CloudBees co-founder buzzes about open source drama and AI
Sacha Labourey on the HashiCorp license, Jenkins X experiments, and when LLMs will come for your job
Interview "It's the experiment that went too far," says CloudBees' Sacha Labourey of HashiCorp's licensing change.
The Register caught up with Labourey on the London leg of CloudBees' DevOps World Tour to talk open source, what happened to Jenkins-X, and artificial intelligence.
Labourey co-founded CloudBees in 2010 and, after a stint as CEO, became chief strategy officer in 2021. CloudBees was initially all about the Jenkins DevOps automation platform and has extended its services over the years through acquisition and development.
Jenkins itself, however, remains firmly open source. Labourey has no plans to change that, despite the ructions that have occurred elsewhere in the industry with license changes.
Unsurprisingly, Labourey reckons CloudBees has a much "cleaner" stance. "When it's open, it's truly open. When it's closed, it's closed," he tells us. "If you look at the Jenkins community, it's a truly open community. We don't own the trademark. We don't own access to the tree. We cannot reject contributors."
He contrasts this approach with that of other companies, including HashiCorp and GitLab. "They're not an open community. They own the trademark. They own the IP. They own access to the tree. If you try and push some contributions that are going to be competitive with their open core proprietary value, it's going to get rejected."
However, the open source movement must evolve if it is to survive. The era of simply stacking consultancy on top of a pure open source project has passed. Subscriptions and the open core concept have become popular business models.
As Reg readers know, open core is a model where the core of a project remains open source, with proprietary software used to add value. It has proven to be a popular way of monetizing open source software, albeit somewhat controversial.
CloudBees is an open core outfit. However, other companies in the open source world have sought different ways to protect revenues as well as deal with the challenges posed by cloud giants simply swiping code.
"The HashiCorp move is pretty unique because it's not that it's worse than what Elastic has done – it's a change of license," he says. "I think what's unique about what HashiCorp has done is that their license is not objectively stating what you're allowed to do or not. It says, 'if you're not competitive with HashiCorp,' essentially.
"Who gets to define that? What is the decision point? So it creates a big cloud of unknown as to what you can or can't do. In my opinion, I feel it's the experiment that went too far."
CloudBees is no stranger to the odd experiment or two itself. An example is Jenkins X, which was unveiled in 2018. Once a great hope for the future, Labourey now refers to it as a "research project."
"We learned a lot … it could have been something different. But I think we realized as we were going that [while] some of the concepts were good – were really good – you need more than a concept. You need a strong foundation."
- New CloudBees boss Stephen DeWitt wants to up the SaaS factor, wouldn't say no to IPO
- Jenkins creator steps back from CloudBees and flings himself at startup Launchable
- CloudBees SaaSifies Jenkins X running on Google Cloud Platform
- DevOps grandpa Electric Cloud absorbed into youthful CloudBees
Labourey adds: "And Jenkins X ended up, I think, for us, being more of an expression of an idea than a platform that can truly scale."
Jenkins X was intended to automate the setup and management to provide a cloud native service that developers could use to write code more swiftly and reliably than legacy non-cloud platforms.
Labourey says many of the lessons and ideas of the Jenkins X experience live on in the company's current product line. "We inherited a lot of value out of this experiment. But to go from an experiment to production is a different beast," he tells us.
And then there's AI – something Labourey reckons has been part of his life for five years. We can understand that, considering the pace of change over the last year.
Regarding DevOps, Labourey says: "AI will take a pretty big place on the platform. There is a lot that can be automated ... DevOps has always been about removing hurdles and simplifying and improving the life of developers."
Labourey sees a future broken into phases of adoption, starting with the assistants of today suggesting solutions to problems. "That's just a feel-good temporary step because the truth is you can act. You don't need the human element. You create a fix. You create a branch. You put the fix on the branch. You go through the security scanners again, you go through the test suite, and if everything is clean ... what else do you think the human is going to do?"
We're not there yet, considering some of the howlers spat out by generative AI, but Labourey is confident the moment will come as users become more confident with the tools.
He cites the initial mistrust around cloud services, thanks to some unfortunate comparisons. "For example, we were comparing a beautiful datacenter run by Wall Street banks with billions in investment versus the clouds ... but that's not real life. Real life is an average datacenter by an average company with average engineers versus the cloud.
"The same is true of security. We're comparing top developers fixing a security issue versus an LLM."
Not everyone has those developers, and not every developer and QA person will be able to maintain the same level of diligence for every fix. "The LLM, I can assure you, will take every case and act with the same diligence for every one. So I actually think that the chances to have high quality fixes is very high," Labourey says. "Based on some of the testing we've done, the output is pretty impressive."
As for when that testing turns into something tangible? "I think it's moving at a much much faster pace than any of us can comprehend." ®