The vulnerability poses the most risk inside Web-hosting facilities that offer shared instances, in which a single physical machine serves content for more than one website. Typically, such servers prevent an administrator of one site from accessing other sites or from accessing sensitive settings of the machine itself.
Read 5 remaining paragraphs | Comments
It was just 5 years ago that there was an ample dose of skepticism from investors about the viability of open source as a business model. The common thesis was that Redhat was a snowflake and that no other open source company would be significant in the software universe.
Fast forward to today and we’ve witnessed the growing excitement in the space: Redhat is being acquired by IBM for $32 billion (3x times its market cap from 2014); Mulesoft was acquired after going public for $6.5 billion; MongoDB is now worth north of $4 billion; Elastic’s IPO now values the company at $6 billion; and, through the merger of Cloudera and Hortonworks, a new company with a market cap north of $4 billion will emerge. In addition, there’s a growing cohort of impressive OSS companies working their way through the growth stages of their evolution: Confluent, HashiCorp, DataBricks, Kong, Cockroach Labs and many others. Given the relative multiples that Wall Street and private investors are assigning to these open source companies, it seems pretty clear that something special is happening.
So, why did this movement that once represented the bleeding edge of software become the hot place to be? There are a number of fundamental changes that have advanced open source businesses and their prospects in the market.
From Open Source to Open Core to SaaS
The original open source projects were not really businesses, they were revolutions against the unfair profits that closed-source software companies were reaping. Microsoft, Oracle, SAP and others were extracting monopoly-like “rents” for software, which the top developers of the time didn’t believe was world class. So, beginning with the most broadly used components of software – operating systems and databases – progressive developers collaborated, often asynchronously, to author great pieces of software. Everyone could not only see the software in the open, but through a loosely-knit governance model, they added, improved and enhanced it.
The software was originally created by and for developers, which meant that at first it wasn’t the most user-friendly. But it was performant, robust and flexible. These merits gradually percolated across the software world and, over a decade, Linux became the second most popular OS for servers (next to Windows); MySQL mirrored that feat by eating away at Oracle’s dominance.
The first entrepreneurial ventures attempted to capitalize on this adoption by offering “enterprise-grade”
The successful adoption of Linux and MySQL laid the foundation for the second generation of Open Source companies – the poster children of this generation were Cloudera and Hortonworks. These open source projects and businesses were fundamentally different from the first generation on two dimensions. First, the software was principally developed within an existing company and not by a broad, unaffiliated community (in the case of Hadoop, the software took shape within Yahoo!) . Second, these businesses were based on the model that only parts of software in the project were licensed for free, so they could charge customers for use of some of the software under a commercial license. The commercial aspects were specifically built for enterprise production use and thus easier to monetize. These companies, therefore, had the ability to capture more revenue even if the market for their product didn’t have quite as much appeal as operating systems and databases.
However, there were downsides to this second generation model of open source business. The first was that no company singularly held ‘moral authority’ over the software – and therefore the contenders competed for profits by offering increasing parts of their software for free. Second, these companies often balkanized the evolution of the software in an attempt to differentiate themselves. To make matters more difficult, these businesses were not built with a cloud service in mind. Therefore, cloud providers were able to use the open source software to create SaaS businesses of the same software base. Amazon’s EMR is a great example of this.
The latest evolution came when entrepreneurial developers grasped the business model challenges existent in the first two generations – Gen 1 and Gen 2 – of open source companies, and evolved the projects with two important elements. The first is that the open source software is now developed largely within the confines of businesses. Often, more than 90% of the lines of code in these projects are written by the employees of the company that commercialized the software. Second, these businesses offer their own software as a cloud service from very early on. In a sense, these are Open Core / Cloud service hybrid businesses with multiple pathways to monetize their product. By offering the products as SaaS, these businesses can interweave open source software with commercial software so customers no longer have to worry about which license they should be taking. Companies like Elastic, Mongo, and Confluent with services like Elastic Cloud, Confluent Cloud, and MongoDB Atlas are examples of this Gen 3. The implications of this evolution are that open source software companies now have the opportunity to become the dominant business model for software infrastructure.
The Role of the Community
While the products of these Gen 3 companies are definitely more tightly controlled by the host companies, the open source community still plays a pivotal role in the creation and development of the open source projects. For one, the community still discovers the most innovative and relevant projects. They star the projects on Github, download the software in order to try it, and evangelize what they perceive to be the better project so that others can benefit from great software. Much like how a good blog post or a tweet spreads virally, great open source software leverages network effects. It is the community that is the source of promotion for that virality.
