Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Career Skills|Microsoft Azure|MJF Chat|open source|Podcasts|Uncategorized|Windows Client OS

MJFChat: How and Why Microsoft is Backing Open Source

 

We’re doing a twice-monthly interview show on Petri.com that is dedicated to covering topics of interest to our tech-professional audience. We have branded this show “MJFChat.”

In my role as Petri’s Community Magnate, I will be interviewing a variety of IT-savvy technology folks. Some of these will be Petri contributors; some will be tech-company employees; some will be IT pros. We will be tackling various subject areas in the form of 30-minute audio interviews. I will be asking the questions, the bulk of which we’re hoping will come from you, our Petri.com community of readers.

Readers can submit questions via Twitter, Instagram, Facebook and/or LinkedIn using the #AskMJF hashtag. Once the interviews are completed, we will post the audio and associated transcript in the forums for readers to digest at their leisure. (By the way, did you know MJFChats are now available in podcast form? Go here for MJF Chat on Spotify; here for Apple Podcasts on iTunes; and here for Google Play.)

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

Our latest MJFChat is all about how and why Microsoft is backing open source. My special guest is Tom Kerkhove, Azure Architect and Containerization Practice lead with Codit. Tom also is a Microsoft MVP, the maintainer of several OSS project such as KEDA, a GitHub Star and CNCF Ambassador, among other things.

Tom has written a series of blog posts about Microsoft’s open source journey. In this episode, he talks about his thoughts on how Microsoft has evolved its thinking about open source. He also shares tips and tricks for open source maintainers, based on his own experience. Plus, he answers a number of reader and listener questions.

If you know someone you’d like to see interviewed on the MJFChat show, including yourself, just Tweet to me or drop me a line. (Let me know why you think this person would be an awesome guest and what topics you’d like to see covered.) We’ll take things from there…

Mary Jo Foley:
Hi, you’re listening to Petri.com’s MJF Chat Show. I am Mary Jo Foley, AKA your Petri.com community magnate, and I am here to interview tech industry experts about various topics that you, our readers and our listeners want to know about. Today’s MJF Chat is going to be focused on how and why Microsoft is backing open source. A very interesting and maybe controversial topic. But I have the perfect person to talk about this, my special guest is Tom Kerkhove. He is an Azure Architect and Containerization Practice Lead with Codit. He also is a Microsoft MVP, the maintainer of several open source projects, such as KEDA, a GitHub star, and a CNCF ambassador among other things. That’s quite the resume, Tom. Thank you very much for doing this chat with me.

Tom Kerkhove:
Thank you very much for having me.

Mary Jo Foley:
Yeah. I’m excited about this topic because it’s a giant one. I mean, we could talk over a whole bunch of series of blogs and podcasts about this. And in fact, I should mention, before we start, Tom did a really excellent series on his own blog, which is blog.tomkerkhove.be about Microsoft and open source. So if this is a topic you care about you should go check out his blog posts. He wrote about Microsoft’s open source journey, about Azure and open source, and even how Microsoft’s giving back to the community. So Tom, to start, I take it after reading those posts that you really do believe that Microsoft has changed from the battle days when some of its leadership called Linux a cancer. So I’m curious why you think Microsoft changed? Was it just out of necessity to stay competitive or do you think there were more things at work here?

Tom Kerkhove:
I think it’s definitely because of the necessity, because in the end they need to make money and there’s a lot of computes for Linux. So once they started embracing Linux on Azure, I think it fairly quickly skyrocketed. And I think nowadays Linux is more than half of the whole consumption of the Azure CPU. So I think that’s one, but I think another one is also that they are putting the customers first now in the sense that they want to help their customers be successful at running what they need. If it’s Windows, if it’s Linux, if it’s any open source product, basically they make it easier for you to do that on Azure. And you can see all the major open source products now becoming a true path instead of you having to run it yourself. And that’s the big shift that I’ve seen over the last years.

Mary Jo Foley:
They’ve also hired a lot of pretty well-known people from the open source community to work at Microsoft too. So I’m sure that’s influencing things as well. All right, I’m going to just dive into reader and listener questions because when I posted this on Twitter, we got a lot of people chiming in with questions for you. And it’s an interesting mix. Some questions about your expertise in maintaining OSS projects and some more about your views on Microsoft. So let’s start out with Khalid’s question, he said open source means many things to many different people, given its evolution over the decades. What’s your personal definition of OSS? And do you believe that your definition is the same one that Microsoft uses and operates under? And if so, why? And if not, why not? That’s a big one to start.

