Posted on

Navigating the Cloud Conundrum: Open Source and Community vs. Enterprise Solutions

Businesses find themselves at a pivotal crossroads when deciding on cloud computing options. Open-source and community-driven solutions offer one avenue, while enterprise solutions present another. With a myriad of considerations at play, it's easy to feel overwhelmed. This guide seeks to illuminate the path, providing clear distinctions to help you tailor your cloud infrastructure decision-making process.

License Types and Considerations

We begin by untangling the intricacies of licensing:
  • Open Source Licenses: Examples include the GNU General Public License (GPL), MIT, or Apache License. They don't just permit usage; they often encourage community contributions. These licenses promote transparency and foster innovation, setting the stage for a global community of users and developers to collaborate.
  • Proprietary Licenses: Here, users are essentially leasing software. They're granted permission to use, but there's no peeking behind the curtain, and redistribution is typically off the table. These licenses offer organizations a sense of exclusivity and often come with robust support.

Questions To Reflect Upon

  • Do you value the collaborative ethos and transparency of open source? Or do you seek the exclusivity and robust support accompanying proprietary licenses?
  • How adept is your team at understanding and managing licensing intricacies?

Development Considerations

Let's explore the evolutionary journey of these solutions.

Open Source Software Development

Pros

  1. Collaborative evolution: Platforms like Kubernetes demonstrate that when minds from around the world converge, there's unparalleled innovation. This collective spirit can lead to features and solutions that are driven by real-world use cases.
  2. Rapid issue mitigation: Community-backed solutions mean many eyes are on the code. When platforms like Linux face issues, a global community rallies to patch them, often faster than conventional support channels.
  3. Flexibility: With platforms like OpenStack, you're not boxed into a specific operational paradigm. Instead, you can mold the software, ensuring it aligns perfectly with your unique operational requirements.

Cons

  1. Variable quality: While there are flagship open-source projects known for impeccable quality, there's also a sea of projects with varying quality standards. Due diligence becomes paramount.
  2. Maintenance overheads: While customization offers power, it also brings responsibility. Customized solutions might necessitate dedicated teams for maintenance, adding to operational overheads.

Proprietary Software Development

Pros

  1. Structured progression: Solutions like AWS offer a sense of predictability. With clear development roadmaps, businesses can plan for the future with confidence, anticipating new features and improvements.
  2. Industry-aligned offerings: Platforms such as Azure don't just offer tools; they offer solutions crafted for specific industry needs, ensuring tighter alignment with business goals.

Cons

  1. Reduced responsiveness: Being large entities, these platforms sometimes lack the agility of their open-source counterparts, potentially leading to slower adaptability.
  2. Feedback limitations: Without a sprawling community, there's a risk of becoming insular. Some user needs or innovative ideas might slip through the cracks.

Questions To Reflect Upon

  • Do you yearn for the organic, flexible evolution of open-source? Or is the structured, industry-aligned progression of proprietary platforms more your speed?
  • How important is quick responsiveness and community feedback to your business's cloud infrastructure endeavors?

Costs, Support, and Integration

Dissecting the financial and operational nuances.

Open Source and Community Solutions

  1. Cost efficiency: Beyond the apparent cost savings, open-source solutions often allow businesses to allocate resources more flexibly. As costs aren't tied to rigid licensing structures, there's room to invest in areas like training or customization.
  2. Driven by community: Solutions like Kubernetes are more than just tools; they're ecosystems. Their evolution is steered by user needs, industry trends, and a collective drive to push boundaries.
  3. Potential integration hurdles: While open-source offers flexibility, it sometimes lacks the seamless integration seen in proprietary ecosystems. Bridging the gap might require added expertise and resources.

Paid or Enterprise Solutions

  1. Consistent reliability: Companies like AWS and Azure are behemoths for a reason. They offer SLA-backed performance, meaning businesses can expect a certain level of uptime and reliability, integral for mission-critical applications.
  2. Seamless ecosystems: Platforms like Google Cloud Platform go beyond standalone services. They offer a tapestry of interconnected tools, ensuring that different aspects of a business's operations harmoniously coexist.
  3. Navigating abundance: While a vast array of features is a boon, it also presents a challenge. Businesses must sift through the plethora, ensuring they harness tools that align with their goals without getting overwhelmed.

