Is Amazon's AWS Approaching 'War' for Control of Elasticsearch?

Long-time Slashdot reader jasenj1 and Striek both shared news of a growing open source controversy. "Amazon Web Services on Monday announced that it's partnering with Netflix and Expedia to champion a new Open Distro for Elasticsearch due to concerns of proprietary code being mixed into the open source Elasticsearch project," reports Datanami.

"Elastic, the company behind Elasticsearch, responded by accusing Amazon of copying code, inserting bugs into the community code, and engaging with the company under false pretenses..." In a blog post, Adrian Cockcroft, the vice president of cloud architecture strategy for AWS, says the new project is a "value added" distribution that's 100% open source, and that developers working on it will contribute any improvements or fixes back to the upstream Elasticsearch project. "The new advanced features of Open Distro for Elasticsearch are all Apache 2.0 licensed," Cockroft writes. "With the first release, our goal is to address many critical features missing from open source Elasticsearch, such as security, event monitoring and alerting, and SQL support...." Cockroft says there's no clear documentation in the Elasticsearch release notes over what's open source and what's proprietary. "Enterprise developers may inadvertently apply a fix or enhancement to the proprietary source code," he wrote. "This is hard to track and govern, could lead to breach of license, and could lead to immediate termination of rights (for both proprietary free and paid)."

Elastic CEO Shay Banon responded Tuesday to AWS in a blog post, in which he leveled a variety of accusations at the cloud giant. "Our products were forked, redistributed and rebundled so many times I lost count," Banon wrote. "There was always a 'reason' [for the forks, redistributions, and rebundling], at times masked with fake altruism or benevolence. None of these have lasted. They were built to serve their own needs, drive confusion, and splinter the community." Elastic's commercial code may have provided an "inspiration" for others to follow, Banon wrote, but that inspiration didn't necessarily make for clean code. "It has been bluntly copied by various companies and even found its way back to certain distributions or forks, like the freshly minted Amazon one, sadly, painfully, with critical bugs," he wrote.

All I see here

[Rosco P. Coltrane]

is a much of giant megacorps making a lot of money leveraging open-source work they paid virtually nothing for.

Re:All I see here

[drinkypoo]

In a way, it's sad. And in other ways, it's great. I'd like to see the authors get more of the pie, but I like that the corporations are motivated to keep the pies coming.

Re:All I see here

[drinkypoo]

"I like that the corporations are motivated to keep the pies coming. " Oh? What IS their motivation, did you ever stop and think about that? It varies - considerably. The original authors' motivations no longer apply.

Commercial entities have contributed a lot of code where it served their interests, and due to the licensing, we get to use that code for our own purposes, regardless of their motivations. I think that's pretty cool.

Re:

[drinkypoo]

And were those interests your own also, coolguy?

Mostly not. I worked for IBM for a little while, but at a time before they had contributed much open source.

Re:

[Paradise Pete]

And were those interests your own also, coolguy?

What's that got to do with it? The code is there, and it doesn't care one way or the other about the interests that created it.

Re:

[EvilSS]

If they want to get paid, they can get day jobs. They knew when they contributed to an open source project there was right to expect to be paid anything.

Re: All I see here

[brunes69]

You talk about Elastic like it is some kind of altruistic charity. It's a 6+ billion dollar company.

Trust me, all of the developers get paid, handsomely.

Open Source business model

[Anonymous Coward]

In general, the open source business model is to be open source enough to be included by distros and thus have widespread distribution, and monetize a small percentage of that.

This model has a few flaws:
- Maybe nobody wants to pay, especially if 3rd parties make free alternatives to the commercial hooks.
- The business value of open source is 99% free and 1% open.
- Hard to sell off the business because anybody, including the owners of the company, can just make a copy of the source and resume business after

Re:

[art123]

I didn't see any whining. The parent poster simply stated an opinion on the business flaws of a creator monetizing open source.
You on the hand added zero value to the conversation.

Re:

[phantomfive]

The business value of open source is 99% free and 1% open.

