You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by Raul Kripalani <ra...@evosent.com> on 2015/04/17 12:13:52 UTC
[DISCUSS] Looks like someone feels threatened... (TIBCO vs Open
Source ESBs)
Just found this marketing landing page published on social networks. It's
made by TIBCO and attempts to highlight the downsides of Open Source ESBs.
You don't need to be a rocket scientist to gather what exact ESB they are
targeting (not us): just look at the images.
http://www.tibco.com/integration/open-source-ESB-alternative
Even though it's a clear exercise of FUD vs. OSS – as it provides no
quantitive measurements to their claims (whatever happened to the
scientific method...) – I was planning to write a rebuttal post in my blog,
but I haven't updated it in a long time and it needs a bit of love first.
So I thought I'd just publish my thoughts – as I wanted to get it out ASAP
– and start a qualified discussion here...
In particular I would like to dissect / take down their 4 "myths" about OSS
ESBs:
*> *Myth # 1 - Open Source ESB Software Is Free**
(Their statement: OSS ESBs are not Free.)
Well, no software has zero Total Cost of Ownership. As long as the world is
*not* entirely controlled by androids, you will need humans to operate the
software, including TIBCO's. What we need to look at are the costs of
hiring those people and their learning curves.
For Camel, any developer with Java, XML and a few other "commodity skills"
will do. And they can get started in days. Many people in this forum got
started in hours.
For TIBCO, you need a specialised consultant because their stack is
proprietary. Or you need to train them, and TIBCO training is not cheap. I
have been a TIBCO consultant and I know this for a fact. Moreover,
specialised (already trained) TIBCO consultants are not cheap either (like
with most proprietary software – think SAP, Salesforce, etc.).
Furthermore, brand new customers need consultancy to get started – and that
is not cheap either.
*> *Myth #2 - Open Source ESB Communities Innovate Faster**
(Their statement: Proprietary ESB vendors innovate faster)
This is plainly wrong. Just take a look at the release notes of TIBCO
ActiveMatrix BusinessWorks. This [1] is the latest version, and there's a
dropdown at the top to browse through past versions.
To analyse this statement, we need to track two things at least: (1)
frequency of releases, (2) new features introduced per release.
About frequency of releases:
TIBCO ActiveMatrix release line 6.x: 9 months between minor releases, 4
months between micro releases.
[9 months]
6.1.0 (May 2014) ---> 6.2.0 (Nov 2014)
6.1.1 (Sep 2014) 6.2.1 (Mar 2015)
[4 months] [4 months]
Camel (analysing past 2 minor releases): less than 6 months between minors,
less than 3 between micros. I noticed that 2.15.1 was released quite early,
so I included another datapoint for one more 2.14.x micro release.
[< 6 months]
2.14.0 (18 Sep 2014) ===> 2.15.0 (10 Mar 2015)
2.14.1 (16 Dec 2014) 2.15.1 (01 Apr 2015)
[< 3 months] [< 20 days (special circumstance
likely)]
2.14.2 (10 Mar 2014)
[< 3 months]
I know that analysing so few releases is not an indicative – ideally we
would analyse the entire release history – but I don't have time right now.
Nevertheless, the release policy of Camel is 6 months between majors and 3
months between micros (if I recall correctly).
Next, let's take a look at the innovation aspect:
* TIBCO AM BW 6.2.0 carries 22 new features [2], many of which have to do
with their IDE, not with core functionality.
* Camel 2.14.0 carried 38 new and noteworthy features, PLUS 15 new
components, 1 data format, 1 new EIP (Circuit Breaker), etc.
Judge for yourselves ;-)
*> *Myth #3 - Access to Source Allows Reviewing Code and Deploying Safely**
(Their statement: Access to source does not uncover vulnerabilities).
Well, all software has vulnerabilities and with Open Source you can
identify them yourself and fix them. With proprietary software, you rely
entirely on the vendor's turnaround time.
Moreover, we are very transparent about this and we publish our Security
Advisories here [3].
*> *Myth #4 - Open Source and SaaS Work Well Together**
They say: "Cloud-based open-source ESBs work just like other SaaS
applications: you typically don't have access to the code. How well will it
connect your on-premise applications with other SaaS services? You can't
know."
Well, that's just plain absurd. It amuses me that a closed-source vendor is
using the "you don't have access to the code" against an Open Source
product :D Makes zero sense, both marketing- and technical-wise.
With TIBCO, you don't have access to the source on-premises nor cloud-based
software. With the other vendor, you may not have access to the source of
their iPaaS but you know it's largely based on the on-premises software, to
which you have access (even though it's a "gated community" in the strict
sense...).
---
Discussion open! 1, 2, 3... GO!
[1] https://docs.tibco.com/products/tibco-activematrix-businessworks-6-2-1
[2]
https://docs.tibco.com/pub/activematrix_businessworks/6.2.0/TIB_BW_6.2.0_relnotes.pdf
[3] https://camel.apache.org/security-advisories.data
Regards,
*Raúl Kripalani*
Apache Camel PMC Member & Committer | Enterprise Architect, Open Source
Integration specialist
http://about.me/raulkripalani | http://www.linkedin.com/in/raulkripalani
http://blog.raulkr.net | twitter: @raulvk
Re: [DISCUSS] Looks like someone feels threatened... (TIBCO vs Open
Source ESBs)
Posted by Achim Nierbeck <bc...@googlemail.com>.
just my 2 cents, just crosspost the original mail to committers@apache.org,
for me this is the right audience, because bigger ;-)
regards, Achim
2015-04-17 12:36 GMT+02:00 Sergey Beryozkin <sb...@gmail.com>:
> Hi Raul
> On 17/04/15 11:30, Raul Kripalani wrote:
>
>> Hey Sergey,
>>
>> Do you mean members@apache.org? I don't think I can post to that list as
>> I
>> am not an ASF member.
>>
> Sorry, I did not know you could not post, I guess Camel leads should work
> on that given your long time support for Camel :-)
>
>>
>> But yeah, even though TIBCO has used these arguments in the context of
>> ESBs, they are the typical set of FUD arguments vs OSS...
>>
>> It would be cool to have a "wider" discussion... committers@apache.org is
>> for these things?
>>
>> I guess that would be a great place to do it too, yeah. I'm not
> proposing for this thread to moved there (it is relevant being here), but
> indeed it would be of interest too to a wider community :-)
>
> Thanks, Sergey
>
>
>
>
> Raúl.
>>
>> On Fri, Apr 17, 2015 at 11:22 AM, Sergey Beryozkin <sb...@gmail.com>
>> wrote:
>>
>> Hi Raul
>>> Looks like Tibco is trying to prevent their customers from leaving with
>>> this scary tactics :-)
>>>
>>> I think if you post it to the Apache members list the email thread you
>>> initiate will be the most popular in years :-)
>>>
>>> Sergey
>>>
>>> On 17/04/15 11:13, Raul Kripalani wrote:
>>>
>>> Just found this marketing landing page published on social networks.
>>>> It's
>>>> made by TIBCO and attempts to highlight the downsides of Open Source
>>>> ESBs.
>>>> You don't need to be a rocket scientist to gather what exact ESB they
>>>> are
>>>> targeting (not us): just look at the images.
