| ▲ | asmor 5 days ago |
| > However, in order to sustain and support the dedicated team of engineers who maintain and build new charts and images, a subscription will be required if an organization needs the images and charts built and hosted in an OCI registry for them. This is such a naive take. Bitnami images were a sign of goodwill, a foot in the door at places were the hardened images were actually needed. They just couldn't compete with the better options on the market. This isn't a way to fix it, it's extortion. This is the same thing Terraform Cloud did, and I don't think that product is doing so hot. > Essentially, Bitnami has been the Jenkins of the internet for many years, but this has become unsustainable. It's other people's software, so it's very rich of Bitnami to accuse anyone of freeloading when their only contribution is adding config options to software that maybe corresponds to a level 2 on the OperatorFramework capability scale[1] - usually more of a 1. [1]: https://operatorframework.io/operator-capabilities/ |
|
| ▲ | darkwater 5 days ago | parent | next [-] |
| > It's other people's software, so it's very rich of Bitnami to accuse anyone of freeloading when their only contribution is adding config options to software I'm not going to defend a corporation but this sentence feels very entitled. They were providing it for free, you could use it. They are not going to provide it for free anymore, you migrate to something else or self-maintain it and say "thank you for the base work you did I can use now" |
| |
| ▲ | ownagefool 5 days ago | parent | next [-] | | Aye, It's a bit like saying you can't sell your code, because you wrote it in someone elses software. Writing a decent Dockerfile isn't hard, and keeping it maintained and working with new versions is still work and it's past the wheelhouse of very many people. It's entirely reasonable to want paid for that effort. That said, it's not work I personally value enough to put my hand in my pocket, and that's a fair take too. | |
| ▲ | patmcc 4 days ago | parent | prev | next [-] | | I think it's perfectly fair for them to say "we're not doing this any more". The sketchy part is deleting the public registry at docker.io/bitnami rather than just no longer updating it. Why can't docker.io/bitnami become the 'legacy' registry, receive no future updates, so at least folks who don't hear this news won't have pulls suddenly fail? edit: like if I have a package on NPM and I want to stop offering it, I think it's shitty to just delete it. That breaks builds. | |
| ▲ | throw__away7391 5 days ago | parent | prev | next [-] | | When a project is abandoned, when updates are slow, when features people want are not being released, when tracking upstream dependency updates are delayed, sure, you are not entitled to anything and I’ll be the first one to say get off your butt and contribute. In the other hand when you engage with the community for years under an OSS/free context then once the community has invested in your project, learning it, creating learning resources for it, integrating it into their own projects, and you never communicated your intention to “wait until it gets big then then pull the rug” it feels like a disingenuous bait and switch. The reason it feels that way is because it is a disingenuous bait and switch. This is even more so the case when you built your project on top of other projects. I have no problem using a paid product or service or paying for support on a OSS product, but will never pay one of these bait and switch scams a dime, no matter how much engineering effort it takes. | | |
| ▲ | darkwater 5 days ago | parent | next [-] | | I understand the sentiment and where it comes from, and I'm not saying it's a good decision from Broadcom (I think it is a bad one indeed!). But still, this risk is part of the game. Even if it was full opensource and with a broad community, it was still a single vendor, not even a non-profit umbrella like the Apache or Linux Foundation. So, the risk of trusting a single vendor was there. The good thing of it being opensource is that someone else (company, community, foundation or whatever) can step in, fork it, and maintain it from now on, unlike what happens with proprietary software or SaaS. | |
| ▲ | chris_wot 4 days ago | parent | prev [-] | | It’s Broadcom. Don’t use anything from them unless you can’t avoid it. Same applies to Oracle. | | |
| ▲ | spydum 4 days ago | parent [-] | | The problem is when they acquire software or services you have dependended on for decades, hard to change some of that stuff. However, I agree: if this does happen to you, move very fast to put some distance between you and this company. They will bleed you. |
|
| |