Tom Kerkhove:
There will always be different definitions, but mine basically is let’s build open software together as a community and collaborate to fix the problems that we have as an industry. Does Microsoft have the same one? I would say the typical consultant answer, it depends. Based on the teams and the products, I would say some do and some don’t. You can see all the, really being part of the community, be open while all the products are open source technologies are more like, let’s just push a code publicly, but that’s about it. We’re not really open to any collaboration because this is how we do it, take it or leave it. The last part is definitely not what I like, but it happens. So you have to focus on the ones where you can help as a community. There’s a lot of them. But for example, in the cloud native space, Azure Functions is also open source where you can collaborate and contribute features to, which I did as well. But of course it’s an Azure, well, Microsoft product, you will not be able to change the whole vision of the product itself, but you can help make it improve. And Dapr is also a recent one, which is a good example of the community picking it up and increasing the added value there.

Mary Jo Foley:
Yeah, it sounds like it’s, if you’re somebody who comes in thinking I can redo Microsoft’s strategy or vision for a product, you’re going to be disappointed. Right? And if you are more like you’re saying you know, someone who thinks they can contribute and help steer it a little bit, you might feel better about contributing. Right?

Tom Kerkhove:
Exactly.

Mary Jo Foley:
Ok, now we have a question from someone, I think you know, Maarten Balliauw, I’m sure I’m doing a terrible job on his last name. He asked if there is one thing in the Microsoft OSS strategy that you would change, what would it be and why? That’s a loaded question, but an interesting one.

Tom Kerkhove:
Yes. Again, it depends on the teams. But I would say that Microsoft could do a better job at supporting open source projects as a whole. And by doing that maybe avoid reinventing the wheel sometimes. For example, I have an open source project and it integrates with Azure. I extend Azure. So they give me Azure sponsorship through credits, but why am I an exception to this, for example. Why is there no open source program for Azure where maintainers can apply and get credits as well? So that would be one thing, because in the end we help improve Azure by doing so. The other one is the .NET space, there have been some cases where Microsoft is reinventing the wheel and while I think it makes sense from a Microsoft perspective, it’s not that nice to the whole community.

Tom Kerkhove:
For example, Newtonsoft’s Json is, I think it’s package number one in NuGet.org. But instead they wrote their own Json library, which is now part of the .NET framework which is good. But now everybody has to move over one. Instead why don’t you fully rely on the .NET foundation project that is already there. There’s another one, like IdentityServer had a big fire because it was not sustainable, because organizations were not supporting them well. So they decided we need to go with a paid model to keep on supporting and building this product. And I fully agree with them. While instead, maybe Microsoft could have done a better job in supporting that open source product because they already recommended it. So why not see how it can be helped more? That was also a .NET Foundation approach. Well, it still is, but I think there’s a lot of room for improvement there. Obviously. It’s not that simple. But yeah, I would try to improve that a bit. And I also think you would really like, Maarten because he likes a lot of beer as well, so maybe you should meet him.

Mary Jo Foley:
I think I need to meet him then for sure.

Tom Kerkhove:
Yeah.

Mary Jo Foley:
Okay. Now we have a question about open source maintainers from BaskarRao on Twitter. He asked what would be the steps recommended to maintainers so that they don’t feel burnout due to financial stress and eventually the product can stay open source.

Tom Kerkhove:
Yeah, that brings me to my new blog series. So I’ll be writing about my adventures as a maintainer.

Mary Jo Foley:
Oh neat.

Tom Kerkhove:
But I can already spill the beans a bit. If it’s a free open source project, then what I’m doing is, don’t give any guarantees because they’re not paying, so why should they be the boss of you?

Mary Jo Foley:
Right.

Tom Kerkhove:
Because if that happens, then you will indeed have a burnout. So don’t let that happen. Set the right expectations, ensure that you have the documentation about your support model about your licensing. And if somebody requests a feature, I always ask, are you willing to contribute this, so that you can guide them. And maybe they can start contributing more and more because in the end, if you’re the sole maintainer, then that’s not sustainable. You might be very enthusiastic about it, but at some time, at one point you’ll hit that wall.

