[HN Gopher] CockroachDB License Change
___________________________________________________________________
CockroachDB License Change
Author : Cwizard
Score : 220 points
Date : 2024-08-15 14:05 UTC (8 hours ago)
(HTM) web link (www.cockroachlabs.com)
(TXT) w3m dump (www.cockroachlabs.com)
| ukuina wrote:
| > On November 18, 2024, we will eliminate our Core offering and
| consolidate on a single, robust CockroachDB Enterprise license
|
| That is incredibly short notice.
| arccy wrote:
| only a problem if you need to update
| kragen wrote:
| even then you've had five years notice that enshittification
| was coming: https://en.wikipedia.org/wiki/CockroachDB#History
| cvwright wrote:
| Making $10M ARR companies pay for the software that they
| use is not enshittification.
| kragen wrote:
| i mean, yes? it is? software you can't use without
| someone else's permission is obviously shittier than
| open-source software you can fork, even if you're a big
| company. perhaps _especially_ if you 're a big company.
| and software that sends telemetry to the vendor is
| obviously shittier than software that doesn't
| CyberDildonics wrote:
| i mean, no? it isn't? changing the license doesn't change
| the software? the software still works the same way?
| veggieroll wrote:
| This hasn't been my experience. After another VC-backed
| software switched licenses, we continued using an older, open
| source version licensed Apache 2. But that didn't stop their
| lawyers from trying to shake us down, claiming we were using
| the latest, enterprise version. We just showed up in their
| telemetry as using their product and they came a knockin. I
| imagine that their telemetry failed to distinguish who was
| running old FOSS from the latest proprietary one.
|
| We showed our lawyers that we were using the FOSS version.
| But, they didn't care and demanded we remove their product
| (despite being FOSS) immediately on all our systems.
|
| That was a crazy crazy week.
|
| You can say that's a problem with our lawyers. But still, who
| wants to go to court even if you know that you'll win
| eventually? It's expensive and incredibly annoying as an
| engineer to have to deal with lawyers.
| geenat wrote:
| Overall I feel like this is a step in the right direction.
|
| I do love Cockroach, but the old licensing model was pretty
| brutal if you required any enterprise features (ex: incremental
| backup).
|
| For reference, some other data stores doing "horizontal scale of
| writes" ..any others I'm missing ?
|
| * MySQL: Vitess, Planetscale, TiDB, MariaDB Spider
|
| * Postgres: Citus, YugabyteDB, YDB, Neon
|
| * SQLite: mvsqlite, marmot
|
| * Document: ScyllaDB, Cassandra, DynamoDB
| ko_pivot wrote:
| I don't believe Neon supports multiple write nodes.
| tristan957 wrote:
| It currently does not, but it's something we would like to
| eventually support.
|
| - employee
| sho wrote:
| > if you required any enterprise features
|
| For me it was the multiple regions. It's like.. with that
| disabled why are we even here? Data residency is the whole
| point...
| madduci wrote:
| The only thing I don't like is the mandatory telemetry.
| ezekg wrote:
| I don't like the fact that even free users need an annual
| license key.
| Thaxll wrote:
| Most of those solutions are not on part with Cockroach,
| Cockroach is basically Spanner usable outside of Google. So
| global transaction with cluster world wide.
| skunkworker wrote:
| Spanner is cheap in comparison depending on your storage
| requirements. I've seen CockroachDB quoted as 10x more, and
| for a product that is harder to sell to stake holders.
| riku_iki wrote:
| There are some contenders in that list: TiDB, YugabyteDB,
| YDB.
| jwr wrote:
| If what you mean by "horizontal scale of writes" is a
| distributed database, then there is FoundationDB, which is one
| of the _very_ few databases that offers strict serializability
| (see https://jepsen.io/consistency). But it isn't quite
| comparable, because it isn't an easy-to-use shiny tool, rather
| a database-building toolkit (hence the name).
| sidewndr46 wrote:
| What? FoundationDB disappeared down the memory hole whenever
| Apple acquired them.
| hansihe wrote:
| It's still open source and actively maintained by Apple,
| they use it internally.
|
| https://github.com/apple/foundationdb
| mdasen wrote:
| It is now. There were a few years where it had basically
| disappeared (2015-2018). When Apple eventually put it
| back in the open-source world, it was done with little
| fanfare so it could be easy to miss.
| jen20 wrote:
| > put it back in the open-source world
|
| Just to clarify - FoundationDB was never open source
| before 2018. Binaries were available under certain
| conditions, but no source.
| dtf wrote:
| Deno KV uses FoundationDB, for example:
|
| https://deno.com/blog/building-deno-kv
| geenat wrote:
| same guy who wrote mvsqlite btw
| ddorian43 wrote:
| It re-appeared after 10 or so years though.
| sidewndr46 wrote:
| Really, what is the reason why?
| ddorian43 wrote:
| Apple thought it would be in their best interest to
| release it.
| jwr wrote:
| Apple acquired the company in 2015 and 3 years later
| open-sourced the database.
|
| (so much misinformation in this thread, this isn't hard
| to check)
| tvink wrote:
| Free license:
|
| > Telemetry Required (excluding ephemeral clusters of 7 days or
| less)
|
| So not free, then.
|
| Is there already a popular fork?
| sigmonsays wrote:
| This is really painful, I don't want this pattern of data
| collection being common, Telemetry included.
| kragen wrote:
| it hasn't been open-source since 02019 according to
| https://en.wikipedia.org/wiki/CockroachDB#History so if there
| are popular forks they'd have to be five years old
| cvwright wrote:
| BSL code automatically converts to open source at a specified
| date. So probably several releases since then are now as open
| source as anything else in the world. And if not, then they
| will be soon - BSL allows a maximum 5 year delay.
| kragen wrote:
| that may be (i haven't read the license) but i'm not
| persuaded it's relevant
|
| if nobody forked it five years ago, they probably aren't
| going to fork it now
|
| if somebody did fork it five years ago, they probably
| aren't going to try to merge in new source code drops as
| they convert to open source
| cvwright wrote:
| Then why do you care? If nobody is going to fork it
| anyway, what's the benefit of being open source from the
| beginning?
| kragen wrote:
| i don't care that much because i don't use it, and
| evidently not much of anybody else does either, or there
| would have been a popular fork. i'm just saying that this
| is probably not a good time to expect one to pop up
| aduffy wrote:
| Yes, the popular fork is called Postgres. You can find many
| vendors who will let you run it on one node cheaply. It's also
| free to self-host.
| Thaxll wrote:
| PG is nowhere close of What Cockroach does and probably never
| will.
| mardifoufs wrote:
| In what way is postgres similar to cockroachdb? Except for
| being a database. Going by that standard you might as well
| say that Access is an alternative to postgres. Which it
| technically is but...
| notpushkin wrote:
| Cockroach marketed themselves as largely Postgres-
| compatible, so I guess there's that.
| mardifoufs wrote:
| I guess that's true, I didn't think about that. But i
| think that you'd probably not be using cockroachdb if you
| were fine with what postgres offers. Cockroach might be
| compatible, but it really isn't "comparable" in terms of
| use cases and deployment imo. I might be totally wrong
| though, I have not been following it and Postgres closely
| since some time around 2021?
| zellyn wrote:
| It's useful to use a Postgres-compatible syntax. The
| point of Cockroach was always to compete with globe-
| spanning DBs like Spanner, not with (possibly) sharded
| PG.
| geenat wrote:
| Citus gets close for many usecases but the HA story sucks:
| https://github.com/citusdata/citus/issues/7602
| candiddevmike wrote:
| CockroachDB was already under the BSL. It's interesting that
| they're further restricting it... Perhaps the BSL isn't the
| panacea folks are making it out to be.
| PaywallBuster wrote:
| at least should still cover a lot of businesses under the free
| tier
|
| > Individuals and businesses, under $10M in annual revenue, can
| use CockroachDB Enterprise for free
| mrweasel wrote:
| You just can't build anything new based on CockroachDB now,
| because the pricing for self-hosted is "Contact us". So if you
| build a product you'd need to contact them first and kinda
| guess how successful you'll be. Maybe it's fine and the license
| cost isn't a big deal, or it will completely ruin your business
| case.
|
| Plenty of us have had to deal with this scenarios before with
| Oracle. Cheap or free to get started, then your product takes
| off and Oracle shows up and starts to demand their cut. I'm not
| suggesting that Cockroach is the new Oracle, but this type of
| licensing introduces a significant uncertainty into your future
| plans.
| tschellenbach wrote:
| We will probably end up removing CockroachDB from our infra due
| to this change. It also makes me a bit worried about their long
| term viability. How much ARR does CockroachDB have and what was
| their last round valuation...?
| Cwizard wrote:
| What will you switch to? I feel like there isn't a good
| alternative.
| shadow28 wrote:
| YugabyteDB is a commonly used alternative.
| jen20 wrote:
| According to Wikipedia, Yugabyte (the company) has taken
| 290 million dollars of VC money. It's probably a safe
| assumption that they will follow the same path soon enough.