Questions To Reflect Upon

  • In terms of costs, are you looking for upfront savings or long-term, predictable investment structures?
  • Do you value community-driven innovation, or is the cohesive, interconnected ecosystem of proprietary solutions more appealing?

Conclusion

Navigating the cloud landscape requires a blend of introspection and forward-thinking. Consider hybrid solutions — perhaps AWS for core operations paired with Kubernetes for container orchestration? Such combinations might offer a harmonious blend of both worlds. Whether drawn to the community-driven dynamism of open source or the structured dependability of enterprise solutions, your choice should echo both current needs and future aspirations.

Posted on

The Role of Open Source in Cloud Security: A Case Study With Terrascan by Tenable

From Kubernetes to Argo to Docker to Terraform, the most influential cloud-native innovations are open source. The high velocity and mass adoption of projects like Kubernetes show that in order to keep pace with innovation, the cloud-native community must come together, share best practices, foster collaboration, and contribute to next-generation technologies. 

Open-Source and Cloud-Native

The Cloud Native Computing Foundation (CNCF),  the largest open-source community in the world and the host of international events like KubeCon + CloudNativeCon and CloudNativeSecurityCon, rallies around the idea that open source and democratizing innovation are the best ways to make cloud-native technologies widely available. As a subset of the Linux Foundation, the CNCF brings together thousands of developers and cloud architects around the world to create and maintain hundreds of cloud-native open-source projects.

Posted on

CloudNativeSecurityCon 2023: A Unique Community Event Focused On the Future of Open Source and Cloud Native Security

The 2023 conference season officially kicked off on February 1st in Seattle. Over 1000 attendees, speakers, and security tool vendors gathered in Seattle for CloudNativeSecurityCon, the first stand-alone, in-person event of its kind. Over the course of 2 days and over 70 presentations, the cloud-native security community shared their knowledge about the state of open-source security. Along the way, we had some great times and conversations about SBOMs, SLSA, SCA, and the many security challenges we all face.

With so much packed into the two days of the event, it would be impossible to cover it all, so here are just a few highlights.

Posted on

Meet Penpot, An Open-Source Design Platform Made For Designers And Developers Alike

This article is a sponsored by Penpot

The world of developer tools lives and breathes open-source. Open, free programming languages, frameworks, or even code editors everyone can contribute to — lay at the heart of the premise of the free, open web. Yet, with the design tools, it’s always been a much different story. For our design processes, most are sticking to a palette of paid, commercial tools — the majority of them were either created or later acquired by big tech companies. Fortunately, also in this space, we’re starting to see some alternatives.

One such alternative is Penpot, an open-source design app that recently started to boom in popularity. With over 250k signups and 20k GitHub stars, Penpot has already made a name for itself, and it’s growing as a viable alternative to other design tools out there.

However, being open-source is not the only thing that makes Penpot unique. It also has a few killer features up its sleeve that make it a really great match for a good collaboration between designers and developers. Curious to learn more? Let’s take a closer look together.

A Design Tool Done Right

If you’ve ever done a fair share of designing and coding, I bet you also had your moments of confusion and frustration. One thing I never managed to understand: Why are the apps used primarily for designing user interfaces that are later built with web technologies often so bad at matching the standards of these exact technologies?

For example, they offer fancy layout tools that follow a completely different logic than how layouts are built on the web. Or they offer drawing tools that work differently than graphics on the web, so once you export your work, you get weird, unexpected results. Why?

The answer is actually quite simple. For most of the design tools, hand-off and developer-focused features were an afterthought. Based on different patterns and standards, they often prove to be confusing and frustrating for developers.

This is where Penpot is different. Created by a team of designers and developers working very closely together, great design-development collaboration was their priority from the start.

Same as other web apps, Penpot can be run on any operating system or web browser. But to make access to it truly open and democratic, it is also based on Open Web Standards. For example, Penpot’s design files are saved in SVG format — the same standard as the most popular image format for vector graphics on the web.

What it means in practice is not only better compatibility with web technologies but a natural parity between designs and code. With Penpot, you don’t have to export to SVG, your graphics are SVG, by definition.

Same works with translating styles from designs into code. Penpot doesn’t have to generate any CSS values. It can just read and cater CSS values directly from designs.

