#OpenSource: Trust vs. Usage

When I published my article about open-source and the way I see it as an ecosystem, I received some – very welcome and critical – feedback from a very valued Microsoft employee and architect, who rightfully pointed out, that Microsoft is among the biggest contributors to open-source frameworks and -foundations – and still I don’t trusted them.

He is absolutely right in his analysis: I don’t trust the company and most of its products.

Let me explain that.

First, I have some history with Microsoft. I have been Microsoft Most Valuable Professional for ASP and ASP.NET for several years in a row a decade ago. And I am very, very thankful for this – I got to know many very talented and experienced people, great products, loved the atmosphere and the cultural diversity at Microsoft. I still do, at least in regard to most of the aspects I just pointed out (subtract the products, which is what I am going to explain here). Later, I was working with a small group of awesome, smart and talented people in regard to Windows Phone and Windows Mobile – I was teaching on behalf of Microsoft, wrote several very successful applications for the platform and truly loved all of this. And I still do. I even considered several times joining them as Evangelist and Architect.

I lay that out to make clear that I am by no means a hater or a disappointed fan boy or something similar. I truly love many aspects of Microsoft, I have the fullest and most honest respect for many of its employees and from a technical perspective I can understand a lot of excellence within their products (and some of the excellence is way beyond my level, to be honest).

But: I don’t trust Microsoft.

And the reason for this is: They are not an open-source company. Their products are mostly closed source. Their platforms are closed source. Azure is closed source. And their business practices are embracing closed- and proprietary source ecosystems over open-source ecosystems.

It is absolutely true and needs to be acknowledged that Microsoft is amongst the biggest contributors to open-source ecosystems. And they even open-sourced many of their own products. Thank your for this, Microsoft!

But: I don’t trust Microsoft.

My point is this: Regardless of how much valuable and excellent work you put into open-source technologies – it does not increase the trustworthiness of a proprietary environment or a proprietary ecosystem. Because it is not completely transparent. It is not completely open. There are substantial blind spots in the software and the ecosystem.

Take a picture: If you add layers of glass (open-source glass for the matter :-)) to each other, it stays transparent. But just one layer of – say – concrete or wood in between makes the whole transparent stack in-transparent. You won’t be able to see through all the layers. And that is enough, because you don’t see what is going on with that stack of glass.

Transfer this picture onto a cloud-environment, and it immediately becomes apparent: How are you supposed to trust this environment, if it is not transparently laid out? What do you trust more: The words of the people who built it, revisors and auditors? Or a community of experts, who constantly review and audit?

To me, the answer would be obvious: I would trust the community of experts (plus additional auditors and reviewers). And that is regardless of the awesome quality, the overwhelming quantity and the sum of funding that is put into open-source projects, because – again – it is a matter of trust.

What does that imply for Cloudical’s offerings?

Good question! Thanks for asking!

The same measurements need to be applied here! If we ever create a software stack (and you could bet it would be a Vanilla software stack), we would need to open-source it. Without discussion and dispute. It would be a matter of trust!

Actually, the foundation behind our Managed PaaS– and Managed SaaS-service-offerings is an open-source software-stack. It consists of SUSE-products, such as CaaSP (Kubernetes) and CAP (Cloud Foundry), plus additional scripts and tools required to roll it out and to operate it.

Although we are speaking of a service on a platform stack everyone can easily roll out on its own (well, actually, no, there is a LOT of effort and a TON of knowledge in it), we will open-source it, within the next two to three months. Because we are committed to this kind of thinking, to transparency, trustworthiness and open-source.

Thanks again for asking. And thanks for commenting – and being critical on this and with me.

And yes, I still love Microsoft. 😉

#OpenSource is the way to go!

There are several reasons for this, but seeing my LinkedIn-timeline flowing over with proprietary software- and infrastructure-stack-related news, I feel I should point out some crucial points for open-source:

Open. Source.

The source is open – you can actually see, what is happening! This gives you something which you won’t get with proprietary software and ecosystems: Trust!

Trust

Trust is not only what you need in times where more and more workloads are sourced out into public cloud- and hyperscaler-environments, it is a strategic asset! Trust needs to be at the center of your actions, but there is another aspect being strongly related to that: Security!

Security

With open-source software, literally everyone can check the source code and find security issues. Yes, it might be painful and it feels better with proprietary software, since their security issues are handled way more silent – but this is security-by-obscurity! Just because security issues are not that well-known, it does not mean they don’t exist. Instead, there is a higher chance for them to be exploited, since there is no sense of danger. Open-source-projects fix their security issues regularly and often – proprietary software vendors might not do this. This leads to another important aspect of open-source: Support.

