Contributed"> Beyond the Walled Garden of Open Source - The New Stack
TNS
SUBSCRIBE
Join our community of software engineering leaders and aspirational developers. Always stay in-the-know by getting the most important news and exclusive content delivered fresh to your inbox to learn more about at-scale software development.
REQUIRED
 
It seems that you've previously unsubscribed from our newsletter in the past. Click the button below to open the re-subscribe form in a new tab. When you're done, simply close that tab and continue with this form to complete your subscription.
Welcome and thank you for joining The New Stack community!
Please answer a few simple questions to help us deliver the news and resources you are interested in.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Great to meet you!
Tell us a bit about your job so we can cover the topics you find most relevant.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Welcome!

We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.

What’s next?

Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.

Become a TNS follower on LinkedIn.

Check out the latest featured and trending stories while you wait for your first TNS newsletter.

PREV
of
NEXT
VOXPOP
As a JavaScript developer, what non-React tools do you use most often?
Angular
0%
Astro
0%
Svelte
0%
Vue.js
0%
Other
0%
I only use React
0%
I don't use JavaScript
0%
 
Open Source Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
Beyond the Walled Garden of Open Source
Aug 22nd 2024 10:00am, by Jonathan Marsh
Linux Foundation Backs Open Source LLM Initiative
Aug 18th 2024 6:00am, by Steven J. Vaughan-Nichols
A ‘Nue’ UX Web Framework; Plus Anthropic, OpenAI Boost AI APIs
Aug 17th 2024 3:52am, by Loraine Lawson
Cockroach Rescinds Open Core for a Free Enterprise Version
Aug 16th 2024 12:12pm, by Joab Jackson
Is It Time for an Open LLM To Be Added to the LAMP Stack?
Aug 12th 2024 1:30am, by Richard MacManus
Can Grafana Adaptive Metrics Help Slash Observability Costs?
Aug 20th 2024 6:52am, by B. Cameron Gain
Istio 1.23 Drops the Sidecar for a Simpler 'Ambient Mesh'
Aug 19th 2024 12:59pm, by Joab Jackson
Execs Invest in Platform Engineering: Here's Why
Aug 19th 2024 10:22am, by Janet Wi
Cockroach Rescinds Open Core for a Free Enterprise Version
Aug 16th 2024 12:12pm, by Joab Jackson
Azure Durable Functions: FaaS for Complex Workflows
Aug 15th 2024 8:16am, by Lily Ma and David Justo
Docker Joins Movement To Dump Passwords for Security
Aug 21st 2024 1:36pm, by Steven J. Vaughan-Nichols
Chainguard Launches CPU/GPU Containers for AI Frameworks
Aug 19th 2024 12:52pm, by B. Cameron Gain
Runc-Related Leaky Vessels Threaten Container Security
Jul 23rd 2024 10:27am, by Manas Chowdhury
3 Ways To Improve Your Container Build Process
Jul 22nd 2024 10:00am, by Sylvain Kalache
Exploring MicroOS, OpenSUSE's Immutable Container OS