| spiffytech wrote:
| While the future is unwritten, FWIW in 2019 Yugabyte
| moved _to_ Apache 2.0, open-sourcing features that were
| previously paywalled.
|
| They wrote up their rationale here:
| https://www.yugabyte.com/blog/why-we-changed-yugabyte-db-
| lic...
| riku_iki wrote:
| This won't prevent them back to paywall in future if
| investors ask.
| largbae wrote:
| True, but unlike BSL you can fork the last Apache commit
| the day they do.
| remram wrote:
| Also has a CLA: https://cla-assistant.io/yugabyte/yugabyte-
| db
| traderj0e wrote:
| Application-level sharding?
| tschellenbach wrote:
| CockroachDB is easier to manage and more cost effective than
| Postgress due to that. But now I suspect the balance tips back
| to Postgres
| geenat wrote:
| Citus would be great if the HA story was better:
| https://github.com/citusdata/citus/issues/7602
| indoordin0saur wrote:
| What issue do you have with the changes? Sounds like it's
| mostly focused on making it more affordable for small
| operations.
| mrweasel wrote:
| Not me, but two issues I could see: Revenue over $10 million,
| but not profitable, or the license cost would be to high. We
| had that issue with support contracts Elastic tried selling
| us, way back, compared to our revenue and profit, the
| license/support contract made zero sense.
|
| Other issue: Telemetry is mandatory on the free tier and cost
| to avoid it is to high. Some industries cannot have telemetry
| enable, or at least not without a heavy amount of reviews,
| think finance or healthcare.
| purpleblue wrote:
| Were you paying for it?
| sho wrote:
| Probably a good move. I'd looked at Cockroach before for a
| project - they basically disqualified themselves from the start
| by nerfing the "core" version so bad it was useless, while
| Enterprise was some absolutely insane figure for a cash-strapped
| startup. While it was possible to hotfix the code to get around
| their restrictions - we eventually just used something else.
|
| This at least gets the full-fledged product in the door at
| startups. Say what you want about the timing or the BSL but I
| think this makes sense business-wise.
| Cwizard wrote:
| What did you use instead?
| sho wrote:
| It was a data domiciling project so just went with sharding
| in good old postgres. Cockroach would have been perfect but
| it was going to cost something like $5k/m just to turn it
| on..
| geenat wrote:
| The enterprise per core is still an insane figure, based on
| last time I interacted with sales- would be amazing if this was
| revised, too, to be more competitive with Planetscale, etc.
|
| Would be far easier to recommend CockroachDB if it were more
| competitive with Planetscale.
| dathinab wrote:
| through cash strapped startups can now use the "free"
| enterprise version until they reach 10M$ annual revenue
|
| weather it's a good idea to commit to it if you might not
| want to afford it once your revenue went up is another matter
|
| and 10M$ annually is not little but also no absurdly huge, I
| mean a ~80 person company probably will struggle to be
| profitable with that revenue (if it's 80 good paying jobs
| like software developer).
| brianwawok wrote:
| For a US startup I would divide annual revenue by aprox
| 200k for reasonable bootstrapped employee max size. So
| maybe 50 max? This is assuming standard software startup
| with most cost being employees.
| dathinab wrote:
| It's not that much different in the EU. Through due to
| higher sales/revenue tax etc. a bit less employees. Also
| the additional cost above neto salary for epmploying
| someone is higher, but AFIK (especially as a startup) you
| can get away with a paying a bit less. Through in general
| it's less viable to scam your employees by doing stuff
| like goading them with non voting shares and then
| diluting them massively before selling. Like it's still
| possible but with much more limits. So this is comparison
| is limited to ethical company operation.
| vvern wrote:
| Last time I checked, the cockroach serverless pricing model
| and free tier were cheaper than planet scale for small
| projects. IIRC, the dedicated cloud product was also cheaper
| if you kept it utilized. What's your evidence that
| planetscale is cheaper?
|
| For example, planetscale charges 3x as much per gb of storage
| if I read the pricing correctly.
| samlambert wrote:
| we charge per node and you get 3 nodes by default so it's
| not 3x it's just that you have more nodes.
| vvern wrote:
| Cockroach is also doing 3x replication of the data, so I
| don't think that's particularly relevant here. Cockroach
| serverless will dynamically scale up sql serving
| processes based on load. The storage and compute are
| separated in the cockroach architecture. My point is that
| if your query load is relatively low, cockroach
| serverless is definitely cheaper because the storage
| costs dominate. I think there's ambiguity on which
| product is cheaper for a real-world application with
| meaningful load and data size.
|
| I remain curious about the perception that cockroach is a
| meaningfully more expensive product. Where does that idea
| come from?
| skunkworker wrote:
| The last time I priced out CockroachDB it was more than 10x
| what multi region SpannerDB would cost.
| LaserToy wrote:
| That is very interesting. As CRDB user, I priced Spanner
| (had to do some estimates during load testing), and Spanner
| came 3 times more expensive includign our eng salary to run
| CRDB
| geenat wrote:
| Re: CockroachDB vs Planetscale. It's all about the price per
| core of the CockroachDB license.
|
| In my understanding, last time I talked to sales it's
| approximately 3x worse (because Planetscale offers 1 primary
| + 2 replicas) with CockroachDB you'd have to triple the
| CockroachDB license fees to even be competitive to achieve
| the same HA .... on hardware you purchase and run yourself.
| Icathian wrote:
| So the obvious question is, which big shops were using the Core
| version that ended up prompting this change? I know of one or two
| but I'm curious if there are some obvious big fish.
| turtle_heck wrote:
| Weren't Oxide using CockroachDB?
| nindalf wrote:
| Seems like. There are 5.2k hits in their codebase for
| "cockroach" (https://github.com/search?q=owner%3Aoxidecompute
| r+cockroach&...)
| ccmcarey wrote:
| Looks like those hits are because they forked it
| https://github.com/oxidecomputer/cockroach (no changes
| since then though)
| wave-trample-0h wrote:
| Doesn't this only affect companies with more than $10M in
| revenue? This change should only affect companies that are a
| going concern and are apt to remain in business.
| bcantrill wrote:
| Yes, we are -- and it's worked well for us! (The most acute
| issue we hit was actually a gnarly OS issue[0][1].) That
| said, we are not currently a Cockroach Labs customer and we
| will not be becoming one for purposes of licensing
| CockroachDB. We are abiding by the terms of the BSL, and the
| version that we are on (22.1) will be Apache licensed in May
| 2025; by that point, we will maintain our own Apache-licensed
| fork for purposes of being the database for the control plane
| included in the Oxide rack.
|
| We will be outlining our current direction in an RFD[2] that
| we will make public -- and we will also make public our RFDs
| that pertain to our selection of CockroachDB and the other
| alternatives that we evaluated; stay tuned!
|
| [0] https://www.illumos.org/issues/15254
|
| [1] https://oxide-and-
| friends.transistor.fm/episodes/a-debugging...
|
| [2] https://rfd.shared.oxide.computer/rfd/0001
| ko_pivot wrote:
| As much as this has the vibes of a classic OSS rug pull, as a
| Cockroach user, I don't really take it that way. First of all, it
| was already not open source and secondly, the free to use version
| was missing key features like follower reads and incremental
| backups.
| api wrote:
| Someone creating free software and changing the license on
| software they created isn't a "rug pull" in any sense of the
| word. You paid $0 and contributed nothing. What rug is being
| pulled?
|
| A rug pull is when you buy into something and then it's taken
| away, like when a cryptocurrency token is busted out or you
| spend money on something and then it's cancelled or nerfed.
|
| Don't like it? Write your own distributed fault tolerant
| database, or contribute an extension for Raft replication to
| the Postgres open source code base.
| warvariuc wrote:
| > You paid $0 and contributed nothing
|
| I think investing into integrating a tool into your
| infrastructure is not exactly "paying $0".
| ted_dunning wrote:
| From the standpoint of the people paying the developers of
| said software, it is _exactly_ like paying $0.
| d_watt wrote:
| I see the issue with these more as if you are paying for it,
| one of the decision factors to buy it might have been that
| you have the opportunity to go to an open source version if
| the relationship gets bad.
|
| Sole source vendors are really risky, so open source gives a
| little control back to the buyer that the vendor won't lock
| them in then screw them later (oracle).
|
| So now if you're paying for Cockroach, you're effectively on
| proprietary technology with no negotiating levers.
| ensignavenger wrote:
| It is described as a rugpull because of the marketing around
| it being open source. Coackroach however was never open
| source, it was BSL licensed. This change does appear to mean
| that old versions will no longer eventually convert to open
| source, though.
|
| Thus it would be up to the the BSL promoters and marketers to
| decide whether or not this is a rugpull. As an open source
| user and proponent, I don't really care.
| eatonphil wrote:
| > Coackroach however was never open source, it was BSL
| licensed.