The community also ends up effectively being the “product manager” for these projects. It asks for enhancements and improvements; it points out the shortcomings of the software. The feature requests are not in a product requirements document, but on Github, comments threads and Hacker News. And, if an open source project diligently responds to the community, it will shape itself to the features and capabilities that developers want.
The community also acts as the QA department for open source software. It will identify bugs and shortcomings in the software; test 0.x versions diligently; and give the companies feedback on what is working or what is not. The community will also reward great software with positive feedback, which will encourage broader use.
What has changed though, is that the community is not as involved as it used to be in the actual coding of the software projects. While that is a drawback relative to Gen 1 and Gen 2 companies, it is also one of the inevitable realities of the evolving business model.
Rise of the Developer
It is also important to realize the increasing importance of the developer for these open source projects. The traditional go-to-market model of closed source software targeted IT as the purchasing center of software. While IT still plays a role, the real customers of open source are the developers who often discover the software, and then download and integrate it into the prototype versions of the projects that they are working on. Once “infected”by open source software, these projects work their way through the development cycles of organizations from design, to prototyping, to development, to integration and testing, to staging, and finally to production. By the time the open source software gets to production it is rarely, if ever, displaced. Fundamentally, the software is never “sold”; it is adopted by the developers who appreciate the software more because they can see it and use it themselves rather than being subject to it based on executive decisions.
In other words, open source software permeates itself through the true experts, and makes the selection process much more grassroots than it has ever been historically. The developers basically vote with their feet. This is in stark contrast to how software has traditionally been sold.
Virtues of the Open Source Business Model
The resulting business model of an open source company looks quite different than a traditional software business. First of all, the revenue line is different. Side-by-side, a closed source software company will generally be able to charge more per unit than an open source company. Even today, customers do have some level of resistance to paying a high price per unit for software that is theoretically “free.” But, even though open source software is lower cost per unit, it makes up the total market size by leveraging the elasticity in the market. When something is cheaper, more people buy it. That’s why open source companies have such massive and rapid adoption when they achieve product-market fit.
Another great advantage of open source companies is their far more efficient and viral go-to-market motion. The first and most obvious benefit is that a user is already a “customer” before she even pays for it. Because so much of the initial adoption of open source software comes from developers organically downloading and using the software, the companies themselves can often bypass both the marketing pitch and the proof-of-concept stage of the sales cycle. The sales pitch is more along the lines of, “you already use 500 instances of our software in your environment, wouldn’t you like to upgrade to the enterprise edition and get these additional features?” This translates to much shorter sales cycles, the need for far fewer sales engineers per account executive, and much quicker payback periods of the cost of selling. In fact, in an ideal situation, open source companies can operate with favorable Account Executi
This virality allows for open source software businesses to be far more efficient than traditional software businesses from a cash consumption basis. Some of the best open source companies have been able to grow their business at triple-digit growth rates well into their life while maintaining moderate of burn rates of cash. This is hard to imagine in a traditional software company. Needless to say, less cash consumption equals less dilution for the founders.
Open Source to Freemium
One last aspect of the changing open source business that is worth elaborating on is the gradual movement from true open source to community-assisted freemium. As mentioned above, the early open source projects leveraged the community as key contributors to the software base. In addition, even for slight elements of commercially-licensed software, there was significant pushback from the community. These days the community and the customer base are much more knowledgeable about the open source business model, and there is an appreciation for the fact that open source companies deserve to have a “paywall” so that they can continue to build and innovate.
In fact, from a customer perspective the two value propositions of open source software are that you a) read the code; b) treat it as freemium. The notion of freemium is that you can basically use it for free until it’s deployed in production or in some degree of scale. Companies like Elastic and Cockroach Labs have gone as far as actually open sourcing all their software but applying a commercial license to parts of the software base. The rationale being that real enterprise customers would pay whether the software is open or closed, and they are more incentivized to use commercial software if they can actually read the code. Indeed, there is a risk that someone could read the code, modify it slightly, and fork the distribution. But in developed economies – where much of the rents exist anyway, it’s unlikely that enterprise companies will elect the copycat as a supplier.
A key enabler to this movement has been the more modern software licenses that companies have either originally embraced or migrated to over time. Mongo’s new license, as well as those of Elastic and Cockroach are good examples of these. Unlike the Apache incubated license – which was often the starting point for open source projects a decade ago, these licenses are far more business-friendly and most model open source businesses are adopting them.
