Welcome!

Open Source Cloud Authors: Yeshim Deniz, Liz McMillan, Stackify Blog, Vaibhaw Pandey, Pat Romanski

Related Topics: Open Source Cloud, Linux Containers, @CloudExpo

Open Source Cloud: Blog Feed Post

Free as in Beer By @DMacVittie | @CloudExpo #Cloud #OpenSource

The things to look for in your open source project

(Note: This blog originally posted to the Stacki Open Source project website. It has cosmetic changes to account for presentation differences between the two sites)

Many years ago, I wrote a blog that aimed to help organizations evaluate open source projects in terms of enterprise suitability. That blog was lost when the employer took the publication off-line, and my Google-fu has been unable to recover a copy (if you happen to have it, ping me, I’d love a copy). At the time I wrote it, I considered blogs to be dispensable, with less need to keep a copy than articles – because they were largely opinion. Turns out that precisely because blogs are opinion+insight, you have to refer to them more to update or defend than most articles. I’ve been saving them since shortly after that particular blog was published, but that was no help here.

(Note that my interest at the time of the first article was as a writer and an open source contributor. My interest now is driven partially by open source contribution – though it’s been nearly a year since I submitted to any projects except for a minor change to Stacki – and partially because I work for an open source sponsor, thus am in the market-space a lot more)

That being said, I’ve decided to write another. I was looking for the original blog because we have gotten a bit complacent about Open Source evaluations. It seems that there is a cycle that has emerged in our industry that follows a basic trend. Evaluation of Open Source projects gets important because of spectacular failures or mergings of projects. Evaluators discover that, for the most part, the parameters being looked at are very similar to purchased software, and slowly complacency sets in. Then we do it again. The shriveling of investment money in Silicon Valley combined with the current model of Open Source sponsorship means that many projects tied to existing vendors will be struggling. The ramifications of significant sponsorship are broad, and that’s why we’re here.

But the topic is more broad than investors causing problems. Projects in the best of times lose sponsorship because the needs of sponsors change – think of Satellite and Spacewalk. Spacewalk – and by extension Cobbler and several other technologies – has seen downgraded RedHat support when Satellite moved to a new architecture. Oh, officially they’re still supported, but the investment that RedHat is willing to make is obviously reduced, as they focus on the new architecture.

And that doesn’t even touch internal project politics. How many projects are you aware of that fractured and became less relevant. The one that springs to mind for me – because I was a heavy user at the time that it happened – is the Mambo (since discontinued)/Joomla split. A whole raft of developers and designers left Mambo and forked to start Joomla, leaving us users with a tough choice – convert or hope Mambo could keep up the updates. OpenStack had a tiff that threatened to blow into similar proportions over AWS support, which thankfully sane heads found a compromise path for.

And finally, or rather what should have been considered before all of the above became an issue, is technical capability and road-map. Does it do what you need, and are you able to modify it easily if not? Hand-in-hand with these questions are security – particularly since heartbleed came about and impacted just about everyone – and user management. Can you add/remove/restrict users as needed to get the job done? Does the project support RBAC? If so, is it solid? All questions that need to be asked in an enterprise environment (and should be asked regardless of where it’s deployed).

So, the things to look for in your open source project:


  • Maturity

It still astounds me that after years of experience, multi-million dollar operations will install Open Source that is largely vaporware written by one or two people with no long term roadmap. The idea being “it’s free”, but it isn’t if you’re installing and maintaining it – we’ve documented that over the years, so don’t. Yes, this poses a dilemma for new Open Source projects, but they can show maturity and stability by growing and finding acceptance at highly technical smaller shops.

And there’s the other end of maturity. Look for drop off of developer participation, look for sniping on bugzilla or the forums for a given project – particularly between project devs. This is a sign of trouble, and usually indicates the “ownership” that grows when this piece of the puzzle has been your baby for years. But it causes issues and bad feelings, poisonous to projects from reduced bug fixing to outright splintering.