|
| It used to be Apache2. :)
|
| Their blog post announcing this in 2019 happens to now 404:
|
| https://www.cockroachlabs.com/blog/oss-relicensing-
| cockroach...
|
| But see also:
| https://news.ycombinator.com/item?id=40058332.
| ensignavenger wrote:
| My bad, I was wrong then. They even still falsely claim
| on github that it is open source, too (thanks to another
| commenter for pointing that out.).
| ezekg wrote:
| Archive: https://web.archive.org/web/20190604173131/https
| ://www.cockr...
| wging wrote:
| Really does appear to be memory-holed, rather than just
| having moved. Not a good look. https://www.google.com/sea
| rch?q=site%3Acockroachlabs.com+"Co...."
| john-flu-fix wrote:
| Cockroach hasn't marketed itself as open source for years
| warvariuc wrote:
| > CockroachDB - the open source, cloud-native distributed
| SQL database.
|
| https://github.com/cockroachdb/cockroach
| ezekg wrote:
| They seem to have fixed it.
| theamk wrote:
| CockroachDB raised >$500M in funding, and a big reason for
| this was it's high number of users. That high number would be
| a lot lower if it wasn't a free software.
| scblock wrote:
| Dancing around the "so it's not open source" by not clearly
| saying "correct, it's no longer open source".
|
| "CockroachDB will remain source available under a new license"
| sounds correct but it's still sidestepping the question. And "the
| source code will still be available for viewing and
| contributions" is completely shit. Why would anyone contribute to
| a commercial product unless they're getting paid to do so.
|
| Also, the use of this kind of "evolving our" and "advancing our"
| phrasing is so incredibly gross. No one speaks like this except
| in corporate announcements.
| dymk wrote:
| > Why would anyone contribute to a commercial product unless
| they're getting paid to do so.
|
| Because they get to use it for free?
| dastbe wrote:
| > Why would anyone contribute to a commercial product unless
| they're getting paid to do so.
|
| Because they'd be getting paid to do it for their company? I
| know of a few customers who, if they could, would have their
| employees contribute minor features to AWS services to solve
| issues.
| ezekg wrote:
| > Dancing around the "so it's not open source" by not clearly
| saying "correct, it's no longer open source".
|
| CockroachDB hasn't been open source for over 5 years:
| https://web.archive.org/web/20190604173131/https://www.cockr...
| scblock wrote:
| Yet it's one of the top questions on their announcement page
| and they won't clearly answer it.
| ezekg wrote:
| Likely because most people think "source available on
| GitHub" = "open source", so they're just answering the low-
| hanging-fruit even if the question is technically
| incorrect. They don't claim to be open source anywhere, and
| I haven't seen them claiming to be open source since they
| relicensed to the BUSL over 5 years ago. I don't think
| there's malice here.
| ted_dunning wrote:
| > Why would anyone contribute to a commercial product unless
| they're getting paid to do so.
|
| Because they need a bug fix in the code as soon as possible
| without waiting for the vendor's priorities to match their own?
| AYBABTME wrote:
| I understand the goal, and the perceived abuse of the Core
| edition. But the problem with the Enterprise edition is that it's
| quite expensive, "contact us" salesy, and it feels like taking a
| bite of this edition is possibly getting into bed with a future
| Oracle/landlord type of relationship where you end up squeezed by
| your database vendor.
|
| The Core offering made this palatable, one could fallback to Core
| features if the relationship with Cockroach Labs degraded, which
| made it possible to entertain the Enterprise license since
| there's was a way to walk back from it. But now there's no such
| mitigation available. By using non-PG native features, users of
| the Enterprise edition are accepting to get in bed with Cockroach
| Labs for effectively forever (databases), a single provider that
| has no competition.
|
| I think this may backfire, as it now seems imprudent to go all in
| on Cockroach Labs. They may be nice folks today, but who knows
| who will run the place in 5y when the next round of squeeze
| comes?
|
| I wish them the best, they're a great team and I always liked the
| project and toyed with it for years, and currently am involved
| with a paid Enterprise license. But this change in the dynamics
| is really giving me pause.
|
| Getting in bed with a single vendor for an incredibly sticky tool
| comes with a _lot_ of risk. It took at least 17y for Amazon to
| get rid of its last Oracle database:
| https://aws.amazon.com/blogs/aws/migration-complete-amazons-...
| ROFISH wrote:
| Agreed. I talked with them in the past and the pricing was far
| too expensive to make it worth it.
|
| As always: "If you have to ask, you can't afford it."
| candiddevmike wrote:
| There is no abuse here. They released software under a specific
| license (BSL at that, plenty of opportunities to restrict).
| AYBABTME wrote:
| It can be construed as "abuse" if another commercial entity
| is deriving value from the core license while Cockroach Labs
| doesn't get to enjoy a "fair" share of this created value,
| while pouring its own resources into a product that enables
| this value creation.
|
| I think CR Labs needs to make money from their activities.
| However they do it, should be in a way that incentivizes a
| win-win for them and their customers. Right now I think they
| attempted to "correct" for the uncaptured value, but the game
| theory switched toward discouraging adoption (in my
| perspective). I may be wrong, probably am.
| andrewmutz wrote:
| It seems that whenever an open source project is run by a VC-
| backed company, it sooner or later ends up like this.
| Increasingly it seems that "open source" is just the teaser to
| get people interested and then when investors want revenue
| growth, the rug gets pulled.
|
| IMO, it's not really open source if its run by a company that
| will eventually use its position to squeeze its users for cash.
| candiddevmike wrote:
| Like other folks have said, anytime you see a CLA, you see
| the true intentions of the project. A project that will
| always be FOSS won't have a need for a CLA.
| _benedict wrote:
| The ASF requires a CLA for all regular contributors or
| large contributions, so I don't think this is a
| particularly good barometer.
| remram wrote:
| That's a good point. The ASF's FAQ [1] states that "All
| software developed by all projects of The Apache Software
| Foundation is freely available without charge" and that
| it "is specified in the Foundation's Articles of
| Incorporation [2]", however I see no such specification
| in the linked incorporation. Is there some actual legal
| guarantee there?
|
| [1]: https://www.apache.org/foundation/license-
| faq.html#IsItFree
|
| [2]: https://www.apache.org/foundation/records/incorporat
| or.html
| fweimer wrote:
| I think it's mentioned in this document: https://www.apac
| he.org/foundation/records/certificate.html
| remram wrote:
| Thanks!
|
| It seems a little short of the claim in their FAQ though,
| but it's something:
|
| > The purpose of the Corporation is to engage in any
| lawful act or activity [...] including the creation and
| maintenance of "open source" software distributed by the
| Corporation to the public at no charge
| ted_dunning wrote:
| I don't think that falls short.
|
| The reason for the "any lawful act" language is to allow
| the ASF to do things like run a conference, accept
| donations, sell t-shirts and other activities. If the
| statement was only "develop open-source software" there
| are all kinds of important activities that support open
| source development that would be impossible.
|
| The fact is, however, that certificates can be changed by
| the people who can vote. IN the case of the ASF, the
| members are the ones who vote. Getting those ~800 members
| to radically trash the traditional goal of the foundation
| is not going to be possible as long as the current
| membership is active.
| remram wrote:
| What I mean is that, if they made some software non-free
| alongside some free ones (to make money to finance the
| free ones, for example), that still seems valid as to the
| current certificate of incorporation.
|
| Their FAQ says "all software free no exception" and this
| document says something weaker.
| saurik wrote:
| The difference with the ASF/FSF is that they are non-
| profits with a mission statement (and, if we don't trust
| that enough--due to OpenAI, as I don't _entirely_
| understand what happened there--with clearly-mission-
| aligned board leadership) that prevent them from pulling
| the rug out from under their license. (...and, right as I
| pushed this comment, I see that someone else looked into
| it, and maybe the ASF fails to have such a clause
| anywhere ;P but hopefully it is there and just a bit
| hidden.)
| cortesoft wrote:
| Sure, but that contradicts the statement made in the
| comment they are replying to:
|
| > anytime you see a CLA, you see the true intentions of
| the project. A project that will always be FOSS won't
| have a need for a CLA.
|
| If there are conditions to the statement, it isn't
| "anytime you see a CLA".
| saurik wrote:
| Sure, but now we would need to find another epicycle for
| why giving a for-profit corporation this dangerous power
| over its licensees is safe/benign. There is, at times,
| some logic to "the exception that proves the rule".
| fweimer wrote:
| It depends on the CLA. In some countries, you cannot not
| have a CLA because there's always an implied contract.
|
| Many CLAs are just a hassle (basically, DCO that has to be
| reviewed by the legal department). But a lot are
| asymmetrical in a substantial way and the original
| developer gets to play by different rules than the rest.
| CLAs in the second category tend to be problematic.
|
| Even that is not a completely clear indicator because in
| some cases, the asymmetry is only intended to help with
| potential future relicensing in alignment with the
| project's goals, and not to enable commercialization
| (either today or at some point in the future). Some
| organizations have resisted direct commercialization of the
| code they have been entrusted with for decades, so that can
| happen even with an asymmetrical CLA.
