Adventures in Open Source

The podcast that Ethan Galstad and I did with John Willis and Michael Coté is now available.

Yes, I use a Mac. Yes, I hate freedom. Yes, I use Mail.app.

And I am a bit of a security nut.

One of the most useful pieces of software I’ve used over the years is a plug-in for Mail.app called GPGMail. It was originally written by Stéphane Corthésy and released under an open source license, and it allows one to easily decrypt, encrypt and sign GPG messages right from Mail.app.

The problem is that Apple doesn’t really have an API to make such an integration easy, so with every new release of Mail.app it would usually break the plug-in, and Stéphane was responsible to fix it.

Well, after awhile Stéphane wanted to move on to other things, and with the advent of Snow Leopard GPGMail was broken – seemingly for good.

Stéphane writes:

I’ve just read the latest emails on the list, without participating. Actually I haven’t participated to the project since a very long time, for personal reasons. Situation will not change in the future, I guess.

It’s been now 10 years since I started GPGMail. At that time we were working on Rhapsody, the ancestor of Mac OS X, the link between Mac OS 9 and Mac OS X. gpg had just gone 1.0. I started the project because it might have been a critical piece of code for us at Sen:te in the near future, and it was really fun to develop

Plugin was then made public, and received some interest in the Mac community, though it was still for geeks. Interest in PGP became bigger, the MacGPG project was born a year later, thanks to Gordon Worley. This encouraged me to go on with GPGMail development, and also MacGPG sub-projects. I spent many week-ends and nights coding for those, and have been very happy to see interest growing more and more.

Then time passed, it became hard to find people able to help on MacGPG development, and very few people were able to spend time to understand the underpinnings of (GPG)Mail, except me, unfortunately. By making the project open-source I had expected that people would come in and make the project go further. I was rather deceived by this, I must admit. There was no real momentum.

On my side, I wanted to explore also other projects, and became tired of working on GPGMail. I wanted something new. It was getting boring, I had less time to reply to user requests, and code had got very messy. GPGMail development quite stalled from that time, I spent time on it only after major system updates. I was still hoping some people would enter and help on the project in the long-term, not only for a single patch. Thus I opened up the project by putting it on SF, with a real OpenSource license that would’t prevent people from working on GPGMail.

To be honest, I waited a rather long time to upgrade to Snow Leopard specifically because GPGMail support was important to me. When Stéphane backed out of the project, the list was abuzz with people wondering about its future. Luckily, a number of people stepped up to take it over. The project launched a new website, the code and bug tracker was moved to github, and various patched versions started to come out.

Stéphane continues:

When Snow Leopard arrived, I was already spending no time on coding during spare time, and was not really willing to. Finally people entered into the dance and started coding, not only whining. And I must admit I’ve been really surprised by the results they obtained (congrats Lukas and others!). I kept telling myself I would update the project, and make a public release, when I’ll find time to, but the fact is that I cannot, for several reasons.

For so many years I’ve been hoping to find people helping me on the project in the long-term, without finding any, but now that time has come, project can fly without me. I hope there will always be enough people to take care of it. Till now, project was organized by only one person, and depended only on me. I took care of every details. It’s time to change that model and let the project be managed more flexibly. The bazaar model, as I would say.

So please, move the project out of SF, leave it opened to developers, designers, writers, aficionados of all kind. It’s no longer dependent on me, it will depend on all of you. I will close the SF project (and mailing list), and redirect the Sen:te web pages to the new site, once you completed the migration, then I’ll have a glance at the project, from time to time, probably to complain . My baby’s no longer a baby; it no longer needs me.

Thanks all for your support, and now take great care of GPGMail.

Today the team released version 1.3.0 of GPGMail, the first real release under the new model. It installed for me without incident, and I am happy that this project will live on. Thank you Stéphane and thanks to the whole GPGMail team for making this happen. Plus, none of this would have been possible if GPG itself wasn’t open source and packaged by a number of groups. Score one for the open source ecosystem.

Had GPGMail been commercial software, I would have been out of luck, but because it was open source, and that there were many who found it valuable, it lives on and propers.

Awesome.

I was wanting to take a break from Dev-Jam to put down some thoughts I’ve been having during this recent renaissance of the “open core” debate when I realized something:

Open core is dead.

At least as a business model. While I don’t expect it to go away overnight, I do expect to see very few new companies using the model and those commercial software companies that tout themselves as open source reframing their marketing to de-emphasize it.

I base this on observations of my own market. Even though searching on “open source network management” in Google returns OpenNMS as the first hit, for years the industry press omitted us from articles on open source management to focus on three VC-backed firms: Groundwork Open Source, Hyperic and Zenoss. All of these companies are what I would classify as “open core” and it is interesting to see where they are now.