>>>>
>>>> http://www.tibco.com/integration/open-source-ESB-alternative
>>>>
>>>> Even though it's a clear exercise of FUD vs. OSS – as it provides no
>>>> quantitive measurements to their claims (whatever happened to the
>>>> scientific method...) – I was planning to write a rebuttal post in my
>>>> blog,
>>>> but I haven't updated it in a long time and it needs a bit of love
>>>> first.
>>>>
>>>> So I thought I'd just publish my thoughts – as I wanted to get it out
>>>> ASAP
>>>> – and start a qualified discussion here...
>>>>
>>>> In particular I would like to dissect / take down their 4 "myths" about
>>>> OSS
>>>> ESBs:
>>>>
>>>> *> *Myth # 1 - Open Source ESB Software Is Free**
>>>>
>>>> (Their statement: OSS ESBs are not Free.)
>>>>
>>>> Well, no software has zero Total Cost of Ownership. As long as the world
>>>> is
>>>> *not* entirely controlled by androids, you will need humans to operate
>>>> the
>>>> software, including TIBCO's. What we need to look at are the costs of
>>>> hiring those people and their learning curves.
>>>>
>>>> For Camel, any developer with Java, XML and a few other "commodity
>>>> skills"
>>>> will do. And they can get started in days. Many people in this forum got
>>>> started in hours.
>>>>
>>>> For TIBCO, you need a specialised consultant because their stack is
>>>> proprietary. Or you need to train them, and TIBCO training is not
>>>> cheap. I
>>>> have been a TIBCO consultant and I know this for a fact. Moreover,
>>>> specialised (already trained) TIBCO consultants are not cheap either
>>>> (like
>>>> with most proprietary software – think SAP, Salesforce, etc.).
>>>>
>>>> Furthermore, brand new customers need consultancy to get started – and
>>>> that
>>>> is not cheap either.
>>>>
>>>> *> *Myth #2 - Open Source ESB Communities Innovate Faster**
>>>>
>>>>
>>>> (Their statement: Proprietary ESB vendors innovate faster)
>>>>
>>>> This is plainly wrong. Just take a look at the release notes of TIBCO
>>>> ActiveMatrix BusinessWorks. This [1] is the latest version, and there's
>>>> a
>>>> dropdown at the top to browse through past versions.
>>>>
>>>> To analyse this statement, we need to track two things at least: (1)
>>>> frequency of releases, (2) new features introduced per release.
>>>>
>>>> About frequency of releases:
>>>>
>>>> TIBCO ActiveMatrix release line 6.x: 9 months between minor releases, 4
>>>> months between micro releases.
>>>>
>>>> [9 months]
>>>> 6.1.0 (May 2014) ---> 6.2.0 (Nov 2014)
>>>> 6.1.1 (Sep 2014) 6.2.1 (Mar 2015)
>>>> [4 months] [4 months]
>>>>
>>>> Camel (analysing past 2 minor releases): less than 6 months between
>>>> minors,
>>>> less than 3 between micros. I noticed that 2.15.1 was released quite
>>>> early,
>>>> so I included another datapoint for one more 2.14.x micro release.
>>>>
>>>> [< 6 months]
>>>> 2.14.0 (18 Sep 2014) ===> 2.15.0 (10 Mar 2015)
>>>> 2.14.1 (16 Dec 2014) 2.15.1 (01 Apr 2015)
>>>> [< 3 months] [< 20 days (special circumstance
>>>> likely)]
>>>> 2.14.2 (10 Mar 2014)
>>>> [< 3 months]
>>>>
>>>> I know that analysing so few releases is not an indicative – ideally we
>>>> would analyse the entire release history – but I don't have time right
>>>> now.
>>>> Nevertheless, the release policy of Camel is 6 months between majors
>>>> and 3
>>>> months between micros (if I recall correctly).
>>>>
>>>> Next, let's take a look at the innovation aspect:
>>>> * TIBCO AM BW 6.2.0 carries 22 new features [2], many of which have to
>>>> do
>>>> with their IDE, not with core functionality.
>>>> * Camel 2.14.0 carried 38 new and noteworthy features, PLUS 15 new
>>>> components, 1 data format, 1 new EIP (Circuit Breaker), etc.
>>>>
>>>> Judge for yourselves ;-)
>>>>
>>>> *> *Myth #3 - Access to Source Allows Reviewing Code and Deploying
>>>> Safely**
>>>>
>>>> (Their statement: Access to source does not uncover vulnerabilities).
>>>>
>>>> Well, all software has vulnerabilities and with Open Source you can
>>>> identify them yourself and fix them. With proprietary software, you rely
>>>> entirely on the vendor's turnaround time.
>>>>
>>>> Moreover, we are very transparent about this and we publish our Security
>>>> Advisories here [3].
>>>>
>>>> *> *Myth #4 - Open Source and SaaS Work Well Together**
>>>>
>>>> They say: "Cloud-based open-source ESBs work just like other SaaS
>>>> applications: you typically don't have access to the code. How well will
>>>> it
>>>> connect your on-premise applications with other SaaS services? You can't
>>>> know."
>>>>
>>>> Well, that's just plain absurd. It amuses me that a closed-source vendor
>>>> is
>>>> using the "you don't have access to the code" against an Open Source
>>>> product :D Makes zero sense, both marketing- and technical-wise.
>>>>
>>>> With TIBCO, you don't have access to the source on-premises nor
>>>> cloud-based
>>>> software. With the other vendor, you may not have access to the source
>>>> of
>>>> their iPaaS but you know it's largely based on the on-premises software,
>>>> to
>>>> which you have access (even though it's a "gated community" in the
>>>> strict
>>>> sense...).
>>>>
>>>> ---
>>>>
>>>> Discussion open! 1, 2, 3... GO!
>>>>
>>>> [1]
>>>> https://docs.tibco.com/products/tibco-activematrix-businessworks-6-2-1
>>>> [2]
>>>>
>>>>
>>>> https://docs.tibco.com/pub/activematrix_businessworks/6.2.0/TIB_BW_6.2.0_relnotes.pdf
>>>> [3] https://camel.apache.org/security-advisories.data
>>>>
>>>> Regards,
>>>>
>>>> *Raúl Kripalani*
>>>> Apache Camel PMC Member & Committer | Enterprise Architect, Open Source
>>>> Integration specialist
>>>> http://about.me/raulkripalani |
>>>> http://www.linkedin.com/in/raulkripalani
>>>> http://blog.raulkr.net | twitter: @raulvk
>>>>
>>>>
>>>>
>>>
>>>
>>
>
--
Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
Software Architect / Project Manager / Scrum Master
Re: [DISCUSS] Looks like someone feels threatened... (TIBCO vs Open
Source ESBs)
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi Raul
On 17/04/15 11:30, Raul Kripalani wrote:
> Hey Sergey,
>
> Do you mean members@apache.org? I don't think I can post to that list as I
> am not an ASF member.
Sorry, I did not know you could not post, I guess Camel leads should
work on that given your long time support for Camel :-)
>
> But yeah, even though TIBCO has used these arguments in the context of
> ESBs, they are the typical set of FUD arguments vs OSS...