| ziddoap wrote:
| For those of us not in-the-know about licensing acronyms.
|
| CLA = Contributor License Agreement
| kodablah wrote:
| This is not necessarily true. Sometimes it's needed to
| pivot to a better/different open source license without
| going through the pain of contacting every contributor
| ever. I have seen that pain in some projects that want to
| go from LGPL to MIT or something.
|
| For many contributors, they're ok giving full ownership of
| their contributions to a project owner on the owner's
| terms. Some contributors may not be ok with that of course,
| but it doesn't mean that every project owner has nefarious
| plans with said code ownership.
| drdaeman wrote:
| > better/different open source license
|
| And that's why "open source" is a really bad term that no
| one should use unironically, unless they want to confuse
| the hell out of people.
|
| There are protective (copyleft) licenses, and there are
| permissive licenses - and they're very different beasts.
| And it's, like, software licensing 101.
|
| > that want to go from LGPL to MIT or something
|
| I find this extremely weird.
|
| In a sane world, picking a copyleft license _must_ mean
| that you care about user freedoms and want to make sure
| they 're respected no matter what happens. Because that's
| the whole point of picking a copyleft license - not about
| letting people peek or tweak some code, not about social
| brownie points, and most certainly not about marketing
| campaigns - but about granting users their freedoms.
|
| Either people get confused about "open source" and
| pick... I don't know, whatever looks cool, without even
| understanding what they're doing; or they're giving up on
| their principles when they smell the money.
|
| I can understand wanting to go from, say, GPL to AGPL, or
| GPLv2 to GPLv3[+] - it would make sense, as it all goes
| in line of protecting freedoms. But LGPL to MIT is truly
| a weird one.
| riffraff wrote:
| (L)GPL to MIT is a choice many projects made when they
| decided they cared more about their code being used than
| about it staying free.
|
| Copyleft licenses were the default choice at some point
| in time, but then in the '10s most big projects seemed to
| pick a permissive license, and many switched.
| drdaeman wrote:
| Yea, and the point is that they really should not have
| picked LGPL in the first place. If you pick a copyleft
| license, please don't do it because it's cool - do it if
| and because you care for what it stands for.
|
| However, I thought about it and I think I can get the
| cases where monetary opportunities started to outweigh
| what's essentially are political ideals. Happens all the
| time, heh. I guess I can imagine person not being honest
| with themselves until the temptation really comes.
| Especially if it's about casual developers trying to have
| some money to live comfortably (as opposed to lowering
| their standards of living), rather than getting rich.
|
| I can only hope it's that and not a simple ignorance.
| kodablah wrote:
| > picking a copyleft license must mean that you care
| about user freedoms [...] they're giving up on their
| principles
|
| This is a personal bias and disregards others' definition
| of true do-whatever-you-want freedom. Different project
| owners may think differently on what free means and alter
| the license to respect their principles (and may consider
| copyleft to be the restrictive/anti-free mistake made
| early on based on these same kinds of personal biases).
|
| And many contributors don't really care what the project
| owner does with their code and the CLA lets them delegate
| responsibility.
| graemep wrote:
| That example is exactly why many people will not want to
| sign a CLA.
|
| Someone who is has a strong preference for copyleft
| licences may not want to contribute to a project with a
| permissive license.
|
| The intent may not be for the project owners to use the
| code in proprietary software, but it would be to allow
| someone to do so.
| kodablah wrote:
| Sure, and I think the CLA is a good signal to those that
| care about how their contribution is used to stay away.
| But for everyone else that's not concerned with that, the
| CLA is not inherently evil.
| shagie wrote:
| I wonder... if you do something with AGPL that requires
| releasing the changes back ... you don't need to sign a
| CLA to do that.
|
| _However_ that would also mean that the core project
| couldn 't accept your changes without the CLA since that
| would _also_ bind them to never switching the license or
| relicensing your contributions for an enterprise license.
|
| ... I think. My head hurts when trying to consider the
| implications for CLAs and AGPL and the endless debates
| that lawyers could have over this.
| orthecreedence wrote:
| I think that's a bit reductive. It's possible to have a CLA
| because you want to sell a non-GPL version of your app to
| some corporation that's worried about the legalities of the
| license. This is an additional revenue stream that open-
| source projects make use of, and it's not fair to say "any
| project with a CLA is selling out."
|
| There's this balance between being a project forever run
| out of someone's garage and actually growing into a larger
| and more used system. I'd say the line is dilineated by
| many factors: who is the project's primary user?
| Enterprise? Devs? How much money is changing hands? What's
| the business model? Is there investment involved? How
| restrictive is the primary license? How restrictive is the
| CLA?
|
| I think any open-source project that has aspirations to
| actually make money for the creators is shooting themselves
| in the foot without a CLA. And it's fine to judge them for
| this, but we live in a system where people have to extract
| value out of this shit even if it's against their ethos.
|
| If people truly and ultimately believe in open-source, then
| the most logical conclusion is that capitalism does not
| allow for open source and _that_ must be changed. Fighting
| things at the license level can only delay the inevitable.
| But people want to have their cake and eat it too: "I want
| the system to stay the same AND I want open-source creators
| to keep pumping out stuff for free forever."
| yawboakye wrote:
| start open/source available has become a trend among yc-
| backed startups lately. one wonders how long before a "well,
| actually, we need a business-y license."
| brianwawok wrote:
| Lately? This was cool like 12 years ago. Then you turn
| commercial once you get enough users. It's the open source
| chameleon model.
| acedTrex wrote:
| Open source and profit go together like oil and water
| JohnDeHope wrote:
| Maybe we will have to replace "open source" with "spec
| driven". As you point out, open source can be just as bad as
| closed source, given future changes in direction by the
| project team. But "spec driven" means that anybody can come
| along and compete, and you can switch to them, regardless of
| how the original developers feel about it.
| graemep wrote:
| Is it not more about who does the development?
|
| If cone entity does the development, they can change
| direction or licensing and it is hard for anyone to fork.
|
| If you have more of a bazaar form of development with many
| contributors neither is as easy (even less so if you do not
| have a CLA). Even if you have a small core team of
| developers, a really bad direction is likely to lead to a
| split.
| evantbyrne wrote:
| I think you are right to think of it in terms of who is
| doing development. The plus of a non open-source license
| is well-funded development. The downside is fewer outside
| contributions. In this specific instance, I think
| Cockroach was BSL? So, it can be forked into a community
| project where new contributions are open-source. Another
| corporation just wouldn't be able to profiteer off the
| fork directly until the changeover date.
| haolez wrote:
| Old(?) school open source with GPL licenses doesn't seem to
| suffer from this, on a first glance. Maybe Stallman was
| right. Would love to hear from someone more knowledgeable on
| this. I'm not trying to troll.
| ghshephard wrote:
| GPL is actually a great license for this scenario. The
| software advances to a particular level of development,
| inertia, market penetration - then the company that _owns_
| the software dual licenses with GPLv3 - which no company
| can risk to have on their premise, distribute, or use
| /touch, etc... - ergo you then have to pay for a commercial
| license to avoid the GPLv3 taint.
| graemep wrote:
| Why can companies not use GPL3 software? I cannot see how
| its so different from GPL 2 for companies that are users.
|
| I can see it has some disadvantages for companies
| incorporating GPL software in their products, but none
| for companies merely using GPL 3 software.
| ghshephard wrote:
| I can't say for certain _why_ they can 't use GPLv3 -
| just that no company I've ever worked for (n=4 since
| GPLv3 came out) - will allow it on premise. It's probably
| why Apple stopped updating all their GNU binaries, and
| you have to sideload stuff with brew to use anything
| released in the last 10 years.
|
| If I had to guess - The patent rights clause weirds out a
| lot of lawyers. Obviously anyone who works with hardware
| doesn't like the anti-tivoization clause. Another
| possibility is the AGPL (which _IS_ lethal for obvious
| reasons) is often conflated with GPLv3.
|
| All I know is GPLv2 is fine, GPLv3 is usually not, and
| AGPL is never possible in corporations that I've worked
| for.
| graemep wrote:
| I can see it makes sense for Apple (anti-tivoization is
| something they do not want).
|
| > I can't say for certain why they can't use GPLv3 - just
| that no company I've ever worked for (n=4 since GPLv3
| came out) - will allow it on premise
|
| So they do not allow the use of things like Bash or GNU
| coreutils? That seems quite restrictive and difficult.
| trws wrote:
| A small refinement here, your statements are largely my
| experience dealing with people _linking against_ gpl3
| software because of the vitality and the patent
| exemptions. Most places _run_ gpl3 stuff just fine. The
| one organizations won't touch with a ten foot pole, even
| to run it, is AGPL.
| omoikane wrote:
| Old school open source projects don't seem particularly
| profitable. The projects themselves might thrive, but that
| seem to rely on altruistic developers with other sources of
| income.
