I founded OSS Capital, a new kind of investment platform firm which exclusively invests in, accelerates and starts commercial OSS (COSS) startup companies. We were the lead investor in the DEV seed round back in the fall and have been partnering with the team here to grow as a leading COSS company.
I also founded KubeCon and have been involved in the Kubernetes project since the early days and open source software in a variety of roles.
Ask me anything.
Top comments (44)
Hi Joseph, thanks so much for doing this AMA! Do you have any advice for a developer who's new to open source? I've wondered often how OSS teams manage pull requests, roadmaps, and sourcing contributors, but the furthest I've gone into OSS myself is a single pull request.
Hi Anna! The wonderful team at GitHub (a COSS company) put together this resource: opensource.guide/starting-a-project/
Hope this helps you on your journey into the exciting world of OSS!
IMHO it's ironic that GitHub preaches about the superiority of FLOSS but then ... doesn't make GitHub itself FLOSS. Like wth.
movedtogitlab
I'm curious about your thoughts on a couple failures in commercial open source that come to mind for me:
RethinkDB
rethinkdb.com/blog/rethinkdb-shutd...
Famo.us
deprecated.famous.org/
It is never fun to reflect on the failure cases, but they do exist. I think failure in the case of open source really boils down to adoption: if no one uses the project it is "dead". This does not mean that the code ceases to be executable, hosted, available and even perhaps depended on by some other library or service or system or application.. somewhere.. out there in the ether.
On COSS side, a given COSS company can "fail" by running out of capital, ceasing to find a business model that works, dysfunctional teams, executing in a bad market.. many of the same reasons proprietary / closed core companies fail.
In the more nuanced context, I think COSS companies in failure happen because the lack of developer communities. COSS largely thrives in areas where the developer ecosystem around a given platform/product/layer in the stack is developer friendly/active/vibrant... where it is not, there is a higher likelihood of failure, IMHO. There are many exceptions to this, but in general, I'd say this is largely the case.
Hi Joseph! I know commercial open source ventures tend to center a lot on SaaS and web/devops frameworks, but have you seen anything commercially viable or interesting outside of web-developer-targeted open source software, or any movement towards commercial open source hardware?
YES! Commercial open source hardware is an exciting area.
Here are two companies in the RISC-V ecosystem: en.wikipedia.org/wiki/RISC-V -- that we are thrilled about:
en.wikipedia.org/wiki/SiFive
hex-five.com/
Hi Joseph, thanks for doing this AMA and KubeCon! I'm curious as to what criteria you use to evaluate the feasibility of COSS startup. Are there specific attributes you look for as an indicator for success?
Absolutely. We plan to write specifically about this soon. Much of the data we look at that influences thinking here is: oss.cash/
Stay tuned for a blog / podcast here soon.
Hi Joseph!
Do you work with many companies that are not yet COSS, but intend to open-source their software? I feel like the discussions involved in making a company COSS from the beginning are different from the discussions about transitioning into making their existing products open source.
I'm wondering if you have any thoughts on the differences between the two situations, and if you have any tips on how to more effectively dissolve friction from people who are feeling like they'll lose existing value if the code is made open-source?
I have spoken with a large number of founders who have or are or might be seriously considering evolving into COSS from an existing proprietary company.
The primary considerations/drivers for this are:
In almost all these cases, if you think about the tradeoffs long enough in a given context, open source of a core technology becomes quite compelling.
Hi Joseph,
Thank you for doing this AMA! How do you see the Kubernetes landscape evolving in 2019? Last year seemed to be about Kubes-as-a-Service offering from multiple cloud providers. Do you think eventually the easiest play will be to not roll your own cluster, and use the hosted offerings?
K8s is simultaneously becoming harder to learn, easier to run and more complex. Fun times!
Hosted offerings are maturing, but as are installers, products and many embedded offerings.
I expect more adoption exponentially across the board and K8s continuing to be abstracted away by higher level Operator tooling APIs, control planes, functions called via code itself/compilers and product centric services that totally hide the complexity.
K8s will become the replacement for EC2 style computing, but create far more efficiency and benefits than the cost of its complexity demands.
Hey JJ, thanks for taking the time to join us. My question—
How do you explain how/why "open source software eats everything" to someone who is not very tech savvy?
I spent plenty of time over the holidays talking with friends/family about DEV being open-source, so I'd love to hear your approach and major talking points when talking about the opportunity of COSS.
Hi Joseph, thanks for doing the AMA. I'm curious what makes a potential COSS a good investment for your company? I can think of stuff like solid tech, community involvement/popularity perhaps, but I'm sure the list is longer than that 😉
What do you think about the new Firecracker tech announced at re:Invent? github.com/firecracker-microvm/fir...
Hey Joseph, I'm curious about your thoughts on the relationship of security and OSS. On the one hand, the "many eyes" philosophy suggests that OSS is a boon to security, while incidents like the Equifax breach suggest we are still faced with problems in this space. I'm personally hopeful for more sophisticated vulnerability scanning technology as a solution, but I'm curious what you think.
I believe the Open Source paradigm holds the potential to unearthing some of the best kinds of potential solutions to the worlds security problems.. on many levels. Network security: en.wikipedia.org/wiki/Snort_(softw... .. Data security. Hardware security: en.wikipedia.org/wiki/RISC-V ... Password security. Vulz/app-level security and more.
Trust is a fundamental element of security. The worlds largest "on-demand hack me network" for companies (HackerOne) reverse engineers many elements of Open Source in terms of disaggregating a unit of work across anyone on earth in service of connecting the best hackers with the top companies who want to be hacked.. to identify the best vulnerability solutions. Incentivizing them with bounties. HackerOne is doing extremely well. I think a purely commercial open source version of HackerOne (where the core infra/runtime was an open source project) could be very successful. Interestingly, the CEO of HackerOne is a friend and an incredible Open Source veteran: en.wikipedia.org/wiki/M%C3%A5rten_...