Tom Kerkhove:
And then you’ll either stop the whole project and nobody will win from that or you will decrease. And I think that’s the only way to do that. In terms of the financial perspective, you could use something like GitHub sponsors, so that people can sponsor you. But that’s a bit of another thing we need to fix as an industry. It’s mainly individuals sponsoring other maintainers and not organizations. And it’s really the organizations that we need to get on board, because then the end if they use open source and it becomes unmaintained, the cost of that is a lot higher than just donating back to those projects. It’s a bit of a problem.

Mary Jo Foley:
Yeah, I was going to say, aren’t there some companies now, some of the bigger tech companies who are actually doing like executive sponsorships of OSS projects? Microsoft might even be doing that, right?

Tom Kerkhove:
Yeah, Microsoft has a free and open source fund actually. So every month they give, I think it was 10K to a single project and all the employees can vote on what that project should be. While I really liked that idea, I think that is mainly going to be targeted at the bigger projects because they are more well known, which is also very fine. But if you’re a smaller project you will have less chance. But that also makes sense on the other side.

Mary Jo Foley:
That’s true.

Tom Kerkhove:
But at least they’re already doing that as a first step. Who knows, they will maybe split the 10K into twice 5k a month, so they can have more support. Who knows?

Mary Jo Foley:
Another related question to this, from Khalid again, is he asked about how do big companies like Microsoft and I’d put Oracle in here too, maybe Salesforce, a few, other of the big ones, refrain from hurting smaller OSS projects that they become a part of? So sometimes, you know, these big companies, they come in to an existing OSS projects and a lot of the people who are already part of it feel like they are basically cannibalizing it and taking it for themselves. So are there any mechanisms that are in place that can stop this from happening?

Tom Kerkhove:
Looking at it from a KEDA perspective, I would say that the CNCF or any foundation helps there because they help you with everything around the project itself, making sure that not one party can take ownership of the whole project or so. So basically you’re making sure you’re more vendor neutral, make sure you have that governance around it. Of course, that’s something that has to grow. And that’s more for bigger projects. In terms of smaller projects I think that’s sometimes a bit harder to avoid.

Mary Jo Foley:
Yeah, I know. I know there’ve been a number of open source projects where people felt like they put a lot of time and effort into it and then it kind of spun out of their control. And then it felt like the bigger companies were using that as a basis for, in some cases, even a commercial project, right? Or a product.

Tom Kerkhove:
Yeah. And that’s a bit of a pity, which brings us back to support projects in any way you can. Either through contributions through donations or something else. But yeah, if a big corporation suddenly starts using a project and contribute, it also brings a lot of overhead because you as a maintainer need to review everything, reply to everything. So there’s a lot of work there. So yeah, I don’t have a silver bullet for that, but I would say communicate and see what the options are.

Mary Jo Foley:
That’s good. Okay. Here’s the flip side question from Khalid. Khalid had a lot of questions, but they’re all good ones. He wanted to know how do you trust that organizations won’t abandon an OSS project when it’s no longer in their best interest or it’s counter to their business goals? And he said it as an aside, after all Microsoft is a publicly traded company and it has a fiduciary responsibility to its shareholders. So I don’t know if he’s thinking of a specific case where Microsoft abandoned something that was open source. But do you have any guidance or thoughts on how you can kind of hedge your bets on that kind of a situation?

Tom Kerkhove:
Well, I think the question actually applies, so there’s two types of open source, in my opinion. One is organization sponsored open source. So a company invests money so that developers start making products open source, for example. And you also have the individual open source projects where one person does it as a side project or maybe in his free time. And I think the question actually applies to both. Either an organization can abandon it because it’s not of their interest anymore, or the individual can lose interest or can get burned out. And then you have an unmaintained project. So I think that you have risks in both scenarios. And I think that’s maybe the beauty of open source because if somebody abandons the project, you can still work it and continue on your own or internal or wherever. While if this would be a closed source project and they abandoned it, it’s abandoned.

Tom Kerkhove:
There’s no future, right? You have the URL dead end. But with open source, if you have the capacity, of course, you can extend it yourself. Of course, if it is part of a foundation and you have multiple organizations already investing in it, it’s a bit of a different story. But if it’s just one, one organization you can still work and continue, but of course it is a big risk. But yeah, you have to make the equation, what’s the biggest risk? Is the biggest risk that they abandoned something that fixes my problem, or should I, as a company reinvent the wheel because we will then understand what it does.