|
| Richard Stallman himself doesn't seem to make money from
| any software he made directly, but from various grants and
| such, for example:
|
| https://web.archive.org/web/20220123032418/http://tech.mit.
| e...
|
| I thought he was on the payroll for FSF, but his reportable
| compensation has been zero from 2002 to 2022 according to:
|
| https://www.fsf.org/about/financial
| wussboy wrote:
| > Old school open source projects don't seem particularly
| profitable.
|
| And is also subject to survivorship bias. For every OSS
| project that makes it, tens of thousands do not.
| lucianbr wrote:
| Maybe? Every day it seems clearer that Stallman is right.
| Mouse subscription? Windows displaying ads in start menu
| and recording everything you do? How many devices have
| become useless when the servers shot down, or games became
| unplayable? How many times books or songs or movies have
| disappeared from "online collections" after being paid for?
| "The right to read" seems more and more realistic as time
| passes.
|
| In my opinion, Stallman has been proven right many times
| over.
| karmakaze wrote:
| Opensource is opensource: CockroachDB Core up until Nov 24,
| 2024 is, and not afterward. Anyone who wants to fork it can
| do so. Mind you this will be a hard fork as there's no way to
| keep in sync with their enterprise product.
|
| What you say is true in that you shouldn't view a VC backed
| opensource offering as 'permanently' opensource by the same
| group.
| geenat wrote:
| Kind of... Certain extensions such as basic backups are
| closed source and have never been in the OSS version.
|
| Many things would have to be re-added from scratch in a
| fork.
| karmakaze wrote:
| I'm having trouble parsing/making sense of this. Was
| basic backup in Core? If you were running anything more
| than Core you weren't running an OSS version and had
| already crossed that line before this announcement. If
| you were running an OSS version there's nothing to add,
| just fork, no?
| gerwim wrote:
| Core only has the "full backup". Incremental and other
| types are available to enterprise. I run the Core edition
| (with full backups) for my personal projects.
| a-robinson wrote:
| "Basic" (i.e. full) backups have been included in the OSS
| version since its November 2020 release (20.2):
| https://www.cockroachlabs.com/blog/backup-restore/
|
| They are still pretty limited compared to what's in the
| enterprise version, but it's not right to say basic
| backups are closed source and have never been there.
| jen20 wrote:
| CockroachDB Core has not been offered under an OSI (i.e.
| Open Source) license since 2019 - everything subsequently
| has either been under Business Source License or the
| Cockroach Community License.
| nazka wrote:
| What happens the day where the only way to fork it
| realistically is to pay people. And I mean good people to
| even keep up? And what if on top of that the bests in the
| game are already in the corporations that you want to fork
| from?
| nsm wrote:
| Yep! I actually far prefer closed source software, made by
| non-VC funded companies, where there business is to create
| good software that actually adds value for the license I'm
| paying for. Something like Sublime Text or JetBrains.
|
| Sure <VC funded editor company> can have people spend years
| of their life working on something, but release it as open
| source because VCs are paying for it, and that leads to more
| mindshare, but it leaves a bad taste in my mouth. Similar
| reasons to not use VSCode (commoditizing the complement by
| using billions of dollars from other products).
|
| The "must be open source (I think they actually mean free as
| in $$) at all costs" crowd baffles me because the money to
| support the humans creating the software in the real world
| doesn't just magically appear.
| ElijahLynn wrote:
| I'm imagining that those closed source softwares wouldn't
| be possible without open source libraries and tools...
| pasc1878 wrote:
| I would imagine there is a lot on Windows possibly macOS.
|
| Many c/C++ libraries are not open source - even more .Net
| ones
| jaaron wrote:
| > IMO, it's not really open source if its run by a company
| that will eventually use its position to squeeze its users
| for cash.
|
| I know it's not as popular or sexy as it used to be, but the
| whole point of a foundation like Apache was to avoid these
| situations, even more than the way the Linux Foundation is
| setup. Apache _explicitly_ manages projects to avoid these
| downsides.
|
| - Single corporation ownership. Projects cannot get out of
| the Incubator unless they demonstrate a diverse and healthy
| community. That doesn't mean popular, it doesn't necessarily
| mean best-in-class, but it means that there shouldn't be just
| one entity backing a project.
|
| - Membership in Apache is _personal_ not a seat for a given
| company. If you're a committer on an Apache project and you
| move jobs, you're _still_ a committer on that project
|
| - The Foundation owns the trademarks. There have been fights
| about this in the past, but the whole idea is that the
| _community_ owns the name, so some corporation can't claim to
| be the sole or official owner by naming their company or
| product after the open source product.
|
| The core premise of the Apache Software Foundation is
| community over code, that healthy, diverse communities have a
| better chance of standing the test of time than open source
| projects backed by a single individual or company. That's the
| thesis at least.
|
| The is starkly different from several other foundations,
| notably the Linux Foundation or Eclipse Foundation which are
| modeled more around industry consortiums.
|
| Both models have their place, but I believe Apache better
| models the core values many of us feel strongly about when it
| comes to free and open source software.
| jzb wrote:
| This is one of the reasons people should hold the line for open
| source licensing for any infrastructure software: Any licensing
| scheme that forces a relationship with a single entity /
| doesn't allow for forking is open to abuse of users and
| customers at some point.
| JohnDeHope wrote:
| > They may be nice folks today, but who knows who will run the
| place in 5y when the next round of squeeze comes?
|
| The same idea applies to political questions. A politician I
| like is proposing a policy I approve of. Great! Now what
| happens in the next election cycle, when a politician I don't
| like gets to use that same power to do something I don't
| approve of? Woops.
| nickpsecurity wrote:
| We can vote for different politicians after a few years. The
| politicians can vote to remove laws that were problems.
| There's a straight-forward solution to that.
|
| Building critical features on a single, closed-standard
| database means you can't leave unless you rewrite all code
| that relied on it. The new code must integrate in the system
| well. The change must also happen without taking down the
| business.
|
| For these reasons, politicians and laws change regularly but
| companies rarely escape database lockin.
| zeeg wrote:
| You have nailed their issues - packaging and their revenue
| model. If you align this well with your target audience the
| license would have not been a problem for them. Wrote about
| this a bit here: https://cra.mr/open-source-is-not-a-business-
| model/
| wrycoder wrote:
| Well named! It is like a roach motel - once in, you can never
| leave.
| nailer wrote:
| Slightly off-topic but:
|
| > a future Oracle/landlord
|
| I don't think I've ever heard Oracle's business model described
| so accurately.
| xnx wrote:
| What are the remaining use cases for CockroachDB where there
| isn't a better/open-source alternative?
| Cwizard wrote:
| multi-master writes with serializable transactions
| sroussey wrote:
| FoundationDB
| geenat wrote:
| AFAIK more of a document store unless you use mvsqlite
|
| The architecture is ingenious, though.
| Cwizard wrote:
| Does not have a SQL API (or something similar). The record
| layer is interesting but requires your application to be
| build in Java.
| c4pt0r wrote:
| TiDB
| _joel wrote:
| Enforced telemetry for free users? That's gross.
| red_admiral wrote:
| Not only that, but according to the licence agreement, there
| are "technical countermeasures" to stop you from using the
| product if you were to block telemetry with a firewall
| (presumably it stops working if the telemetry server doesn't
| send back an acknowledgement), and "You understand and agree
| that Licensor may use and disclose personal information
| collected as part of Telemetry in accordance with Licensor's
| Privacy Policy" ... wait, what?
| michaelt wrote:
| In the closed source world it's common enough that free
| trials will be something along the lines of "we give you a
| license key tied to your name, and every time you start the
| software it calls into our license server to validate the
| license key"
|
| It's bad, but it's not unusual if you use closed-source
| software.
| ezekg wrote:
| Sure, but I'm not sure why they wouldn't just use a signed
| license file with a start- and stop-date in this case. Lots
| of companies, especially enterprises, run air-gaps and
| telemetry just won't work there. And they should know
| that... it's their target market after all...
| red_admiral wrote:
| I guess this is fine for a free _trial_, if you can host it
| in some separate firewalled-off subnet where it doesn't
| touch your real customer data.
|
| The issue here is that if you're an org with less than $10M
| turnover, you're currently on the Core plan and don't want
| to negotiate the full "Enterprise" licence (which is
| presumably priced towards larger users than you anyway),
| then you can't use the thing at all anymore unless you
| agree to telemetry and some vague disclosure of personal
| data thing that will get your lawyers in a spin (especially
| if you serve states in which GDPR applies).
|
| EDIT: oh, and PCI-DSS requirements if you want to take
| credit cards? That's going to be fun.
| sakjur wrote:
| I really hope they're more lenient than that. Having a
| database go offline because their telemetry servers are
| down, slow, or unreachable seems inconvenient.
| dzonga wrote:
| predictable and pretty good business move.
|
| these things are easy to evaluate - 1. what's your appetite in
| running infra ? low - then use the SAAS offering 2. doable - then
| use a db that has good scalable solutions in this case mysql ->
| vitess since those products don't come from a database vendor.
