[candiddevmike]

> * Boundary is free and open source. Similar to when we built Vault, we feel like the solution-space for identity-based security is too commercialized. We want to provide access to this type of security to a broader set of people because we feel it's the right way to think about access control. Note: of course as as a company we plan on commercializing Boundary at some point, but we'll do this similarly to Vault, the major featureset of Boundary will remain free and open source forever.

I hate this corporate speak. You're breaking into the space by giving away (basic, as you will commercialize any advanced) features under the guise of open source altruism. The products HashiCorp sells are open core, and you should be more honest about it (GitLab is!). I wish you operated more like other, real, open source companies that use subscriptions or managed service offerings and don't lock features behind various obscure pricing tiers. This is Shareware 2.0.

The difference between what HashiCorp does and what a real open source company like Rancher does is stark: HashiCorp has products, Rancher builds communities. Contributors to HashiCorps stuff have to play in a very specific sandbox, lest they implement lucrative features. Contributors to Rancher help the community at large and have full visibility into the codebase, empowering them to fix or add functionality without restrictions.

[mitchellh]

I'm sorry, I'm not trying to use any doublespeak here.

Boundary is free and open source. There is no corporate speak here. It is FOSS licensed (MPL2) and everything announced today is completely FOSS.

We do sell open core software and if there is any place where you feel we aren't being honest about that please let me know and I'll work to address that. I added that "NOTE" at the end of the point specifically to ensure I was being honest and show I wasn't trying to hide anything.

We are also starting to offer managed services for folks who prefer to consume our software that way. The managed service offerings do unlock the typically enterprise features. Example: https://www.hashicorp.com/blog/hcp-consul-public-beta

[save_ferris]

> I wish you operated more like other, real, open source companies that use subscriptions or managed service offerings and don't lock features behind various obscure pricing tiers.

"I want all of the functionality I want without having to pay for it." I hate how discussions around software businesses so often descend into purity tests around how much a company chooses to give away. Software is indeed eating the world, but the eternal battle of who has to pay for the underlying tools of said software continues.

[tpetry]

The problem is not not wanting to pay for software. Hashicorp enterprise products have very interesting features which the open source code is lacking (e.g. nomad namespacing) but they are insanely expensive so you are forced to use the open source versions as the enterprise versions are targeted at fortune x companies.

[nexuist]

How is this corporate speak? If an indie dev said his/her project is going to be open source initially and then newer features would get monetized, would your first thought be that this dev is "breaking into the space under the guise of open source altruism"?

[a1369209993]

If they started out by misleadingly[0] describing it as "$THING is free and open source."? Yes!

Edit: 0: It's (presumably) technically not false now, but the implication is that $THING is honestly intended to be FOSS, immediately followed by admiting that their actual intent is to sabotage that embrace-extend-extinguish-style as soon as it's commercially expedient to do so.

[save_ferris]

> their actual intent is to sabotage that as soon as it’s commercially expedient to do so.

Sabotage??? Wow, that’s quite an accusation for a company that’s, you know, a company. You might have an argument if they kept quiet about plans to monetize the product later, but that allegation is laughable.

If you’re not comfortable with the terms, don’t use the product. They’re being upfront about their plans. This anti-commercial position is hypocritical.

[fallat]

It's understandable the issue brought up, but the history of the company we are talking about (and not just generalize!) must be considered.

Is HashiCorp known to do this?

All I've heard are good things about HashiCorp from people who use HashiCorp products.

Second, it can't be forgotten these are companies. A company exists to create value for itself in some way.

It's the natural behavior of any company.

However in my opinion, "open core" design seems to be very very preferable amongst technologists (myself included). Essentially we are paying for additional features which normally we'd wait years from a sole contributor.

[wmf]

Some people felt burned by Vault where it looked like the free version could be used in production but it couldn't and then the enterprise version is very expensive.

[gen220]

> it looks like the free version can be used in production

I think you might be confusing vault with another product?

We self-host vault in production, and it doesn't cost us a dime.

(other than the engineers we pay internally to operate it, of course)

[atonse]

Err what? Vault can absolutely be used in production for free. If you want the enterprise features, then you pay.

[Diederich]

Why can't the free version of Vault be used in production?

[modderation]

Production-worthiness depends on your needs. The free edition is perfectly good for most people, however there are several features and modules that are only available in the Enterprise Edition. Notably, some of the disaster recovery, scaleout, and multifactor authentication features cost extra.

ref: https://www.hashicorp.com/products/vault/pricing

[wmf]

I think the problem was that auto-unseal wasn't free (it is now, so kudos to HashiCorp for listening).

[eeZah7Ux]

> Is HashiCorp known to do this?

HashiCorp and other companies doing "devops" tools are known for using "open core" and hijacking the spirit of open source in many ways.

[kodah]

Man, this really represents the rift in Open Source and Corporate development right now. It seems like there are developers who contribute to Open Source because they like the mission, the impact, and the values. In contrast, there are others who contribute to open source because their job requires or mandates it. Then there's people who have a mix of both.

All three have wildly different values and historically corporations aren't very good at listening to anyone that isn't waving a check. They use reasoning like "priorities" to close source formerly open source projects, bend project values to reflect their own values, and wedge projects with funding in exchange for representation or control. Corporate controlled and born projects are often used as marketing or for good PR, a cursory browsing of a company's Twitter page will show how they utilize it for this type of end.

I don't really read Mitchell's speak as corporate or double speak, but I do think that referring to HashiCorp (and other) projects as "open source" is a half truth. The line that I draw here is that I don't think Mitchell is lying, rather, I think that open source is now an umbrella term that means very little and really terms like open core, free and open source software, etc are more concise. We owe that outcome to inviting our corporate friends into the fold of open source with not enough restrictions, tracking, and accountability but there's a piece of me that feels this outcome was largely intentional because it's become a means to an end as I described above. These could just be feelings but the situation is common enough that it's relatable.

I'd encourage corporations to be more transparent in their verbiage, their investments, and their representation in these projects so that it doesn't continue to confuse people who participate in and enjoy the "free" side of open source. When I look at an open source project I'd love to know if a majority of the maintainers or funding comes from a corporation. If those things are true, then as someone who highly believes in the ideals of free software I may want to stay far away from people who are susceptible to corporate influence and values. On the other hand, that increased transparency may help clear the air and prevent issues from being perceived as non-transparent or outright misrepresentation.

[eeZah7Ux]

> that referring to HashiCorp (and other) projects as "open source" is a half truth

Spot on. Corporate "open source" is often open only in terms of licensing, but not in terms of values.

Many companies use tricks to prevent successful forks and keep tight control over the development process.

[kodah]

I can tell you both from an inner source and open source standpoint, executives (more than engineers it seems, but that could just be my friends) have an outright fear of forks.

[eeZah7Ux]

so?

[fishnchips]

I think it's not a fair thing to say. HashiCorp's projects are using MPL 2.0, and please correct me if I'm wrong (IANAL!) it would allow you to create an open source fork of say consul, call it OpenConsul and continue development there. That this hasn't happened yet (or if it did, it never gained any traction) is a testament to HashiCorp being a responsible custodian of its projects and their respective communities.

[zymhan]

There are folks who would loathe subscriptions or managed services just as equally, I hope you realize that.