Beware open source vendor lock-in

Karl Fischer, DevOps team lead, Obsidian Systems.
Karl Fischer, DevOps team lead, Obsidian Systems.

With open source having become not only mainstream but also so ubiquitous it is all but invisible, there is a real danger that open source users could find themselves in a whole new world of “open source” vendor lock-in.

That was the warning sounded by Obsidian’s Karl Fisher at the start of LinuxConf [ZA] 2019, a Linux and open source conference which marked the start of Open Source Week in South Africa this week.

Fisher took the delegates, mainly open source aficionados and developers, though a potted evolutionary history of open source  from the days when it was disparaged by Microsoft founder Bill Gates, and later his successor as CEO Steve Ballmer who infamously dubbed Linux a 'cancer'; to Microsoft’s recent, multi-billion dollar acquisition of GitHub, the world’s largest open source code hosting platform.

“We could say that ways of thinking changed over the years – and we (the open source community) won,” said Fischer, who is DevOps lead at Obsidian Systems.

However, Linux itself had changed over the years, becoming exceptionally easy to configure and use – a de facto standard and “just a thing that my apps run on”.

Linux, for example, was powering the cloud, and that, Fisher warned, was where danger lurked. There was a growing danger that open source was no longer always 'open source' in the accepted meaning of the term.

“With cloud comes Kubernetes which is widely regarded as the next big open source thing. But with Kubernetes, Linux becomes an invisible layer while Kubernetes brings a new level of potential vendor lock-in, because you never get 'just Kubernetes’ in these cloud environments. You think you are getting Linux VM in the sky, but you’re not.  You’re also getting a little bit extra such as a single sign-on, an AWS load balancer, or something like that.

“By cross-selling, vendors are making you believe you are getting value for money. But you’re not – you are just being locked into their platform because all these value-adds make it really difficult for you to switch from one cloud environment to another.”

Fisher maintained that in addition to locking users in – something that the open source movement was set up to prevent – all the value-adds also resulted in users having to pay “an exorbitant price“ for something that is not supposed to cost very much.

“That’s something that we (the open source community) who value being free and being able to move stuff around need to be aware of,” he added.

Four open source principles

Fisher offered four principles that those who continue to subscribe to the original open source philosophy should follow:

1. Establish how you would not only get your data in but also out of the cloud. Check whether the vendor uses open standards, or proprietary APIs. Determine whether you’re going to lock yourself in to the way the vendor wants to do something, or whether you will be able to try and implement something in a truly open way.

2. Pay attention to abstraction – the way in which workloads can be moved between difficult cloud environments. The key to successful abstraction is to automate as much as possible as automation allowed for movement between platforms. Learn to automate.

3. Simulate catastrophic failures. Make sure that when things break, they do so in a consistent way. This means that should one platform collapse, you are able to move to another in a seamless way.

4. Ask whether something really is open. Ask that question continuously – and ensure that claimed openness is documented.   

The three Open Source Week conferences,  LinuxConfPostgresConf and PyConZA, are on this week in Johannesburg.  

See also