The race to replace Redis

Well, except for the fact that "redis" the organization didn't create redis and isn't even the main developer of redis. The origin of Redis the company is literally as a hosting provider for the open source redis that they didn't create.

AWS was directly funding Redis development, from the article, they are one of the top contributors, they even employed one of the core redis maintainers full time to work on Redis.

without paying any sort of compensation to the redis developers.

Redis organization doesn't pay any sort of compensation to developers who contribute to redis source code. I do not see any difference here.

This is more about preventing AWS from eating their lunch by providing redis-as-a-service, without paying any sort of compensation to the redis developers.

But the developers licensed the software at no charge. What kind of compensation are they entitled to then?

Sounds like a case of sellers remorse/take-backsies one of the problems that open source was aiming to solve.

that redis will remain free to use in their “community edition”,

I mean, they've already changed licensing for parts of the project twice in 6 years. I have zero faith that they won't pull a Vader and change the terms of the agreement again.

continue to be supported and maintained (and improved!)

I'd guess that > 99% of any "improvements" Redis the company make, will affect < 1% of users.

As has been pointed out numerous times, it's essentially "done" in terms of functionality - but as a VC funded company they have to constantly do "something", so they'll keep adding niche upon niche features, giving the resume padders at other VC companies something sparkly and new to spend their budgets on.

Meanwhile 99% of people just need a fast key/value store, and maybe half of those need it to be distributed/replicated, and maybe a third need it to run some kind of scripting (Lua) to do "in-db" operations atomically.

With the addition of native TLS several years ago redis is, for 99% of users "functionally complete".

Sure, new TLS versions will come along and need support, kernel or library features they use will adapt or have improvements, etc, but I think you're vastly over estimating the amount of "improvements" to expect that will impact the vast, vast majority of users.

preventing AWS from eating their lunch by providing redis-as-a-service, without paying any sort of compensation to the redis developers

Look I hate AWS more than most people would find reasonable, and even I'll admit they're not the "bad guys" in this scenario.

The project was released as BSD licensed, so AWS could if they wanted, fork it, and offer a service based on that, and make any fixes/improvements just in their service offering.

They didn't. They had paid staff contributing back to the redis project, for a number of years. This was literally the goldilocks project of the OSS world:

Numerous massive tech companies who all have the financial ability to simply run their own fork, and the legal right to do so (due to BSD-3), willingly contributing to the maintenance of the project.

As I've said before, the story of what's happened to Redis (and HashiCorp stuff) is likely to become a warning to the tech community in general: if an OSS project you rely on transfers control from it's founder(s) to a company, you probably need to consider continuing with a fork from the last open version, because apparently "(try to) monetise popular open source" is the newest way to win the douchebag villain award given to MBAs at VC funded companies.

Whether it's gratis or not isn't the issue. Some people used Redis not only because it's free of cost, but also because it's open source. It's not anymore.

without paying any sort of compensation to the redis developers.

AWS employee Madelyn Olson was a committer on Redis since 2019. Since 2020, she was on the core team of maintainers.

I continue to have mixed feelings about this kind of thing.

A (very) long time ago the Apache developers could have gone down this route.

You can only run Apache under very specific circumstances!

Or memcached:

You are only allowed to run a memcached server if you're only caching your own website!

We see how nonsensical this is

The problem with this is, it's virtually impossible to compete against the FOSS trunk that your now-closed-source software branched off of, or FOSS clones of it. Low-end proprietary UNIXes got wiped out by GNU/Linux and the BSDs, for example.

Amazon, Google, MS, and all the rest easily have the talent and resources to create a Redis replacement with code that already exists. They'll do so because it is to their advantage to not charge for the license fees Redis now wants.

Yeah. As usual whenever something like this happens, there’s an endless supply of blatantly misleading FUD by open source license purists. Let’s not pretend that Redis has become unusable by….all but a few organisations selling hosted Redis solutions. The people who are “rushing” to replace Redis are probably doing so in a way that isn’t on their boss’s radar, and it’ll stay that way because their bosses would probably tell them to go do more important things.

Would be nice if Redis wasnt eating Lua's lunch and would make a big (public) donation to https://www.lua.org/donations.html#donation (Maybe they do, but it wasn't something i could find evidence of)

Isn't this the same with Elastic? Or that was a different situation?

The best idea I've come up with is a license which only grants the rights to a natural person to use the software otherwise it is identical to the MIT, GPL or AGPL, whatever your cup of tea is.

If you're a corporation then you need to buy a license.

that you can slap on a project without a legal team

The thing is, this kind of license is only really relevant to the kinds of projects that do have legal teams.