A great example of that in practice is Flex Layout, i.e. Penpot’s layouting feature that not only works exactly like CSS Flexbox. It simply is CSS Flexbox. We’ll give it a shot together in the later part of the article!

Open Source And Why Should You Care

Before we take a deeper dive into the tool itself, let’s talk about Open Source for a bit. But why is it so important, and what does it mean for you?

It Means It’s Free

In the programming world, Open Source usually means that the source code of the tool, app, or framework is available for anyone to view, modify, and distribute. But why would that be important for you and your choice of a design tool?

First and foremost, the code of the app´ is 100% free and available for commercial use. Every part and feature of the app that is free today will remain as such. Personally, out of all the design tools I have ever tried, I’ve never seen an equally featured and solidly built design app that is completely free, even for a big team. In this field, Penpot is far ahead of any competition.

It Means Better Security And Control

But open source is so much more. It also means greater transparency, control, and security. Anyone can audit the app’s code for potential security vulnerabilities or add new features to the tool that meet specific needs. Additionally, open source means that code cannot be controlled by a single entity or corporation, and users are not locked into a particular vendor’s ecosystem.

That all is true also for Penpot. It might not sound particularly significant or sexy at first glance, but if your company would ever have to worry about maintaining full control over its toolkit’s security standards or if you’d like to avoid vendor lock-in, choosing an app that is Open Source might be a big deal.

It Means Endless Customizability

Have you ever used plugins in a design tool? If so, you’d probably be pleased to hear that customizability is what Penpot brings to a whole new level. Open source means that users can modify the tool’s source code to meet any specific needs, customizing it as necessary.

You not only can extend the functionality of the app. You can literally edit it in any way you like to match your team’s processes and specific needs.

It Means You Can Run It Yourself

Penpot being open source, also means the ability to host your own instance of the tool. This means that you can run Penpot on your servers, having full control over your data and the application itself.

It Means A Peace Of Mind For The Future Of The Tool

Finally, open source provides peace of mind for the future of Penpot. With the tool being open source, users will always have control over the tool they work with, no matter what the future holds. Regardless of what happens next, you’ll always be able to use Penpot on your own terms. This means that people can invest in Penpot with confidence, knowing that they will always have access to the tool and their work (rather than being at the mercy of potential business shifts, acquisitions, pricing changes etc.)

I hope that by now, you’re left with no doubt about how many advantages it brings to work with Open Source tools. Now, let’s take a look at Penpot itself.

Where Penpot Shines...

If you recently worked with any of the most popular design tools in Penpot, you’ll feel right at home. Its interface should be familiar and predictable, and also offer all the basic features you could be looking for.

The user interface is unobtrusive, the perceived performance is good, and everything works as expected. But it’s the handoff-related features where Penpot really shines.

I already mentioned Flex Layout, Penpot’s own layouting feature. If you have ever used the Flexbox model in CSS, it might look oddly familiar. In fact, it’s exactly that: CSS flexbox inside a design app.

And that means not only better parity with code than other design apps (at least as long as you’re planning to use CSS flexbox in your code) but also a better scope of possibilities inside the design tool itself (e.g. you can wrap items of the automatic layout into multiple rows).

More powerful layouts also mean much better possibilities when it comes to designing truly responsive designs. With what Penpot can do, there’s a high chance that, in many cases, you won’t have to create separate designs for different breakpoints ever again.

(Large preview)

All of that wouldn’t be as good if not for the great Inspect tab. Penpot gives you all the CSS you might need at hand, as well as the source SVG code of any component you select.

Pretty neat!

...And Where It Doesn’t (Yet)

Regardless of all the praise, Penpot is not perfect either. Being a relatively young tool makes it a challenging task to compete against the giants dominating the design tools scene.

If you compare it closely to other popular design apps, you’ll definitely find a few features missing, as well as some of them not as complex as elsewhere. For example, Penpot’s components toolkit and prototyping features are still relatively simple and limited.

That being said, Penpot’s roadmap is very actively being worked on. You can check what the team is onto right now on their website.

What’s also important to keep in mind is that Penpot’s development potential as an Open Source tool couldn’t be underestimated. The tool’s community of contributors is already pretty strong, and I believe it will only keep growing. That’s a competitive advantage closed source tools will never be able to meet.