| mongo might qualify too
| ensignavenger wrote:
| Whats your appetite for a SaaS vendor unpredictably and without
| enough warning changing the price they are charging you, or
| pushing updates to the SaaS that break your business? Better
| get it put into the contract.
| evantbyrne wrote:
| Their target customers for self-hosting are Enterprises with
| a capital E who are used to signing multi-year software
| contracts.
| ensignavenger wrote:
| I don't know much about CockroachDB's business, so I was
| just speaking in general about SaaS products and licensing
| non-open source software.
| jauntywundrkind wrote:
| You need an enterprise that's already decided to use CockroachDB
| if your trial offer is only 30 days long. We've barely walked
| around the car & kicked the tires before that trial runs out;
| it's not respectful of the time it takes enterprises to move at
| all.
| 999900000999 wrote:
| I'm trying to figure out how this is better than Postgress ?
|
| Does it perform significantly better to justify the cost? Back in
| the day I worked heavily with databases and we always tilted
| towards open source.
| red_admiral wrote:
| CockroachDB is basically "run postgres on a cluster with more
| fault tolerance" - you can have machines (or entire
| datacenters) going down, netsplits etc. and as long as there's
| enough infra up to keep going, it will.
|
| Presumably only a small subset of postgres users really need
| this feature - and those that do, are big enough to need an
| enterprise licence.
| 999900000999 wrote:
| I'll admit I haven't worked directly in this space in a good
| while, but the whole mystery terms really rubs me the wrong
| way .
|
| For example if I have a company that provisions databases on
| behalf of my clients, is this 10 million revenue cap for my
| company, or for the clients themselves .
|
| The pricing isn't even on the website for self hosting, I
| presume it's one of those if you need to ask you can't afford
| it type situations.
|
| Plus you're locking yourself into a vendor that has no
| worries about changing its terms again later on.
|
| >Required only during the trial period. Businesses that
| cannot accommodate telemetry may contact sales to request an
| exception. Paid use does not require telemetry.
|
| From some of the industries I've worked in, this is a massive
| red flag. We don't want to give you telemetry at any point in
| our process.
| zellyn wrote:
| For most databases (like Postgres), you typically run a single
| database (per shard, possibly), and replicate changes to a live
| read-only backup as fast as possible. If the live R/W database
| fails, you quickly switch the backup to R/W, and point traffic
| there instead.
|
| Then, there's a class of databases that tries to actively
| commit across multiple geographies. You pay a cost (in terms of
| latency, and typically also $$$), but when a commit succeeds,
| it has been written durably and reliably, using some consensus
| protocol, across multiple geographies.
|
| The exemplar is probably Spanner, which uses atomic clocks to
| get very specific about time to narrow the latency gap as much
| as possible. Cockroach is broadly in the same class, although
| without atomic clocks I believe it's using network roundtrip
| measurements and/or some kind of mathematical time abstraction
| (like counters of come kind) to do the same thing. Can't ever
| be quite as fast, but you don't need atomic clocks!
|
| What's _really_ funny is when people start out choosing Spanner
| because of its global replication, then decide it's too
| expensive, and settle on regional non-replicated Spanner DBs to
| save cost. Like, that's just a database, man. (Or maybe
| something slightly above a single database, like Aurora
| replicated across Availability Zones in the same Region).
|
| Other folks can chime in, but there are a growing number of
| databases in this class. TiDB I believe is one. I _thought_
| PlanetScale was just sharded mysql (Vitess+MySQL = clever
| auto-(re-)sharding), but perhaps it does replicated writes too
| - I see it getting mentioned here a bunch.
| 999900000999 wrote:
| Assuming I need to host on prem, do any fully open source
| solutions exist for this .
|
| It really looks like every database company is trying to
| become Oracle. You want your clients to be trapped and unable
| to leave, so if you hypothetically just up the price by 30 or
| 40% upon renewal they either have to rewrite their entire
| stack, or pay the piper.
| PeterZaitsev wrote:
| Finally all Open Source pretense is dropped. CockroachDB becomes
| Enterprise+Cloud database company with a free tier, not
| dissimilar from Oracle.
|
| The revenue driver as a driver for freemium tier is interesting
| as it seems like it would require company to regularly disclose
| their revenue to CockroachDB which looks intrusive.
| bonzini wrote:
| Props for calling it source available and not hiding behind
| "you can't police the meaning of open source", though.
| jpgvm wrote:
| I actually think source available software is great. Not
| every piece of software can survive as OSS but source
| available eliminates most the downsides of closed-source
| software from a technical perspective.
|
| In my daily life I use a lot of essentially source-available
| software that I pay for. I spend like 4+ hours a day every
| day in IntelliJ IDEA etc. I don't have a problem paying for
| software, I have huge problems paying for software that I
| don't sufficiently control and/or it's closed-source nature
| affects it's ability to get it's job done - i.e anything
| mission critical where uptime and security are paramount.
| Vespasian wrote:
| I certainly agree.
|
| And it makes sense (for Enterprise "tech stack" software).
| A license violator would just crack your software anyway
| and legitimate paying users pay for it and want less
| hassle.
|
| You probably will save on some support calls if their
| engineers can take a quick look themselves.
|
| Same goes for any "secret Sauce" in the Code. Most Software
| of that Type isn't algorithmically novel enough to warrant
| drm and obfuscation.
|
| And again a serious criminal comoetitor would spend the
| money to reverse it
| ThinkBeat wrote:
| I am a great fan of scaling vertically as far sa possible on DB
| servers. These days that is pretty damn high. It avoids a lot of
| prickly edge cases.
|
| It is definitively not one solution for all. There are many cases
| where it just won't work.
|
| I would like to see more IBM Z servers being used. $$$$$$$$
| though
| ted_dunning wrote:
| It doesn't solve for required multi-region data storage. Nor
| for data center failure resilience.
|
| Scaling up is fine for a few things, but hopeless for many
| others.
| kelsey98765431 wrote:
| Another database fails to be better and ends up worse. This is
| why we use DAL agnosticism.
| cynicalsecurity wrote:
| I've never seen this database used by anyone in real life.
| traderj0e wrote:
| I'm skeptical of this kind of multi-master horizontal DBMS to
| begin with. Never used Cockroach but have used Spanner, and
| even besides the $, you pay with complexity, slowness, and
| limitations. Even the in-betweens like Citus have their issues.
| As far as I can tell, the world runs on traditional DBMSes like
| Postgres, maybe with HA. If you're big, you run multiple and
| shard at the application level. I don't think there's a better
| option yet.
|
| Btw, Spanner and Cockroach both have fully serializable
| transactions. Even single-node Postgres doesn't do that by
| default (though it can) because they didn't think the
| performance tradeoff was worthwhile. Read-committed is good
| enough.
| dilyevsky wrote:
| Is Netflix[0] real life enough?
|
| [0] - https://www.cockroachlabs.com/blog/netflix-at-
| cockroachdb/
| ezekg wrote:
| I posted it on Twitter, but I feel like revenue-based licensing
| models unnecessarily push the compliance burden onto the user.
| It's an honor system, and even they admit it [0]; even Unity, who
| also uses a revenue-based model, admits it [1]. I'd prefer
| licensing models that are able to automatically segment users
| into customers at the software-level, such as a feature-based or
| usage-based model. For example, they could segment on CPU count
| or disk size, requiring an Enterprise offering for databases or
| clusters over a certain threshold.
|
| But completely doing away with Core and requiring license keys
| even for free users [2] (which I assume is for revenue auditing
| purposes) ... I feel like that's a big step backwards. All of
| this because their Enterprise offering seemingly wasn't valuable
| enough (or from the comments -- it was too expensive).
|
| I'd of focused there, on making Enterprise more valuable or more
| accessible, instead of doing something this drastic.
|
| AFAICT, they're also doing away with BUSL and DOSP [3], which is
| a big bummer.
|
| [0]: https://techcrunch.com/2024/08/15/cockroach-labs-shakes-
| up-i...
|
| [1]:
| https://www.reddit.com/r/Unity3D/comments/82mfwh/how_could_u...
|
| [2]: https://www.cockroachlabs.com/blog/enterprise-license-
| announ...
|
| [3]: https://opensource.org/dosp
| Eumenes wrote:
| They're following the Mongo playbook
| joeblubaugh wrote:
| > Even by conservative estimates, the vast majority of the
| world's businesses will meet the eligibility requirements for the
| Enterprise Free Tier license
|
| This feels dishonest. What percentage of the world's business
| need a system like CockroachDB? Of those, what percentage are
| under 10 million in revenue?
| Nathanba wrote:
| if it were really the case that the vast majority of businesses
| doesn't need to pay then they'll just adjust it down to 1
| million in revenue
| rmoriz wrote:
| How to comply with telemetry in air-gapped environments?
| sroussey wrote:
| You don't. I assume the free version is not licensed for that
| use case.