Mary Jo Foley:
Yeah. That’s a tricky one for sure. Okay, I have a couple questions of my own I’d like to ask, while I have you here as a captive audience. One is, I don’t know if you remember this, but it was several years ago and Mark Russinovich, who’s the CTO of Azure said, I think it was on Twitter that Microsoft, because of how things were changing so quickly, could even one day open source Windows and people flipped out, as I recall. Like, wait, what is he kidding? Is he serious? I’m curious, do you think they ever really could or what would stop them from doing it and if they did, who would benefit from that?

Tom Kerkhove:
Yeah, I think the biggest question is the last part who would benefit from it? So it would certainly be a publicity stunt, right? So journalists would love that.

Mary Jo Foley:
You’d have to clean up the code first. Right?

Tom Kerkhove:
That was going to be my point. There’s a lot of legacy in there. So that would be a huge investment to clean it up, but what’s the added value?

Mary Jo Foley:
Right.

Tom Kerkhove:
Also from a security perspective it’s a double edged sword. So one is hackers could more easily find vulnerabilities, but on the flip side, Linux is open source as well. So the typical thing with open source projects is that security improves over time because the community makes it better. But with Windows, I’m just not sure because there’s not much added value. And if you have a look at Windows 11 now where they’re changing a lot of things and everything was still on the wraps, nobody knew what was coming. That also has benefits and they have everything under control. So I’m not sure this will ever happen and what the reasoning would be. If it would ever happen, it’s maybe because they see less investment in Windows and they want to start giving control to the community so that they could eventually abandon it. But I don’t see that happening soon.

Mary Jo Foley:
I don’t either, especially with Windows, like you said, Windows 11, just coming out. And there’s a lot of new levels of security baked into that which have been the source of complaints so far by some legacy users. But yeah, how do you disentangle that from the actual core of the operating system, right?

Tom Kerkhove:
Yep, exactly.

Mary Jo Foley:
Okay. And then I have, I have a question for you about are there any like one or two things you would say your biggest surprises about Microsoft and open source because you’ve been watching them for a while. You’ve seen them along this journey, make a lot of twists and turns and good moves and maybe some mistakes. Was there anything that really surprised you either positively or negatively about what they’ve been doing with open source?

Tom Kerkhove:
There’s not one thing that I can pinpoint other than maybe them buying GitHub. I didn’t see that one coming. But in hindsight I think that was a very good move.

Mary Jo Foley:
Me too, I do.

Tom Kerkhove:
To nurture the open source community the godfather of it, let’s say. But I think the shift that we discussed from Linux is a cancer, to where we are today is really interesting. How the company transformed over those years and actually on GitHub, there’s a nice timeline of everything that Microsoft did. But just all the various foundations that they started or co-funded, how they adopted Linux, how .NET became open source and all the people they hired and the companies they acquired. Just to name a few, but like Brendan Burns, Miguel de Icaza, Ned Friedman, Scott Hanselman, then the whole Deis acquisition with all the folks that are now contributing to the CNCF. That’s really big in my opinion. And that really changed how, how Azure has been transforming in the last couple of years with Kubernetes as well. So yeah, I think they are on a good track there. In terms of not itself, I think there are sometimes some discussions in terms of the.net foundation, how that one is being governed and the foundation itself. And of course there’s room for improvements, but I think they’re improving a lot over time.

Tom Kerkhove:
Of course there was the big debate with the Windows Package Manager and AppGet, a pity. You should retail that

Mary Jo Foley:
You should retell. tRetail that for people who don’t remember what happened, if you don’t mind

Tom Kerkhove:
I don’t recall the whole story. But before they started Windows Package Manager, there was a tool called AppGet and there are other ones like Chocolatey, for example, that already do what Windows Package Manager did. And they started talking to the maintainer of AppGet to see if they can collaborate, if they could hire him or whatever. They started the discussions, and then eventually it stopped. And then after a couple of months they announced Windows Package Manager, which was not an exact copy, but very, very similar, and was a bit of a pity because yeah. Instead of collaborating with the maintainer, they just somewhat reinvented the wheel. And I think at that time they didn’t give the attribution which was even worse, in my opinion. If we could avoid those things more in the future, that would be really great.