Seeing what Penpot can do today, I personally can’t wait to see what’s next.

For example, looking at Penpot’s implementation of Flex Layout, think how cool it would be to have a similar tool for CSS Grid. Who’s in a better place to build it than Penpot? Spoiler alert: if you look at their public roadmap closely enough, you’ll find out they’re already working on it.

Final Thoughts

Even though Penpot is a relatively new tool, it stands as a solid choice for a design platform. It does a great job of narrowing the gap between designers and developers.

I believe it’s an open-source approach and a welcomed change that should only benefit our industry, as hopefully, others will follow.

If you’d like to give Penpot a try, it’s now out of beta and available for you and your team — completely for free

Resources

Posted on

What Is the Cyber Resilience Act and Why It’s Important for Open Source

The Cyber Resilience Act (CRA) is an interesting and important proposal for a European law that aims to drive the safety and integrity of software of all kinds by extending the “CE” self-attestation mark to software. And it may harm Open Source. The proposal includes a requirement for self-certification by suppliers of software to attest conformity with the requirements of the CRA, including security, privacy, and the absence of Critical Vulnerability Events (CVEs).

The Open Source Initiative has submitted the following information to the European Commission’s request for input on its proposed Cyber Resilience Act text.

Posted on

InnerSource: Efficiency and Quality of Open Source in the Corporate World

Software development has always been a process with many challenges. As an organization grows, it is essential to work collaboratively to have more efficiency, productivity, reuse, and fewer bugs and, as a result, accelerate the innovation process. In today's post, we'll talk about how to achieve these results with InnerSource.

What is InnerSource? In simple words, InnerSource is a growing trend in high-performing software development teams that adopt some principles and practices of open-source teams within an organization.

Posted on

Collective #730

Penpot

Penpot is the first Open Source design and prototyping platform meant for cross-domain teams.

Check it out

What’s New With Forms in 2022?

Browsers are constantly adding new HTML, JavaScript and CSS features. Here are some useful additions to working with forms that you might have missed./p>
Read it

Token CSS

Token CSS is a new tool that seamlessly integrates Design Tokens into your development workflow.

Check it out

MVP.css

MVP.css has no classes, no framework. A minimalist stylesheet for HTML elements.

Check it out

Coroot

A monitoring and troubleshooting tool for microservice architectures.

Check it out

Posted on

The Benefits of Open Source and the Risks of Open Core [Recording]

The open source movement has taken center stage in software development, and its influence echoes through other areas of life, such as open culture and open data. Many software companies hope to cement both their revenue sources and their status in open source communities by offering a mixture of open source (also called “free”) and closed (proprietary) software. The combination is generally called open core which brings with it often hidden and misunderstood risks.

Despite the widespread adoption of open core software, we believe it tends to have negative long-term impacts on vendors and customers alike. After watching the webinar, we invite you to draw your own conclusions. We'll discuss:

Posted on

Open Source, Closed Sauce

I have been an open source and free software advocate most of my life. I don't care too much about the philosophical differences between free software and open source software. For me it's a matter of code quality. In such a regard, I agree with Linus.

It's the only way I know about that allows me to create great software

Posted on

Low-Code and Open Source as a Strategy

Unless you’ve been living under a rock for the last year, you must have heard about this brand new shiny thing called “No-Code” and “Low-Code”. According to Gartner, 50% of all software projects will be delivered before the end of 2021 using Low-Code and No-Code constructs. Even if Gartner’s numbers are inflated, automation processes for generating code automagically have gained traction lately, and it has gained traction very, very, very fast. So obviously we’re way beyond the “hype factor” in regards to these technologies. Hence, in this article, I will try to break down the advantages, and illustrate with an example use case, so you can see the advantage for yourself. But first I need to define Low-Code and No-Code.

The difference between Low-Code and No-Code

Although obviously related, Low-Code and No-Code are actually two completely different concepts. No-Code is the idea of “citizen development”, where people without software development skills can create software. This is typically achieved through drag and drop interfaces, similar to how DreamWeaver worked a couple of decades ago. On the other hand, Low-Code is typically a software system that generates code automagically for you, by for instance reading metadata from your RDBMS, or Swagger, etc.

Posted on

Getting Started With WebdriverIO Typescript Jasmine

What is WebdriverIO?

