Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Software Open Source Programming

Don't Get Locked Up Into Avoiding Lock-in (martinfowler.com) 63

Gregor Hohpe: A significant share of architectural energy is spent on reducing or avoiding lock-in. That's a rather noble objective: architecture is meant to give us options and lock-in does the opposite. However, lock-in isn't a simple true-or-false matter: avoiding being locked into one aspect often locks you into another. Also, popular notions, such as open source automagically eliminating lock-in, turn out to be not entirely true. Time to have a closer look at lock-in, so you don't get locked up into avoiding it!
This discussion has been archived. No new comments can be posted.

Don't Get Locked Up Into Avoiding Lock-in

Comments Filter:
  • by ccham ( 162985 ) on Monday September 02, 2019 @03:29PM (#59150058)

    why is he writing this junior pr crap? Shouldn't this be down in the bottom of hackernews? The reason we/anyone tries to dodge lock in is not to eliminate vendor contracts, it is to have alternate means and pricing of those contracts. Bugs can theoretically be fixed in open source for 'some amount of money or effort', however you are limited to the resources and whims of a single vendor if 'locked-in'.

    I am glad slashdot is getting paid to publish articles, but you guys should be more objective or at least smell BS when you see it.

    • Fowler writes about lock-in in general, vendor lock-in is just one aspect of that. When you're avoiding lock-in, or - more commonly - assessing the risks of lock-in and mitigating those risks, a breakdown like his can be useful.

      Fowler seems a reasonably sensible fellow... which is kind of rare. I've not come across a profession where people have their heads so far up their own asses as in IT Architecture. Solution Architects tend to be sensible, but the higher up you go the worse it gets, right up to
      • by Cederic ( 9623 )

        Fowler's bloody excellent, but this article on his site wasn't written by him.

        It does though explore multiple types of lock-in, and that is a useful little checklist.

    • This guys is.... (Score:5, Insightful)

      by DrYak ( 748999 ) on Monday September 02, 2019 @03:56PM (#59150118) Homepage

      from the article:

      Formerly a technical director with Google Cloud

      Does the content of the article surprise you?

      • Kind of weird, as a loser in the cloud wars, Google should be advocating interoperability, to give them a chance to catch up.
        • by micheas ( 231635 )

          Kind of weird, as a loser in the cloud wars, Google should be advocating interoperability, to give them a chance to catch up.

          The interesting thing is that one of the big reasons for migrating to Kubernetes is that it puts a huge amount of what you are doing cloud-agnostic.

    • Thank you for not making me say it. I would not have been as eloquent or restrained.

    • by ranton ( 36917 ) on Monday September 02, 2019 @05:41PM (#59150376)

      The reason we/anyone tries to dodge lock in is not to eliminate vendor contracts, it is to have alternate means and pricing of those contracts. Bugs can theoretically be fixed in open source for 'some amount of money or effort', however you are limited to the resources and whims of a single vendor if 'locked-in'.

      I'm not sure if you read the article, but one core point the author is trying to get across is that Vendor Lock-in is just one type of lock-in. It is simply the one IT folks think about the most, to their detriment. The article mentions product lock-in, architecture, platform, skills, legal and mental. Open source really only helps you in one minor aspect of lock-in.

      What we should be thinking of is implementation lock-in. How hard is it to change your implementation significantly? If you need to move to a new CRM, ERP, ESB, etc. whether or not your last platform was open source or closed source will hardly matter at all. How modular was your architecture, how well documented was it, what partner contracts must you support, etc. will be far more important.

      Most of the implementations I work on would be considered in the "Accepted Lock-in" section of the author's matrix. Much of my work would have significant switching costs (PaaS solutions) but those platforms provide significant utility. If we moved off of Salesforce, our industry specific accounting platform, or MuleSoft each of those would have high costs, but our IT department moves so much quicker than when we were a C# shop that the decision to live with higher switching costs was a no-brainer.

      • The oroblem is not that the article is or is not worthless. The point is that the summary here on slashdot fucking SUCKS. Unless I was already a follower of this gentleman's writing, the summary promises absolutely nothing to me. Fuck that. I'm not wasting my time clicking through to every article.

        • by Cederic ( 9623 )

          Au contraire, the summary very accurately describes the article.

          That it didn't entice you to read the article suggests that your interests lie elsewhere. That's fine.

          • It uses the phrase "lock in" as an assumed term; in fact, it uses it so casually that it seems to be meant to make you feel like an idiot if you don't already understand the use of the term. Now perhaps that's a term that is as obvious to you as "tree" or "IDE", but I'd never, ever heard of it before in the context of information technology, and I've been in the industry since 1987.

            I submit that making assumptions limits your audience and makes the summary suck.

            • by Cederic ( 9623 )

              If only there was a web page somewhere that describes lock-in, what it is, and the many forms it can take.

              Oh, wait.

      • At some point, though, isn't everything some level of lock-in because there are always switching costs and at most close-in levels of resolution there are no substitute goods.

        • Re: (Score:2, Insightful)

          by Anonymous Coward

          Choosing a programming language is a lock-in, according to the too-broad definition of TFA. Guess what, in RealLife(TM), every choice you make is a lock-in too. It's called committing to something and it is very different from being held hostage against your will.

          • by ranton ( 36917 )

            Choosing a programming language is a lock-in, according to the too-broad definition of TFA. Guess what, in RealLife(TM), every choice you make is a lock-in too. It's called committing to something and it is very different from being held hostage against your will.

            In RealLife (TM) the type of lock-in you are defining as too-broad is just as restrictive as anything a vendor can do to "hold you hostage." I have done nearly complete re-implementations of custom .Net/Java solutions and Oracle/SAP/Salesforce solutions, and custom software solutions were no easier to re-implement than the vendor specific solutions. The custom solutions gave us more flexibility, but they also usually had more poorly defined architectural boundaries. The vendor solutions more commonly had m

        • by Jaime2 ( 824950 )

          Yes, at some level. What the article is trying to get you to consider is that this isn't a black and white situation where all lock-in is bad. Rather, these choices have up-front costs and advantages as well as potential switching costs and potential problems. It's important to quantify and weigh these rather than trying to reduce it to an over-simplified rule.

          This is true at a feature level as well. I've told people that they can't use a certain feature because of problems the feature introduces for one of

    • lock-in is alway bad unless they are paying you to do it. Even then you should think it through and make sure you can back out of it down the road in case some other investor comes in.

    • by jurtax ( 931457 )
      Who is this Martin Fowler guy?! ;-) If you're "in the industry" and you've never heard of him, you might want to change direction.
  • I recently was in a project with what an "architect" divided into three major pillars, of which I was pulled in to drive one of them.

    It so happens my team had work in that pillar and so I proposed using that, however, the architect declared that we should use external software. Ok, fine I suppose, which one?

    The answer was that they wanted my team to create an abstraction layer to provide a common api to make our product be able to "swap" between any of about four open source projects in the field.

    Now this

    • Hmmmmmm, you should make an API layer for unit tests, so you can switch easily between any major library for unit tests. It's a lot of work, but we refuse to have compatibility layers that are smaller than the functionality they interact with!
  • by Waffle Iron ( 339739 ) on Monday September 02, 2019 @04:03PM (#59150138)

    A significant share of architectural energy is spent on reducing or avoiding lock-in.

    It doesn't really take that much effort. There are only a couple of principles needed:

    - Make sure that every room has at least one door

    - Only install door locks with at most one keyed side

    - Make sure that all of the locks are installed in a direction such that it is possible to get from any point in the building to the outside without needing a key

    Your jurisdiction may require a few additional measures for safety, such as exit signs and doors that open outward.

    • by Cederic ( 9623 )

      And yet, despite this, at least 94% of development teams will somehow manage to find themselves in the basement with the lights off, behind a door they've nailed shut themselves, demanding additional funding so that they can add a window.

      They'll blame the architect anyway of course.

    • - Ensure that fire escapes are never blocked or obstructed in any way

    • Don't laugh too fast, or too hard:

      * Door locks to critical infrastructure that fail-locked when the power goes out.
      * Halon (or other inert) gas fire suppression systems.

      These have been put together in the past. People have died because of the combination in data centers.

  • The article really misunderstands what the issue with vendor lock-in is. If, say, you need a really big database and you have, say, scability requirements, then you probably want an established product rather than trying to develop the same in-house. If you choose poorly you might get stuck with a particular vendor and pay dearly in the long run. That's a matter of being lazy or careless in choosing the product, which is different from needing a software or hardware solution that can meet certain quasi-r

    • by eagle42 ( 58594 )

      Lock-in is still bad for all the same reasons, but you might simply not have the choices you'd like.

      Did you even read the article? Despite the awful summary here, it's pretty much along the same lines as your comment (as far as I could understand), meaning that lock-in has many different flavors, and is not a black-or-white choice -- sometimes lock-in can even be the best choice, as long as you choose it for the right reasons.

  • by phantomfive ( 622387 ) on Monday September 02, 2019 @04:16PM (#59150186) Journal
    There is a cost to avoiding lock-in, and a cost to being locked in. A good architect knows the cost of each, and can estimate which is a better risk in each situation. Often there is a solution (like a decent glue layer) which allows you to use a third-party, without getting too deeply locked in, and that is the best solution. Again, these kinds of estimations are skills.