If you're writing a hobby project you probably shouldn't waste time worrying about feeding the AWS machine, because the odds that you'll get noticed and used are tiny. Just pick GPL or MIT and be done with it.

If you're participating in a large decentralized project like Postgres, then having a big player like Amazon providing managed hosting is actually a huge plus because you get lots of contributions from the big players [0]. There's very little downside for a project like this, and lots of upside.

The only type of FOSS project that needs an "AWS can't use this" license is a project that is driven by a single for-profit company which decided to make their business model "provide a managed solution layered on top of AWS". Unsurprisingly, it's hard to compete with AWS on price when you're using AWS itself as your vendor, so these companies tend to be the ones that switch licenses to tell AWS they're not allowed to compete.

These companies almost certainly have their own legal counsel and they represent a tiny minority of FOSS projects, so it's not obvious to me that we need a new standardized anti-AWS license. Maybe we should instead acknowledge that "managed-hosting-supported FOSS database" is an impossible business model and try something different next time.

[0] https://www.postgresql.org/community/contributors/

Define "fix". By definition you cannot have an open source licence which says "cannot be used for bezos yacht". Either you accept that, and don't rely on exclusivity for income (which really what the whole relicensing thing is about), or you don't open source your code (and accept that not being open source is a problem for some people). Open source + exclusivity for income is an unstable state, and really only works if no-one else competes with you (e.g. a specific niche), or you have some other means to enforce it (e.g. Red Hat limiting access to source to its customers, and not renewing contracts if they share the code).

I think you'll find that the vast vast majority of us don't care about the whole "cannot be used for bezos yacht" problem when we contribute to free software.

I contribute with no expectation of monitory gain and absolutely zero desire for some random foundation or company that's part or almost always created later to make any money. If some contributors want to make money become consultants the "amazon problem" isn't a real one.

I love when Amazon or Google or whoever starts working with a project I'm touching it means it will normally get high quality contributions.

re-selling your product” and not much more

That's not what AWS is doing. AWS is selling management services. The fact that managed DBs are as popular as they are says this is a significant value add.

A bunch of people are working on this from different angles. It's in a chaotic phase right now but it will probably consolidate later.

I'm much more sympathetic to a company that starts out with this kind of license than one who changes the license after accepting contributions under a more permissive license, which is basically a bait and switch on those developers. It's even worse when the company previously promised not to do such a thing, as is the case with redis. And this is especially bad because the company that is now called Redis didn't even create the database, they took over an existing project.

So you're suggesting the game engine model, you're free to use this software for whatever until you make $x from it?

Unity was like that before they screwed it up, I have heard of other systems as well but not sure since it's not my cup of tea.

The reason these licenses "can't" be fixed is because the OSI approves open source licenses and Amazon is their second biggest corporate sponsor.

If they approved SSPL they'd probably have to lay off a staff member or two.

The problem is that in the minds of FOSS people, you might as well try to argue that you want more proprietary software.

The "major platform hijacks our code for the web" is a valid concern, but the FOSS people have always kinda gone "well fuck you for having these concerns". That's... I guess fine enough when the majority of FOSS wasn't part of a SaaS stack, but now that the majority of big name libraries and tools are, it's becoming clearer and clearer that the OSD is just too lacking for those concerns.

To be clear, this isn't a defense of SSPL or similar anti-Bezos licenses (the best one I've seen is the BSL, which transforms into a traditional OSS license after X years if you want my opinion), moreso an observation that there's a clear need here that can't be met by OSD. Paying developers on top of the FOSS model is hard; doing support favors entrenched suppliers because of the CYA problem (this is why AWS has the advantage they do) and I'm pretty sure that even if you do the support model, it usually just doesn't pan out.

The main reason 90% of these licenses suck is far moreso because lawyers will draft contracts and licenses in such a way for you that they'll always give you the advantage. The SSPL being borderline impossible to comply with is by design for example.

I believe this is the goal of https://faircode.io ?

Source available is good, better than proprietary

“Source available” is a subcategory of proprietary, not “better than proprietary”.

But my edgy take is that most people don’t really care about deep ideology

I think most people that orefer open source to proprietary software either care about the business benefits open-source provides over proprietary (including source-available) software or have an ideological affinity for Free Software, occasionally both.

There's many things that I don't like about how open source works, but non-discriminatory licensing is not one of them.

In fact, the concept of the four freedoms as necessary parts of a more fundamental freedom is one of the things that I value the most about the free software/open source world.

In hindsight, I think that the probability that things turned out the way they did in this regard was relatively low, but the ideological drive of GNU and RMS made the world see the problem from a philosophical perspective rather than a practical one (even among people that don't fully agree with RMS/GNU/FSF).