>
> It would be cool to have a "wider" discussion... committers@apache.org is
> for these things?
>
I guess that would be a great place to do it too, yeah. I'm not
proposing for this thread to moved there (it is relevant being here),
but indeed it would be of interest too to a wider community :-)
Thanks, Sergey
> Raúl.
>
> On Fri, Apr 17, 2015 at 11:22 AM, Sergey Beryozkin <sb...@gmail.com>
> wrote:
>
>> Hi Raul
>> Looks like Tibco is trying to prevent their customers from leaving with
>> this scary tactics :-)
>>
>> I think if you post it to the Apache members list the email thread you
>> initiate will be the most popular in years :-)
>>
>> Sergey
>>
>> On 17/04/15 11:13, Raul Kripalani wrote:
>>
>>> Just found this marketing landing page published on social networks. It's
>>> made by TIBCO and attempts to highlight the downsides of Open Source ESBs.
>>> You don't need to be a rocket scientist to gather what exact ESB they are
>>> targeting (not us): just look at the images.
>>>
>>> http://www.tibco.com/integration/open-source-ESB-alternative
>>>
>>> Even though it's a clear exercise of FUD vs. OSS – as it provides no
>>> quantitive measurements to their claims (whatever happened to the
>>> scientific method...) – I was planning to write a rebuttal post in my
>>> blog,
>>> but I haven't updated it in a long time and it needs a bit of love first.
>>>
>>> So I thought I'd just publish my thoughts – as I wanted to get it out ASAP
>>> – and start a qualified discussion here...
>>>
>>> In particular I would like to dissect / take down their 4 "myths" about
>>> OSS
>>> ESBs:
>>>
>>> *> *Myth # 1 - Open Source ESB Software Is Free**
>>>
>>> (Their statement: OSS ESBs are not Free.)
>>>
>>> Well, no software has zero Total Cost of Ownership. As long as the world
>>> is
>>> *not* entirely controlled by androids, you will need humans to operate the
>>> software, including TIBCO's. What we need to look at are the costs of
>>> hiring those people and their learning curves.
>>>
>>> For Camel, any developer with Java, XML and a few other "commodity skills"
>>> will do. And they can get started in days. Many people in this forum got
>>> started in hours.
>>>
>>> For TIBCO, you need a specialised consultant because their stack is
>>> proprietary. Or you need to train them, and TIBCO training is not cheap. I
>>> have been a TIBCO consultant and I know this for a fact. Moreover,
>>> specialised (already trained) TIBCO consultants are not cheap either (like
>>> with most proprietary software – think SAP, Salesforce, etc.).
>>>
>>> Furthermore, brand new customers need consultancy to get started – and
>>> that
>>> is not cheap either.
>>>
>>> *> *Myth #2 - Open Source ESB Communities Innovate Faster**
>>>
>>>
>>> (Their statement: Proprietary ESB vendors innovate faster)
>>>
>>> This is plainly wrong. Just take a look at the release notes of TIBCO
>>> ActiveMatrix BusinessWorks. This [1] is the latest version, and there's a
>>> dropdown at the top to browse through past versions.
>>>
>>> To analyse this statement, we need to track two things at least: (1)
>>> frequency of releases, (2) new features introduced per release.
>>>
>>> About frequency of releases:
>>>
>>> TIBCO ActiveMatrix release line 6.x: 9 months between minor releases, 4
>>> months between micro releases.
>>>
>>> [9 months]
>>> 6.1.0 (May 2014) ---> 6.2.0 (Nov 2014)
>>> 6.1.1 (Sep 2014) 6.2.1 (Mar 2015)
>>> [4 months] [4 months]
>>>
>>> Camel (analysing past 2 minor releases): less than 6 months between
>>> minors,
>>> less than 3 between micros. I noticed that 2.15.1 was released quite
>>> early,
>>> so I included another datapoint for one more 2.14.x micro release.
>>>
>>> [< 6 months]
>>> 2.14.0 (18 Sep 2014) ===> 2.15.0 (10 Mar 2015)
>>> 2.14.1 (16 Dec 2014) 2.15.1 (01 Apr 2015)
>>> [< 3 months] [< 20 days (special circumstance
>>> likely)]
>>> 2.14.2 (10 Mar 2014)
>>> [< 3 months]
>>>
>>> I know that analysing so few releases is not an indicative – ideally we
>>> would analyse the entire release history – but I don't have time right
>>> now.
>>> Nevertheless, the release policy of Camel is 6 months between majors and 3
>>> months between micros (if I recall correctly).
>>>
>>> Next, let's take a look at the innovation aspect:
>>> * TIBCO AM BW 6.2.0 carries 22 new features [2], many of which have to do
>>> with their IDE, not with core functionality.
>>> * Camel 2.14.0 carried 38 new and noteworthy features, PLUS 15 new
>>> components, 1 data format, 1 new EIP (Circuit Breaker), etc.
>>>
>>> Judge for yourselves ;-)
>>>
>>> *> *Myth #3 - Access to Source Allows Reviewing Code and Deploying
>>> Safely**
>>>
>>> (Their statement: Access to source does not uncover vulnerabilities).
>>>
>>> Well, all software has vulnerabilities and with Open Source you can
>>> identify them yourself and fix them. With proprietary software, you rely
>>> entirely on the vendor's turnaround time.
>>>
>>> Moreover, we are very transparent about this and we publish our Security
>>> Advisories here [3].
>>>
>>> *> *Myth #4 - Open Source and SaaS Work Well Together**
>>>
>>> They say: "Cloud-based open-source ESBs work just like other SaaS
>>> applications: you typically don't have access to the code. How well will
>>> it
>>> connect your on-premise applications with other SaaS services? You can't
>>> know."
>>>
>>> Well, that's just plain absurd. It amuses me that a closed-source vendor
>>> is
>>> using the "you don't have access to the code" against an Open Source
>>> product :D Makes zero sense, both marketing- and technical-wise.
>>>
>>> With TIBCO, you don't have access to the source on-premises nor
>>> cloud-based
>>> software. With the other vendor, you may not have access to the source of
>>> their iPaaS but you know it's largely based on the on-premises software,
>>> to
>>> which you have access (even though it's a "gated community" in the strict
>>> sense...).
>>>
>>> ---
>>>
>>> Discussion open! 1, 2, 3... GO!
>>>
>>> [1]
>>> https://docs.tibco.com/products/tibco-activematrix-businessworks-6-2-1
>>> [2]
>>>
>>> https://docs.tibco.com/pub/activematrix_businessworks/6.2.0/TIB_BW_6.2.0_relnotes.pdf
>>> [3] https://camel.apache.org/security-advisories.data
>>>
>>> Regards,
>>>
>>> *Raúl Kripalani*
>>> Apache Camel PMC Member & Committer | Enterprise Architect, Open Source
>>> Integration specialist
>>> http://about.me/raulkripalani | http://www.linkedin.com/in/raulkripalani
>>> http://blog.raulkr.net | twitter: @raulvk
>>>
>>>
>>
>>
>
Re: [DISCUSS] Looks like someone feels threatened... (TIBCO vs Open
Source ESBs)
Posted by Raul Kripalani <ra...@evosent.com>.
