It is an endearing image for anyone who falls in love with the idea of open source technologies. You have an idea, work hard at it and then eventually give it life, making sure anyone can build with it – and more importantly, build upon it and improve it. Yet, ultimately, bills still need to be paid and mouths fed.
This may have entered the minds of some developers as the news of Red Hat’s blockbuster $34bn acquisition by IBM rippled through the tech press. As sister publication CloudTech put it earlier this week, the two companies were in open heaven with their purported shared visions. But as Donald Fischer, co-founder of Tidelift and a former Red Hat general, put it: Red Hat has just made billions selling software open source devs created – and the latter get nothing.
It’s ultimately just the way of business, Fischer noted. Red Hat simply spotted a key business opportunity – while the need to pay for code went away, the need to support it and maintain it became bigger than ever. “Red Hat doesn’t sell a work product they created alone,” Fischer wrote. “They sell promises about the future of a collection of software that someone else wrote, and the solutions – people, process, methodology – that make those promises come true.
“Doing business with large companies requires a lot of bureaucratic toll,” Fischer added. “That’s doubly true for organisations that require security, legal, and operational standards for every product they bring in the door. Working with these organisations requires a sales and marketing team, a customer support organisation, a finance back-office, and lots of other ‘business stuff’ in addition to technology. Red Hat has had that stuff – but you haven’t.”
The state of open source security, and the twists and turns in applying suitable management processes, has long since been debated, and will continue to do so. Indeed, some of the most important communities out there are facing something of an existential crisis today. Back in July, Guido van Rossum pushed the eject button and removed himself as the de-facto leader of Python after 30 years, essentially telling the rest to figure it out for themselves. “I’m basically giving myself a permanent vacation from being BDFL [Benevolent Dictator for Life], and you all will be on your own,” he wrote at the time.
According to a recent report from ActiveState, an open source languages software company, while open source languages continue to drive innovation, their popularity can also mean inefficiencies and security challenges. For instance, many devs and organisations use either homegrown systems or manual processes, or legacy versions of languages shipped with their operating system to manage their open source code development. This can mean lots of manual updates – and plenty of time wasted.
For Fischer, there is ultimately some light at the end of the tunnel, albeit powered by a suspicious-looking plug. The former product manager for Red Hat Enterprise Linux wants Tidelift to be built and supported by the creators – those ‘best suited to provide assurances for the very software they wrote and maintain.’
“With Tidelift, open source teams create their own solution – security, licensing, and maintenance for their package – alongside many other open source packages in an easy-to-consume bundle that companies can constructively engage with,” wrote Fischer. Subscribers get problems solved across open source, and the creators get paid – or so the theory goes, at least.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.