In my experience, that's not true. At least, companies I've worked for have been willing to pay for open-source libraries. Getting closed-source (or closed to me) libraries have caused me serious problems in the past, though.

As an example many people are familiar with, Google was willing to pay Sun for using Java. It wasn't about money. Sun didn't want to let Google change Java though, which is what Google wanted.

Re:

[Anonymous Coward]

Absolutely this. Even for licensed libraries, try to get a license that at least allows you to see the source. I have had untold problems with closed libraries, to the point it was faster rewriting the functionality.

Re:

[tlhIngan]

- Business fully vulnerable to the likes of Amazon and Microsoft. IMO, at this point for any successful open source company it's just a matter of time before Amazon takes it over. Jeff Bezos didn't grow his fortune by giving back.

Or perhaps you based your business model on making people pay for a "cloud services" set up - knowing the popularity of services like AWS and Azure. So you decide to sell support on how to use your software in such a configuration and make people pay for it.

Problem is, AWS and Azur

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re: Yes, they are

[reanjr]

Then why didn't you build your own AWS AMIs for your users who all want to use your software on AWS anyway? Why didn't you properly package your software for `yum` and `apt`? Why did you make setting up your software so difficult and bespoke that it's easier to use someone else's version?

Why did you release your software as open source without understanding the business model behind the license you chose?

Re:

[phantomfive]

in some circles, where software is a much higher quality

Which circles are those? I want to join.

Re:

[Richard_at_work]

I didn't understand the hate for AWS about Mongo, for several reasons.

Firstly, these companies (Mongo et al) spent years giving their product away and trumpting that - no licenses required, free software, have at it. And now they are complaining about others taking advantage of the free and open software - as if others are obligated in some way, as if Mongo et al have an entitlement to *anything*.

Secondly, of course if threatened, Amazon will strike back - and they did so quite correctly by ditching Mongo

GPLv3

[110010001000]

Maybe you should have listened to the GPL folks and chose GPLv3 for your license. This is EXACTLY what they were talking about. Now it has happened. All of these proprietary cloud services are running open source code and selling it and not giving back.

Re:

[Anonymous Coward]

This usage is perfectly GPLv3 compliant. AGPL even.

Re:

[joe_n_bloe]

List of companies that will use GPLv3 code and thus might consider paid support:

(end of list)

Re:

[DeVilla]

I still remember when the list of companies who would use GPLv2 code was just as long.

ES sucks for the cloud

[reanjr]

The problem is ES was not well designed with cloud computing in mind. It's super painful to secure and tune in the cloud. So, of course Amazon is going to try to bridge those deficiencies when all their customers keep using Amazon support resources to walk the complicated tightwire. ES should build better packaging and management tools. It's that simple. Elasticsearch sucks.

Re: ES sucks for the cloud

[reanjr]

By default nothing can access an AWS classic ES cluster. The newer VPC clusters are only accessible to the VPC.

??? how is that left open?

Re:

[joe_n_bloe]

As far as I remember, you've had to double opt in, in order to create a wide open AWS ES cluster for some time, since shortly after the first highly public wave of ES/Mongo/... "ransomware" breaches occurred a while back. (PSA: They didn't ransom anything. They just did a DELETE * of your indices. Hope you didn't send them any bitcoin.)

VPC clusters have been around for a while, and I think there is some new endpoint name header matching feature now that makes IP scan based access of open clusters mostly unw

False assumptions about open source.

[bavarian]

Unfortunately a lot of developers and companies who are publishing code under open source licenses do not get what open source means to their code: You are giving away a lot of control. The less viral the license, the more control you give up. Up to the point where you are basically donating them to the public with no moral or actual right to be compensated for it.

If you want to fully control monetization, keep your code proprietary. But then good luck with having to pay developers for every single line of

What?

[dohzer]

For anyone else wondering:

Elasticsearch is a search engine based on the Lucene library. It provides a distributed, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents. Elasticsearch is developed in Java.

Re:

[MrKaos]

For anyone else wondering:

Elasticsearch is developed in Java.

I sense Larry.