Yeah, it is incredible how the whole free software movement turned into a bunch of entitled folks that want to be paid for their work, while refusing to put down any penny for the folks that make their tooling possible in first place.

At the same time big corps use it as carte blanche to basically pirate software in a legal way, while following the letter of the licence.

Going back to the open core/demo versions (aka Shareware/Public Domain/Trials) is the only sustainable way to make a living.

In this case the community is the biggest contributor to Redis. The ones that "take, take, take" is Redis the company. Your comment seems way out of place in this light.

If you only take, obviously there is no reason to complain. Now the problem is rather when contributors (those who "give", not those who "take") have to sign a CLA. Then the company who gets their copyright takes their work for free, to later use it in a non open-source project (assuming they changed the license, like Redis did).

I think it is valid to find this immoral. The solution is pretty simple though: do not contribute to open source projects that require you to sign a CLA.

Author of the article here. There may be some scenarios where there's a company just tossing code over the wall under a FOSS license and people complain when it stops. This scenario is not that.

The company now known as Redis did not invent Redis, it started as a company trying to make money hosting other peoples' work. After it finally hired the creator of Redis, it specifically promised not to do what it has just done (move away from three-clause BSD as the license for Redis core) at least twice.

In the development cycle from 7.0.0 until a few days ago, Redis isn't even the majority contributor to the codebase. The largest single contributor is from Tencent. (All of this is in the article.)

If Redis had been doing all the development, had not promised it wouldn't move away from the license, then I might agree that people have little to complain about.

But this situation isn't as you've suggested here where a community is all about "take, take, take" from a company that's been doing all the work. The company was founded on the idea of trying to do what it now complains about Amazon doing, and their claims that cloud companies do not contribute is clearly false -- just look at the code contributions.

That's a dumb take. That completely ignores opportunity cost of such actions. You can't just spin up a fork like that; there's barriers to entry, network effects, etc which prevent that from being a simple solution.

Yep, that's exactly it. Of course it makes sense: making requires several orders of magnitude more effort than using. But if a project changes/goes down, the community often just moves elsewhere, nothing major lost from their perspective.

And I think Open Source is based on the very few who decide to take it upon themselves to be the ones spearheading a specific project/task and share it with everyone else. Maybe it's not every single time me, sometimes it's you, sometimes it's Lucy or Mark, and that's how the roll keeps rolling for everyone.

So if a project goes down and nobody comes up to replace it, either it wasn't worth much or this is the time nobody took it upon themselves to do it (yet).

That doesn't seem like a very reasonable takeaway from an article which describes almost too many people announcing that they will take the last open-source version and keep developing it themselves for everyone else to use.

It's not "the community". It's "well funded startups".

People who use open source are very entitled. They'd be very angry also if the license was changed to GPL or AGPL.

I doubt most of this people have meaningful contributions to FOSS.

Maybe we instead need a model where FOSS is not about profits for anybody, and is just a passion of love, from a large community of amateurs doing it for the technology and fun.

Projects could still be funded by community users, but "venture funding"? That's how projects turn to shit.

Why specifically venture funding?

I think something like https://bigtimelicense.com/ is a good start.

This is indeed interesting.

The historically 'good' open source companies like Sun got bought but the ones that weren't like Oracle. The selling support model alone does not seem evolutionarily fit for the market.

Now we have these VC-backed 'open source' companies that have a playbook wherein they appear open source at first. But when you dig deeper, you find that the heart of the thing is a closed binary.

The investors are going to want to be paid back somehow. And the business model of VC means that one of two things happens:

1. The company finds a way to 100x the return. Which, if you're a customer, might be a scary prospect.

2. The company makes an amount somewhat lower and, while it would be a good business for a non-VC company, they're considered a zombie by their investors. So, they are killed leaving you as a customer in a bad position.

I therefore trust non-VC backed companies substantially more to keep alignment with their customers long-term.

A workable model could be for instead companies that have legally-enforceable promise not to enshitify their closed sourced product. So that the product will always be aligned with the paying customer. The customer cannot be made the product at a future date.

I wonder if software really deserves its own economics.

If you haven't read Hal Varian's Information Rules, I highly recommend it. Check the publication date, then read it anyway, then reflect on the publication date when you're done. I found it very worthwhile.

Such a business model exists and it's extremely well proven, and it powers the majority of major open source software: build a proprietary product or service, and open source any component that is more of a cost than it is a unique selling point of your system.

Do you need a faster compiler, or a better OS, or some cluster operator just to get your widget factory working? Don't build those in house, instead find others with the same problems and create an open source project together to work on them.