Groundwork Open Source (GWOS)

This was one of the first open core companies to try and commercialize open source projects. When it started in 2004, GWOS sold commercial software “wrappers” around a number of open source projects without releasing any open source code on their own. In 2006 they started to distribute the “Groundwork Monitor Community Edition“. After four rounds of funding, they have raised $29 million (A: $3MM, B: $8.5MM, C: $12.5MM, D: $5MM) but they still come across as a company looking for a business plan. Once known for selling software licenses in excess of six figures, they now sell a “quickstart” version for $59.

Since I am pretty much known for running my mouth, people tend to contact me with their experiences with companies in this space. I received one such e-mail a few weeks ago:

Hey, I was just told that GWOS is no longer putting out a community (free) edition. I was told this by one of their support guys, was told that was the reason why they are now releasing version 6.2 while the 6.0 CE version hasn’t been updated since December. He said they were just going to quietly “let it go to the community” … Also interesting is that the $59 “quickstart” is just that, not really meant to be production, no upgrades or updates come with that, and no guarantee that you can even purchase the upgrades later

I thought this was interesting, so I did some poking around. I found an entry on their forums (which doesn’t seem to be policed for spam anymore):

Interesting, seems like all traces of the free/community version are gone from their site. Still available on sourceforge, I’d grab the latest version while it’s still there.

Not one to just publish hearsay, I sent a note to Tara Spalding, their Chief Marketing Officer, asking if the rumors of GWOS dropping support for their community edition was true, and she replied:

Thanks for reaching out. That is untrue, and the rumor mill is pretty lame.

I replied to ask her when we could expect the next community edition, but I haven’t heard back. The latest enterprise edition is 6.2, but the last community edition is 6.0. That’s pretty high number for a VC-backed firm – most have an exit between versions 3 and 4. (grin)

I was reminded of this exchange this week when I saw a GWOS ad in the Wall Street Journal (click to embiggen):

It was about 1/6th of a page, which runs around US$40K, so it must have been important to them. Note that the term “open source” does not appear at all in the ad.

So it seems, at least on the surface, that GWOS is trying to distance itself from the term “open source”. It will be interesting to see how they deal with their name. Perhaps after all that money and all that time they will find success marketing themselves as a commercial company.

Hyperic

Another open core firm that used to be referenced a lot was Hyperic. I would often use them as an example of the problems with the “feature wall” inherent in open core solutions. The difference between Hyperic and the other VC-backed companies is in the quality of the VCs. Benchmark and Accel seem to know what they are doing. Hyperic was rolled into SpringSource just before the latter company was sold to VMWare. Thus the VCs got an exit and I assume the five founders of Hyperic did okay financially.

What’s funny is that, although Hyperic products are owned and sold by a very commercial software company now, the interest we receive on the OpenNMS and Hyperic integration has actually gone up. It seems that framing the Hyperic products in the context of commercial software has actually made the buying decision easier, and the term “open source” does not appear anywhere on their home page.

Think about that – being honest and representing Hyperic software as commercial software with an open source component (versus open source software with a commercial component) has actually increased interest.

Zenoss

Zenoss has a very popular “core” product that they publish under an open source license, coupled with a variety of “enterprise” software offerings that they price per device per year. Their enterprise “silver” package is listed at $100/managed resource. Note that this is the subscription price – that is $100/resource/year. So if we take an average OpenNMS install of 2000 devices, that would run $200,000 a year, or $1,000,000 over five years.

It is really hard to argue that a Zenoss enterprise solution is any less expensive than, say, a solution using HP OpenView. In addition, most software from HP and IBM is licensed in perpetuity: i.e. once you’ve bought it you get the right to use that version forever. It would be hard for an enterprise of any size to base its management solution on something that must be renewed year after year, with no guarantee that the price will remain the same.

Now, this is a post proclaiming that open core is dead, so I’m not here to pick on the way Zenoss prices their software. What I want to examine is the usefulness of their business model. As a VC-backed firm that has raised around $25 million, I assume the desired exit would be an acquisition. But how would one evaluate them? A number of past Zenoss commercial clients have talked to us as an option to Zenoss, simply because their revenue structure is not sustainable. In addition, as part of the OpenNMS project we are targeting those enterprise features users of Zenoss find most valuable, and we plan to offer them for free. Heck, $200,000 can go a long way toward funding a lot of custom development, so a Zenoss user could spend that money once and get what they need under a truly free and open source license. Thus the value of the Zenoss commercial software has a very short shelf life, and since they have no revenue model based on their open source software, so does the value of the company.