When we originally penned this article on open source four years ago, we aspirationally hoped that we would see the birth of iconic open source companies. At a time where there was only one model – Redhat – we believed that there would be many more. Today, we see a healthy cohort of open source businesses, which is quite exciting. I believe we are just scratching the surface of the kind of iconic companies that we will see emerge from the open source gene pool. From one perspective, these companies valued in the billions are a testament to the power of the model. What is clear is that open source is no longer a fringe approach to software. When top companies around the world are polled, few of them intend to have their core software systems be anything but open source. And if the Fortune 5000 migrate their spend on closed source software to open source, we will see the emergence of a whole new landscape of software companies, with the leaders of this new cohort valued in the tens of billions of dollars.
Clearly, that day is not tomorrow. These open source companies will need to grow and mature and develop their products and organization in the coming decade. But the trend is undeniable and here at Index we’re honored to have been here for the early days of this journey.
I dig on my employer Oath, and then Tencent Music notes and a major loss for the NYC ecosystem and what it means for open source.
TechCrunch is experimenting with new content forms. This is a rough draft of something new – provide your feedback directly to the author (Danny at email@example.com) if you like or hate something here.
My three word Oath? I’m with stupid
It goes without saying that this piece about my employer is my work alone, doesn’t reflect management’s views, and is done under the auspices of TechCrunch’s independent editorial voice. No usage of internal information is assumed or implied.
This is a piece about TechCrunch’s parent company, formerly known as “Oath:” (okay just Oath, but who am I to flout a mandatory colon?) and now ReBranded as Verizon Media Group / Oath (See what they did there? They literally slashed Oath. Poetic).
Oath is essentially the creature of Frankenstein, a middle-school corporate alchemy experiment to fuse the properties of the companies formerly known as AOL and Yahoo into the larger behemoth known as Verizon. You can feel the terrible synergy emanating from the multiple firewalls it takes to get to our corporate resources.
Oath has a problem:* it needs to grow for Wall Street to be happy and for Verizon not to neuter it, but it has an incredible penchant for making product decisions that basically tell users to fuck off. Oath’s year over year revenues last quarter were down 6.9%, driven by extreme competition from digital ad leaders Google and Facebook.
The solution apparently? Drive page views down. If that logic doesn’t make sense, well then, maybe you should fill out a job application.
The kerfuffle is over Tumblr, which is among Oath’s most important brands, in that people actually know what it is and kind of still like it. Tumblr, which Yahoo notably acquired under Marissa Mayer back in 2013, has been something of a product orphan — one of the few true software platforms left in a world filled with editorial content like TechCrunch and HuffPost (Oath sold off Flickr earlier this year to SmugMug — which also seems to be going through its own boneheaded product decision phase).
All was well and good — well, at least quiet — in the Tumblr world until Apple pulled the plug on Tumblr’s app in the App Store a few weeks ago over claims of child porn. Now let’s be absolutely clear: child porn is abhorrent, and filtering it out of online photo sharing sites is a prime directive (and legally mandated).
But Oath has decided to do something equally obnoxious: it intends to ban anything that might be considered “adult content” starting December 17th, just in time for the holidays when purity around family gatherings is key.
In Tumblr’s policy, “Adult content primarily includes photos, videos, or GIFs that show real-life human genitals or female-presenting nipples, and any content—including photos, videos, GIFs and illustrations—that depicts sex acts.” You’ll notice the written legerdemain — “primarily” doesn’t exclude the wider world of adult-oriented content that almost invariably is going to be subsumed under this policy.
Oath is attempting to compress the content moderation engineering and testing of Facebook down to a span of a few weeks. And Facebook hasn’t even figured this one out yet, which is why people are still being murdered across the world from viral messages and memes it hosts that incite ethnic hatred and genocide.
I get the pressure from Apple. I get the safety of saying “just ban all the images” à la Renaissance pope. I get the business decision of trying to maintain Tumblr’s clean image. These points are all reasonable, but they all are just useless without Tumblr’s core and long-time users.
What flummoxes me from a product perspective is that it’s not as if banning all adult content is the singular solution to the problem. There is an entire spectrum of product, policy, legal, and product cultural ingredients that could be drawn upon. There could be more age verification, better separation of “safe for children” and “meant for adults content,” and more focus on messaging to users that moderation was meant to help the product and focus audiences rather than to puritanically filter.
Or you can just kill the photos, the somehow still loyal core user base, a safe space for expression via nudity and sexuality and, well, traffic along with it. And then you look at -6.9% growth and think: huh, I wonder if there is a connection.