|
| :/
| jappgar wrote:
| "Open-source" in 2024 is a synonym for "ransomware."
|
| It's still nice that I can audit the code and contribute (unpaid)
| changes, but I no longer assume anyone is acting in good faith.
| max-privatevoid wrote:
| This is why you should look for software that calls itself
| "FOSS" or "Free Software" instead. Avoid CLAs at all costs as
| well. If the software is licensed under a GPL-like license
| without a CLA and has had significant contributions from
| multiple people, this relicensing rugpull is nearly impossible.
| simonebrunozzi wrote:
| I spotted this company in their seed stage and wanted to invest.
| The founders asked us to provide names for reference checks, etc
| - a bit unusual, but we were almost done with the commitment, so
| why not?
|
| After quite a lot of work, introductions, and back and forth,
| they told us: sorry, Google Ventures is investing and we're
| kicking everyone else out, despite we expected an allocation at
| that point (50k, not very large). Not nice by them, and not nice
| by GV, but... Just another lesson learned in the epicenter of
| startup investing which is San Francisco. This was Feb 2015. Wow,
| almost 10 years ago. Time flies.
|
| I am still happy to see they've been successful at building the
| company. I loved the product from the very beginning.
| Thoreandan wrote:
| > Does this mean that CockroachDB is no longer open source?
|
| > CockroachDB will remain source available under a new license.
| While the new license is a proprietary enterprise license, the
| source code will still be available for viewing and
| contributions.
|
| The word you're looking for is "yes".
| JonChesterfield wrote:
| I'm just so shocked that VC is following the open source for a
| while then fuck you business playbook. If only there was prior
| art to warn people that this was a risk, like all the other VC
| backed software projects.
| ezekg wrote:
| I said it somewhere else, but this FAQ is likely because most
| people think "source available on GitHub" = "open source", so
| they're just answering the low-hanging-fruit even if the
| question is technically incorrect. Not everybody is aware of
| the differences between "on GitHub" vs OSS, the OSI, the FSF,
| etc.
| drdaeman wrote:
| Coming next decade: companies marketing their product as "open
| source" because they have an empty GitHub repo for issues.
| JonChesterfield wrote:
| Ensure your data is secure with our mandatory telemetry. No deal.
| jillesvangurp wrote:
| That's another company that feels like they don't want to be an
| OSS company after all. After Elastic, I pay more attention to
| contributor agreements. Basically I consider any project that
| requires transfer of copyright for OSS contributions as likely to
| change their license at some point. It's fine; I'm not against
| that sort of thing and I sometimes pay for software. But I like
| to know what I'm getting into before and I don't appreciate the
| bait and switch. It also guides decisions as to what I contribute
| to actively.
|
| I do a simple sanity check with any OSS software before using it:
|
| - Make sure there is no contributor agreement requirements. This
| is a gigantic red flag that the license can and probably will be
| changed at some point.
|
| - Make sure the license is not overly restrictive (like AGPL). I
| appreciate people have good reasons for picking this license; but
| it comes with some serious restrictions in a commercial
| environment. And like it or not, a lot of companies have active
| policies against this. Either way, I avoid anything with this
| license.
|
| - Make sure the project is actively maintained. You don't want to
| get stuck with unmaintained software. Replacing dependencies is a
| PITA.
|
| - Make sure the project is not overly dependent on VC funding.
| Startups fail all the time at which point anything they worked on
| turns into abandon ware.
|
| - Ideally, make sure the project has a healthy diverse group of
| committers. Healthy here means more than one company is involved.
| Most projects that fail one or more of the above tests usually
| aren't very healthy in this sense.
| mplanchard wrote:
| tbf I think both GNU and Linux require copyright assignment,
| and I don't think that either of those are likely to swap
| licenses any time soon
| orra wrote:
| FYI, you're right about GNU (by and large), but mistaken
| about Linux.
| ddtaylor wrote:
| GNU has contributor agreements?
| rpdillon wrote:
| Absolutely! They want to have standing in court so they
| can defend infringers, and that's materially easier to
| establish with copyright assignment agreements.
|
| https://www.gnu.org/licenses/why-assign.en.html
|
| So while I agree with other commenters that a CLA is a
| clear indication that the entity seeking to have
| copyright assigned wants to reserve the right to take
| some kind of legal action at some point (like changing
| the license), it also applies in cases where the legal
| action is benevolent rather than malevolent (like
| defending the copyright).
| mplanchard wrote:
| Whoops, you're right! I thought there was some kind of sign
| off in there. My mistake.
| jillesvangurp wrote:
| Neither of those licenses require copyright ownership
| transfer. It's what makes Linux completely bullet proof
| against license changes. You'd have to track down every
| copyright holder (everyone that contributed, even if it's
| just a 1 line change) to get their permission for re-
| licensing their contribution. Which in the case of Linux is
| literally tens of thousands of individuals and companies, if
| not more.
| arp242 wrote:
| Most GNU projects require a copyright assignment. For
| example, GNU coreutils: _" note that non trivial changes
| require copyright assignment to the FSF as detailed in the
| "Copyright Assignment" section of the Coreutils HACKING
| notes."_ (from:
| https://www.gnu.org/software/coreutils/coreutils).
|
| As far as I know, this is case for most GNU projects.
|
| Linux only requires a confirmation that you wrote the
| patch; previous poster was mistaken about that, but they
| were correct about GNU.
| znpy wrote:
| This is a trust point, though: assigning copyright to the
| free software foundation allows code to be relicensed
| under new versions of the gpl.
| shagie wrote:
| [delayed]
| jillesvangurp wrote:
| That might be true for the GNU foundation. But they don't
| actually control/host the vast majority of software
| licensed under the many GPL variants. None of the GPL
| licenses actually cover any form of copyright transfers.
| Including the AGPL. That's done via separate contributor
| agreements typically. The GNU foundation doesn't control
| the licenses either. That's a job done by the free
| software foundation. Which doesn't host any projects as
| far as I know.
|
| At this point the GNU foundation mostly just runs
| relatively small, older projects and that definitely does
| not include the linux kernel. That one has its own
| foundation called the Linux foundation. The Linux
| foundation runs many hundreds of projects and they
| operate mostly without contributor licenses as far as I
| know. And in so far they do those agreements are not
| about transferring ownership of the copyright but
| asserting ownership to ensure that the contributions
| people make are actually legal.
|
| Big corporations moving code bases under their control
| seems to be a regular thing and that includes some pretty
| high profile projects recently. And of course there are
| many more projects on Github that use one of the GPL
| licenses. The vast majority of which don't have any
| contributor license.
|
| So, I don't think I'm that wrong here at all that this is
| not that common. The previous poster seems to confuse the
| license with the GNU foundation which is a tiny subset of
| the overall GPL licensed software ecosystem.
| hollerith wrote:
| There is a Gnu Foundation, but it has nothing to do with
| computing: http://www.gnufoundation.org/who-we-are
|
| You mean the GNU Project.
| F3nd0 wrote:
| I don't think either of the comments you replied to has
| stated the opposite. They both spoke of GNU, not the
| overall GPL licensed software ecosystem.
| arp242 wrote:
| > But they don't actually control/host the vast majority
| of software licensed under the many GPL variants. None of
| the GPL licenses actually cover any form of copyright
| transfers.
|
| No one claimed this is the case. The only person
| conflating "GNU" with "GPL" is you.
|
| You said projects with copyright assignments should be
| distrusted. Someone pointed out that GNU projects require
| this, which you promptly denied, and I just wanted to
| correct the record on that. Nothing more, nothing less.
| aseipp wrote:
| No, the FSF specifically requires ownership transfer for
| GNU projects, so that they can do things like go after
| infringements in court, or relicense GNU projects to newer
| versions of the GPL unconditionally, e.g. when GPLv3 was
| released.
|
| Ironically, CLAs like the one Google and Meta use for their
| projects on GitHub do not require ownership transfer --
| only the rights to redistribute, because the prevailing
| Lawyer-brain belief is (roughly, to my understanding) that
| just _assuming_ that right from the license itself isn 't
| necessarily sound.
|
| For licenses like Apache 2.0, assignment/ownership is a
| kind of irrelevant practical distinction because entities
| can just distribute proprietary versions anyway (and
| because it's not clear if you really agree to much more
| than e.g. Apache 2.0 implies), which is the prevailing
| worry people have. Most of the people here actually want
| GPL-style copyleft licenses along with some vague idea of a
| "communal project", even if they don't know it. Because
| that's the only way to achieve the practical desired
| outcome, where your code and contributions stay open and
| are difficult to "rework" in this way. The talk about CLAs
| and all the other stuff is irrelevant; it's a matter of the
| politics and composition of the project, not the exact
| legal words in the license.
|
| > everyone that contributed, even if it's just a 1 line
| change
|
| That depends on the jurisdiction. There is a concept called
| the "threshold of originality" in the US which states
| roughly that some obvious, trivial things just can't be
| copyrighted. Typofix patches that change "form" to "from"
| aren't meaningful enough to be given copyright, so you
| literally do not need to be consulted on the matter at all.