I think investors are wising up to this. In their latest funding round the target was $5.2MM but they only raised $4.83MM. Thus it would appear that at least one of the investors pulled out of the deal at the last minute. That was a smart move.

[Note: our goal at OpenNMS is to produce the de facto network management platform, so I'm not targeting Zenoss specifically but all commercial software vendors in this space. Our free software will continue to erode the value of their commercial software. This is also not meant to be taken as an attack on anyone who uses any of the products listed here - if it works for you, great. This is more an examination of the business of open source.]

With the backlash hitting SugarCRM and NASA spurning Eucalyptus in favor of OpenStack, it seems that the market is wising up to open core and demanding more from companies that call themselves open source. With examples like Hyperic above, it seems to be in a commercial software company’s best interest to avoid referring to their offerings as open source. It looks like Groundwork is moving down that path and Hyperic is already there.

Open core is dead.

Just a quick post as I head toward OSCON.

Monty Widenius, one of the founders of MySQL, has an interesting post where he makes an attempt to define what it means to be an “open source company“. I’m happy to say that the OpenNMS Group meets that definition, but I’m not 100% sure it is complete as the requirement that an open source company is one that “produces software” does leave out a number of companies that promote and deploy open source solutions without actually writing code. But I think it is a start.

I also hate that I missed the Community Leadership Summit due to a prior (and totally enjoyable) commitment, but we were able to at least sponsor it. If this is any indication of what went on I’ll have to be sure to make the next one.

Things have been delightfully busy here at OpenNMS, and with Dev Jam coming up the level of excitement around the project is pretty high.

One of the people coming to Dev Jam, Matt Raykowski (OGP) send me a link today to a Slashdot article bringing up the “open source vs. open core” debate again, this time with respect to SugarCRM. Apparently some of the new features of the product are only available to paying customers.

I’ve been staying out of the recent resurgence in the “open core” debate (check out the 451 Group for a summary). If these fauxpen source vendors would simply call their product “open core” versus “open source” there wouldn’t be anything to talk about, but they need to market themselves as “open source” as opposed to “just another commercial software company with a great API” to get any traction.

The Slashdot article quotes Martin Schneider of SugarCRM stating “We are an open source company and it’s why we’re better than proprietary companies” which is total crap. Just being open source doesn’t make you better, but the fact that he would sum up his pitch that way just goes to show how much the term “open source” is tied to their marketing.

In contrast, take a look at OpenNMS. OpenNMS is a very powerful, flexible and scalable network management application platform that happens to be free and open source software. For many large enterprises and carriers, that makes it a better solution (especially when the alternatives charge per managed device), but for many smaller companies they’d be better off with Solarwinds’ Orion, a commercial software product, or something similar. Just being open source doesn’t automatically make OpenNMS the right choice and better than a proprietary solution for everyone.

Personally, in the case of SugarCRM, we struggled with the community edition for six months before signing up with Salesforce. For us it wasn’t a better solution even though Salesforce isn’t open.

In looking through the comments on the Slashdot article (yes, I know, I know) it seems there is some debate over if the paid version might really be open source. If it is, that seems like a really stupid business model, since if the paid version is freely distributable (a requirement of the OSI’s open source definition which I’m sticking by until someone offers a better alternative) then they could theoretically only sell it once and that person can choose to make it available to everyone. I doubt that Larry Augustin (the dark lord of open source) would do something like that since if anyone can make a buck from open core it’s him.

Anyway, in my mind Brian Prentice of Gartner put the whole open core debate to bed with his “Emperor’s New Clothes” post, so enough about that.

What I want to whine about today is two problems I continually face running a business on free and open source software, namely that pesky term “free”. If only Richard Stallman had added three more letters to coin “freedom software” my life would be so much easier.

The first issue is that when people here “free” they think cheap or not very good. In the best case they wonder “what’s the catch?” In many of our deployments we’ve replaced OpenView and Tivoli simply because they could not do what OpenNMS can, so even though it is free software that doesn’t make it any less valuable.

The second one arises when it is time to actually spend money on free software, such as with a support contract or professional services. A common deployment scenario is that a network manager or system admin needs a tool like OpenNMS. They go to their boss and ask if they can install it, and the boss asks how much it costs. When the answer is “free” they go, “Sure, knock yourself out.”

Now once the system is installed and there is a need for services or support, they go back to their boss and ask to spend some money, to which the boss says “I thought you said it was free?”

Open core is dead – the writing is on the wall – what with companies like Compiere going back to their commercial software roots and the VC market that funds it rapidly shrinking. The challenge now is to get across the value of free software coupled with commercial services in lieu of a commercial software solution, open core or not.