While as an open source software and company creator I highly connect to the emotional content of his response and feel the pain for Elastic when it comes to the competition by Amazon, I do agree that he does not address the factual issues at hand and uses badly the word "open" for stuff that is "shared source".
One aspect Elastic is also not directly attacked on and therefore not addressing is the choice of features that are not free and the price point. Elastic's business model is quite smart. You can easily develop on top of elastic, however once you have done it and want to go to production some key features are missing and they are not cheap. Particularly securing your cluster data is one of the features in xpack which is problematic not to have. I'm pretty sure you can search for open ports 9200 over the internet or company intranets and find unwanted unprotected data. And it's not cheap as you need to go for Gold subscription if I'm correct. I would be surprised nobody has proposed a pull request with competing code.
Elastic has and is investing a lot as open source and they do need a good business model that allows investment in the core open source code. The thing is I'm not sure it's missing here. Elastic.co is quite healthy. It's hard to know if it would be without this business model, but anyway there is little chance they would do differently given Elastic.co is VC backed. In the end the real fight is between the big money players, not about whether Elastic the software is sustainable. The reality is that given the community, it would very probably be even without the "xpack" package. Now it's not sure Elastic.co would be able to aggressively invest in both oss and non oss as much and therefore compete with Amazon.
OSS is tough. When you go for it, you should go in it for OSS, not for the company, because keeping the company at the level of the OSS success is hard both for small and big OSS projects.
You can put a reverse proxy in front of it to provide at least basic authentication measures and force HTTPS. Better than nothing at least.
But the main problem is that unsecured clusters by default have caused a lot of reputation loss to the brand. When every few months news hit about yet another unsecured Elasticsearch cluster that leaked huge amounts of data, it is getting harder and harder to explain to the less informed how that is the fault of those people who did not even bother running a reverse proxy, not the fault of Elasticsearch itself.
> and uses badly the word "open" for stuff that is "shared source".
This is my only complaint with what Redis/Elastic/Mongo et al are doing lately.
I 100% support their right to change their licensing terms. Applaud them even - I'm fascinated to see if their attempts at new business models will work out medium/long term.
Doing that and still claiming to be "open source" is wrong. It's co-opting a term that while not solidly defined, is universally understood to mean something different to what they're offering. They're lying to their users and customers.
Elastic are muddying the waters in a grey area - where you can build Apache2 licensed or Elastic's new non-FOSS licensed versions from the same download. I reckon they need to cole clean and make if very clear that they're "partially open source".
One aspect Elastic is also not directly attacked on and therefore not addressing is the choice of features that are not free and the price point. Elastic's business model is quite smart. You can easily develop on top of elastic, however once you have done it and want to go to production some key features are missing and they are not cheap. Particularly securing your cluster data is one of the features in xpack which is problematic not to have. I'm pretty sure you can search for open ports 9200 over the internet or company intranets and find unwanted unprotected data. And it's not cheap as you need to go for Gold subscription if I'm correct. I would be surprised nobody has proposed a pull request with competing code.
Elastic has and is investing a lot as open source and they do need a good business model that allows investment in the core open source code. The thing is I'm not sure it's missing here. Elastic.co is quite healthy. It's hard to know if it would be without this business model, but anyway there is little chance they would do differently given Elastic.co is VC backed. In the end the real fight is between the big money players, not about whether Elastic the software is sustainable. The reality is that given the community, it would very probably be even without the "xpack" package. Now it's not sure Elastic.co would be able to aggressively invest in both oss and non oss as much and therefore compete with Amazon.
OSS is tough. When you go for it, you should go in it for OSS, not for the company, because keeping the company at the level of the OSS success is hard both for small and big OSS projects.
Ludovic Dubost (XWiki)