Posted by thunderbong 10/23/2024
And syslog/syslogng are also problematic to ingest.
On our part OpenObserve offers free SSO on our cloud service to anyone and Free SSO for anyone using enterprise version if they ingest under 200 GB/Day (6 TB/Month).
Slight clarification here. Might not apply in OpenObservability's case but might help others on their journey to enterprise sales with their projects.
Those are typically conversations with managers holding $X purchasing authority, typically like $500K for a US director'ish level, within multi-billion dollar companies. These managers usually aren't averse to spending on open source projects. They're averse to cutting a check not tied to a support contract with responsive, polite, helpful support with published support policies at 0300h local time on a break-fix line with 75 other people from other support teams in the company watching. A surprising number of open source projects won't offer that guarantee, and instead only offer the option to "donate" with vague promises of priority support. More projects are getting better at this more recently, but it takes a surprising amount of red tape to onboard as a vendor into these organizations, and a lot of open source teams don't have the appetite for putting up with that.
Until kind of recently, the conversation switching to the SSO Tax is really about accessing that level of guaranteed support delivery.
Not all managers are averse to paying, but many are. I have had discussions with Director/Sr. Director and VP level folks in these companies. I have been paid and I have been denied.
Our biggest customer is a fortune 10 company and we are able to offer the kind of support that they need. It indeed takes a lot to provide that kind of support, though, and would be difficult for most small open source projects to do.
Most people who put out open source software don't really want to accept useful PRs (which implement OpenID) rather just want free distribution.
By charging for valuable, differentiated features.
Not by charging for undifferentiated, standardized, secure authentication.
They're entitled to their business model. They're not entitled to it working. They're not entitled to someone figuring out a business model for them if people don't like it.
By not offering that in a self-hosted open source version where the maintenance is delegated to the user turns this to a naked cash grab.
but that last 5% will relentlessly bleed your will to live out of you. Oauth is a massive mess that necessitates libraries with custom tweaks for hundreds of providers, SAML exists but only aging or over-sized B2B touches it so you now have obtuse B2B customers demanding you Address and Attest To Compliance With unrelated PHP CVEs for a Linux distro that's a decade older than the ancient long-term-support version your company started under, plus you're a Ruby shop so wtf even, and...
Yeah I've been there.
If you can tell B2B to fuck off, it's legitimately easy. If you're running a business around it, they're your major sources of income, you're taken along for their ride and it has absolutely no reason to be Ride-able like that but this is the designed-by-committee world we live in now.
Not all products have other good features to use for price discrimination, so I have some sympathy for vendors here, but I think it often indicates laziness in thinking about what they can use to do the necessary price discrimination.
This should cover all companies with 10 developers.
Edit: People here do get what you're saying - "This is the only way we can force some users to pay". What you're not hearing is "Either don't call out your software as FOSS, or if you do, figure out ways of price discriminating without hurting security for FOSS users."