Mary Jo Foley:
And they kind of came back and fixed that right? As I recall. Did they even hire the guy? I couldn’t remember if they hired the guy.

Tom Kerkhove:
I don’t know.

Mary Jo Foley:
Yeah. But at least they did come back and give him credit, as I recall. So, you know, it’s like Microsoft likes to say to us journalists, it’s a journey. They love to tell us that. And I think for them with open source, it’s also been a journey, right? Like sometimes they make mistakes. Sometimes they do amazing things, like buying GitHub. And it’s, I don’t feel it’s like one step forward, two steps back. I don’t feel like that. But you know, I think the good part is it feels like when they do make a mistake these days, they at least acknowledge it.

Tom Kerkhove:
Yeah. And that’s a big one, learn from your mistakes. And of course there are other companies doing a better job at open source, but if you come from the Lunux is cancer to today, I think they’re doing good job. And I also look at AWS, for example, in the cloud native space, I think Microsoft does a lot better because they actively contribute back. They invest in the community. And AWS does not, for example. Or does a lot less. So yeah, I’m not complaining, of course it can always be better.

Mary Jo Foley:
Who do you think does a good job? Like you just said that, I mean, do you consider Google, especially what they do in the cloud is doing a better job? Or who are you thinking of when you say there are people who do better?

Tom Kerkhove:
There are so many companies.

Mary Jo Foley:
I mean, smaller companies definitely, right? And people who grew up as open source vendors for sure, right?

Tom Kerkhove:
Yeah. But for example, Red Hat is a big one, of course. Which got acquired by Oracle, I think? Was it Oracle? Yeah.

Mary Jo Foley:
I think it was IBM. Was it?

Tom Kerkhove:
Or IBM I don’t recall.

Mary Jo Foley:
Yeah. I know. And it’s good that Microsoft has has been working with them right on a lot of different partnership fronts with Red Hat. That’s been positive, I think for the community.

Tom Kerkhove:
So for example, KEDA was initially started by Microsoft and Red Hat, and then they donated that to CNCF to become more vendor neutral. But you can clearly see that both of them want to fix this gap in the Kubernetes space, of course Azure benefits from this with Azure Functions, for example. But as a customer, I don’t really care as long as that fixes my problem. I’m okay with that. And that’s the beauty, because in the end you need to benefit from all your investments. Right?

Mary Jo Foley:
Right.

Tom Kerkhove:
So that’s fine for me.

Mary Jo Foley:
Okay. To close out this, because we’re running out of time here. Could you just give a quick brief definition of KEDA? We’ve been saying KEDA, but I figure not everybody knows what KEDA is.

Tom Kerkhove:
Yeah. sorry. So KEDA stands for Kubernetes Event Driven Auto-scaling and basically we aim to make Kubernetes application auto-scaling that simple so that a non Kubernetes experts can even use Kubernetes and make it simple for them.

Mary Jo Foley:
Nice. And CNCF is the Cloud Native Computing Foundation, right?

Tom Kerkhove:
Yes, that is correct.

Mary Jo Foley:
Okay. Yeah. Just, there’s so many acronyms in the open source world. I’m pretty good on the Microsoft ones, but now there’s a whole other set I need to remember and understand.

Tom Kerkhove:
Once you go into the container and Kubernetes world, it’s a brave new world. You’ll learn a lot of new stuff.

Mary Jo Foley:
I know. I know.

Tom Kerkhove:
Which can be overwhelming.

Mary Jo Foley:
I’m sure. Well, thanks, Tom. This has been really good. It’s great to know that you’re keeping tabs on what’s going on with Microsoft and open source. So whenever I have a question, I have the right person to ask.

Tom Kerkhove:
Uh-oh. No, it’s my pleasure. Thank you very much.

Mary Jo Foley:
Great. And for everyone else, who’s listening right now to this or who is reading the transcript. I’ll be putting up information soon about who my next guest is going to be. And once you see that you can submit questions directly on Twitter all week, just like people did for Tom this week using the #MJFChat. And in the meantime, if you know of anyone else or even yourself who might make a good guest for one of these kinds of MJF Chats, please don’t hesitate to drop me a note. Thank you very much.

 

Listen now and subscribe on

Also On: RSS |

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: