Modal Title
Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
How GitHub Uses GitHub to Be Productive and Secure
May 31st 2023 10:30am, by Loraine Lawson
Top 3 Application Security Must-Haves
May 26th 2023 7:59am, by Guilherme (Gui) Alvarenga
Cloud Native Skill Gaps are Killing Your Gains 
May 22nd 2023 7:15am, by Victoria Wright
A Boring Kubernetes Release
May 19th 2023 12:23pm, by Alex Williams
Why Upgrade to Observability from Application Monitoring?
May 19th 2023 11:49am, by George Hamilton
Chainguard Improves Security for Its Container Image Registry
May 31st 2023 6:30am, by Steven J. Vaughan-Nichols
How to Protect Containerized Workloads at Runtime
May 30th 2023 4:00am, by Kevin Casey
How to Containerize a Python Application with Paketo Buildpacks
May 29th 2023 5:00am, by Sylvain Kalache
Can Rancher Deliver on Making Kubernetes Easy?
May 27th 2023 7:00am, by Jack Wallen
Red Hat Podman Container Engine Gets a Desktop Interface
May 23rd 2023 7:30am, by Joab Jackson
Dell Intros New Edge, Generative AI, Cloud, Zero Trust Prods
May 31st 2023 11:00am, by Chris J. Preimesberger
Gothenburg, Sweden Used Open Source IoT to Drastically Cut Water Waste
May 23rd 2023 6:58am, by Alex Handy
Building a Plant Monitoring Tool with IoT
May 8th 2023 9:27am, by Zoe Steinkamp
How to Choose and Model Time Series Databases
Apr 28th 2023 3:00am, by Robert Kimani
How to Optimize Queries for Time Series Data
Apr 27th 2023 12:00pm, by Robert Kimani
Case Study: A WebAssembly Failure, and Lessons Learned
May 25th 2023 7:00am, by Susan Hall
RabbitMQ Is Boring, and I Love It
May 15th 2023 6:30am, by Josh Long
How OpenSearch Visualizes Jaeger's Distributed Tracing
May 11th 2023 10:00am, by Derek Ho and Jonah Kowall
Spring Cloud Gateway: The Swiss Army Knife of Cloud Development
May 8th 2023 6:47am, by Juergen Sussner
Return of the Monolith: Amazon Dumps Microservices for Video Monitoring
May 4th 2023 7:23am, by Joab Jackson
WithSecure Pours Energy into Making Software More Efficient
Jun 1st 2023 7:14am, by Joe Fay
Don't Force Containers and Disrupt Workflows
May 25th 2023 3:10pm, by Alex Williams
How to Decide Between a Layer 2 or Layer 3 Network
Apr 25th 2023 10:00am, by Gino Dion
Linkerd Service Mesh Update Addresses More Demanding User Base
Apr 11th 2023 6:17am, by Joab Jackson
Wireshark Celebrates 25th Anniversary with a New Foundation
Mar 28th 2023 5:00am, by Joab Jackson
Microsoft Fabric Defragments Analytics, Enters Public Preview
May 23rd 2023 8:00am, by Andrew Brust
Forrester on WebAssembly for Developers: Frontend to Backend
May 17th 2023 6:00am, by Loraine Lawson
Return of the Monolith: Amazon Dumps Microservices for Video Monitoring
May 4th 2023 7:23am, by Joab Jackson
IBM's Quiet Approach to AI, Wasm and Serverless
May 4th 2023 6:00am, by Loraine Lawson
Cloud Control Planes for All: Implement Internal Platforms with Crossplane
Apr 13th 2023 10:00am, by Bassam Tabbara
The Architect’s Guide to Storage for AI
Jun 1st 2023 7:44am, by Keith Pijanowski
8 Real-Time Data Best Practices
Jun 1st 2023 5:00am, by Jennifer Riggins
Raft Native: The Foundation for Streaming Data’s Best Future
May 30th 2023 9:44am, by Doug Flora
Why the Document Model Is More Cost-Efficient Than RDBMS
May 25th 2023 9:24am, by Rick Houlihan
Amazon Aurora vs. Redshift: What You Need to Know
May 25th 2023 6:27am, by Casey Samulski
Frontend Development Software Development Typescript WebAssembly Cloud Services Data Machine Learning Security
LangChain: The Trendiest Web Framework of 2023, Thanks to AI