| It is not clear that simple bugfixes fit under this
| definition either for example, because they may be obvious.
| Realistically, I'd say there are very few contributions
| that are going to fit in 1 line while being original enough
| for copyright to apply. They could also just not include
| your patch too or rewrite it, in that case, so the "1 line"
| case is pretty much meaningless in practice.
| orra wrote:
| > That's another company that feels like they don't want to be
| an OSS company after all
|
| TBH that's nothing new for Cockroach. Even back when they were
| open core, the core was so restricted it didn't include backup
| & restore.
|
| I think that may have changed, but only when they changed the
| license of the core to BSL, that is making the core non open
| source for three years.
| dilyevsky wrote:
| Correction - backup and restore was there, just not
| _incremental_ backups. Which, yes, on very large DBs = no
| backup.
| mixmastamyk wrote:
| AGPL + commercial license is a solution for keeping a project
| open while avoiding the situation where profit goes to cloud
| hosting.
|
| Is there a better solution?
| jillesvangurp wrote:
| Unfortunately you can't do commercial licenses unless you
| take full ownership of each and every source contribution.
| So, it means there is zero guarantees the project stays open.
| AGPL without that is a non starter for commercial usage.
| OutOfHere wrote:
| LGPL is friendlier for commercial use. Keep the core LGPL,
| and the enterprise version proprietary.
| bityard wrote:
| CockroachDB hasn't been an open source project in more than 5
| years.
|
| They took down the blog post (I'd be curious to know why), but
| here is the announcement:
| https://web.archive.org/web/20190604173131/https://www.cockr...
|
| What started as a neat project with a vibrant and enthusiastic
| community is now just another dull beige enterprise vendor.
| zachmu wrote:
| The BSL doesn't make it closed source, it prevents a
| competitor from running their own DBaaS business using
| Cockroach as the backend. This has happened to various open
| source projects, AWS started selling their technology and ate
| their lunch.
|
| BSL is a totally fair compromise for commercial open source
| licensing imho.
|
| If you see BSL as the first step to an announcement like
| today's, that's a fair criticism. Not sure how often that
| happens. But BSL doesn't disqualify software from being open
| source.
| tbarbugli wrote:
| https://github.com/cockroachdb/cockroach/graphs/contributors
| tristor wrote:
| I like the technology here, but at the same time I feel like
| they've been on this trajectory since the beginning. It's just
| another VC-backed company using open source for marketing,
| without any legitimate desire to actually be open source. At
| least now they've pulled the wool off of it.
| osigurdson wrote:
| I think the reality is, only exceeding common codebases (Linux
| and Postgres for example), can survive with an open source model.
| If the value created by the product is 1M times greater than the
| costs, fine, a way to support it will materialize. Otherwise,
| economics take over and people need to get paid. The fact that
| source is publicly available is largely irrelevant.
| alexvitkov wrote:
| I'm not even going to read this, we all know what it is and we
| all know it's just the first step in a long series of very shitty
| changes, expect all new development to be in the "contact us"
| tier.
|
| Ignorance was maybe excusable the first 15 times, but if you keep
| falling for corporate owned rug-pull OSS packages in 2024, you
| deserve what's coming for you.
|
| Weird databases are NFTs for startup founders. You're not too
| cool for Postgres. Use it.
| Yasuraka wrote:
| This actually moves stuff out of the "contact us" tier, where
| it used to be, and makes everything available to all.
|
| There are new hooks, but paywalling capabilities was not the
| point here.
| 999900000999 wrote:
| New hooks like disabling my database if the telemetry API
| call fails?
| ezekg wrote:
| Per their announcement, it sounds like a free user will have
| to get an annual Enterprise Free license key to use it.
|
| I'd hope that'd be automated, but could also be a "contact
| us" tier to audit revenue. Time will tell.
| zachmu wrote:
| Sometimes it's a reasonable choice to pay for software,
| especially if you're a large company that can easily afford it.
| It's not like "just using postgres" in a manner similar to
| Cockroach's capabilities is trivial, building your own solution
| also has a whole set of risks.
|
| If you're absolutely opposed to ever paying for a software
| solution, then sure, avoid commercial projects. I'm happy to
| spend my (company's) money on useful software.
| vdfs wrote:
| Without marketing bs, what's something that can be done only
| with Cockroach and not postgres or other truly-OSS
| alternatives? I'm curios because I've been reading news about
| it forever but never had the chance to work with it
| vvern wrote:
| Transactional workloads over datasets in the single digit
| petabytes.
| zachmu wrote:
| Think of it as a replacement for spanner with a postgres
| frontend. It's about global availability and replication
| without application-level sharding.
| stickfigure wrote:
| Maybe not cool, but you can, in fact, be both too big and too
| geographically distributed for Postgres.
| pianoben wrote:
| Wow, what a rug-pull! Good luck to Cockroach Labs, but I doubt
| their product is entrenched-enough to make this strategy
| sustainable - it's going to _kill_ growth.
| mehulashah wrote:
| It seems a shame that to grow, companies are backing away from
| the vector that got them there: open source.
|
| I agree that current cloud providers are gaining more benefit
| from open source than they're putting in. So, it seems logical
| that the main developers want to recapture some of that.
|
| On the other hand, open source is supposed to help build a bigger
| pie. If the pie gets bigger faster (i.e. more people using
| CockroachDB) then is the recapture worth it?
|
| It seems the smaller companies think so. But, I don't know of a
| solid analysis that shows this to be true.
| GiorgioG wrote:
| Yeah no thanks, I'll stick with Postgres
| dilyevsky wrote:
| Anyone here migrated to TiDB from cockroach and can share
| experience? Asking for a friend...
| geenat wrote:
| It's a lot more moving parts unfortunately and the TiDB team
| has historically little interest in fixing that.
| dilyevsky wrote:
| Single binary is for sure preferable but given that they have
| k8s operator shouldn't be too bad? CRDB also had its faults -
| their CDC to kafka had terrible reliability even on
| enterprise versions.
| c4pt0r wrote:
| TiDB CTO here, I think that a clear boundary between
| components is beneficial for the maintainability of a
| distributed systems like TiDB, and automated deployment tools
| like `tiup`(https://tiup.io) and the Operator of Kubernetes
| shield end-users from this complexity in order to maintain
| best practices in deployment. While still providing enough
| debugging details for advanced users.
| steeeeeve wrote:
| I'm really not a big fan of holding backups and DR behind
| licensing. That's base level functionality. That and row level
| security, but at least with row level, I get that there has been
| a lot of time and energy expended on that feature.
|
| Cluster optimization, and enhanced security sure. And responsive
| support, absolutely.
| paxys wrote:
| The ability to turn off telemetry collection is missing from
| the free version as well. No thanks.
| paxys wrote:
| I get wanting large companies and cloud providers to pay, but
| mandatory telemetry collection in the self-hosted version of the
| product is an absolute non starter.
| purpleblue wrote:
| I guess I don't get it. CockroachDB is decidedly an enterprise
| product. There's no need for even a medium sized company to
| require distributed database the likes of CockroachDB. If you're
| a small company using it, you're just using it for fun, and
| you're probably not paying.
|
| If you're using it and paying for it, then this doesn't seem like
| a problem. If you're not using it, then it shouldn't matter. If
| you're using it but not paying for it, then maybe it's okay that
| you have to start paying for it.
| victorbjorklund wrote:
| another open source project has died. At least we will always
| have Postgres.
| znpy wrote:
| Friendly reminder that if you contributed code but signed a
| contribution agreement (which assigns copyright on the code
| contribution to cockroachlabs) you've got nothing to complain
| about.
|
| Never sign contributions agreement: it will be used against you
| when the license inevitably get changed.
| OptionOfT wrote:
| WRT CockroachDB Enterprise Free's telemetry requirement:
|
| > Required (excluding ephemeral clusters of 7 days or less)
|
| Does that mean the cluster will stop working when it can no
| longer report?
| timenova wrote:
| I'm guessing the Required Telemetry thing is gonna cause a
| technical/security problem too. Most production databases would
| be running in private isolated networks with no inbound or
| outbound internet access on the VMs, and because of this
| requirement, they'll have to open outbound access to at least
| Cockroach's IPs.
| djaouen wrote:
| Thank God I stuck with Postgres lol
| rnavi wrote:
| Amidst the frequent noise - its hard to notice that even the most
| stringent of OSS licenses like AGPL was written way back in 2002!
| Cloud was not even in the picture. Since then, ever growing cloud
| players have been playing the 'state' role and misusing OSS as
| 'religion' heavily affecting infra OSS products or companies.
| th3w3bmast3r wrote:
| Yup - another "Contact Us" for pricing. God forbid if your
| business grows more than 10 Million ARR and now you owe them
| undisclosed amount of money.
___________________________________________________________________
(page generated 2024-08-15 23:01 UTC)