The notes of Justin Abrahms

Search

SearchSearch

Recently updated

TRUE cost of open source

Aug 25, 20242 min read

Open Source Summit

Suzanne Ambiel

There is a declared preference for open source. Source: The value of open source in the cloud era; andy oram, oreily media/ibm

IDC Research says “75% of modern apps include external components. External components were 40-80% of the total size.”

Open source: “Good enough for the CIA and the Vatican — at the same time!” - Brian Behlendorf.

Consumption/adoption is rising, but contribution is flat. Plausible reasons:

  • free rider (e.g. NPR)

  • tragedy of the commons (traffic congestion)

  • paradox of price (because you didnt have to pay for it, you don’t see the value; water meter) - Sacramento doesn’t have a water meter so there’s no awareness. If you can visualize it.. you can better think about it.

“Balancing makers and takers to scale and sustain open source” https://dri.es/balancing-makers-and-takers-to-scale-and-sustain-open-source

https://blogs.vmware.com/opensource/author/dawn-foster/

Risks:

  • Is the project owned by a BDFL? company? Foundation?
  • Are there adopters? (more users = lower risk)
  • Security: documented processes, how decisions are made, etc.
  • Tech debt: “the further from source (e.g. latest), the higher your technical debt and the debt compounds FAST”

If 80% of your code is open source, and you’re not inventorying your open source.. 80% is a hell of a blind spot.

“Risk” is cost in disguise.

  • needs to be paid in the future
  • unknown magnitude
  • must be paid
  • may one day be a large part of your budget

Questions:

  1. What are we using?
  2. Where are we using it?
  3. Are we complaint?
  4. Did we choose this open source with intent? Or accidental?
  5. Do we have an open source consumption strategy? Purposeful, documented choices. (OSPO can help w/ this decision framework)
  6. How close to the source are you (versions, patches, etc)?
  7. Is this a strategic choice? How do you know?
    • If yes, what sort of commitments are we making to protect that investment?

vmware keeps a list of strategically important open source projects.

Things to do as users:

  1. Identify essential/strategic open source.
  2. Read the contributor’s guide
  3. Study recent PRs & updates
  4. Introduce ourselves and say thank you.
  5. Ask how we can help.

For projects:

  1. update contrib guide
  2. make it easy (good project hospitality)
    • good communication channels (email/slack)
  3. Be explicit about asks for help
    • include tag of “good first issues”
    • publish your roadmap

Graph View

Backlinks

  • No backlinks found