Hey Sergey,
Do you mean members@apache.org? I don't think I can post to that list as I
am not an ASF member.
But yeah, even though TIBCO has used these arguments in the context of
ESBs, they are the typical set of FUD arguments vs OSS...
It would be cool to have a "wider" discussion... committers@apache.org is
for these things?
Raúl.
On Fri, Apr 17, 2015 at 11:22 AM, Sergey Beryozkin <sb...@gmail.com>
wrote:
> Hi Raul
> Looks like Tibco is trying to prevent their customers from leaving with
> this scary tactics :-)
>
> I think if you post it to the Apache members list the email thread you
> initiate will be the most popular in years :-)
>
> Sergey
>
> On 17/04/15 11:13, Raul Kripalani wrote:
>
>> Just found this marketing landing page published on social networks. It's
>> made by TIBCO and attempts to highlight the downsides of Open Source ESBs.
>> You don't need to be a rocket scientist to gather what exact ESB they are
>> targeting (not us): just look at the images.
>>
>> http://www.tibco.com/integration/open-source-ESB-alternative
>>
>> Even though it's a clear exercise of FUD vs. OSS – as it provides no
>> quantitive measurements to their claims (whatever happened to the
>> scientific method...) – I was planning to write a rebuttal post in my
>> blog,
>> but I haven't updated it in a long time and it needs a bit of love first.
>>
>> So I thought I'd just publish my thoughts – as I wanted to get it out ASAP
>> – and start a qualified discussion here...
>>
>> In particular I would like to dissect / take down their 4 "myths" about
>> OSS
>> ESBs:
>>
>> *> *Myth # 1 - Open Source ESB Software Is Free**
>>
>> (Their statement: OSS ESBs are not Free.)
>>
>> Well, no software has zero Total Cost of Ownership. As long as the world
>> is
>> *not* entirely controlled by androids, you will need humans to operate the
>> software, including TIBCO's. What we need to look at are the costs of
>> hiring those people and their learning curves.
>>
>> For Camel, any developer with Java, XML and a few other "commodity skills"
>> will do. And they can get started in days. Many people in this forum got
>> started in hours.
>>
>> For TIBCO, you need a specialised consultant because their stack is
>> proprietary. Or you need to train them, and TIBCO training is not cheap. I
>> have been a TIBCO consultant and I know this for a fact. Moreover,
>> specialised (already trained) TIBCO consultants are not cheap either (like
>> with most proprietary software – think SAP, Salesforce, etc.).
>>
>> Furthermore, brand new customers need consultancy to get started – and
>> that
>> is not cheap either.
>>
>> *> *Myth #2 - Open Source ESB Communities Innovate Faster**
>>
>>
>> (Their statement: Proprietary ESB vendors innovate faster)
>>
>> This is plainly wrong. Just take a look at the release notes of TIBCO
>> ActiveMatrix BusinessWorks. This [1] is the latest version, and there's a
>> dropdown at the top to browse through past versions.
>>
>> To analyse this statement, we need to track two things at least: (1)
>> frequency of releases, (2) new features introduced per release.
>>
>> About frequency of releases:
>>
>> TIBCO ActiveMatrix release line 6.x: 9 months between minor releases, 4
>> months between micro releases.
>>
>> [9 months]
>> 6.1.0 (May 2014) ---> 6.2.0 (Nov 2014)
>> 6.1.1 (Sep 2014) 6.2.1 (Mar 2015)
>> [4 months] [4 months]
>>
>> Camel (analysing past 2 minor releases): less than 6 months between
>> minors,
>> less than 3 between micros. I noticed that 2.15.1 was released quite
>> early,
>> so I included another datapoint for one more 2.14.x micro release.
>>
>> [< 6 months]
>> 2.14.0 (18 Sep 2014) ===> 2.15.0 (10 Mar 2015)
>> 2.14.1 (16 Dec 2014) 2.15.1 (01 Apr 2015)
>> [< 3 months] [< 20 days (special circumstance
>> likely)]
>> 2.14.2 (10 Mar 2014)
>> [< 3 months]
>>
>> I know that analysing so few releases is not an indicative – ideally we
>> would analyse the entire release history – but I don't have time right
>> now.
>> Nevertheless, the release policy of Camel is 6 months between majors and 3
>> months between micros (if I recall correctly).
>>
>> Next, let's take a look at the innovation aspect:
>> * TIBCO AM BW 6.2.0 carries 22 new features [2], many of which have to do
>> with their IDE, not with core functionality.
>> * Camel 2.14.0 carried 38 new and noteworthy features, PLUS 15 new
>> components, 1 data format, 1 new EIP (Circuit Breaker), etc.
>>
>> Judge for yourselves ;-)
>>
>> *> *Myth #3 - Access to Source Allows Reviewing Code and Deploying
>> Safely**
>>
>> (Their statement: Access to source does not uncover vulnerabilities).
>>
>> Well, all software has vulnerabilities and with Open Source you can
>> identify them yourself and fix them. With proprietary software, you rely
>> entirely on the vendor's turnaround time.
>>
>> Moreover, we are very transparent about this and we publish our Security
>> Advisories here [3].
>>
>> *> *Myth #4 - Open Source and SaaS Work Well Together**
>>
>> They say: "Cloud-based open-source ESBs work just like other SaaS
>> applications: you typically don't have access to the code. How well will
>> it
>> connect your on-premise applications with other SaaS services? You can't
>> know."
>>
>> Well, that's just plain absurd. It amuses me that a closed-source vendor
>> is
>> using the "you don't have access to the code" against an Open Source
>> product :D Makes zero sense, both marketing- and technical-wise.
>>
>> With TIBCO, you don't have access to the source on-premises nor
>> cloud-based
>> software. With the other vendor, you may not have access to the source of
>> their iPaaS but you know it's largely based on the on-premises software,
>> to
>> which you have access (even though it's a "gated community" in the strict
>> sense...).
>>
>> ---
>>
>> Discussion open! 1, 2, 3... GO!
>>
>> [1]
>> https://docs.tibco.com/products/tibco-activematrix-businessworks-6-2-1
>> [2]
>>
>> https://docs.tibco.com/pub/activematrix_businessworks/6.2.0/TIB_BW_6.2.0_relnotes.pdf
>> [3] https://camel.apache.org/security-advisories.data
>>
>> Regards,
>>
>> *Raúl Kripalani*
>> Apache Camel PMC Member & Committer | Enterprise Architect, Open Source
>> Integration specialist
>> http://about.me/raulkripalani | http://www.linkedin.com/in/raulkripalani
>> http://blog.raulkr.net | twitter: @raulvk
>>
>>
>
>
Re: [DISCUSS] Looks like someone feels threatened... (TIBCO vs Open
Source ESBs)
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi Raul
Looks like Tibco is trying to prevent their customers from leaving with
this scary tactics :-)
I think if you post it to the Apache members list the email thread you
initiate will be the most popular in years :-)
Sergey
On 17/04/15 11:13, Raul Kripalani wrote:
> Just found this marketing landing page published on social networks. It's
> made by TIBCO and attempts to highlight the downsides of Open Source ESBs.
> You don't need to be a rocket scientist to gather what exact ESB they are
> targeting (not us): just look at the images.
>
> http://www.tibco.com/integration/open-source-ESB-alternative
>
> Even though it's a clear exercise of FUD vs. OSS – as it provides no
> quantitive measurements to their claims (whatever happened to the
> scientific method...) – I was planning to write a rebuttal post in my blog,
> but I haven't updated it in a long time and it needs a bit of love first.
>
> So I thought I'd just publish my thoughts – as I wanted to get it out ASAP
> – and start a qualified discussion here...
>
> In particular I would like to dissect / take down their 4 "myths" about OSS
> ESBs:
>
> *> *Myth # 1 - Open Source ESB Software Is Free**
>
> (Their statement: OSS ESBs are not Free.)
>
> Well, no software has zero Total Cost of Ownership. As long as the world is
> *not* entirely controlled by androids, you will need humans to operate the
> software, including TIBCO's. What we need to look at are the costs of
> hiring those people and their learning curves.
>
> For Camel, any developer with Java, XML and a few other "commodity skills"
> will do. And they can get started in days. Many people in this forum got
> started in hours.
>
> For TIBCO, you need a specialised consultant because their stack is
> proprietary. Or you need to train them, and TIBCO training is not cheap. I
> have been a TIBCO consultant and I know this for a fact. Moreover,
> specialised (already trained) TIBCO consultants are not cheap either (like
> with most proprietary software – think SAP, Salesforce, etc.).
>
> Furthermore, brand new customers need consultancy to get started – and that
> is not cheap either.
>
> *> *Myth #2 - Open Source ESB Communities Innovate Faster**
>
> (Their statement: Proprietary ESB vendors innovate faster)
>
> This is plainly wrong. Just take a look at the release notes of TIBCO
> ActiveMatrix BusinessWorks. This [1] is the latest version, and there's a
> dropdown at the top to browse through past versions.
>
> To analyse this statement, we need to track two things at least: (1)
> frequency of releases, (2) new features introduced per release.
>
> About frequency of releases:
>
> TIBCO ActiveMatrix release line 6.x: 9 months between minor releases, 4
> months between micro releases.
>
> [9 months]
> 6.1.0 (May 2014) ---> 6.2.0 (Nov 2014)
> 6.1.1 (Sep 2014) 6.2.1 (Mar 2015)
> [4 months] [4 months]
>
> Camel (analysing past 2 minor releases): less than 6 months between minors,
> less than 3 between micros. I noticed that 2.15.1 was released quite early,
> so I included another datapoint for one more 2.14.x micro release.
>
> [< 6 months]
> 2.14.0 (18 Sep 2014) ===> 2.15.0 (10 Mar 2015)
> 2.14.1 (16 Dec 2014) 2.15.1 (01 Apr 2015)
> [< 3 months] [< 20 days (special circumstance
> likely)]
> 2.14.2 (10 Mar 2014)
> [< 3 months]
>
> I know that analysing so few releases is not an indicative – ideally we
> would analyse the entire release history – but I don't have time right now.
> Nevertheless, the release policy of Camel is 6 months between majors and 3
> months between micros (if I recall correctly).
>
> Next, let's take a look at the innovation aspect:
> * TIBCO AM BW 6.2.0 carries 22 new features [2], many of which have to do
> with their IDE, not with core functionality.
> * Camel 2.14.0 carried 38 new and noteworthy features, PLUS 15 new
> components, 1 data format, 1 new EIP (Circuit Breaker), etc.
>
> Judge for yourselves ;-)
>
> *> *Myth #3 - Access to Source Allows Reviewing Code and Deploying Safely**
>
> (Their statement: Access to source does not uncover vulnerabilities).
>
> Well, all software has vulnerabilities and with Open Source you can
> identify them yourself and fix them. With proprietary software, you rely
> entirely on the vendor's turnaround time.
>
> Moreover, we are very transparent about this and we publish our Security
> Advisories here [3].
>
> *> *Myth #4 - Open Source and SaaS Work Well Together**
>
> They say: "Cloud-based open-source ESBs work just like other SaaS
> applications: you typically don't have access to the code. How well will it
> connect your on-premise applications with other SaaS services? You can't
> know."
>
> Well, that's just plain absurd. It amuses me that a closed-source vendor is
> using the "you don't have access to the code" against an Open Source
> product :D Makes zero sense, both marketing- and technical-wise.
>
> With TIBCO, you don't have access to the source on-premises nor cloud-based
> software. With the other vendor, you may not have access to the source of
> their iPaaS but you know it's largely based on the on-premises software, to
> which you have access (even though it's a "gated community" in the strict
> sense...).
>
> ---
>
> Discussion open! 1, 2, 3... GO!
>
> [1] https://docs.tibco.com/products/tibco-activematrix-businessworks-6-2-1
> [2]
> https://docs.tibco.com/pub/activematrix_businessworks/6.2.0/TIB_BW_6.2.0_relnotes.pdf
> [3] https://camel.apache.org/security-advisories.data
>
> Regards,
>
> *Raúl Kripalani*
> Apache Camel PMC Member & Committer | Enterprise Architect, Open Source
> Integration specialist
> http://about.me/raulkripalani | http://www.linkedin.com/in/raulkripalani
> http://blog.raulkr.net | twitter: @raulvk
>
Re: [DISCUSS] Looks like someone feels threatened... (TIBCO vs Open
Source ESBs)
Posted by Claus Ibsen <cl...@gmail.com>.
Hi Raul
Well spotted.
Well I guess its only a sign that Camel / Open Source / SMX / Karaf /
Others Camel like ESBs make a dent into the old world.
Now its Tibco to take notice.
Their 4 myths seems very generic to me, as its not really about ESB
but Open Source in general.
IBM have done their FUDs recently against ActiveMQ.
And then MuleSoft did theirs as well. Though MuleSoft is a "gated
community" and have their "open core" vs enterprise product. The
latter is paid / closed excessively and have their enterprise features
only.
And then there is the usual "battlle" between the JEE servers with
closed vs open source ones. Although for the OS ones there are less,
as focus is shifting to micro / cloud stuff.
> TIBCO ActiveMatrix BusinessWorks
And its nice to see they have the same naming as IBM has with some of
their WebSphere product names that is a buzz-word bingo.
That is actually a difference with open source, as os projects tend to
come up with much better names.
On Fri, Apr 17, 2015 at 12:13 PM, Raul Kripalani <ra...@evosent.com> wrote:
> Just found this marketing landing page published on social networks. It's
> made by TIBCO and attempts to highlight the downsides of Open Source ESBs.
> You don't need to be a rocket scientist to gather what exact ESB they are
> targeting (not us): just look at the images.
>
> http://www.tibco.com/integration/open-source-ESB-alternative
>
> Even though it's a clear exercise of FUD vs. OSS – as it provides no
> quantitive measurements to their claims (whatever happened to the
> scientific method...) – I was planning to write a rebuttal post in my blog,
> but I haven't updated it in a long time and it needs a bit of love first.
>
> So I thought I'd just publish my thoughts – as I wanted to get it out ASAP
> – and start a qualified discussion here...