| ▲ | cthor 5 days ago | parent | prev [-] | | Vendor lock-in is a thing. Switching costs are a thing. They know this. That's the whole business model. They're expecting that the cost of switching to outweigh the cost of the subscription. I get that this business model is fashionable amongst wannabe rent-seekers, but it's still antisocial and should be shunned. | | |
| ▲ | darkwater 5 days ago | parent | next [-] | | Evaluating the risks of vendor lock-in is a buyer's task, unless it is a protected market or there is a monopoly abuse involved. In this case, nobody forced (generic) you to use Bitnami's Docker images, you probably just thought "how convenient, always updated and easy to pull, one less thing to worry about". Which is fine, but it's always a bet on what will happen in the future. | | |
| ▲ | cthor 5 days ago | parent [-] | | Yes, yes. And a person who's pick-pocketed may well do better to protect their pockets. This does not absolve the thief. Reasonable people can disagree about the degree to which vendor lock-in is antisocial or the degree to which there even is vendor lock-in here. But telling victims of such behavior to just suck it up and price it in only serves to distract from and abet actors abusing positions of power to rent seek and create low trust environments. It's not a systemic solution and it's not a serious engagement with the criticism levied. | | |
| ▲ | darkwater 4 days ago | parent [-] | | > Yes, yes. And a person who's pick-pocketed may well do better to protect their pockets. This does not absolve the thief. Freedom of roaming without having to worry about pickpockets it's one thing. Deciding that you go with the opensource offering of a company because it's convenient for you is another.
I know it's just one example but the entitlement here is _the key_. You are entitled to go to whatever zone of a city and it's not right to blame the victim in that case. You are not entitled to have part of the business decisions of a company you were a "client" without paying a dime or signing any binding contract.
You would be entitled to that if they were breaking some opensource license, for example. | | |
| ▲ | cthor 4 days ago | parent [-] | | Just because you want that to be "the key" doesn't make it so. You make that your singular focus and you let antisocial behaviour off the hook. That is your prerogative. For me, the key is the bait and switch. It's like a drug dealer offering first time customers a discount. It's a good business strategy to get people hooked. Very enterprising. Nonetheless, I would prefer a society without such behaviour. | | |
| ▲ | geodel 4 days ago | parent [-] | | You mean society where I can benefit at cost of other party indefinitely but when other try to stop I berate them for changing conditions which benefited me. | | |
| ▲ | pas 3 days ago | parent [-] | | So if you put up a bridge, people start using it, and you one day realize it's too much work to maintain, then it maybe the responsible thing would be to engage with the community, maybe someone will step up to maintain it, not to just blow it up one day without not much of a warning. Sure, in this case the bridge is still there, and it started as a toll-bridge with free lanes. Now the free lanes are closing. Crying orphans will be stranded on one side and their mothers bereaved on the other side, corporations will starve without new updates, millions of innocent businesses will wither away all because *they* closed the free lane without a consultation first, and with just one month notice. A total cybercide. ... OSI licenses should come with indicators to signal affiliations with a preferred theory of justice, so when the eventual grievance event triggers people will have the correct framing at hand. ... Anyway, as always, https://www.broadcom.com/company/corporate-responsibility is pretty clear on the matter! |
|
|
|
|
| |
| ▲ | coredog64 4 days ago | parent | prev | next [-] | | This is not rent-seeking: Rent-seeking is leveraging your position to garner economic rents, like putting a toll gate across a highway in which the only value received for the toll is the opening of the gate. Rent-seeking would be Broadcom saying that you must run a Bitnami image in CloudFoundry or pay a penalty for not doing so. They are in fact doing some work here. We may disagree on whether or not they're being compensated fairly for that work, but that disagreement doesn't turn this into "rent-seeking" | | |
| ▲ | asmor 4 days ago | parent | next [-] | | The penalty is the work of migrating away and redoing any integration work on a month's notice. That might seem trivial to a small deployment, but I know some people that use these images everywhere, including in places that aren't immediately obvious. | | |
| ▲ | natebc 4 days ago | parent [-] | | Not to mention a lot of people that are going do be doing this work are the same people also spending the year swapping out hypervisors which is also no small task. Maybe it's just me? |