    However, based on my experience, when someone says "we don't need to worry about vendor lock-in," you can be certain that their project is over-engineered, and filled with every third-party library/gem/module/package/database they can find. Don't be surprised if they are using both MySQL and Postgresql, with Vertica and MongoDB on the side. It becomes so much of a load that they then need to hire a full-time engineer just to keep the codebase up to date as all the packages they depend on keep changing. Is it more work than writing the code yourself? Why not import all of Lodash, just so you don't have to write a single 'for' loop? No, it's not, and then everyone who joins your company has to learn Lodash or Yarn.
    • by hey! ( 33014 )

      I'm curious what you see as the architectural costs of avoiding lock in.

      "Architecture" is a metaphor that people sling around without being quite sure what they mean. There's actually an ISO definition of architecture, but it's super-abstract; what most people mean when they say "architecture" is design patterns and practices, and most sources of vendor lock in are actually anti-patterns.

      • An architect is a stupid term, but we use it to mean "someone who knows how to build software and can assess risks involved." I don't know if that matches real architects. In any case, the risks involved here are, "how long will it take to replace this third party thing if we need to?" and "how long will it take if we try to do it ourselves?" You can escape vendor lockin, even if you committed really badly, it's just a question of how much time, effort, and money it will take. Not sure if that answered the
        • by hey! ( 33014 )

          Designing software is a continual tug of war between the concerns of the present and the future, isn't it? It seems to me the main cost of avoiding lock-in is taking time to think about it in advance -- and time is admittedly precious.

          Unless the principles of operation of a system are somehow proprietary, or the particular way a concern is addressed requires unique vendor capabilities, vendor lock-in doesn't seem to be an architectural matter at all.

          For example Oracle uses its database management system's

          • I'm having trouble thinking of how such a system of forking databases would be useful. It is, however, very true that if you create a feature, someone will figure out a way to lock themselves I the system by using it, even if the feature happens to be useless. AWS Lambda is a testament to that.
      • by Jaime2 ( 824950 )
        Look at the database access layer. You can avoid database vendor lock-in by using an abstraction layer that works equally well for a varied set of database engines - and it's "someone else's" responsibility to keep that set relevant. There may be a concrete financial cost for licensing that technology, but there will certainly be a set of restrictions on the database operations that are allowed in order keep feature parity. There may also be increased complexity in tuning and troubleshooting. Any potential
    • Sounds a lot like a failed startup project I worked on recently, the thing was a stupendous fractal pattern of complexity better suited to be run by a Silicon Valley megacorp than a couple of dudes moonlighting.

  • There are trade-offs in just about everything. One casualty of lock-in avoidance can be innovation itself. It doesn't matter if we are talking about hardware (CPUs, storage, networking etc), or software like operating systems, databases or file systems; the insistence of customers that they won't adopt anything 'non-standard' can derail efforts to build something completely new. After all, who is going to spend time, effort and money to build something that is clearly better than the status quo if no one will adopt it out of fear of being locked in. For example, file systems have largely stagnated for decades because applications refuse to use anything not supported by the POSIX standards. I understand why they do that, but we must realize that there is a price to pay for that.
  • Oh look, a shill pops up to tell us why one of the current cancers upon technology is not a cancer. This crap is why Apple still exists despite their completely woeful product quality as of the last 5 years or so. Vendor lock in has always been about guaranteeing profit that one is not entitled to just because you expect additional sales.
  • In the days when apps are almost a dime a dozen, why is lock in really that dangerous?

    You can simply move to some other platform and spend maybe $20 to re-buy the handful of things you use that still cost money.

    Interestingly this could be the one benefit of a subscription model to software, that way its easy to pay for a subscription to an app that you can use on any platform - so the more apps move to subscriptions, the less you would have to re-purchase at all! Someone was just discussing with me a way t

    • by Bert64 ( 520050 )

      For an end user getting locked into a mobile platform perhaps it doesn't really matter...

      How about getting locked into a messaging platform all your friends are using?
      How about a corporate getting locked in to a system with terabytes of data and thousands of users?

      • I use three or five different messaging platforms that I deal with. Aside from miserable support of phone plus tablet on most, it isn’t that big of a deal. Certain people only use one of them, but being flexible makes it easier to segment things and keep options open.

    • by sjames ( 1099 )

      Data portability.

  • by rbrander ( 73222 ) on Monday September 02, 2019 @08:12PM (#59150608) Homepage

    I worked for a large bureaucracy for 3 decades; while unwritten, the #1 rule of IT was clearly: seek lock-in with the biggest vendor you can find.

    They loved IBM and clung to it to the bitter end. They kept buying actual IBM brand PCs, apparently out of a general feeling that it was better to be under Big Daddy's wing. Discovering Microsoft, the new rule was that if Microsoft had an offering in some product area, that was the automatic buy unless proven otherwise in triplicate.

    • by Cederic ( 9623 )

      No no, you misunderstand. That's not vendor lock-in.

      That's a "strategic partnership".

      It's like vendor lock-in but involves 'benefits' to senior managers.

      • by sheph ( 955019 )
        Bingo. It's never about avoiding lock-in. It's about ensuring the right lock-in that benefits the right people.
    • I was at a company that touted their long-standing gold-level partnership with MS. We had an enterprise platform for hospitals - full MSstack, IE-only, winforms, vb6, .net, SQL Server, etc. etc. Even drank the delicious Silverlight kool-aid.

      Fast forward to when MS announces EOL for Silverlight. Meh, that's 2021 we'll figure it out by then. Then comes 2018. What will it take to rewrite our Silverlight app? 2 YEARS?! That can't be right... let's re-evaluate next year.

      Heads in the sand. To date they st

      • by Jaime2 ( 824950 )

        Whoever decided Silverlight has a future was an idiot. Silverlight was always obviously a "we have that too" bullet-point filler to compete against Flash. Anyone who developed a serious internal app on either Flash or Silverlight deserves what they get. If it was trivial enough to replace, that's fine. But, to build your silo on top of either of those is pure short sightedness. Here's what I find interesting - how much business logic got baked into the front end? That's seems to be the root of the problem.

        • by gosand ( 234100 )

          Whoever decided Silverlight has a future was an idiot. Silverlight was always obviously a "we have that too" bullet-point filler to compete against Flash. Anyone who developed a serious internal app on either Flash or Silverlight deserves what they get. If it was trivial enough to replace, that's fine. But, to build your silo on top of either of those is pure short sightedness. Here's what I find interesting - how much business logic got baked into the front end? That's seems to be the root of the problem. Putting a modern web UI in place of a Silverlight UI shouldn't be a big deal. Converting from Silverlight to WPF should be downright simple.

          "Vendor support" is pretty irrelevant in the Microsoft stack outside of bug fixes. Ignore the fact the Microsoft supports SQL Server and hire someone who knows what they are doing. Consider your support money sunk in bug fixes and new versions. Once again, anyone who thinks otherwise doesn't have the experience to be in charge.

          I don't know who decided it, but they are long gone. And this was not an internal app, it is the one-and-only platform that the company builds and sells, with 300+ hospitals as customers.

          TONS of business logic built into the front-end. Of course, the platform was started 15+ years ago. Short-sighted things happen, as hindsight is 20/20. Someday we'll all be talking about how stupid it was to move everything to the cloud. It's just the evolution of software development, IMHO. The real danger is in not r

  • The goal is to reduce the potential cost of vendor lock-in relative to the cost savings you gain from vendor lock-in.

    For example, you've used spring to avoid database lock-in. Now you've locked yourself into spring, which is infinitely more difficult to get out of than database lock-in. Wrong choice.

  • by passionplay ( 607862 ) on Monday September 02, 2019 @09:01PM (#59150750)
    This is ridiculous. This is a spin-job on the benefits of giving all your business to someone that doesn't show you what they're doing and asks you to just "trust" them. Open source is about transparency. Open source solutions allow you to choose to jump ship. But you can always jump back. Avoiding vendor lock-in does not lock yo into some perceived prison. It's just about a choice. It's about choosing the tools that best suit the job. When a vendor forces you to use their entire stack, you stop having choices. If you want to give all your choices and freedoms away, that's your business. Just don't call it a win when the vendor decides that you have to pay a higher subscription fee and that you have to pay it more often for fewer services.
  • > A simple model can help us get past the "lock-in = bad" stigma.

    This is something that's appreciable. Sometimes lock-in can't be avoided and isn't that bad.

    The worst forms of lock-in I've seen often come about from avoiding lock-in.

    Someone uses some magical mega portable abstraction layer to be able to use any database, except now they're locked into that abstraction layer which offers portability by providing a very limited subset of features, adds massive complexity on all fronts, adds uncert
  • What good is quantifying lock in without actually quantifying cost, which I'd expect to be done for each project phase.

    Example: we choose a language A for our product. ( in choosing langue A it is perfectly reasonable to assess the actual cost of implementation in language A)
    Will it take twice as long? Do you have to pay developers with that skill twice as much? What if it takes 1/3 as longer but developers get paid half as much?
    Which also ties into , how important is your timeline?

    AFTER all the code is de

Whoever dies with the most toys wins.

Working...