Jun 1st 2023 10:57am, by
30 Non-Trivial Ways for Developers to Use GPT-4
Jun 1st 2023 9:39am, by
Bluesky vs. Nostr — Which Should Developers Care About More?
May 30th 2023 7:51am, by
Bad by Design: The World of Intentionally Awful User Interfaces
May 28th 2023 6:00am, by
Dev News: New Microsoft Edge Tools and Goodbye Node.js 16
May 27th 2023 6:00am, by
The Cedar Programming Language: Authorization Simplified
Jun 2nd 2023 6:07am, by
Demystifying WebAssembly: What Beginners Need to Know
Jun 2nd 2023 5:35am, by
PyPI Strives to Pull Itself Out of Trouble
Jun 1st 2023 11:43am, by
30 Non-Trivial Ways for Developers to Use GPT-4
Jun 1st 2023 9:39am, by
The Architect’s Guide to Storage for AI
Jun 1st 2023 7:44am, by
Dev News: New Microsoft Edge Tools and Goodbye Node.js 16
May 27th 2023 6:00am, by
Dev News: Angular v16, plus Node.js and TypeScript Updates
Apr 22nd 2023 4:00am, by
This Week in Computing: Malware Gone Wild
Mar 25th 2023 7:10am, by
TypeScript 5.0: New Decorators Standard, Smaller npm
Mar 24th 2023 11:25am, by
JavaScript or WebAssembly: Which Is More Energy Efficient and Faster?
Jan 30th 2023 9:51am, by
Demystifying WebAssembly: What Beginners Need to Know
Jun 2nd 2023 5:35am, by
Case Study: A WebAssembly Failure, and Lessons Learned
May 25th 2023 7:00am, by
New Image Trends Frontend Developers Should Support
May 25th 2023 6:00am, by
Could WebAssembly Be the Key to Decreasing Kubernetes Use?
May 22nd 2023 6:00am, by
Forrester on WebAssembly for Developers: Frontend to Backend
May 17th 2023 6:00am, by
Dell Intros New Edge, Generative AI, Cloud, Zero Trust Prods
May 31st 2023 11:00am, by
Cloud Dependencies Need to Stop F---ing Us When They Go Down
May 25th 2023 10:00am, by
Microsoft Fabric Defragments Analytics, Enters Public Preview
May 23rd 2023 8:00am, by
A Boring Kubernetes Release
May 19th 2023 12:23pm, by
Optimizing Mastodon Performance with Sidekiq and Redis Enterprise
May 18th 2023 10:30am, by and
Bringing AI to the Data Center 
Jun 1st 2023 6:13am, by
8 Real-Time Data Best Practices
Jun 1st 2023 5:00am, by
MongoDB vs. PostgreSQL vs. ScyllaDB: Tractian’s Experience
May 31st 2023 6:10am, by and
Oracle Support for MySQL 5.7 Ends Soon, Key Upgrades in 8.0
May 30th 2023 10:35am, by
Raft Native: The Foundation for Streaming Data’s Best Future
May 30th 2023 9:44am, by
Maker Builds a ChatGPT DOS Client for a 1984 Computer
May 31st 2023 11:04am, by
Google’s Generative AI Stack: An In-Depth Analysis
May 31st 2023 7:59am, by
MongoDB vs. PostgreSQL vs. ScyllaDB: Tractian’s Experience
May 31st 2023 6:10am, by and
Alteryx Announces AiDIN for AI-Powered Features
May 26th 2023 8:06am, by
Proprietary AI Models Are Dead. Long Live Proprietary AI Models 
May 26th 2023 6:13am, by
Demystifying WebAssembly: What Beginners Need to Know
Jun 2nd 2023 5:35am, by
PyPI Strives to Pull Itself Out of Trouble
Jun 1st 2023 11:43am, by
Chainguard Improves Security for Its Container Image Registry
May 31st 2023 6:30am, by
How to Integrate OpenShift with Keycloak
May 30th 2023 11:00am, by
Cloud Security: Don’t Confuse Vendor and Tool Consolidation
May 30th 2023 6:24am, by
Platform Engineering Operations CI/CD Tech Life DevOps Kubernetes Observability Service Mesh
How to Host Your Own Platform as a Product Workshop
May 31st 2023 9:09am, by Jennifer Riggins
Take a Platform Engineering Deep Dive at PlatformCon 2023
May 26th 2023 10:00am, by Carrie Tang
Developer Platforms: Key Findings from a Forrester Snapshot
May 19th 2023 10:52am, by Aeris Stewart
How Otomi Helped the City of Utrecht Move to Kubernetes