>
> In particular I would like to dissect / take down their 4 "myths" about OSS
> ESBs:
>
> *> *Myth # 1 - Open Source ESB Software Is Free**
>
> (Their statement: OSS ESBs are not Free.)
>
> Well, no software has zero Total Cost of Ownership. As long as the world is
> *not* entirely controlled by androids, you will need humans to operate the
> software, including TIBCO's. What we need to look at are the costs of
> hiring those people and their learning curves.
>
> For Camel, any developer with Java, XML and a few other "commodity skills"
> will do. And they can get started in days. Many people in this forum got
> started in hours.
>
> For TIBCO, you need a specialised consultant because their stack is
> proprietary. Or you need to train them, and TIBCO training is not cheap. I
> have been a TIBCO consultant and I know this for a fact. Moreover,
> specialised (already trained) TIBCO consultants are not cheap either (like
> with most proprietary software – think SAP, Salesforce, etc.).
>
> Furthermore, brand new customers need consultancy to get started – and that
> is not cheap either.
>
> *> *Myth #2 - Open Source ESB Communities Innovate Faster**
>
> (Their statement: Proprietary ESB vendors innovate faster)
>
> This is plainly wrong. Just take a look at the release notes of TIBCO
> ActiveMatrix BusinessWorks. This [1] is the latest version, and there's a
> dropdown at the top to browse through past versions.
>
> To analyse this statement, we need to track two things at least: (1)
> frequency of releases, (2) new features introduced per release.
>
> About frequency of releases:
>
> TIBCO ActiveMatrix release line 6.x: 9 months between minor releases, 4
> months between micro releases.
>
> [9 months]
> 6.1.0 (May 2014) ---> 6.2.0 (Nov 2014)
> 6.1.1 (Sep 2014) 6.2.1 (Mar 2015)
> [4 months] [4 months]
>
> Camel (analysing past 2 minor releases): less than 6 months between minors,
> less than 3 between micros. I noticed that 2.15.1 was released quite early,
> so I included another datapoint for one more 2.14.x micro release.
>
> [< 6 months]
> 2.14.0 (18 Sep 2014) ===> 2.15.0 (10 Mar 2015)
> 2.14.1 (16 Dec 2014) 2.15.1 (01 Apr 2015)
> [< 3 months] [< 20 days (special circumstance
> likely)]
> 2.14.2 (10 Mar 2014)
> [< 3 months]
>
> I know that analysing so few releases is not an indicative – ideally we
> would analyse the entire release history – but I don't have time right now.
> Nevertheless, the release policy of Camel is 6 months between majors and 3
> months between micros (if I recall correctly).
>
> Next, let's take a look at the innovation aspect:
> * TIBCO AM BW 6.2.0 carries 22 new features [2], many of which have to do
> with their IDE, not with core functionality.
> * Camel 2.14.0 carried 38 new and noteworthy features, PLUS 15 new
> components, 1 data format, 1 new EIP (Circuit Breaker), etc.
>
> Judge for yourselves ;-)
>
> *> *Myth #3 - Access to Source Allows Reviewing Code and Deploying Safely**
>
> (Their statement: Access to source does not uncover vulnerabilities).
>
> Well, all software has vulnerabilities and with Open Source you can
> identify them yourself and fix them. With proprietary software, you rely
> entirely on the vendor's turnaround time.
>
> Moreover, we are very transparent about this and we publish our Security
> Advisories here [3].
>
> *> *Myth #4 - Open Source and SaaS Work Well Together**
>
> They say: "Cloud-based open-source ESBs work just like other SaaS
> applications: you typically don't have access to the code. How well will it
> connect your on-premise applications with other SaaS services? You can't
> know."
>
> Well, that's just plain absurd. It amuses me that a closed-source vendor is
> using the "you don't have access to the code" against an Open Source
> product :D Makes zero sense, both marketing- and technical-wise.
>
> With TIBCO, you don't have access to the source on-premises nor cloud-based
> software. With the other vendor, you may not have access to the source of
> their iPaaS but you know it's largely based on the on-premises software, to
> which you have access (even though it's a "gated community" in the strict
> sense...).
>
> ---
>
> Discussion open! 1, 2, 3... GO!
>
> [1] https://docs.tibco.com/products/tibco-activematrix-businessworks-6-2-1
> [2]
> https://docs.tibco.com/pub/activematrix_businessworks/6.2.0/TIB_BW_6.2.0_relnotes.pdf
> [3] https://camel.apache.org/security-advisories.data
>
> Regards,
>
> *Raúl Kripalani*
> Apache Camel PMC Member & Committer | Enterprise Architect, Open Source
> Integration specialist
> http://about.me/raulkripalani | http://www.linkedin.com/in/raulkripalani
> http://blog.raulkr.net | twitter: @raulvk
--
Claus Ibsen
-----------------
Red Hat, Inc.
Email: cibsen@redhat.com
Twitter: davsclaus
Blog: http://davsclaus.com
Author of Camel in Action: http://www.manning.com/ibsen
hawtio: http://hawt.io/
fabric8: http://fabric8.io/
Re: [DISCUSS] Looks like someone feels threatened... (TIBCO vs Open
Source ESBs)
Posted by Camel Guy <ca...@devguy.com>.
I can't imagine getting my boss to pay for something like TIBCO. That would
require quite a sales job.
With one exception, the developers I know wouldn't even use Camel. They
tend to reinvent the wheel. But they do use Spring and a few even use
Spring Integration.
In order to commit to something like Camel, you have to experience the
"ah-ha" moment when you realize that Camel makes things easier, like the
REST DSL. That of course requires actually using Camel. Being free is a big
win for learning. Expensive products won't die completely, but new
developers won't bother with them.
Re: [DISCUSS] Looks like someone feels threatened... (TIBCO vs Open
Source ESBs)
Posted by Raul Kripalani <ra...@evosent.com>.
Exactly. And what many fail to see is that closed source is – in many cases
– leveraging OSS under the hood. Sometimes the vendor will be nice and make
it evident (e.g. IBM WebSphere being quite transparent in their docs about
using Apache Aries, they also contribute, etc.).
But in other cases, the end user won't come to know because the licensing
model of the 3rd party libraries is non-viral and doesn't require the
vendor to either keep the original naming, nor acknowledge the usage.
I don't have any numbers to support this, but what I've gathered throughout
many years in the industry is that most proprietary software will be
powered (to varying degrees) by OSS without upfront disclosure. At the end
of the day, as a proprietary vendor, I guess you do need a good reason to
reinvent the wheel, and quite possibly that reason doesn't exist.
In fact, one extreme case that comes to mind was the old BEA WebLogic Event
Server which, if you looked at the lib/ directory of the WAR, just turned
out to be mostly Esper [1] with a fancy GUI and some usability-related
changes. And they sold this for hundreds of thousands of EUR / CPU. (Not
intending to start a flame war nor implying generalisation. Just mentioning
an extreme case I know.)
Actually, you know what? When I get some time I'm going to download TIBCO's
product and inspect their usage of 3rd party libs... From what I remember
back, they did use stuff like Xerces, Xalan, etc. which is pretty
commonplace anyway, but I'd be curious to find out if they use further OSS.
