The Blog

Elastic Throws in the Towel on Open Source, Chooses SSPL

Calendar Icon 02.03.2021
aws-section-divider aws-section-divider

Recently, Shay Banon, the founder and CEO of Elastic NV, wrote a series of posts about the upcoming license change to Elasticsearch from Apache 2 to the Server Side Public License (SSPL).

The posts were so opaque that Shay added another post clarifying what the new license change is all about. It’s a very clear “Screw You, AWS.” Let’s break this down a little further.

AWS makes more money on Elasticsearch than Elastic does

In the first post, Elastic claims the license change “protects our continued investment in developing products that we distribute for free and in the open by restricting cloud service providers from offering Elasticsearch and Kibana as a service without contributing back” (emphasis mine).

But what does “contributing back” mean? It surely doesn’t mean “contributing code,” as AWS had done exactly that. And AWS is not the only company upset with this sudden shift. Logz.io, which has been offering hosted ELK since 2014, also expressed their concerns with the license change. Just two days later, Logz.io stated their commitment to working with AWS and many other companies on a single offering.

I think what Shay really means is “someone else is making more money than us and that makes us mad.”

And sure, it’s easy to hate on Amazon. Some might say it’s even fashionable to take a principled stand against the “big bad behemoth.” AWS certainly takes a share of the blame here, since they should have never used the Elasticsearch trademark when offering their service. It brings endless confusion into the marketplace that is still pervasive today.

Elastic Throws in the Towel on Open Source, Chooses SSPL

Elastic shouldn’t have to defend its own trademark

In a perfect world, a company wouldn’t be required to spend time and money fighting and defending their trademark. But we don’t live in a perfect world. If you want to retain your trademarks, you need to enforce them. Adam Jacob, the founder of Chef, has pointed this out on Twitter:

At a previous startup I worked at, we had a name that was just barely close to a competitor’s, and the competitor quickly sent notice to enforce their trademark. Rather than fight it, our founders just picked a new name and moved on.

But that’s the problem here: Elastic didn’t have many complaints in 2015 when Amazon Elasticsearch came out, and that’s a problem for them now. Pamela Chestek, trademark lawyer and OSI Board Member, made the point well:

At the time AWS released Amazon Elasticsearch, Elastic had raised about $100 million in VC funding after only a few years of being in business. They were the hottest-growing startup. Their brand was already popular with folks in the tech community, and Amazon undoubtedly introduced Elasticsearch to a much wider audience with their hosted offering.

Why didn’t Elastic stop them in their tracks and declare this an abusive use of the Elastic trademark? I don’t for one second believe that Elastic was “just this small company unable to fight their trademark.” Do you know how many lawyers you need to even raise a hundred million dollars?

Consider instead, as many open source-backed startups often do, that Elastic thought “any press is good press” and they could convert a bunch of those Amazon Elasticsearch users to paid Elastic customers. So, instead of fighting the trademark, what if they could capitalize on all the free marketing that AWS was going to provide?

Except it didn’t quite work out for Elastic that way. Only now—when the pressure is on to return value to their shareholders—do they suddenly cry foul that AWS is this big bad company that takes and takes and never gives back. AWS is a bully, but Elastic changing its licensing is not going to stop that.

Elastic is taking their ball and going home

My beef with Elastic is they’re changing their license to go closed-source with the SSPL after taking advantage of all of the benefits that Apache 2 licensing afforded them and watching someone else be more successful at building a business around it than they did.

Elastic received millions of dollars in free engineering effort, QA testing, and load testing thanks to some of the biggest companies using their software. They got a huge technical community and all the free marketing that goes along with it. Some of their greatest features—like Kibana and Logstash—were all built by the community and later incorporated into Elastic.

A decade ago, I worked at a company that was one of the earliest users of Elasticsearch. Shay Banon personally consulted with us for about a year as we migrated petabytes of data into a very early version of Elasticsearch. At one point, we had four of the top five contributors working with us (who all later went on to work at Elastic). I remember being on a Skype call working out why we were having split brain issues under high load, which ultimately led to the creation of Dedicated Masters. Our larger clusters took hours to restart and reallocate shards because recovery would begin before all the nodes were running; this led to the recoverafterdata_nodes functionality.

My employer was just one example of this sort of thing. Over the years, Elastic benefitted from hundreds if not thousands of companies accelerating their research and development. In the end, they thanked their community and benefactors for their decade of service by changing to a proprietary license which many companies will disallow contribution to and usage of.

SSPL is not an open source license

I’ll say this upfront: I am not an expert on open source licensing. Instead, I’ll defer to experts like VM Brasseur, who explains the risks of the SSPL.

Simply put, the SSPL is not an open source license. As the OSI Board of Directors states: “It’s deception, plain and simple, to claim that the software has all the benefits and promises of open source when it does not.”

All those businesses that have invested in Elasticsearch by running it, testing it, reporting bugs, and in many cases contributing back code are now being held hostage and left with a choice: Do they update their clusters for the latest security fixes and potentially taint the rest of their code or do they pay the ransom to keep their existing solution and thus become an Elastic customer?

We’ve seen this story play out when companies, accidentally or otherwise, link GPLv3 (another reciprocal license) into a software product. For years, the standard question a company would get pre-acquisition was this: “Do you run any GPLv3 code in your product?” Legal teams had determined that GPLv3 code is too risky to businesses. I’ve personally seen corporate acquisitions fail when GPLv3 code is too deeply embedded in a service offering. Expect to hear similar questions from your legal departments regarding SSPL-licenced code in the future.

The worst part? SSPL doesn’t solve Elastic’s problem

Changing the license will do nothing to stop Amazon from continuing to make money on Amazon Elasticsearch. Amazon saw the potential for a license change coming nearly two years when they released Open Distro for Elasticsearch.

If anything, companies who are currently self-hosting Elasticsearch on EC2 are going to be more inclined to migrate their workload to Amazon Elasticsearch to continue receiving security updates. Many companies who were big contributors of Elasticsearch are going to be having blunt conversations with their legal teams, and it’s going to end with less users of Elasticsearch and a smaller community of contributors.

We all make bad decisions in high school

As it turns out, Elastic made some poor choices in their youth that they are paying for dearly today. Elastic could have easily beaten AWS. When Amazon Elasticsearch first came out, it was pretty terrible. It took many years to stabilize and improve for wide usage. Elastic could have enforced their trademark early on without any trouble. If they did, Elastic would have been the only place to get Elasticsearch. “Get Elasticsearch from the creators of Elasticsearch!” That marketing copy writes itself. But instead, they ceded the high ground and they let AWS and countless other companies release hosted Elasticsearch offerings.

At the end of the day, I’m not mad at Elastic. I’m just disappointed to see a founder—who has personally made more than a billion dollars on the backs of open source contributors and the wide adoption that the Apache 2 licensing provided—close the door on all the contributors that got him and his company to where they are today.

I understand that as the person in charge of the business, Shay must take steps that protect Elastic’s shareholders and grow the business. But open source is not a business model, and changing your software licencing is not a solution to an incoherent product strategy.

Elastic, consider for a moment that maybe Amazon isn’t killing your business; you just suck at it.

aws-section-divider