May 15th 2023 10:00am, by Sander Rodenhuis
IBM Cloud CTO: Pros Outweigh the Cons with Platform Engineering
May 5th 2023 6:00am, by Loraine Lawson
The Cedar Programming Language: Authorization Simplified
Jun 2nd 2023 6:07am, by Alex Williams
How to Improve Operational Maturity in an Economic Downturn
May 31st 2023 8:30am, by Jonathan Rende
MongoDB vs. PostgreSQL vs. ScyllaDB: Tractian’s Experience
May 31st 2023 6:10am, by Joao Pedro Voltani and Joao Granzotti
How to Protect Containerized Workloads at Runtime
May 30th 2023 4:00am, by Kevin Casey
Meet The Hobbyists Building Their Own DIY Cyberpunk Devices
May 29th 2023 6:00am, by David Cassel
Is DevOps Tool Complexity Slowing Down Developer Velocity?
May 17th 2023 6:29am, by Heather Joslyn and Lawrence E Hecht
AI Has Become Integral to the Software Delivery Lifecycle
May 12th 2023 11:01am, by Richard MacManus
4 Core Principles of GitOps
May 11th 2023 2:17pm, by Alex Williams
5 Version-Control Tools Game Developers Should Know About
May 9th 2023 10:00am, by Sharone Zitzman
Mitigate Risk Beyond the Supply Chain with Runtime Monitoring
May 8th 2023 10:00am, by Mike Long
How to Build a DevOps Engineer in Just 6 Months
Jun 1st 2023 10:43am, by Keri Barnett-Howell
Maker Builds a ChatGPT DOS Client for a 1984 Computer
May 31st 2023 11:04am, by David Cassel
Developers Can Turn Turbulent Times into Innovation and Growth
May 31st 2023 9:53am, by Ivan Letenko
Bluesky vs. Nostr — Which Should Developers Care About More?
May 30th 2023 7:51am, by Richard MacManus
Meet The Hobbyists Building Their Own DIY Cyberpunk Devices
May 29th 2023 6:00am, by David Cassel
How to Build a DevOps Engineer in Just 6 Months
Jun 1st 2023 10:43am, by Keri Barnett-Howell
Cloud Security: Don’t Confuse Vendor and Tool Consolidation
May 30th 2023 6:24am, by Rani Osnat
Take a Platform Engineering Deep Dive at PlatformCon 2023
May 26th 2023 10:00am, by Carrie Tang
Developer Guide: A New Way to Build on the Slack Platform
May 26th 2023 8:30am, by Lauren Gil
Better Security with ChatGPT: Using AI's Defensive Strengths
May 26th 2023 6:00am, by Jeff Goldman
How to Protect Containerized Workloads at Runtime
May 30th 2023 4:00am, by Kevin Casey
Can Rancher Deliver on Making Kubernetes Easy?
May 27th 2023 7:00am, by Jack Wallen
Don't Force Containers and Disrupt Workflows
May 25th 2023 3:10pm, by Alex Williams
Overcoming the Kubernetes Skills Gap with ChatGPT Assistance
May 23rd 2023 11:00am, by Dev Nag
Could WebAssembly Be the Key to Decreasing Kubernetes Use?
May 22nd 2023 6:00am, by Loraine Lawson
Red Hat Ansible Gets Event-Triggered Automation, AI Assist on Playbooks
May 24th 2023 6:22am, by Joab Jackson
Observability: Working with Metrics, Logs and Traces
May 22nd 2023 8:23am, by Jessica Wachtel
Why Upgrade to Observability from Application Monitoring?
May 19th 2023 11:49am, by George Hamilton
Datadog’s $65M Bill and Why Developers Should Care
May 17th 2023 10:56am, by Loraine Lawson
How OpenSearch Visualizes Jaeger's Distributed Tracing
May 11th 2023 10:00am, by Derek Ho and Jonah Kowall
Don't Force Containers and Disrupt Workflows
May 25th 2023 3:10pm, by Alex Williams
Linkerd Service Mesh Update Addresses More Demanding User Base
Apr 11th 2023 6:17am, by Joab Jackson
How to Create Zero Trust Architecture for Service Mesh
Mar 27th 2023 7:00am, by Joe Fay
Ambient Mesh: Sidestepping the Sidecar
Mar 1st 2023 8:44am, by Jeff Goldman
Service Mesh Demand for Kubernetes Shifts to Security
Oct 27th 2022 11:04am, by B. Cameron Gain
Open Source / Tech Life