[1] http://www.espertech.com/esper/index.php
Regards,
*Raúl Kripalani*
Apache Camel PMC Member & Committer | Enterprise Architect, Open Source
Integration specialist
http://about.me/raulkripalani | http://www.linkedin.com/in/raulkripalani
http://blog.raulkr.net | twitter: @raulvk
On Thu, Apr 23, 2015 at 6:25 AM, Claus Ibsen <cl...@gmail.com> wrote:
> Hi Raul
>
> Did you get a chance to continue working on this?
>
> I think for #3 its due to the openes of the source code that people
> dive in and help fix those vulnerabilities as well. And as you say we
> are very open and they get proper registerede with a CVE and listed in
> the public. And we do put out releases with the fixes fairly soon
> after its fixed.
>
> And there is not so many after all that is caused by Apache Camel itself.
>
> Yes if you use CXF, Spring, Jetty etc those libraries may have issues
> as well, but they are also reported in the open and fixed fast. And
> have communities as well, some very big like the spring community.
>
> And those are found and fixed. For the Open Source ESB you would have
> to take a look at
> - CXF
> - ActiveMQ
> - Spring
> - Jetty
> etc to get the "combined picture"
>
> http://cxf.apache.org/security-advisories.html
>
> You can find the Apache products
> http://www.cvedetails.com/product-list/vendor_id-45/Apache.html
>
> On Fri, Apr 17, 2015 at 12:13 PM, Raul Kripalani <ra...@evosent.com> wrote:
> > Just found this marketing landing page published on social networks. It's
> > made by TIBCO and attempts to highlight the downsides of Open Source
> ESBs.
> > You don't need to be a rocket scientist to gather what exact ESB they are
> > targeting (not us): just look at the images.
> >
> > http://www.tibco.com/integration/open-source-ESB-alternative
> >
> > Even though it's a clear exercise of FUD vs. OSS – as it provides no
> > quantitive measurements to their claims (whatever happened to the
> > scientific method...) – I was planning to write a rebuttal post in my
> blog,
> > but I haven't updated it in a long time and it needs a bit of love first.
> >
> > So I thought I'd just publish my thoughts – as I wanted to get it out
> ASAP
> > – and start a qualified discussion here...
> >
> > In particular I would like to dissect / take down their 4 "myths" about
> OSS
> > ESBs:
> >
> > *> *Myth # 1 - Open Source ESB Software Is Free**
> >
> > (Their statement: OSS ESBs are not Free.)
> >
> > Well, no software has zero Total Cost of Ownership. As long as the world
> is
> > *not* entirely controlled by androids, you will need humans to operate
> the
> > software, including TIBCO's. What we need to look at are the costs of
> > hiring those people and their learning curves.
> >
> > For Camel, any developer with Java, XML and a few other "commodity
> skills"
> > will do. And they can get started in days. Many people in this forum got
> > started in hours.
> >
> > For TIBCO, you need a specialised consultant because their stack is
> > proprietary. Or you need to train them, and TIBCO training is not cheap.
> I
> > have been a TIBCO consultant and I know this for a fact. Moreover,
> > specialised (already trained) TIBCO consultants are not cheap either
> (like
> > with most proprietary software – think SAP, Salesforce, etc.).
> >
> > Furthermore, brand new customers need consultancy to get started – and
> that
> > is not cheap either.
> >
> > *> *Myth #2 - Open Source ESB Communities Innovate Faster**
> >
> > (Their statement: Proprietary ESB vendors innovate faster)
> >
> > This is plainly wrong. Just take a look at the release notes of TIBCO
> > ActiveMatrix BusinessWorks. This [1] is the latest version, and there's a
> > dropdown at the top to browse through past versions.
> >
> > To analyse this statement, we need to track two things at least: (1)
> > frequency of releases, (2) new features introduced per release.
> >
> > About frequency of releases:
> >
> > TIBCO ActiveMatrix release line 6.x: 9 months between minor releases, 4
> > months between micro releases.
> >
> > [9 months]
> > 6.1.0 (May 2014) ---> 6.2.0 (Nov 2014)
> > 6.1.1 (Sep 2014) 6.2.1 (Mar 2015)
> > [4 months] [4 months]
> >
> > Camel (analysing past 2 minor releases): less than 6 months between
> minors,
> > less than 3 between micros. I noticed that 2.15.1 was released quite
> early,
> > so I included another datapoint for one more 2.14.x micro release.
> >
> > [< 6 months]
> > 2.14.0 (18 Sep 2014) ===> 2.15.0 (10 Mar 2015)
> > 2.14.1 (16 Dec 2014) 2.15.1 (01 Apr 2015)
> > [< 3 months] [< 20 days (special circumstance
> > likely)]
> > 2.14.2 (10 Mar 2014)
> > [< 3 months]
> >
> > I know that analysing so few releases is not an indicative – ideally we
> > would analyse the entire release history – but I don't have time right
> now.
> > Nevertheless, the release policy of Camel is 6 months between majors and
> 3
> > months between micros (if I recall correctly).
> >
> > Next, let's take a look at the innovation aspect:
> > * TIBCO AM BW 6.2.0 carries 22 new features [2], many of which have to do
> > with their IDE, not with core functionality.
> > * Camel 2.14.0 carried 38 new and noteworthy features, PLUS 15 new
> > components, 1 data format, 1 new EIP (Circuit Breaker), etc.
> >
> > Judge for yourselves ;-)
> >
> > *> *Myth #3 - Access to Source Allows Reviewing Code and Deploying
> Safely**
> >
> > (Their statement: Access to source does not uncover vulnerabilities).
> >
> > Well, all software has vulnerabilities and with Open Source you can
> > identify them yourself and fix them. With proprietary software, you rely
> > entirely on the vendor's turnaround time.
> >
> > Moreover, we are very transparent about this and we publish our Security
> > Advisories here [3].
> >
> > *> *Myth #4 - Open Source and SaaS Work Well Together**
> >
> > They say: "Cloud-based open-source ESBs work just like other SaaS
> > applications: you typically don't have access to the code. How well will
> it
> > connect your on-premise applications with other SaaS services? You can't
> > know."
> >
> > Well, that's just plain absurd. It amuses me that a closed-source vendor
> is
> > using the "you don't have access to the code" against an Open Source
> > product :D Makes zero sense, both marketing- and technical-wise.
> >
> > With TIBCO, you don't have access to the source on-premises nor
> cloud-based
> > software. With the other vendor, you may not have access to the source of
> > their iPaaS but you know it's largely based on the on-premises software,
> to
> > which you have access (even though it's a "gated community" in the strict
> > sense...).
> >
> > ---
> >
> > Discussion open! 1, 2, 3... GO!
> >
> > [1]
> https://docs.tibco.com/products/tibco-activematrix-businessworks-6-2-1
> > [2]
> >
> https://docs.tibco.com/pub/activematrix_businessworks/6.2.0/TIB_BW_6.2.0_relnotes.pdf
> > [3] https://camel.apache.org/security-advisories.data
> >
> > Regards,
> >
> > *Raúl Kripalani*
> > Apache Camel PMC Member & Committer | Enterprise Architect, Open Source
> > Integration specialist
> > http://about.me/raulkripalani | http://www.linkedin.com/in/raulkripalani
> > http://blog.raulkr.net | twitter: @raulvk
>
>
>
> --
> Claus Ibsen
> -----------------
> Red Hat, Inc.