Jul 5th 2024 6:00am, by Jack Wallen
With eLxr, Wind River Brings Debian Linux to the Edge
Aug 12th 2024 1:30pm, by Joab Jackson
How To Get Started Running Small Language Models at the Edge
Jul 24th 2024 6:00am, by Janakiram MSV
How to Apply Microservice Architecture to Embedded Systems
Jul 16th 2024 10:48am, by Bob Reselman
Why We Chose WebAssembly (Wasm) for Our Edge Runtime
May 28th 2024 6:50am, by Bogdan Kurnosov
Cloud Computing at the Edge: From Evolution to Disruption
May 16th 2024 10:00am, by Yoram Novick
Why Staging Doesn't Scale for Microservice Testing
Aug 16th 2024 10:13am, by Arjun Iyer
A Developers Guide to NIM, Nvidia’s AI Application Platform
Aug 13th 2024 8:02am, by Janakiram MSV
Setting Microservices Up for Success: Real-World Advice
Aug 1st 2024 6:03am, by Charles Humble
How to Apply Microservice Architecture to Embedded Systems
Jul 16th 2024 10:48am, by Bob Reselman
The 5 Worst Anti-Patterns in API Management
Jun 26th 2024 10:00am, by Emile Vauge
Istio 1.23 Drops the Sidecar for a Simpler 'Ambient Mesh'
Aug 19th 2024 12:59pm, by Joab Jackson
Linux: Display and Manage IP Address Settings
Aug 18th 2024 12:00pm, by Damon M. Garn
Linux: Mount Remote Directories With SSHFS
Aug 3rd 2024 6:00am, by Jack Wallen
Client-Side Monitoring Is a Must for Mobile Apps
Jul 19th 2024 11:26am, by Fredric Newberg
VMware's 'Private Cloud' Solution Emerges Under Broadcom
Jul 17th 2024 7:04am, by B. Cameron Gain
Azure Durable Functions: FaaS for Complex Workflows
Aug 15th 2024 8:16am, by Lily Ma and David Justo
Momento: Caching at Scale and More, Without All the Hassle
Jul 22nd 2024 11:23am, by Susan Hall
WebAssembly and Kubernetes Go Better Together: Matt Butcher
May 22nd 2024 2:00pm, by Raghavan "Rags" Srinivas
How to Conquer Cold Starts for Better Performance
Apr 25th 2024 9:17am, by Henry Hamid Safi
Meet DBOS: A Database Alternative to Kubernetes 
Mar 12th 2024 4:00am, by Joab Jackson
Linux: Low-level Data Copying with dd
Aug 17th 2024 6:00am, by Jack Wallen
Momento: Caching at Scale and More, Without All the Hassle
Jul 22nd 2024 11:23am, by Susan Hall
Unfreeze Apache Iceberg to Thaw Your Data Lakehouse
Jul 22nd 2024 7:28am, by Dave Eyler
The Do’s and Don’ts of Implementing Search in Your App
Jul 19th 2024 5:54am, by Ben Greenberg
Linux: Synchronize Local and Remote Directories With Rsync
Jul 13th 2024 5:00am, by Jack Wallen
AI Large Language Models Frontend Development Software Development API Management Python JavaScript TypeScript WebAssembly Cloud Services Data Security
Shreds AI Creates Complex Software in Java and JavaScript
Aug 22nd 2024 9:00am, by
What AI Developer Skills Do You Need in 2024?
Aug 22nd 2024 7:00am, by
What’s the Future for Software Developers?
Aug 22nd 2024 6:00am, by
Google Serves Up Cloud GPUs With a Side of Open Source LLMs
Aug 21st 2024 8:00am, by
AI Coding Assistants: 12 Do’s and Don’ts