Tencent Music reintroduces its IPO
Tencent Music Entertainment’s initial public offering is back in motion, two months after the company reportedly postponed it amid a global selloff. In a regulatory filing today, the company, China’s largest streaming music service, said it plans to offer 82 million American depositary shares (ADS), representing 164 million Class A ordinary shares, for between $13 to $15 each. That means the IPO will potentially raise up to $1.23 billion.
My colleague Eric Peckham wrote a deeper dive behind the lessons of Tencent Music for the broader music industry:
At its heart, Tencent Music is an interactive media company. Its business isn’t merely providing music, it’s getting people to engage around music. Given its parent company Tencent has become the leading force in global gaming—with control of League of Legends maker Riot Games and Clash of Clans maker Supercell, plus a 40 percent stake in Fortnite creator Epic Games, and role as the top mobile games publisher in China—its team is well-versed in the dynamics of in-game purchasing.
Tencent Music has staked out a very differentiated business model from Spotify, Pandora, Apple Music, etc. It has used an engagement-based product model to make live-streaming and virtual gifts huge business lines, without dealing with the product marketing logistics of subscription. Where the West always asks you to pay for access, Tencent is asking you essentially to pay to have fun and be part of an experience.
Eric asks I think a deep question: why hasn’t this model (which seems particularly obvious in music given the overall events component of that business) been back-ported from China to the Western world? He sees a world where Facebook buys Spotify (I don’t) but I think there is absolutely a gap in the market for a music platform to really own this model.
NYC loses an open-source superstar
Wes McKinney is a major open-source star and the engineer behind pandas, which is one of the fundamental Python data libraries, as well as a founding engineer of Apache Arrow, which is an in-memory data structure specification.
So it is big news that he has decided to decamp from New York City, where has has lived for ten years, to Nashville. Writing on his personal blog:
I’ve increasingly felt that open source development is at odds with the values that are driving a large portion of the corporate world, particularly in the United States. Many companies won’t fund open source work because there is no “return on investment”. This is deeply frustrating, and being surrounded by people whose actions align with profit-motive can be pretty discouraging. It’s not necessarily that people who work in NYC or SF are greedy or amorally concerned with making money. In many cases they are just responding to incentives coming from pretty low on the hierarchy of needs.
Full-time open source developers in many cases will make less money than their peers who work at Google, Facebook, Microsoft, Apple, or another major tech company. If we are to enable more people to do open source development as a full-time vocation, we need to grow supportive tech communities in places that are more affordable. (emphasis his).
I think this is a very interesting trend to watch in the coming years. It’s not just the small business and art types who want to move to lower cost locales to match their lifestyle spending to the (economic) value of their work. Software developers who want to work on more meaningful projects outside of advertising and finance will also increasingly need to consider these sorts of geographical adjustments.
From cryptocurrency millionaires in Puerto Rico to digital nomads in hotspots like Thailand, Indonesia, and Colombia, there is increasingly a view that there is a marketplace for governance, and we hold the power as consumers. Much like choosing a cereal from the breakfast department of a supermarket, highly-skilled professionals are now comparing governments online — and making clear-headed choices based on which ones are most convenient and have the greatest amenities available.
Economic migration — whether from cost-of-living, ecosystem or governance culture, or just for new horizons — is the watchword of this century. It’s a huge loss for NYC that people like McKinney can no longer find their work compatible with the city.
I am still obsessing about next-gen semiconductors. If you have thoughts there, give me a ring: firstname.lastname@example.org.
Thoughts on Articles
Imagined Communities – a major classic book of social science thought, it’s amazing how well it has held up, and the lessons it holds for us in the cyber age. Intending to write a review of it for this weekend, so expect more notes later.
Quietly, Japan has established itself as a power in the aerospace industry – I love industrial policy and national economic development, and Eric Berger has done a great job on both fronts with his dispatch in Ars Technica. Japan is roaring back into space, increasing its launch capabilities and also preparing to deploy its own GPS infrastructure. An important contextual read for those who follow SpaceX.
Why we stopped trusting elites — a compelling deep dive by William Davies in The Guardian into how populism is animated by the failures of elites. Couldn’t agree more that elites have lost significant trust over the last few decades, mostly from hubris, corruption, and outright fraud (the financial crisis being just the largest). Elites need to hold themselves to much higher standards if we want to ask our fellow citizens for their support.
What I’m reading (or at least, trying to read)
- Huge long list of articles on next-gen semiconductors. More to come shortly.