That beer isn't free

Welcome to Runtime! Today: Open-source enterprise software is entering a new era and nobody feels particularly comfortable about it, Kubernetes users are probably wasting a lot of money, and the quote of the week.

(Was this email forwarded to you? Sign up here to get Runtime each week.)

It's not personal, just business

Given widespread agreement that an epoch of tech history came to an abrupt conclusion in 2022 as interest rates and generative AI hype began to rise, it's a little funny that so many people in open-source software circles expected the good-old days would go on forever. Even modest attempts to subsidize the development of open-source software without breaking any licensing promises can provoke a backlash, as Buoyant CEO William Morgan has learned.

Last week Buoyant, which was created around the Linkerd service-mesh project developed by two former Twitter engineers, announced that it would no longer provide stable releases of the project for free — as in beer — to companies with more than 50 employees. Instead, companies that want a relatively turnkey version of Linkerd now have to pay for Buoyant Enterprise for Linkerd instead of getting the glue that makes open-source software work in production environments for free.

• Unlike HashiCorp's decision to change the licensing of its open-source projects last year, Linkerd remains available under the permissive Apache 2.0 license.
• What has changed is Buoyant no longer provides free artifacts, which are "the binaries, Docker images, Helm charts, etc, necessary to get Linkerd on your Kubernetes cluster," as Morgan put it in a blog post clarifying its earlier announcement.
• "We spent the past eight years working really hard to have this vibrant ecosystem of Linkerd users," said Morgan in an interview this week. "But we got to the point where it was pretty clear for us that in order for Linkerd to not just survive, but kind of take the next evolution here, we had to change something pretty significant about the dynamics that we had created with the open source community."

It's hard to get people to pay for something they expect to be free (ask anybody who has worked in media in the 21st century) and that's exactly what Buoyant is trying to do.

• Open-source software can be an incredibly valuable part of a company's tech stack, but it has always required some work to implement in a production environment.
• If you have the budget and the talent, you can do that yourself, but a lot of companies prefer to pay someone to do that work on their behalf.
• That's the business model that has kept Red Hat going for a very long time, and it's arguably more palatable than the open-core model, in which companies deliberately handicap the open-source version of the software in order to charge customers for the features they really need to make it useful.
• But by providing the artifacts for free, Buoyant found itself in a situation where customers didn't want to pay for support contracts because they were able to get the software up and running in their environment without too much trouble, Morgan said.

Open-source software thrived as a counter-culture alternative to the capitalist machine, but the modern reality is much different. Most enterprise open-source projects in widespread use are funded by commercial interests, whether it's a foundation, a tech giant, or a venture-capital backed startup like Buoyant.

• Virtually all the code in Linkerd was written by people on Buoyant's payroll, Morgan said.
• Back in 2018 Puppet co-founder Luke Kanies told me that "98.5%" of all the code in Puppet was written by the company, and last year HashiCorp CTO Armon Dadgar estimated that 95% of all the code across its various open-source projects was written by employees.
• "We need to come to terms as an industry with the fact that these are two very different kind of ideas (about) open source; there's a community-like uprising to topple the dictatorship, and then there's the modern reality of, well, companies are making this (software) and that's good," Morgan said.
• Buoyant's situation is further complicated by the reality that Linkerd competes directly with Istio, a Google-backed open-source service mesh that was a huge priority for the company before it handed it off to the Cloud Native Computing Foundation, which also backed Linkerd.
• (I would link to relevant stories from the Protocol days in this section, but Politico Media Group decided this week to put the Protocol archives behind a wall.)

Venture capitalists funded hundreds of companies built around open-source projects over the last decade, believing that the open nature of the software was the top of a marketing funnel. Those companies will continue to attract funding over the next few years, but it's clear the business models are going through some changes.

• "If you're going to do open source, you need to be very clear-eyed about the tradeoffs that you're making," said Morgan, when asked how younger enterprise tech founders should think about their strategy. "It's a one-way door in a lot of ways."

A MESSAGE FROM CANVA

As enterprises rush to embrace AI, CIOs are grappling with how to merge their enterprise’s IT past and future. Increasingly, in-house technology leaders are tasked with the seemingly impossible mandate of reaping the benefits of next-generation systems while simultaneously reducing legacy technical debt and costs and managing risk.  Read more about The CIO Paradox on Runtime.

The money pit

Speaking of service meshes and Kubernetes, companies that have adopted those technologies tend to provision way more cloud infrastructure than they actually need, according to a new survey from Cast AI. As a result, they're throwing money out the window at a time when tech teams are being asked to cut costs as much as possible.

Companies running mid-sized Kubernetes clusters only use 13% of the CPUs they provisioned and 20% of memory, according to the report. Companies running larger clusters do a little better, technically, using 17% of their provisioned resources, but they're still defeating the whole purpose of the cloud.

Cast AI — which makes money telling people they're spending too much money on Kubernetes — attributed the overcapacity to a reluctance to rely on spot cloud instances, which can be cheaper than reserved instances. "This year’s report makes it clear that companies running applications on Kubernetes are still in the early stages of their optimization journeys and they’re grappling with the complexity of manually managing cloud-native infrastructure,” Laurent Gil, co-founder and chief product officer of Cast AI, told SiliconAngle.

Quote of the week

"If upper leadership doesn’t support or openly contradicts the agile principles and won’t change their minds, there has to be a kind of ‘malicious compliance,’ secretly implementing agile without them knowing." — Josh Wickham, a principal engineer at Turo, describing a new era of shadow IT that embraces agile software development practices.

The Runtime roundup

Dell beat Wall Street's earnings estimates despite posting an 11% decline in revenue, and enjoyed a 31% surge in its stock price Friday by implying it's about to sell a lot of servers with high-end GPUs.

Rival-from-another-time HPE saw a 13.5% decline in first-quarter revenue, and offered a less-rosy outlook based on weakness in the networking market.

JFrog's security researchers found more than 100 AI models with malicious code on Hugging Face that were designed to give attackers a back door into companies that downloaded those models.

Cohere is strictly focused on enterprise generative AI technology, President Martin Kon told CNBC: "We make F-150s."

A MESSAGE FROM CANVA

A new survey from Canva of more than 1,360 CIOs reveals how they’re thinking about workplace tools in the AI era. Discover why CIOs are prioritizing AI to rethink workstreams and optimize workflows.

Thanks for reading — see you Tuesday!