But don't try to sell open source software. It's essentially impossible to do that, it has been tried time and time again and success is rare, and huge success is basically unheard of (RedHat being probably the one single exception).

You go homeless so Bezos can make his yacht a foot longer.

I find it amazing how much money is being spent to ensure open source code doesn't end up in the hands of users and how many people are blaming the ones trying to increase user freedom.

FLOSS-5: freedom to contribute 5% of profit if powering a cloud service.

Yep. Been wondering where this is headed with the recent YC batch posts claiming they are gonna be all opensource and make money on cloud offering

This is very good use case of micro-transactions. If AWS makes $100 off Redis, they should be pay back X% to Redis project, from which the money is distributed to contributors based on how important their contributions were. Also Redis project is also supposed to pay back to the software components and 3rd party libraries it uses, so C project gets a fair share of the pie contributed back to them as well.

Just because people want to make money off something doesn't neccesarily mean they deserve to.

I see more of a shift to open core.

Many large orgs just say no to viral licenses, and in choosing AGPL, you put blockers to adoption.

Open core releases some of the project under permissive license, and keeps some private or under a permissions license.

We are all still trying to figure out how we can have sustainable open source where people can be paid to work on it full time

The whole move to new "open-core" licenses started with the most famous (infamous?) AGPL project - MongoDB. The AGPL is not what companies like this want (Mongo, Elastic, Redis etc). They don't want AWS's code: AWS is already providing that. They want AWS to pay them royalties or stop competing.

some kind of GPL + no CLA = good. If you contribute to GPL Redis, the Redis company cannot relicense your work, because they own it as much as you do.

GPL + CLA = bad. If you contribute to GPL Redis and transfer the copyright to your contributions to the Redis company, they can switch to whatever license they want.

SSPL + no CLA = interesting, I would love to see the Redis company open source their hosting stack because they are accepting external contributions.

Absolutely! And the haters of that license either do not understand it or have their user-hostile intentions.

Or plan to make money with other people's love and free-time.

Let's replace a project that failed because of a CLA with another project that requires a CLA

No, it’s built using the .NET stack most Linux users won’t touch with a 20-ft pole.

To not support the FLUSHALL command suggests that Azure is the goal with the project.

Probably not, because it's new and incompatible with many Redis use cases (lua scripts, etc).

Article does mention it

Docker was only phased out in red hat distros because they don't like it and want to push Podman. Others still have docker packaged in their repos.

NB: Docker Engine is open source. (Docker Desktop is not.)

need to remove Redis from Fedora

I don't get it; does the new license prohibit it from being distributed thus, or is this a philosophical "need"?

OpenSearch infuriates me to no end.

It lacks so many improvements and advancements since the ancient version it was forked at, but because AWS already has an org's payments details, teams often refuse to look at Elasticsearch.

Even basic things like autocompleting queries have been WIP for half a decade now:

https://github.com/opendistro-for-elasticsearch/sample-code/...

https://github.com/opensearch-project/OpenSearch-Dashboards/...

The superiority AWS was slinging when they "bravely" took the mantle looks terrible in retrospect

I think the main issue is bait and switch. You start with a license, get lots of external contributors who are working for free, get ecosystem built around it for free and then change because you want to be paid.

I agree. People here always seem to react badly to companies that provide something for free and now want to make a bit of money. It’s weird because they themselves work in tech and have to earn a living to put food on the table. Having no way of making money isn’t sustainable.

My issue is the OSS contributors that were not paid for their work, but their work will be monetized now.

Then don't make an open source hobby if you want to pay the bills with it. Or accept you're going to have to be a consultant for the project to make $$. I don't expect jack shit back for my open source contributions nor do I care if Amazon uses it.

I'd love to be corrected here, but my understanding is that the enterprise support and pro features model can be a pretty good business.

Big deployments generally need really good support and help to overcome scaling challenges. Who better than the library maintainers to offer that, and your customers have deep pockets.

Then on top of that, you run a business which basically creates proprietary Pro and Enterprise versions of a product which has tooling to operate the project at scale or in high uptime environments.

Then you offer your own cloud versions of the product as well (which I think Redis has been doing).

But in none of these cases are you creating a disincentive for anybody to use/adopt your product. You're simply creating value around the pain points.

Am I right in understanding that the relicensing was possible because of the CLA, not just because of the BSD license? Would a permissively licensed project that didn't use a CLA be vulnerable in the same way?

The future is never guaranteed. Much less if you have no paid contract with the people building and maintaining the floor underneath your feet.

This article lists the other contenders for the title of new Redis, and I think Redict is going to be the least successful thanks to its founder, niche hosting site, and the hostile AGPL licence.