> Email: cibsen@redhat.com
> Twitter: davsclaus
> Blog: http://davsclaus.com
> Author of Camel in Action: http://www.manning.com/ibsen
> hawtio: http://hawt.io/
> fabric8: http://fabric8.io/
>
Re: [DISCUSS] Looks like someone feels threatened... (TIBCO vs Open
Source ESBs)
Posted by Claus Ibsen <cl...@gmail.com>.
Hi Raul
Did you get a chance to continue working on this?
I think for #3 its due to the openes of the source code that people
dive in and help fix those vulnerabilities as well. And as you say we
are very open and they get proper registerede with a CVE and listed in
the public. And we do put out releases with the fixes fairly soon
after its fixed.
And there is not so many after all that is caused by Apache Camel itself.
Yes if you use CXF, Spring, Jetty etc those libraries may have issues
as well, but they are also reported in the open and fixed fast. And
have communities as well, some very big like the spring community.
And those are found and fixed. For the Open Source ESB you would have
to take a look at
- CXF
- ActiveMQ
- Spring
- Jetty
etc to get the "combined picture"
http://cxf.apache.org/security-advisories.html
You can find the Apache products
http://www.cvedetails.com/product-list/vendor_id-45/Apache.html
On Fri, Apr 17, 2015 at 12:13 PM, Raul Kripalani <ra...@evosent.com> wrote:
> Just found this marketing landing page published on social networks. It's
> made by TIBCO and attempts to highlight the downsides of Open Source ESBs.
> You don't need to be a rocket scientist to gather what exact ESB they are
> targeting (not us): just look at the images.
>
> http://www.tibco.com/integration/open-source-ESB-alternative
>
> Even though it's a clear exercise of FUD vs. OSS – as it provides no
> quantitive measurements to their claims (whatever happened to the
> scientific method...) – I was planning to write a rebuttal post in my blog,
> but I haven't updated it in a long time and it needs a bit of love first.
>
> So I thought I'd just publish my thoughts – as I wanted to get it out ASAP
> – and start a qualified discussion here...
>
> In particular I would like to dissect / take down their 4 "myths" about OSS
> ESBs:
>
> *> *Myth # 1 - Open Source ESB Software Is Free**
>
> (Their statement: OSS ESBs are not Free.)
>
> Well, no software has zero Total Cost of Ownership. As long as the world is
> *not* entirely controlled by androids, you will need humans to operate the
> software, including TIBCO's. What we need to look at are the costs of
> hiring those people and their learning curves.
>
> For Camel, any developer with Java, XML and a few other "commodity skills"
> will do. And they can get started in days. Many people in this forum got
> started in hours.
>
> For TIBCO, you need a specialised consultant because their stack is
> proprietary. Or you need to train them, and TIBCO training is not cheap. I
> have been a TIBCO consultant and I know this for a fact. Moreover,
> specialised (already trained) TIBCO consultants are not cheap either (like
> with most proprietary software – think SAP, Salesforce, etc.).
>
> Furthermore, brand new customers need consultancy to get started – and that
> is not cheap either.
>
> *> *Myth #2 - Open Source ESB Communities Innovate Faster**
>
> (Their statement: Proprietary ESB vendors innovate faster)
>
> This is plainly wrong. Just take a look at the release notes of TIBCO
> ActiveMatrix BusinessWorks. This [1] is the latest version, and there's a
> dropdown at the top to browse through past versions.
>
> To analyse this statement, we need to track two things at least: (1)
> frequency of releases, (2) new features introduced per release.
>
> About frequency of releases:
>
> TIBCO ActiveMatrix release line 6.x: 9 months between minor releases, 4
> months between micro releases.
>
> [9 months]
> 6.1.0 (May 2014) ---> 6.2.0 (Nov 2014)
> 6.1.1 (Sep 2014) 6.2.1 (Mar 2015)
> [4 months] [4 months]
>
> Camel (analysing past 2 minor releases): less than 6 months between minors,
> less than 3 between micros. I noticed that 2.15.1 was released quite early,
> so I included another datapoint for one more 2.14.x micro release.
>
> [< 6 months]
> 2.14.0 (18 Sep 2014) ===> 2.15.0 (10 Mar 2015)
> 2.14.1 (16 Dec 2014) 2.15.1 (01 Apr 2015)
> [< 3 months] [< 20 days (special circumstance
> likely)]
> 2.14.2 (10 Mar 2014)
> [< 3 months]
>
> I know that analysing so few releases is not an indicative – ideally we
> would analyse the entire release history – but I don't have time right now.
> Nevertheless, the release policy of Camel is 6 months between majors and 3
> months between micros (if I recall correctly).
>
> Next, let's take a look at the innovation aspect:
> * TIBCO AM BW 6.2.0 carries 22 new features [2], many of which have to do
> with their IDE, not with core functionality.
> * Camel 2.14.0 carried 38 new and noteworthy features, PLUS 15 new
> components, 1 data format, 1 new EIP (Circuit Breaker), etc.
>
> Judge for yourselves ;-)
>
> *> *Myth #3 - Access to Source Allows Reviewing Code and Deploying Safely**
>
> (Their statement: Access to source does not uncover vulnerabilities).
>
> Well, all software has vulnerabilities and with Open Source you can
> identify them yourself and fix them. With proprietary software, you rely
> entirely on the vendor's turnaround time.
>
> Moreover, we are very transparent about this and we publish our Security
> Advisories here [3].
>
> *> *Myth #4 - Open Source and SaaS Work Well Together**
>
> They say: "Cloud-based open-source ESBs work just like other SaaS
> applications: you typically don't have access to the code. How well will it
> connect your on-premise applications with other SaaS services? You can't
> know."
>
> Well, that's just plain absurd. It amuses me that a closed-source vendor is
> using the "you don't have access to the code" against an Open Source
> product :D Makes zero sense, both marketing- and technical-wise.
>
> With TIBCO, you don't have access to the source on-premises nor cloud-based
> software. With the other vendor, you may not have access to the source of
> their iPaaS but you know it's largely based on the on-premises software, to
> which you have access (even though it's a "gated community" in the strict
> sense...).
>
> ---
>
> Discussion open! 1, 2, 3... GO!
>
> [1] https://docs.tibco.com/products/tibco-activematrix-businessworks-6-2-1
> [2]
> https://docs.tibco.com/pub/activematrix_businessworks/6.2.0/TIB_BW_6.2.0_relnotes.pdf
> [3] https://camel.apache.org/security-advisories.data
>
> Regards,
>
> *Raúl Kripalani*
> Apache Camel PMC Member & Committer | Enterprise Architect, Open Source
> Integration specialist
> http://about.me/raulkripalani | http://www.linkedin.com/in/raulkripalani
> http://blog.raulkr.net | twitter: @raulvk
--
Claus Ibsen
-----------------
Red Hat, Inc.
Email: cibsen@redhat.com
Twitter: davsclaus
Blog: http://davsclaus.com
Author of Camel in Action: http://www.manning.com/ibsen
hawtio: http://hawt.io/
fabric8: http://fabric8.io/