| |
| ▲ | pas 3 days ago | parent | prev [-] | | People got used to using a highway that was free. They started doing business moving freight there, or taking jobs and commuting on that nice fast convenient road, and ... now suddenly there's a gate. Note, the work gets done anyway. The highway is still there. (And marginal cost of more people using it is ... low.) That said, it's a matter of definition. Usually rent-seeking refers to manipulating public rules, public spending, etc. Here that seems close to impossible. (Broadcom exploit their vendor lock-in business position as much as they want, it's a purely private arrangement, no one is and no one was forced to start using Broadcom's shit.) ... That said 2.0, rent in "rent-seeking" refers to a part of income (based on Adam Smith's division of income into profit, wage, and economic rent). Where economic rent is payment gained that's not justified by natural costs and market forces. (Of course, good luck coming up with a reliable model for this.) ... However, here it seems we do know how to come up with the right numbers for profit and rent. Profit was what they were earning before and now ... any extra income is rent that they get by putting the gate down on the free lanes. (And, of course, as people will migrate away we'll see this rent decrease, likely substantially.) |
| |
| ▲ | 4 days ago | parent | prev [-] | | [deleted] |
|
|
|
| ▲ | kpcyrd 5 days ago | parent | prev | next [-] |
| > it's extortion That's a wild take for "somebody provided something for free but decided they don't want to anymore". Sucks for you, looks like you have to do your job yourself now. |
| |
| ▲ | smsm42 4 days ago | parent | next [-] | | Reminds me of a joke, where there was a beggar sitting on a street next to a certain office, and one man has been giving him a coin every time he went to work or was going home. That continued for a while, until one day the man says to the beggar - "you know, I've been giving you a coin twice a day for a while now, but now I am getting married, it's an expensive thing so I can't give as much anymore, I only will be giving you a coin once a day from now on". And the beggar cries out: "Look at this putz, he's getting married and now I have to feed his whole family!" | | |
| ▲ | derangedHorse 4 days ago | parent [-] | | This scenario is more like if the man tipped you when you never needed it, you used the money to buy something, and then he forced you to work for it. You never would have spent the tipped money if they didn't give it to you, and the fact they did with the intention of asking for it back is annoying. In this bitnami case, I would have just built these images myself but they offered public images accessible from dockerhub. There's 0 reason to change the existing registry besides intentionally breaking builds. The security narrative they try to spin about why they will delete the legacy registry is also laughable. As if the consumers of those images are incapable of assessing the risk of using legacy images themselves. | | |
| ▲ | smsm42 3 days ago | parent [-] | | If it's trivial to build images yourself, then just build it and be thankful for all the utility you earned by deferring doing the task till later - time is money, very literally, the whole point of credit is time-shifting money. You were allowed to time-shift work, and for free. But the expectation you could time-shift it forever is not based on any promise - they were always free to revoke the option, and now they did. If it's a trivial task, make your own one - you could even do the society a service and put it up on the docker repo. |
|
| |
| ▲ | asmor 5 days ago | parent | prev [-] | | What do you mean, that's the business model more than half the VC-funded startups now. Provide something for free or near free, wait until your customer is dependent on you and/or consolidate into at least an oligopoly and then put the thumbscrews on. I find that to be a pretty dishonest business model. I don't have any Bitnami images to replace, but I know a lot of people who do without ever having made that choice - and their bosses aren't going to pay Broadcom for the most part either. So you end up with overworked developers that now hate Broadcom and/or a whole lot of deployments that just break or never get updated. The number of people going "I can just switch over to the archive image, whatever" on the K8s subreddit alone is concerning. | | |
| ▲ | conor- 4 days ago | parent | next [-] | | The Bitnami images and helm charts are just convenient repackaging of things that are already freely (gratis) available. There's nothing stopping you from still deploying Kafka or Redis, etc. into your k8s cluster without using the Bitnami helm chart or building your own charts. I think that's the point of above of "now you have to do your job"