Support

With open-source projects and solutions, you get an awesome level of support if you dare to ask. Yes, the tone might be sometimes a bit … nerdy, and yes, there are no SLAs, but this then again is where you can rely on professional vendors such as Cloudical, providing you with SLAs, professional support and managed services. The advantage of those vendors give you over proprietary software vendors is quite important: They are independent of a specific (proprietary) software stack! So they give you support and consultancy, but in an unbiased and open way.

If you compare this to vendors of proprietary software, they usually want to sell you their products – which might not be what you want. The open-source ecosystem provides you with many vendor-neutral frameworks and solutions – and you find a lot of skilled experts for your operational needs. And even if not (or if it would not be enough to hire those experts) – there are several very affordable and well-executed managed service offerings in place!

Managed Services

Since experts, specifically cloud infrastructure- and software-experts, are a rare things nowadays, there is a huge struggle for finding and hiring the brightest minds. Nonetheless, you need the know-how and knowledge to run your infrastructures and workloads – regardless of the cloud environment and regardless of the workloads you are throwing at them. Managed Services for open-source ecosystems are platform- and vendor-agnostic, so they can work on every cloud and on every platform.

Since the required knowledge is reusable and (mostly) independent of the platform, it will give you peace of mind and sustainability in regard to operations. This would be more complicated with vendor-specific software and infrastructure-stacks, since they are way more limited in regard to their usage and usability scenarios. Another aspect of open-source projects is that they are usually widely adopted and utilized – in their original, vanilla form.

Vanilla

The foundation of products such as Red Hat OpenShift, SUSE CaaSP or Rancher K3S is Vanilla Kubernetes. The foundation of Red Hat Open Stack or Mirantis Open Stack is Vanilla Open Stack. The foundation of Pivotal Cloud Foundry or SUSE Cloud Application Platform is Vanilla Cloud Foundry.

And the good thing is: All the things you or your partners know from vanilla projects apply to the commercial distributions. With open-source projects, knowledge is transferrable between distributions, knowledge is shareable – and knowledge can be achieved without expensive certification trails (although some very useful certificate trails exist). And: Knowledge is shared within a community. It is understood as an asset, not something someone owns (because it was so expensive to gain). Community stands at the center of open-source.

Community

With community, open-source starts and with it, the circle closes: Without a community of enthusiasts, interested industry partners and supporting foundations, open-source would be not even half as appealing, as it is. Open-source is for a very long time matured, processes and governance exist for dozens of years, and even companies such as Microsoft, Oracle, SAP or Amazon contribute to open-source. They form a community, big foundations support and steer the process and create the sustainability in the projects they chose to sponsor.

Open-source is all about openness, trust, security, support, managed services, vanilla and community. And this combination of factors make open-source a strategic aspect and a strategic factor in organization’s sustainability. With open-source, you decide against vendor-locks and golden cages, surpressed issues and horrendous prices. Open-source is trustworthy, cost-effective and driven by intelligence, not by greed.

What does this imply for Cloudical?

Well, with Cloudical we already decided to set more on open-source toolstacks. We decided to move away from Microsoft 365 and Google-GSuite-based approaches. We decided for an open-source CRM-system. We integrate them, we operate them, we trust them.

We are currently setting up, integrating, automating and starting to operate our own open-source ecosystem – and we will make this stack (i.e. Rocket Chat, Keycloak, Harbour, etc.) available to our customers as managed solution and service.

We already offer awesome consultancy and managed services, and we will step up the game later this year. There will be way more offerings from Cloudical, and we will broaden our support for the open-source ecosystem – so stay tuned on that!

What does this imply for me?

For me, personally, this implies way more usage of these technologies. I need to learn and adjust, even if it implies leaving well-known and comfortable ecosystems. But I feel it is worth it, because to me, trustworthiness, privacy and security are more worth than “just” comfort.

To me, it is worth every effort. I personally don’t trust Microsoft, Google or Amazon. I don’t want to be spied upon, don’t want to be bombarded with advertising and don’t want my profile to be sold to some random company. I don’t want my data and my workloads to run within environments we don’t trust (and we can not trust them, because it is their proprietary ecosystem!). I want to support alternatives, I don’t want this world to end with some dominating companies – I want freedom of choice, trust and security.

So to me personally, there is no alternative to this positioning and to this approach.