Aug 21st 2024 7:00am, by
Google Serves Up Cloud GPUs With a Side of Open Source LLMs
Aug 21st 2024 8:00am, by
AI Coding Assistants: 12 Do’s and Don’ts
Aug 21st 2024 7:00am, by
Transform Predictive Analytics With Time Series Language Models
Aug 20th 2024 11:00am, by
Chatting With Data: LLMs Are Transforming AIOps
Aug 20th 2024 10:00am, by
Building a Steampipe Dashboard for WordPress, With LLM Help
Aug 19th 2024 9:22am, by
Shreds AI Creates Complex Software in Java and JavaScript
Aug 22nd 2024 9:00am, by
Angular’s Efforts To Be Easier and Developer Friendly
Aug 20th 2024 10:30am, by
A ‘Nue’ UX Web Framework; Plus Anthropic, OpenAI Boost AI APIs
Aug 17th 2024 3:52am, by
Development Server Vite Gets Independent Team and Rust-ifies
Aug 13th 2024 11:05am, by
Meet Toddle: the Next Open Source Web App Builder
Aug 12th 2024 8:00am, by
Shreds AI Creates Complex Software in Java and JavaScript
Aug 22nd 2024 9:00am, by
The Struggle To Test Microservices Before Merging
Aug 21st 2024 12:48pm, by
Dynamic Scaling: Why Shifting Right Is the Smart Approach
Aug 21st 2024 11:00am, by
Ambient Mesh: Can Sidecar-less Istio Make Applications Faster?
Aug 19th 2024 11:10am, by
Agile Reinvented: A Look Into the Future
Aug 19th 2024 8:35am, by
The Struggle To Test Microservices Before Merging
Aug 21st 2024 12:48pm, by
The Unseen Benefits of Full-Stack API Development
Aug 20th 2024 3:55am, by
Master API Connections in Azure with Bicep
Aug 14th 2024 10:00am, by
5 API Testing Best Practices to Tame the Wild West
Aug 13th 2024 5:01am, by
GraphQL vs. OpenAPI: Pros and Cons for Data Governance
Aug 12th 2024 12:55pm, by
How To Use Inheritance in Python
Aug 13th 2024 5:00pm, by
What Is the Python join() Function and When Should You Use It?
Aug 12th 2024 5:00pm, by
What Is Python's sum() Function and How Do You Use It?
Aug 11th 2024 6:00am, by
What Is the Python Match Case Statement and Why Use It?
Aug 8th 2024 5:00pm, by
Excel Gets Local Python Boost With Anaconda Code
Jul 31st 2024 11:38am, by
Inside ECMAScript: JavaScript Standard Gets an Extra Stage
Aug 21st 2024 6:00am, by
Angular’s Efforts To Be Easier and Developer Friendly
Aug 20th 2024 10:30am, by
Frontend Strategies: Frameworks or Pure JavaScript?
Aug 17th 2024 1:58pm, by
Development Server Vite Gets Independent Team and Rust-ifies
Aug 13th 2024 11:05am, by
Google Angular Lead Sees Convergence in JavaScript Frameworks
Aug 9th 2024 8:20am, by
TypeScript 5.5: Faster, Smarter and More Powerful
Jun 25th 2024 6:41am, by
UIX: A Full Stack Web Dev Framework Leveraging Deno
Jun 11th 2024 11:30am, by
TanStack Introduces New Meta-Framework Based on Its Router
Jun 5th 2024 11:38am, by
In a TypeScript World, Code Generation Is Key for API SDKs
May 8th 2024 4:00am, by
TypeScript Meets API Design in Microsoft's Game-Changing TypeSpec
May 7th 2024 7:30am, by
Golang for WebAssembly Can Now Work Like IT Should
Aug 9th 2024 9:00am, by
