Unpopular opinion alert (and Disclaimer)…
Call me old fashioned, but I thought two of the top tenets of open source were candor and goodwill. I thought it was good practice to contribute to a project before baking it into a product. This was often the case for open source friendly vendors. But, it feels like AWS came along and never got that memo. I feel like AWS has done a lot more taking and productizing (aka making AWS a trillion-dollar, with a T, business) than contributing back to open source.
They keep shooting themselves in the foot as they take more and more projects into their bevy of services. A couple of weeks ago, I saw a tweet of a dev finding their code in the codebase of an AWS project without any credit being given, among other license violations. Someone at AWS said they’d look into it. But, consumption without credit incidents keeps happening (this wasn’t the first such incident I’d observed). There’s a culture problem, it seems. Then AWS hires a journalist to cover its open source work. I feel like that doesn’t help its case at all either. It acknowledges awareness of a problem. Pay for play is a negative thing in the radio business. It’s duplicitous at best in the tech industry.
I get it. AWS and others think forking Elastic’s code was inevitable and acceptable. Maybe? On a different timeline, with candor and goodwill sprinkled on it, this is never an issue because AWS would be submitting heaping helpings of PRs that Elastic would gladly accept. It gives them the same capabilities in their product that a hyperscale cloud provider has. AWS wouldn’t care because they rake in billions upon billions in profits every year. Sure they are technically assisting a competing product but, how many people using a non-AWS Elastic are also using higher-level AWS services? I imagine that’s a tiny overlap in a Venn diagram. AWS and Elastic cater to slightly different personas. AWS was the most prominent cloud six years ago and had enough market share and growth to stay that way. Instead of helping an open source project, they consumed it to make money. This gave birth to the bullshit SSPL license, and the rest is history. Major takeaway: open source isn’t a business model.
No one is right here, and customers pretty much get hosed on the software and services’ price anyway. Elastic makes its versions of ElasticSearch, LogStash, and Kibana. AWS makes a fork of the previously Apache-licensed code. Who wins here? Elastic and AWS. Developers don’t win because they potentially have to make up for deficiencies in one version or the other. I feel like this fork and SSPL drama could very well have been preventable. But, what do I know? I’ve just been around open source for most of my life. It all feels gross. Why? Because there’s more than enough for everyone to get a piece of the pie.
Note: I’m looking for an intern this summer to help with OpenShift.tv (live streaming). If you know anyone that may be interested, please ask them to apply. If they have questions, feel free to send them my way (Twitter DMs, Telegram). Please apply ASAP as I’m already reviewing resumes this weekend.
People
5 Reasons Why Disability Issues Should Be A Higher Priority, Even Now
Yes, please.
Gigantic Asshole Ajit Pai Is Officially Gone. Good Riddance (Time of Your Life)
The headline says it all.
Home alarm tech backdoored security cameras to spy on customers having sex
Holy smokes… This is an embarrassing incident from a company that usually maintains a low key and rock-solid business.
Why Tech Is Still Toxic for Women (and What to Do About it)
It’s a start.
Why I don’t use Stack Overflow There’s a lot wrong with Stack Overflow. A LOT.
Scoop: Google is investigating the actions of another top AI ethicist
AGAIN?!? Sundar… Come on.
Stop Making Excuses for Toxic Bosses
“If you’ve ever worked for a toxic boss, you know how damaging it can be. So should you forgive a manager who tries to make amends for their bad behavior? A new study shows that most abusive bosses care more about their social image than actually changing how they act.”
Update on an employee matter
HR has been shaken, not stirred at GitHub.
Process
FAA Files Reveal a Surprising Threat to Airline Safety: the U.S. Military’s GPS Tests
This is a horrific accident waiting to happen.
Download today: Kubernetes security ebook - tips, tricks, best practices
The rapid adoption of Kubernetes to manage containerized workloads is driving great efficiencies in application development, deployment, and scalability. However, when security becomes an afterthought, you risk diminishing the greatest gain of containerization - agility. Download this ebook to learn how to (1) build secure images and prevent untrusted/vulnerable code, (2) configure RBAC, network policies, and runtime privileges, (3) detect unauthorized runtime activity, and (4) secure your Kubernetes infrastructure components such as the API server. SPONSORED
In the Digital Economy, Your Software Is Your Competitive Advantage
If Harvard Business Review is trying to tell you this, maybe your execs will finally listen to you.
Drupal’s journey from dorm-room project to billion-dollar exit
“Twenty years ago Drupal and Acquia founder Dries Buytaert was a college student at the University of Antwerp. He wanted to put his burgeoning programming skills to work by building a communications tool for his dorm. That simple idea evolved over time into the open-source Drupal web content management system, and eventually a commercial company called Acquia built on top of it.”
Monitoring as Code: What It Is and Why You Need It
“Integrate Observability into the CI/CD Pipeline with Monitoring as Code”
Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
I got out of the Windows sysadmin business because of stuff like this.
Tools
Why I migrated from Traefik to Caddy
The process and research behind ones choice to use Caddy. I like this article because it walks through the warts and implementation.
Red Hat Announces No-Cost RHEL For Small Production Environments
“The 16 system limit handling is still done through the registration-based developer program and does include deployments to major cloud providers. These developer program changes begin on 1 February.”
PostgreSQL on ARM-based AWS EC2 Instances: Is It Any Good?
“We decided to take an independent look at the price/performance of the new instances from the standpoint of running PostgreSQL.”
HTML and CSS still isn’t about painting with code
This article is so good. Imitating art is not programming.
Painless services: implementing serverless with rootless Podman and systemd
Title pretty much explains it all. But, it’s a guide to using systemd and Podman to make serverless services. Kinda nifty if you don’t want to muck with a framework and utilize closer to core abstractions.
Kubernetes Begins Year With A Bang — And You Can Expect More
“‘About 18 to 24 months ago, you really saw Kubernetes take over,’ said Ubaid Dhiyan, a director at investment bank Union Square Advisors. ‘Now companies are building on top of Kubernetes.’”
Why I like Rust - and why it’s annoying
“They don’t approach the situation with the perspective of ‘what do we stand to gain from, and what are the costs that come with, switching to Rust?’.”
Dnsmasq, used in only a million or more internet-facing devices globally, patches not-so-secret seven spoofing, hijacking flaws
Patch your everything.
Introduction to eBPF
“[U]nlike a lot of hyped-up technology buzzwords, this one’s momentum doesn’t seem to be unwarranted, or even ahead of the curve.”
fireeye/Mandiant-Azure-AD-Investigator
rqlite/rqlite
The lightweight, distributed relational database built on SQLite.
treenotation/dumbdown
The dumb alternative to markdown. The keyword for title is title.
DevOps’ish Tweet of the Week
Want more? Be sure to check out the notes from this week’s issue to see what didn’t make it to the newsletter.