Redict is a Finished Product

I am keenly looking on to see if the people involved in Redict see it the same way. As a user of Redis, I would like to switch to one of these open-source forks, and to be honest one which is "done" and focused on maintenance, bug fixes etc. rather than new features sounds more attractive.

Wasn't AWS a major contributor to Redis? How are they "freeloading"?

Seems similar to what Elastic did few years ago [1]. I kinda understand their motivation. It's not theirs originally, but they had antirez working on it for 5 years as their employee. They are making some contributions [2], I wish GH had a way to see such an insight by company affiliation. On the other hand, AWS and likes can easily fork pre-license-change version and spin it into its own product. However, I am fairly certain that AWS Elasticache is already such a thing – their own fork that diverged enough from the upstream and they are not eager to share.

So I view it as every major cloud provider with redis offering has its own fork. Except that Redis Labs also owns the original name. But it can go on as a stand alone project, like MariDB was spawn off after MySQL acquisition by Oracle.

[1] https://news.ycombinator.com/item?id=25776657

[2] https://github.com/redis/redis/graphs/contributors?from=2019...

I agree with your points min general but want to share my experience and maybe some counterpoint.

Being a customer of the redis labs' hosted solution, we noticed several issues:

- RLs solution is way more cost effective than AWS's

- RLs solution is not even close to elasticache in its ability to scale

- when issues occur the organization internally moves incredibly slowly so simple issues can turn into prolonged outages

Moving to this licensing model will make it possible for them to better invest in these things. That said, given the quality of their offering and lack of investment in the actual redis platform, why would anyone continue to use redis after the license change? The cloud providers can fork off their own version and never look back!

I think they're shooting themselves in the foot here.

You're vastly overestimating how much companies want to pay for support.

How does this stop you from "getting Jeff'd", i.e. when AWS takes your own source code and competes with you?

KeyDB is flaky garbage

It's mentioned in the first paragraph of the article, and "KeyDB" is featured 14 more times throughout the rest of it.

Well, it's talked about lenghtly in the article.

Dragonfly isn't open source nor free software. Rather a pointless switch if you ask me.

Yeah but if you’re going to the trouble of switching, probably pick something that actually outperforms Redis/Redis Cluster. Which basically leaves you with Garnet.

Redict is a pointless endeavor. Just stick with Redis 7.2 before the licensing change. Maybe change the binary name if it makes folks feel better.

DragonflyDB doesn't have a better licensing situation.

Isn't that what redict is?

hear hear.

I think it's rather features were added to Redis out of the experience and craft, not just to "lure future users into a pit", I doubt antirez would have that in mind.

But I think you described right the social behaviors of certain/common types of users.

Nothing wrong with Memcached but at high loads weird issues will crop up with it too and if you don't have an understanding of how slabs work in Memcached (I doubt your average dev does) you are going to have a hard time reasoning with it as well. Eventually someone will say "why didn't you just use redis for caching?".

Redis is a very useful tool. You shouldn't blame the tool if people can't be bothered to use it properly!

You are presuming everyone has the same needs as you had when assessing Redis, which is a bit naive, if I may share my opinion.

Actually you want a ConcurrentDictionary, but that still wouldn’t provide you with a cluster across instances.

https://learn.microsoft.com/en-us/dotnet/standard/collection...

And here is an interesting conversation when Binbin came to the Kvrocks community: https://github.com/apache/kvrocks/pull/1581#issuecomment-163...

* Me: @enjoy-binbin Out of curiosity, do you have a fuzzer to test out Kvrocks? Your recent great fixes seem like a combo rather than random findings :D

* Binbin: They were actually random findings.I may be sensitive to this, doing code review and found them (also based on my familiarity with redis)

Why is that interesting?

Am I insane or can't a company just fork it from before the license change?

The article mentions half a dozen such forks. So not insane, maybe just a bit lazy ;).

The question - just like always in cases like this - is which forks will get long-term support. So just like with Terraform, it's probably a good option to stay on the last open source Redis version and wait to see how things shake out, assuming that there are no critical security vulnerabilities in that version of Redis. Alternatively, be prepared to jump around between a few forks if one turns into a dead end. Or move to something else altogether, but that's a much bigger undertaking.

There is also Valkey, a fork from just before the change backed by AWS, Google, Oracle who are paying a few former core devs

https://github.com/valkey-io/valkey

And not to forget Redict, also a fork, that is maintained by drew devault

https://codeberg.org/redict/redict

Why?

Are there even any non-VC-backed companies with those issues? Whenever this drama and forking happens, it seems to be venture capital.