but this time I believe there is no chance for Hashicorp to cash out, it is just a question how fast the shrink can be

great job, remember you are doing something great to fight back dictatorship :)

I have experienced similar and ever been optimistic during last economic downturn

why TF was great, mainly AWS, will IBM cloud make TF great again, 90% is a no