I think you are very much over-valuing how much companies care about FOSS in production.
I’m not. I specifically mentioned externalising responsibility is a legitimate business strategy. I corrected the statement I made in anger and the thrust of the follow up’s point is that if you decide to go with commercially backed FOSS the possibility of a rug pull should factor into the financial prospects of whatever you’re doing in the long term.
I develop the infrastructure part of a product for a living and the product as a whole is expected to be supported by us for up to 10 years. If a vendor decides to switch up licensing half way through that lifecycle I’d be weary to continue business. VMware is a great example, they switched from perpetual to subscription after the Broadcom sale went through. We are looking at alternatives.
edit: Also, using FOSS as part of your solution doesn’t necessarily imply you have to take up it’s development. Depending on a community is also an option (although ethically I’d say it’d be nice to push improvements back).
I think both are true, it really depends on the business, and the mentality of the exec. It is extremely difficult to get software approved in my environment if it doesn’t come with some kind of vendor support.
Basically they want assurance that if something breaks, they can get someone to fix it if necessary.
Personally, I don’t think this is the best approach. Vendor support is often underwhelming, and it is not forever. The longer you want it, the more it will cost you to keep it. By the time they cash out, you’re so invested the cost to change is prohibitive.
My biggest gripe with closed source software, is the pissweak amount of peer review it gets, and it shows repeatedly. It’s disturbing that we use things as important as operating systems and security products that only get scrutinised by a small number of people. People who probably all have similar methodologies and tools at their disposal. So, you forever see CVEs because they miss simple things. We’ve actually had a vendor (who we spend millions on yearly) tell us they wouldn’t fix a 9.9 because they were planning to discontinue the product, and sign a nda.
I would love to convince my org to refit to oss, but it would be an enormous investment just to transition, and honestly… With the stuff we’re seeing on the horizon of tech, I’m expecting some wild shifts in the way we do things in a similar 10 year timeline. It’s been nice working with x86 since 8086, but it’s time.
I’m not. I specifically mentioned externalising responsibility is a legitimate business strategy. I corrected the statement I made in anger and the thrust of the follow up’s point is that if you decide to go with commercially backed FOSS the possibility of a rug pull should factor into the financial prospects of whatever you’re doing in the long term.
I develop the infrastructure part of a product for a living and the product as a whole is expected to be supported by us for up to 10 years. If a vendor decides to switch up licensing half way through that lifecycle I’d be weary to continue business. VMware is a great example, they switched from perpetual to subscription after the Broadcom sale went through. We are looking at alternatives.
edit: Also, using FOSS as part of your solution doesn’t necessarily imply you have to take up it’s development. Depending on a community is also an option (although ethically I’d say it’d be nice to push improvements back).
I think both are true, it really depends on the business, and the mentality of the exec. It is extremely difficult to get software approved in my environment if it doesn’t come with some kind of vendor support.
Basically they want assurance that if something breaks, they can get someone to fix it if necessary.
Personally, I don’t think this is the best approach. Vendor support is often underwhelming, and it is not forever. The longer you want it, the more it will cost you to keep it. By the time they cash out, you’re so invested the cost to change is prohibitive.
My biggest gripe with closed source software, is the pissweak amount of peer review it gets, and it shows repeatedly. It’s disturbing that we use things as important as operating systems and security products that only get scrutinised by a small number of people. People who probably all have similar methodologies and tools at their disposal. So, you forever see CVEs because they miss simple things. We’ve actually had a vendor (who we spend millions on yearly) tell us they wouldn’t fix a 9.9 because they were planning to discontinue the product, and sign a nda.
I would love to convince my org to refit to oss, but it would be an enormous investment just to transition, and honestly… With the stuff we’re seeing on the horizon of tech, I’m expecting some wild shifts in the way we do things in a similar 10 year timeline. It’s been nice working with x86 since 8086, but it’s time.