Finally, in the middle stage, the thing to look out for is acceptance of help. It’s an open source project, people should be allowed to contribute. Large stable projects generally have a process that is designed to limit code changes because they’re in use in a lot of places and need stability, but most projects should be open to direct submission of changes, probably with review by a core team. If there is no process for users to update (my favorite is “You can’t change it, so fork it” – Really? You want people to do their development and not give it back to the community? Are you open source?), updates are routinely rejected, or the project source doesn’t build relatively easily on a new machine (no open source project I’ve worked on built easily on a new machine, but guidelines and helpful tips can make it minimally painful), then you should exercise caution. Resistance to community involvement is a symptom of egos running a project. No need to walk away over this issue – as we’ve already established, some projects have good reasons to limit submissions – but certainly look closely at what those reasons are.

  • Core Developers

The heart of any open source project is its core developers. Those who are there all the time, giving their time and effort to make it a success. Relevant questions for an organization looking to use the system are simple – What experience do those developers have? Is this their first foray into either open source (which is a different political model) or the market the product is entering? How many are there? What is their history of delivering? Are they cooperative, or fragmented? Basically, you need to determine if you can trust them with a core piece of your infrastructure. The other points here touch a little on this topic, but it was worthy of a separate bullet point, because the core developers and their relationships/experience are good predictors of stability, just as the overall number of submitters and the trend in that number is.

  • Sponsorship

If a project has corporate sponsors, look to see how many there are. A single sponsor is going to over-ride user desires when there is conflict. This is not a slap at sponsorship, it is an observation that the project team is motivated to pay the bills that the project generates, and the corporate sponsor sees their needs as important for everyone, particularly if the corporate sponsor is in or adjacent to the space of the open source project. This can have a negative impact. Do you wish the system integrated as easily with competitors of the corporate sponsor as easily as the sponsor? That’s a symptom.

Over time, concerns about consortium sponsorships have lessened. While it was (and occasionally still is) a valid concern when large corporations in direct competition get together to sponsor a project, those days are waning as value-add and services replace lock-in for most corporations’ sales goals. It is still worth watching though, what are the customizations a given sponsor uses? Just like standards body participants will sometimes use the gaps in the standards they helped develop to build lock-in mechanisms, so too do some members of consortiums. It is worth being aware of, but as I said, the concern is much less than it used to be, so not worth wasting too much time on.

Considering the time, a related concern is investor money. Is your project solely sponsored by a venture-backed company? If so, make certain it is not at the whim of investors. Should they pull funding from the backed company, what happens to the project? Oh sure, it’s open source, so it can be kept alive, but don’t underestimate the temporary mayhem and loss of users – and by extension developers – that such a scenario can create. While better than a startup going out of business and leaving unsupported closed-source projects behind, it’s not a ton better unless you have developer man-hours just laying around waiting to be poured in.

  • Technical Capabilities

We’ve all seen the open source project spectrum – from flashy but not much ability to get it to work with all the other tools in your datacenter to downright pliant and designed with integration in mind. Know what your integration needs are – particularly in light of automation and DevOps developments in your organization, and make certain the project can fulfill them. In the automation world for example, it is great to have a tool that can do one thing really well, but better if that one tool can be integrated into the tool-chain you are using to give a coordinated solution to automation issues. As time goes on it will even become necessary.

Check the real cost. Yes, the software is free, but there are a variety of charges from hosting to development to ops that need to be considered, as we all know. Compare what it is likely to cost to keep product A alive and working in relation to the other projects in the space. These analysis have actually sometimes shown that you are better off using purchased software (depending of course on the market and the products) than an open source project… Considering that can be the case even once, certainly a comparison of open source projects on the same TCO grounds can give you an idea what might be a better choice.