There's an evaluation that takes place when choosing to use something as an engineer, and the writing should have been on the wall the moment that Broadcom bought Bitrock to start planning to reduce dependency on those things. | |
| ▲ | ToucanLoucan 4 days ago | parent | prev [-] | | > What do you mean, that's the business model more than half the VC-funded startups now. Provide something for free or near free, wait until your customer is dependent on you and/or consolidate into at least an oligopoly and then put the thumbscrews on. You skipped the part where you bankrupt your competition in the space who can't afford to hemorrhage cash they don't have like a VC-backed startup can, hoover up all the customers, then charge more than the old guard industry did in the first damn place for a worse version of the same service, while also paradoxically paying any workers needed to provide said service even less than they were making before. |
|
|
|
| ▲ | tw04 4 days ago | parent | prev | next [-] |
| >This is such a naive take. Bitnami images were a sign of goodwill, a foot in the door at places were the hardened images were actually needed. They just couldn't compete with the better options on the market. This isn't a way to fix it, it's extortion. This is the same thing Terraform Cloud did, and I don't think that product is doing so hot. You seem to be confused about who Broadcom is and how they operate. "Long term health" isn't a thing for them. They buy products that are embedded deeply in the fortune 500, cut 90% of the staff, and increase licensing and support 2-100x. They do not care if you are upset. They do not care if you're going to "find something else". They don't care if you build an entire campaign to decry what they're doing. They know the F500 cannot easily remove them, and that they will have at minimum 5 years to print cash on their service contracts. Sure, some of those F500s will sue them and try to stop the extortion via legal means, but they know that they'll either win, or at worst still be allowed to jack up prices even if a court rules it's not their original egregious asking price. |
|
| ▲ | debarshri 5 days ago | parent | prev | next [-] |
| Building Infrastructure company is challenging in 2025. Previously, you would prioritize traction among developers over focusing on revenue. But that does not work in 2025. You are expected to make money from the get-go and are left with only enterprise customers and boy, that category is hard, as everyone is competing for that slice. |
| |
| ▲ | imiric 5 days ago | parent | next [-] | | > Previously, you would prioritize traction among developers over focusing on revenue. A.k.a. using open source as a marketing tactic to lure in customers, only to do a rug pull once the business gains enough momentum. > But that does not work in 2025. Good. It is an insidious practice. There are very few projects that actually do this properly without turning their backs on the users who made their products popular in the first place. > You are expected to make money from the get-go and are left with only enterprise customers and boy, that category is hard, as everyone is competing for that slice. The strategy of delivering valuable products that benefit users without exploiting them has always existed. The thing is that many companies choose the greedy and user hostile path, instead of running a sustainable business that delivers value to humanity and not just to shareholders, which is much more difficult. So I have no sympathy towards these companies. | | | |
| ▲ | zaphar 5 days ago | parent | prev | next [-] | | The problem I think is that all the easy infrastructure problems have been solved and the market is crowded with those solutions. Solving the hard problems is probably where you could have a viable business but I don't really see that many companies trying to solve those: * Making mono-repos work for large companies. * Mixed language builds are still a ci/cd unsolved problems for most companies. * Testing strategies for Iac deployments. And more that I won't bother to list here. | | |
| ▲ | pbronez 5 days ago | parent [-] | | This would make a great blog post: high hanging fruit of digital infrastructure |
| |
| ▲ | smsm42 4 days ago | parent | prev | next [-] | | So, you're saying in 2025 businesses are expected to actually make money? What a novel concept. Will the wonders ever cease? I mean, you could expect that thing where you borrow incessantly to "gain traction" and "produce growth" but never produce any returns on it to run for a bit, especially in a new field where becoming #1 is at premium. But it has to stop somewhere. So it looks like somewhere is here. | |
| ▲ | esseph 5 days ago | parent | prev | next [-] | | The outcomes of this behavior will be devastating and the problems will last for generations. | | | |
