HackerTrans
TopNewTrendsCommentsPastAskShowJobs

graphex

no profile record

comments

graphex
·قبل 4 سنوات·discuss
The insane cost of licensing, and the speed of this change makes it plain in my mind that Akka is a ransom note with the first CVE that is discovered, and a poison pill for any smaller company hoping to get investment or acquisition. These seem like the actions of private equity trying to get a quick buck prior to liquidation. I think Bonér should be ashamed of himself.
graphex
·قبل 4 سنوات·discuss
I contributed a bit to Akka over the years, both in terms of commits (nothing huge but a few here and there) and in terms of community building. I introduced a number of developers to the Actor Model and did several presentations on how cool Akka Streams was, to several hundred people. I'm not "akka royalty" but I _was_ an Akka proponent. I definitely consider this a big middle finger and am pretty sad about what I and others are being forced to do as a result of this.

I don't care to debate open source or license changes, I care mostly about the developers this affects. I care about the people who I got excited about using the actor model with Akka now having to put in a serious amount of effort to rip it out. Mostly these people are at places I no longer work and just inherited codebases where akka happened to win the particular decision on the project. In most of those projects, it could just as easily have been Spring, or Dropwizard, or Kafka Streams, or dozens of other libraries and frameworks.

For those of you who work for companies that don't have over $25m in revenue, please never choose Akka. A company looking to acquire your company is going to do their due diligence looking for poison pills, and Akka became one of those today. For those of you who work for companies making over $25m in revenue, you probably know that the way scaling works, your company is very likely to have a loss rather than a profit. You're also likely to have lots of people in accounting, and requisition, and many levels of management, and not a single one of them will ever consider $2k per vCPU for even a second.

Most companies that have that much revenue are building on pretty rough margins that have gotten a lot rougher this year, and the expectation from the market is to start showing a profit right away. Many companies are finding smaller margins at the same time, and working with a scale of many tens of thousands of vCPUs running in cloud environments, earning only a small amount above the opEx (or maybe even below) of the cloud bill.

These companies are also likely to have to follow regulations like SOC2 or SOX, and have requirements for patching CVEs, so it isn't an option to just keep the same version of Akka once a CVE has been discovered. This is particularly true if you're using akka-http as those servers might be handling traffic that isn't even going through a WAF. Developers in this situation are going to be absolutely screwed. There's no way the company will justify a license that costs more than the physical hardware something is running on, but there is no way they can just not upgrade, either. Maybe the company decides that it'll license, and only have to lay off 50 people as a result. Maybe the company decides it'll fork and 5 people have to maintain that fork until the company can migrate to something else. I know if I were one of those people, I'd quit. I think the best scenario here is to just drop everything you were doing, and either rewrite your akka components or try to swap in something like ZIO and hope you can complete the project before a big CVE hits.

And if a >8 CVE does hit Akka soon, maybe that would be a good thing, as it might foster the creation of one particular fork that could actually gain traction, rather than a diffuse set of hundreds of forks that never gain critical mass.