  • Support

Another perennial conversation is support. Some open source users are happy to be self-supporting, they have the staff and knowledge to do so. But the complexity of systems and the number of applications running in your average datacenter have greatly reduced this trend. Most organizations want somewhere to go when things go wrong. Forums and Google Groups can do that, but for corporate responsibility, a vendor to get help from is often more appealing, even though it makes Open Source not free (or the famous “Free like a puppy” quote from Sun). Often a sponsoring company is willing to offer its services for a fee (full disclosure, this is the model StackIQ – my employer – uses for Stacki). While the “sole sponsorship” issue (mentioned above) is the other side of this coin, these companies tend to be less obstructive simply because they’re seeing what users other than themselves are having to deal with on a regular basis, and can offer or recommend updates that solve general problems of the user base. Just make certain you include support in TCO calculations, and if you do, don’t include nearly as many man-hours for bug/integration issues. Each open source project is different, so make certain you understand your options.

  • Security

Since I got ahead of myself and mentioned security above, I’ll just reiterate that you have a security infrastructure, how the tool integrates into it and makes use of it matters. So does how well the source is written. While amazing, yes there are still buffer overflow and cross-site scripting vulnerabilities in open source projects (though less and less as time goes on, thankfully). Find a way to gauge the security of the system based on your organization’s needs, and do the tests. No sense putting a vulnerability infested product into the datacenter if you can avoid it. If you’re not familiar with performing such assessments, OWASP is a great place to start figuring it out.


Local conditions always win versus pundit bullet lists, so of course you will have other things to add, and a list like this covers what’s important at a pretty high and condensed level. I’ve seen evaluations that were far more broad and far more detailed than this list, but my aim was to remind people to be vigilant, and do what’s best for their org, not to build an exhaustive list. Heck, this blog is already too long. Adding all that orgs look for would turn it into a book.

As I and countless others have said over and over, in the end you are going to be stuck with this software. Do some due diligence, it is no more fun to have to transition off an open source product than to have to transition off a closed source product – manhours are wasted and frustration runs higher. So a little pre-deployment footwork can go a long way.

Of course none of this should trump suitability to task – if no one else is doing the job you need done, then it’s worth getting involved and driving the OSS project further along, while getting the benefit of not having to completely re-create the wheel.

I will end how I often do… Your organization is running, which is a sign that IT as a group is delivering. Keep doing what’s best for the org, no matter what pundits like me suggest.

Read the original blog entry...

More Stories By Don MacVittie

Don MacVittie is founder of Ingrained Technology, A technical advocacy and software development consultancy. He has experience in application development, architecture, infrastructure, technical writing,DevOps, and IT management. MacVittie holds a B.S. in Computer Science from Northern Michigan University, and an M.S. in Computer Science from Nova Southeastern University.

@ThingsExpo Stories
DX World EXPO, LLC, a Lighthouse Point, Florida-based startup trade show producer and the creator of "DXWorldEXPO® - Digital Transformation Conference & Expo" has announced its executive management team. The team is headed by Levent Selamoglu, who has been named CEO. "Now is the time for a truly global DX event, to bring together the leading minds from the technology world in a conversation about Digital Transformation," he said in making the announcement.
"Space Monkey by Vivent Smart Home is a product that is a distributed cloud-based edge storage network. Vivent Smart Home, our parent company, is a smart home provider that places a lot of hard drives across homes in North America," explained JT Olds, Director of Engineering, and Brandon Crowfeather, Product Manager, at Vivint Smart Home, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Events announced today that Conference Guru has been named “Media Sponsor” of the 22nd International Cloud Expo, which will take place on June 5-7, 2018, at the Javits Center in New York, NY. A valuable conference experience generates new contacts, sales leads, potential strategic partners and potential investors; helps gather competitive intelligence and even provides inspiration for new products and services. Conference Guru works with conference organizers to pass great deals to gre...
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform. In his session at @ThingsExpo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and shared the must-have mindsets for removing complexity from the develop...
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering m...
"Evatronix provides design services to companies that need to integrate the IoT technology in their products but they don't necessarily have the expertise, knowledge and design team to do so," explained Adam Morawiec, VP of Business Development at Evatronix, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
To get the most out of their data, successful companies are not focusing on queries and data lakes, they are actively integrating analytics into their operations with a data-first application development approach. Real-time adjustments to improve revenues, reduce costs, or mitigate risk rely on applications that minimize latency on a variety of data sources. In his session at @BigDataExpo, Jack Norris, Senior Vice President, Data and Applications at MapR Technologies, reviewed best practices to ...
Widespread fragmentation is stalling the growth of the IIoT and making it difficult for partners to work together. The number of software platforms, apps, hardware and connectivity standards is creating paralysis among businesses that are afraid of being locked into a solution. EdgeX Foundry is unifying the community around a common IoT edge framework and an ecosystem of interoperable components.
Large industrial manufacturing organizations are adopting the agile principles of cloud software companies. The industrial manufacturing development process has not scaled over time. Now that design CAD teams are geographically distributed, centralizing their work is key. With large multi-gigabyte projects, outdated tools have stifled industrial team agility, time-to-market milestones, and impacted P&L stakeholders.
"Akvelon is a software development company and we also provide consultancy services to folks who are looking to scale or accelerate their engineering roadmaps," explained Jeremiah Mothersell, Marketing Manager at Akvelon, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"IBM is really all in on blockchain. We take a look at sort of the history of blockchain ledger technologies. It started out with bitcoin, Ethereum, and IBM evaluated these particular blockchain technologies and found they were anonymous and permissionless and that many companies were looking for permissioned blockchain," stated René Bostic, Technical VP of the IBM Cloud Unit in North America, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Conventi...
In his session at 21st Cloud Expo, Carl J. Levine, Senior Technical Evangelist for NS1, will objectively discuss how DNS is used to solve Digital Transformation challenges in large SaaS applications, CDNs, AdTech platforms, and other demanding use cases. Carl J. Levine is the Senior Technical Evangelist for NS1. A veteran of the Internet Infrastructure space, he has over a decade of experience with startups, networking protocols and Internet infrastructure, combined with the unique ability to it...
22nd International Cloud Expo, taking place June 5-7, 2018, at the Javits Center in New York City, NY, and co-located with the 1st DXWorld Expo will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud ...
"Cloud Academy is an enterprise training platform for the cloud, specifically public clouds. We offer guided learning experiences on AWS, Azure, Google Cloud and all the surrounding methodologies and technologies that you need to know and your teams need to know in order to leverage the full benefits of the cloud," explained Alex Brower, VP of Marketing at Cloud Academy, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clar...
Gemini is Yahoo’s native and search advertising platform. To ensure the quality of a complex distributed system that spans multiple products and components and across various desktop websites and mobile app and web experiences – both Yahoo owned and operated and third-party syndication (supply), with complex interaction with more than a billion users and numerous advertisers globally (demand) – it becomes imperative to automate a set of end-to-end tests 24x7 to detect bugs and regression. In th...
"MobiDev is a software development company and we do complex, custom software development for everybody from entrepreneurs to large enterprises," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Coca-Cola’s Google powered digital signage system lays the groundwork for a more valuable connection between Coke and its customers. Digital signs pair software with high-resolution displays so that a message can be changed instantly based on what the operator wants to communicate or sell. In their Day 3 Keynote at 21st Cloud Expo, Greg Chambers, Global Group Director, Digital Innovation, Coca-Cola, and Vidya Nagarajan, a Senior Product Manager at Google, discussed how from store operations and ...
"There's plenty of bandwidth out there but it's never in the right place. So what Cedexis does is uses data to work out the best pathways to get data from the origin to the person who wants to get it," explained Simon Jones, Evangelist and Head of Marketing at Cedexis, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 22nd International Cloud Expo, which will take place on June 5–7, 2018, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buye...
SYS-CON Events announced today that Telecom Reseller has been named “Media Sponsor” of SYS-CON's 22nd International Cloud Expo, which will take place on June 5-7, 2018, at the Javits Center in New York, NY. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.