How To Run WebAssembly on Kubernetes
Jul 28th 2024 10:00am, by
Chicory: Write to WebAssembly, Overcome JVM Shortcomings 
Jul 19th 2024 12:33pm, by
What’s Next for Flutter After Layoffs Hit Google Team
Jul 17th 2024 9:01am, by
Demos: Deploying LLMs With WasmEdge 
Jul 16th 2024 8:28am, by
Dynamic Scaling: Why Shifting Right Is the Smart Approach
Aug 21st 2024 11:00am, by
Why Cloud Security Fails: The Posture vs. Runtime Gap
Aug 21st 2024 10:00am, by
Azure Durable Functions: FaaS for Complex Workflows
Aug 15th 2024 8:16am, by and
Google Cloud Adds GenAI, Core Enhancements Across Data Platform
Aug 1st 2024 8:30am, by
AWS Discontinues Git-Hosting Service CodeCommit
Jul 31st 2024 12:10pm, by
Chatting With Data: LLMs Are Transforming AIOps
Aug 20th 2024 10:00am, by
Building a Steampipe Dashboard for WordPress, With LLM Help
Aug 19th 2024 9:22am, by
Rust vs. Zig in Reality: A (Somewhat) Friendly Debate 
Aug 19th 2024 7:09am, by
Be an AI Power User: Success Strategies in the AI Landscape
Aug 19th 2024 6:01am, by
Linux: Low-level Data Copying with dd
Aug 17th 2024 6:00am, by
Docker Joins Movement To Dump Passwords for Security
Aug 21st 2024 1:36pm, by
Why Cloud Security Fails: The Posture vs. Runtime Gap
Aug 21st 2024 10:00am, by
Best Practices for Responding to a Major Outage
Aug 21st 2024 9:00am, by
Chainguard Launches CPU/GPU Containers for AI Frameworks
Aug 19th 2024 12:52pm, by
Copilot Autofix: AI's Answer to Code Vulnerability Woes
Aug 19th 2024 5:05am, by
Platform Engineering Operations CI/CD Tech Careers Tech Culture DevOps Kubernetes Observability Service Mesh
Execs Invest in Platform Engineering: Here's Why
Aug 19th 2024 10:22am, by Janet Wi
How a DevOps Team Became a Platform Engineering Team
Aug 17th 2024 6:43am, by Jennifer Riggins
Are Shared Service Platforms Too Restrictive?
Aug 14th 2024 5:35am, by Lawrence E Hecht
5 Hacks Learned by Writing Thousands of Lines of IaC
Aug 13th 2024 7:25am, by Eran Bibi
Internal Developer Portals: 3 Real World Examples
Aug 12th 2024 4:00am, by Sooraj Shah
Spans: What Are They and Why Should Mobile Engineers Care?
Aug 22nd 2024 7:58am, by Fredric Newberg
Best Practices for Responding to a Major Outage
Aug 21st 2024 9:00am, by Joel McKelvey
ServiceOps: Balancing Speed and Risk in DevOps
Aug 21st 2024 5:02am, by Margaret Lee
Ambient Mesh: Can Sidecar-less Istio Make Applications Faster?
Aug 19th 2024 11:10am, by Lin Sun
Rust vs. Zig in Reality: A (Somewhat) Friendly Debate 
Aug 19th 2024 7:09am, by Cynthia Dunlop
Beyond Orchestration: A Comprehensive Approach to IaC Strategy
Aug 20th 2024 9:19am, by Eran Bibi
The Unseen Benefits of Full-Stack API Development
Aug 20th 2024 3:55am, by Steve Rodda
The Doorway Effect and Developer Experience: Why It Matters
Aug 15th 2024 3:28am, by Steve Fenton
Keep Cloud App Docs Updated with Living Documentation
Aug 14th 2024 7:08am, by Rak Siva
5 API Testing Best Practices to Tame the Wild West
Aug 13th 2024 5:01am, by Lori Marshall
What AI Developer Skills Do You Need in 2024?
Aug 22nd 2024 7:00am, by Demola Malomo
What’s the Future for Software Developers?
Aug 22nd 2024 6:00am, by Heather Joslyn
Should Developers Curb Their Enthusiasm for Generative AI?
Aug 20th 2024 5:00am, by Richard Gall
In the Age of AI, What Should We Teach Student Programmers?
Aug 7th 2024 4:00am, by David Cassel
Rapid Innovation In Vehicle Connectivity Is Creating New Developer Roles
Aug 6th 2024 10:00am, by Nick Power
Dynamic Scaling: Why Shifting Right Is the Smart Approach
Aug 21st 2024 11:00am, by Phil Andrews
Developers: The First Line of Defense in Cybersecurity
Aug 12th 2024 10:00am, by Shrav Mehta
An Algorithm-Produced 'Generative' Film Celebrates Brian Eno
Aug 10th 2024 5:00am, by David Cassel
Russ Cox Steps Down as Tech Lead of Go Programming Language
Aug 7th 2024 7:12am, by Steven J. Vaughan-Nichols
DevOps Success Isn't Always Numbers Going Up
Aug 6th 2024 8:00am, by Andy Corrigan
How Vendia Helps Delta Sync Data With Its Airline Partners
Aug 22nd 2024 5:00am, by Susan Hall
Best Practices for Responding to a Major Outage
Aug 21st 2024 9:00am, by Joel McKelvey
ServiceOps: Balancing Speed and Risk in DevOps
Aug 21st 2024 5:02am, by Margaret Lee
The Unseen Benefits of Full-Stack API Development
Aug 20th 2024 3:55am, by Steve Rodda
Ambient Mesh: Can Sidecar-less Istio Make Applications Faster?
Aug 19th 2024 11:10am, by Lin Sun
Can Grafana Adaptive Metrics Help Slash Observability Costs?
Aug 20th 2024 6:52am, by B. Cameron Gain
Kubernetes 1.31 Arrives with New Support for AI/ML, Networking
Aug 13th 2024 2:00pm, by Chris J. Preimesberger
VMware's Golden Path
Aug 8th 2024 10:36am, by Alex Williams
Bypassing eBPF to Protect Runtimes in Kubernetes Apps
Aug 4th 2024 9:00am, by Alex Williams
Cloud Native Use to Double by 2029
Aug 2nd 2024 7:50am, by Janet Wi
Spans: What Are They and Why Should Mobile Engineers Care?
Aug 22nd 2024 7:58am, by Fredric Newberg
Chatting With Data: LLMs Are Transforming AIOps
Aug 20th 2024 10:00am, by Avitan Gefen
Can Grafana Adaptive Metrics Help Slash Observability Costs?
Aug 20th 2024 6:52am, by B. Cameron Gain
What’s the Difference Between Observability and Monitoring?
Aug 7th 2024 8:00am, by Kumar Harsh
Why AI Can't Fix Your Production Issues
Aug 5th 2024 10:00am, by Siddarth Jain
Istio 1.23 Drops the Sidecar for a Simpler 'Ambient Mesh'
Aug 19th 2024 12:59pm, by Joab Jackson
Can Cilium Be a Control Plane Beyond Kubernetes?
Jul 28th 2024 6:00am, by Alex Williams
Enhancing Business Security and Compliance with Service Mesh
Apr 1st 2024 10:00am, by Ninad Desai
Some Linkerd Users Must Pay: Fear and Anger Explained
Feb 28th 2024 9:21am, by B. Cameron Gain
Buoyant Revises Release Model for the Linkerd Service Mesh
Feb 21st 2024 9:30am, by Joab Jackson
Open Source

Beyond the Walled Garden of Open Source

To preserve the benefits of open source, consider nuanced licensing approaches that balance openness with sustainability and security.
Aug 22nd, 2024 10:00am by
Featued image for: Beyond the Walled Garden of Open Source

Open source offers creators (publishers) and consumers (users) advantages. However, at times, friction and controversy can arise as the tenets of open source come up against realities such as funding development activities and investing in proper levels of security. Some uproar occurs as open source advocates and regulators try to work from a bright line for open source. Greater acceptance and support for nuance in licensing and regulation would provide the benefits of openness to more users. In contrast, a lack of nuance could shrink the borders of the open source commons as open source licensing becomes impractical in more contexts.

Extensive R&D funding is costly, and most open source relies on businesses for financing. But “free” (as in free beer or freedom) often conflicts with the need to generate self-sustaining funding. Companies find various ways to mix or limit their commitment to open source to reserve revenue potential sufficient to sustain their enterprise.

For instance, in offering open source to users, MongoDB discovered the freedom users are granted with open source also grants freedom for competitors to behave badly. In Mongo’s case, Amazon started offering a SaaS version based on and compatible with Mongo, essentially leveraging for free all of Mongo’s historical R&D and mind-share development investment and using these investments to turn around and put significant commercial pressure on Mongo. Mongo gifted Amazon a baseball bat with the open source license, then Amazon turned around and smacked them with it. In response to some outcry by purists, Mongo retreated from a pure open source license to one that still provides open source benefits to users, but restricts the complete freedom previously enjoyed by potential competitors. Their license is no longer considered purely open source, even though most users see no practical effect from the licensing change. Through this mechanism, Mongo has segmented its licensees into users (open source) and competitors (commercial.)

Many other companies providing an open source product have gravitated towards an open-core model, which provides an essential product as open source but adds other features under a commercial license. These companies segment their licensees into users of basic functionality (open source) and users of advanced or enterprise functionality (commercial).

WSO2 offers fully functional products as open source but commercialized support and maintenance. Free users get full functionality, but only commercial users get support accounts with enterprise-grade SLAs, receive updates and bug fixes for a generous product lifespan, private security advisory bulletins, expert advice, cloud hosting, and other services. Through this model, we have segmented our licensees into “as-is” users (open source) and fully-supported users (commercial.)

These examples illustrate wide diversity in how companies leverage open source to achieve their specific goals and provide a foundation for a successful business model. But this isn’t the only reason a publisher might have for releasing it as open source. A community of individual hobbyists or a consortium of organizations come together to share the investment in developing standard solutions to a shared problem. A company might publish open source not for direct profit but to build industry mind-share around their brand or point of view, to shake up a market by putting pressure on competitive technologies, or to incubate an ecosystem to improve innovation or keep development and maintenance costs down. An individual or organization might publish as open source simply to share something of interest or to contribute to the sphere of human knowledge — this could be a research project, tests, or a product that has ended its commercial life but is still in use by specific users.

It would serve those who promote open source to consider openness in broader terms, beyond viewing open source as a walled garden in which everything inside is deemed “open” and everything outside is not. Instead, openness should be considered in a broader context and encouraged as much as possible outside the officially recognized open source licensing context.  To do so requires appreciating and accommodating the diversity of values and motives of the publisher. With that viewpoint, new possibilities can arise:

  • Standardized license for open source “adjacent” scenarios. License standardization is an outstanding achievement by the open source community. These benefits can be broadened by defining and standardizing licenses that exhibit open characteristics while distinguishing them from today’s pure open source. For instance, a standardized open source-adjacent license that guaranteed the benefits of openness to users but restricted threats from competitors would improve the current patchwork of licenses for this purpose. Standardized licenses with varying degrees of openness, up to and including “all rights reserved,” could be developed just as Creative Commons provides a range of standardized content licenses up to and including “all rights reserved.” The general acceptance implied by such a set of licenses would encourage more companies to pursue more significant levels of openness in their license strategies.
  • Standards for indicating the intent of the publisher. As regulations emerge concerning open source (e.g., the European Cyber Resiliency Act), there is no generally accepted way for a consumer to know whether an open-source product is intended for critical use in environments subject to security challenges. The CRA mandates that all products (including open source ones) perform risk assessments, provide security updates, and actively maintain the project for a reasonable lifetime. The effect is that all open source software published by companies doing business in the EU must be treated with the highest level of care. Where these requirements are not conducive to the goals for publishing, the publisher is likely to refrain from publishing at all.  Instead, by providing a clear statement of the intent and responsibility accepted by the publisher, the user can choose software with proper security characteristics. This would prevent the disappearance of open source software from the public sphere, which may be pretty helpful in other contexts.
TRENDING STORIES
Group Created with Sketch.
Jonathan was an active contributor to the development of Open Standards for web service specifications, representing previous employer Microsoft in developing standards around XML, XSL, and early Web Services specifications. In his current role, he is responsible for the implementation...
Read more from Jonathan Marsh
SHARE THIS STORY
TRENDING STORIES
TRENDING STORIES
TNS DAILY NEWSLETTER Receive a free roundup of the most recent TNS articles in your inbox each day.