WebdriverIO is a progressive automation framework built to automate modern web and mobile applications. It simplifies the interaction with your app and provides a set of plugins that help you create a scalable, robust, and flakiness test suite. WebdriverIO is built on top of Selenium NodeJS bindings.

Webdriver IO is Open Source Framework managed by OpenJS foundation and follows W3 framework architectural standards

Posted on

So You Want an SRE Tool. Do You Build, Buy, or Open Source?

As your organization’s reliability needs grow, you may consider investing in SRE tools. Tooling can make many processes more efficient, consistent, and repeatable. When you decide to invest in tooling, one of the major decisions is how you’ll source your tools. Will you buy an out-of-the-box tool, build one in-house, or work with an open source project?

This is a big decision. Switching methods halfway through adoption is costly and can cause thrash. You’ll want to determine which method is the best fit before taking action. Each choice requires a different type of investment and offers different benefits. We’ll help you decide which solution is your best fit by breaking down the pros and cons. In this blog post, we’ll cover:

Posted on

An Examination of Open Source

Often, particularly in the maker community, the term open source gets thrown around. There's open-source hardware and open-source software. Many Linux operating systems (OSes) for instance are open-source. But there's also free and open-source. Learn all about what open-source is, the difference between free and open, why you should contribute to open-source communities and projects, plus more!

What Is Open Source?


Posted on

Magic Cloud is now 100% Open Source

A year ago I created a personal Microsoft Azure account, and I installed one of my Magic apps on it. The cost for a small MySQL database server, a static webapp, and a small backend website ended up draining my bank account for roughly €200 per month (ugh!) - A year later I did the same exercise, except I created a VPS on DigitalOcean, and I more or less got the same for €10 per month. Don't get me wrong, Azure is kick ass cool, and contains tons of features your local VPS provider doesn't provide you with. However, with Magic I no longer saw the need for those extra features, simply because Magic has alternatives for all the most frequently missed items that Azure provides, and hence a VPS basically "becomes" a cloud and more, as I install Magic on it.

  • Diagnostics or application insights - Check!
  • Browsing and editing my server's file system - Check
  • Audit logging and easily querying my log - Check
  • User administration - Check
  • Etc, etc, etc ...

This of course, is before all the things that Magic does which I cannot even imagine Azure ever being able to do - Such as the ability to automatically create secured HTTP REST CRUD endpoints wrapping my database, and scaffold an entire Angular frontend around my backend, producing some 50,000 lines of code in some 3-4 seconds. Or the ability to dynamically "install" modules on my server on the fly, securely, almost like dragging and dropping them into my server's file system. And all of this is now 100% Open Source and free of charge to use. In fact, you cannot even buy a license even if you tried. And my license choices also allows for anyone to create closed source applications using Magic (duh!)

Posted on

Porting your legacy crapware to .Net Core and Angular in 1 second

Over the years, I have seen so many legacy systems, built on ancient technology, that I could probably demand a PhD in legacy crapware. I once worked for a FinTech company that was using Open Source components that had officially been abandoned by its developer more than a decade ago. Working with jQuery, Durandal and .Net Framework instead of .Net Core today, simply doesn't cut it. In addition, the results of working with such projects, is that you as a developer slowly withers away, and become obsolete over time. Hence, you should do everything you can, to argue in favour of upgrading these legacy systems, to a modern platform, such as Angular and .Net Core.

From your management's perspective though, this process is only costs. They know they had 20+ developers, working for 20+ years, to maintain their garbage - And hence, therefor they believe it'll take 20+ developers for 20+ years to replace it. In such a regard, your management is still living in the stone age, believing in stone age tools, and stone age processes - While the rest of the world silently gained cold fusion capacity, without them even noticing. There are simply no arguments today that dictates that it requires the same amount of resources to replace their legacy projects, as it took to create it in the first place. In fact, often replacing such systems can be done surprisingly much faster than they think, and a lot of their existing structure can also be transferred into the new codebase.

Posted on

Cloud-Native Benchmarking With Kubestone

Intro

Organizations are increasingly looking to containers and distributed applications to provide the agility and scalability needed to satisfy their clients. While doing so, modern enterprises also need the ability to benchmark their application and be aware of certain metrics in relation to their infrastructure.

