Opinion One of the knee-jerk arguments made by companies abandoning their open source roots is that they can't make money because the bad hyper-cloud companies "steal" their open source services. True, at one time, the hyper-clouds took more than they gave. That's often no longer the case.

Amazon Web Services (AWS), for example, is now one of PostgreSQL's biggest supporters and a major Rust backer. Others always have been. For example, without Google, Kubernetes doesn't exist.

While I was at Open Source Summit North America in Seattle, I was reminded of this when, in a keynote, Sirish Chandrasekaran, GM of Amazon Relational Database Service (Amazon RDS), said: "For the PostgreSQL core server, AWS employs one core team member, six committers, and seven major contributors."

I'm a cynic, so I responded, "Really?" Further, Chandrasekaran stated that for PostgreSQL 16, AWS programmers were the number one code reviewers and the number two feature contributors. OK, this needed to be checked.

As it so happens, I didn't need to dig too deeply. EnterpriseDB (EDB), the company that backs PostgreSQL, had already done much of the work for me. Marc Linster, EDB's Chief Technology Officer, analyzed who did what with PostgreSQL 16 in great detail.

And, there it is, in colorful circle graph detail: AWS is right behind EDB for contributions to version 16 with 11.9 percent to EDB's 22.6 percent. Digging deeper into the individual contributors, Robert Haas, EDB VP and Chief Database Scientist, provides us with a detailed list of the top PostgreSQL contributors and patches.

Put it all together, and what do you get? AWS is a major PostgreSQL contributor. Why? Seriously? Why do you think? PostgreSQL is vital to AWS's customers, so keeping PostgreSQL alive, well, and growing is important to AWS.

Being a nosy guy - it comes with my job - I asked AWS director of Open Source Strategy David Nalley about AWS's open source plans. But before I jump into that, does his name sound familiar to you? If you're deep into open source, it should. He's also the president of a little group called The Apache Foundation.

He agreed with me about why AWS invests in open source, but added AWS isn't merely contributing code; it is actively involved in the "chop wood, carry water" tasks essential for maintaining project health, such as code review. This isn't glamorous work, but it's a crucial part of software development.

AWS hasn't always done this. Nalley sees this as part of AWS paying its open source dues. "AWS had to earn its spot in terms of building up its open source reputation."

It's not just PostgreSQL. Nalley also said, "We have a number of other places where we're making material contributions. We're the third-leading contributor behind MariaDB."

AWS is also doing a lot of good work in Jupyter Notebook. Jupyter is a web-based, open source interactive computing platform spun out of Python. Nalley said: "We have an entire team of people that are focused on nothing but Jupyter." One group is also working on slimming down Jupyter so it can work on cheaper laptops.

He continued that AWS isn't just developing the software; it's also reviewing patches submitted by other people. As someone who's worked in open source for many years and from a holistic standpoint, having someone to make sure that things are being reviewed for correctness is really, really compelling. "We're doing a lot of work in automated reasoning in formal verification."

What's really got Nalley excited, though, is the work AWS is doing with Rust. "We have an entire team of people whose only job, day in and day out, is improving the Rust programming language. We think that memory safety capabilities and performance improvements enable both our customers and us to do things more securely and allow us both to do things faster. The performance improvements just by adopting Rust for specific workloads that are in that sweet spot are incredibly compelling."

In particular, Nalley mentioned that the Rustls TLS library uses AWS Libcrypto for Rust (aws-lc-rs) for cryptography by default, with the option to enable Federal Information Processing Standards (FIPS) support.

Thinking of security and Rust, Nalley added that he was a little frustrated at the first Rust version of that master Linux administrator command sudo "because it had a huge dependency tree initially, and I think that number was north of 50, (actually, it was a mind-boggling 135 dependencies), which means the attack surface is 50 times larger. So AWS funded the workforce to fix the dependencies. They've done a lot of great work, and now it's down to three dependencies."

This, in turn, means sudo-rs is now available for such mainstream Linux distros as Debian and Fedora,

So, the next time someone tells you that a hyper-cloud company is just an open source leech, do yourself a favor and check into it. You may just find, as I did, that the top cloud companies and open source are - in some cases - actually best buddies. ®

https://www.theregister.com//2024/04/27/opinion_hyperscale_open_source/