| ▲ | latchkey 4 days ago | parent | prev [-] | | I have an infrastructure company and I'm focused 100% on developers. It definitely isn't easy, but I see it as the best path for the business. |
|
|
| ▲ | pst 5 days ago | parent | prev | next [-] |
| You're not wrong. They add miniscule value. But what does that say about the people using these images who are now struggling to replace them? |
| |
| ▲ | AndrewDucker 5 days ago | parent | next [-] | | You can't have it both ways. If their value-add was miniscule then they should be trivial to replace. If it's a struggle to replace them then that's the value they were adding. | | |
| ▲ | pebble 5 days ago | parent [-] | | No, the struggle is fully manufactured by this rug pull. If I had known this was going to happen when I was setting up my infra I could've used any number of other alternatives, including just building them myself, at little to no extra effort. Now I have to waste time migrating off of these. | | |
| ▲ | immibis 5 days ago | parent [-] | | You did know this was going to happen, and chose to pretend you didn't. | | |
| ▲ | tremon 4 days ago | parent [-] | | We also know the Sun is going to swallow the Earth and eventually burn up. That doesn't mean we stop building with what we have now. | | |
| ▲ | r14c 4 days ago | parent [-] | | Those to two very differently sized eventually's. |
|
|
|
| |
| ▲ | carlhjerpe 5 days ago | parent | prev | next [-] | | Packaging is not miniscule value, it's valuable gruntwork. | | |
| ▲ | pst 5 days ago | parent [-] | | A lot of work that apparently is not valued enough to justify paying for. | | |
| ▲ | carlhjerpe 5 days ago | parent | next [-] | | You could make the same argument against Linux, openssl, ffmpeg, compression algorithms, web browsers and so many more things. A select few will pay for the rest of us, but it's valuable to everyone who uses it. Broadcom just wants to squeeze anyone who can't do it themselves. | |
| ▲ | tracker1 4 days ago | parent | prev | next [-] | | I'm mixed... I've spent the time to create installers and docker images for a couple things, mostly because I wanted them to exist for myself, that others found them useful was a cool side effect. Nothing to the breadth or scope of Bitnami though. That said, it seems to be a side effect of their business model that they don't feel they can offer for free, or otherwise choose not to in order to convince people to move. It seems there's nothing stopping someone from forking and/or continuing the packaging for apps they use based on where Bitnami is today. Cool. I'd personally like to see a lot of these hardening efforts upstream anyway... separating base images for build vs. runtime and more so with the "official" app images themselves. People do and should have different expectations from a lot of applications when packaged in a container vs. installed on a system. | |
| ▲ | asmor 5 days ago | parent | prev [-] | | The problem isn't paying for it, it's the extra workload of retrofitting authentication to all your things. I'd find this a lot more enticing if they just made you set a "i have a license or i am evaluating or i am not commercial" flag in Helm or fail the build. Plus the cost is extremely disproportionate, but some will pay it given the one month deadline. |
|
| |
| ▲ | liveoneggs 4 days ago | parent | prev [-] | | it doesn't say anything nice that "moderate inconvenience" is a "struggle" |
|
|
| ▲ | venkyvb 5 days ago | parent | prev | next [-] |
| I think this is now the Broadcom way ! |
|
| ▲ | 4 days ago | parent | prev | next [-] |
| [deleted] |
|
| ▲ | 4 days ago | parent | prev | next [-] |
| [deleted] |
|
| ▲ | pacifika 5 days ago | parent | prev | next [-] |
| If their contribution is minimal then the impact of this change should also be? But it appears it disruptive so they have been showing up for a long time and that’s one of the most difficult things. |
|
| ▲ | j45 5 days ago | parent | prev | next [-] |
| Maybe the community can repackage it since Bitnami is only packaging. |
| |
| ▲ | tedk-42 5 days ago | parent [-] | | Naive take. That's like saying, "Honda isn't a car company, they're an assembly company because they don't mine the minerals to make the parts and rely instead on supply chains" | | |
| ▲ | dig1 5 days ago | parent [-] | | Well, Bitnami didn't produce own hardware stack either ;) Joke aside, it's not naive - CentOS, Alma, Rocky, Ubuntu... FOSS community has some experience with these things | | |
| ▲ | tedk-42 4 days ago | parent [-] | | I draw the line at if you write code, you're not just a 'packaging' company you're another software company. Might not be the 'purest' of code, but that's really just vanity to speak like that (as is referring to them as a 'packaging' company). I highly doubt assembly engineers think of web developers as just 'packaging' their OS calls. |
|
|
|
|
| ▲ | 5 days ago | parent | prev [-] |
| [deleted] |