In this post, I am introducing you to a cloud-native bench-marking tool known as Kubestone. This tool is meant to assist your development teams with getting performance metrics from your Kubernetes clusters.

How Does Kubestone Work?

At it's core, Kubestone is implemented as a Kubernetes Operator in Go language with the help of Kubebuilder. You can find more info on the Operator Framework via this blog post.
Kubestone leverages Open Source benchmarks to measure Core Kubernetes and Application performance. As benchmarks are executed in Kubernetes, they must be containerized to work on the cluster. A certified set of benchmark containers is provided via xridge's DockerHub space. Here is a list of currently supported benchmarks:

Posted on

Can the Block Directory and Business Interests Coexist?

WordPress.org is not an official marketplace for plugins and themes. Except for some plugins that are strictly SaaS products, all extensions to the platform are publicly available for the low cost of $0.

Despite not directly selling through WordPress.org, the plugin directory is a huge source of income for many individual developers and companies via product and service upsells. Plugins are big business. Besides a bounty of third-party marketplaces and individual shops, commercial interests often flow directly in and out of the official WordPress site. For many developers, it essentially serves as a marketplace.

In December, we dove into an early proposal of the WordPress block directory. The new directory should land within the WordPress software itself in version 5.5 and will house a new type of plugin. The idea behind the block directory is that it will allow plugin developers to create and share one-off blocks that users can install on their websites.

This is the future of WordPress.

Love it or hate it, there will come a time when end-users are primarily looking to install individual blocks to solve their problems. This is not to say that other types of plugins won’t exist or have their place. They will continue to be a major part of the platform. However, blocks will be a big deal once users can install them at the click of a button via the WordPress admin.

The question is whether blocks can also be big business.

Tavern reader Matt Gowdy believes the guidelines for the block directory could be an issue. “There’s a lot to like here,” he said. “Though I’m still troubled by the directory submission rules that are fairly stringently not allowing for any sort of promotional link or defined up-sell of any kind so as not to ‘disrupt the flow.'”

Currently, the block directory guidelines make it clear that advertising of any kind is disallowed:

Block Plugins are blocks. They must not include advertisements, prompts, or promotional messages.

On the one hand, it makes sense, particularly for something that is not yet built and will eventually serve as a version 1.0. If every block a user installs begins advertising, it could be a recipe for disaster without some type of standard.

On the other hand, would the idea of not having an upselling route turn WordPress businesses away? While many developers would be willing to submit blocks, is this sustainable? Many of the most popular plugins are backed by businesses. The more popular any particular piece of software becomes, the more likely it is that the software will need funding to cover maintenance, feature updates, and support.

“More often than not these days, people don’t have as much free time to invest in coding just for the fun of it,” said Gowdy. “I speak mainly of myself, but I have the notion that while WordPress is still grounded pretty firmly in Open Source (not a bad thing), it’s been the open markets that have allowed it to grow as much as it has. I don’t think it’s wrong to allow people the opportunity (within reason) to make something back off their hard work should they choose. Donations are non-viable in my experience as the vast majority of humanity are way cheaper than they would like to admit.”

Currently, the upcoming directory has a limited number of blocks available. The WordPress Meta and Plugin teams should expect more. However, it is unclear whether the guideline will slow its growth.

“Without any sort of up-sell channel (rule-defined or element defined in blocks), we aren’t going to see the plethora that we are hoping for, nor in some cases the quality that could be brought in by people working professionally on a block plugin,” said Gowdy. “The time to define these up-sell and link options is right now.”

Gowdy is not alone in his concerns. Several others expressed similar opinions in the comments on the block directory announcement post.

“Where WordPress started and where it is now are two separate points in time,” said Gowdy. “I hope the Open Source community and the marketplaces can find a way to co-exist here in order to really rev up the platform for the future.”

This post is part of a new From the Comments series where we highlight interesting points of discussion from comments on WP Tavern articles. The hope is to give these comments, which can sometimes get lost, the attention they deserve.

Posted on

Collective #532

C532_blurry

Blurry

A great project that simulates depth of field with particles on a shader. Also, check out this demo of a blurry cat.

Check it out

C532_dash

BaseDash

BaseDash lets you manage and visualize your databases with a collaborative, cloud-based tool.

Check it out

Collective #532 was written by Pedro Botelho and published on Codrops.