Measuring the Costs of Open Source Language Builds

A guide to evaluating whether or not you need open source in your enterprise.
Jan 15th, 2020 1:44pm by
Featued image for: Measuring the Costs of Open Source Language Builds

An open source language build can often be a complex, overhead-heavy process. It can take hours and even days for a developer to get their initial build environment set-up completed. And that’s just including building all the components, packages and libraries they’ll need during development. On top of that, there’s the time required to set up their development and test environments. And this wasted time isn’t just a one-off cost. It happens all the time, not just when you start a project but also throughout the project’s life cycle. That includes when languages get upgraded, when components get updated or switched around, when new dependencies get added or even when operating systems get updated.

Most enterprises take environment builds for granted: just another cost of doing business that‘s rarely scrutinized. But from a management perspective, if you’re looking for time and resource savings (and who isn’t?), it’s important to understand all of the costs associated with open source language builds. That’s necessary to be able to fully evaluate a project’s return-on-investment (ROI.)

The Factors and Criteria That Go into the Overall Cost of Open Source Language

The ongoing wasted effort that developers expend on new projects has come to be an accepted inevitability. It’s often considered to be just part of the process of software development, buried within “set-up time” and “environment configuration.” This isn’t just frustrating; it steals budget as well as time.

These costs are “invisible”; your team is racking them up, and you’re losing developer productivity and project velocity. And since you’re not tracking, accounting or understanding the wasted time and associated costs, you’re taking on greater risk. These big, hidden costs are a primary reason why software projects go over time, over budget, or both. For example, if something breaks during a necessary upgrade, it cascades to affect deliverables, budgets and productivity. And, over time, your build requirements will grow. As your project increases in size and scope, so do your “invisible costs.”

Understanding the True Value of These Hidden Costs

Bart Copeland, CEO ActiveState
Bart Copeland is the CEO and president of ActiveState, which is reinventing Build Engineering with an enterprise platform that lets developers build, certify and resolve any open source language for any platform and any environment. ActiveState helps enterprises scale securely with open source languages and gives developers the kinds of tools they love to use. Bart holds a Master of Business Administration in technology management from the University of Phoenix and a mechanical engineering degree from the University of British Columbia.

Managers need to understand the costs that come with building, updating and maintaining their own open source language distributions on a per project — or even just a per language — basis. There are many factors to consider as you begin to calculate your burn rate (the yearly cost of building, updating and maintaining all of your languages), including:

  •  Linear scaling: While it’s true that every language has its own quirks, inconsistencies and gotchas that can trip up the uninitiated (and will therefore require its own build engineering expertise), general build knowledge is still broadly applicable to any language. As a result, adding a second language doesn’t truly mean double the costs. The same can be said for adding another operating system.
  • Build complexity: A package you need may never have been built for your target platform. Or the package may require C libraries to be compiled to speed up compute-intensive routines. Or a dependency may force you to use an older version of a package that requires a security patch to be backported. Or perhaps it’s a debug build that’s required. Any of these factors can significantly increase build complexity and, consequently, the time and resources required.
  • Security check: There are multiple systems, as well as checks and balances, that software organizations use to ensure the open source code they deploy to production is free of vulnerabilities. The same should be true about the open source languages you deploy in your dev and test environments to ensure nothing accidentally slips through the cracks.
  •  License audits: Driven internally by dedicated personnel, or else externally by a consulting service, audits are typically a yearly event. Given a list of all applications and their open source components, the auditor(s) identify how the overall component is licensed, as well as how all embedded routines/libraries/code are licensed. They can then determine whether the licenses are compatible, whether the developers have complied with the requirements of the license, and whether the licenses adhere to corporate policy.
  • Costs of curating: Which third-party packages can be brought into the organization is often strictly controlled. The costs associated with curating a set of packages that have been approved by a technical lead, reviewed by legal and verified by InfoSec before a developer can begin working with them can be significant, but they are rarely included in any ROI calculation.
  • Compliance: You may have strict regulatory rules with which you need to comply, depending on your industry. For example, if you’re in the eCommerce business, you might require that any third-party packages you use must be able to be support PCI-DSS.

How do You Reduce these Hidden Costs?

You need to know what your hidden build engineering costs are before you can lower them. You need to track them and iteratively budget and account for them. They need to be included in your onboarding process (and costs), as well as identified in software estimates. Make sure the time for build engineering is captured in project costs and project velocity estimates. We all need to practice rigor in tracking these processes so we can shine a light on how much time is wasted. But the situation can’t be improved if we — as an industry — don’t elevate its importance and start thinking about real solutions.

Calculate Carefully

Being able to determine the ROI of a project involves understanding where money and time are being wasted. Automating build engineering is the only way to ensure lower costs and increased throughput, but fully automating the build engineering for an open source language hasn’t always seemed worth the cost. The reality, though, is that the hidden costs of having your developers manually building their own languages are costing your organization far more than you think. Carefully calculate the factors that contribute to your build burn rate and then focus on lowering those costs.

Feature image by Gerd Altmann from Pixabay.

Group Created with Sketch.
SHARE THIS STORY
RELATED STORIES
How to Integrate OpenShift with Keycloak Amazon Web Services Open Sources a KVM-Based Fuzzing Framework A11y: GitHub Brings Accessibility to 85% of Open Source Socket Adds ChatGPT to Its Vulnerability Detection Arsenal Red Hat Has Finally Given CentOS 7 a Cloud Upgrade Plan
RELATED STORIES
Detect and Mitigate Common Attack Techniques for Containers Amazon Web Services Open Sources a KVM-Based Fuzzing Framework Traffic Routing in Ambient Mesh How GitHub Uses GitHub to Be Productive and Secure Microsoft Fabric Defragments Analytics, Enters Public Preview
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.