Ask HN: Why don't companies open-source the source code of their old products?

It may sound trite, but the real reason is -- why <i>would</i> they?<p>The engineers are all busy working on new things. What product manager is going to say, hey, Fred, take off two weeks and take this random product from 1997 and see if it still builds at all, find the old dependencies, clean it up, talk to legal to see if we still own the rights to (x, y, z), and throw it up on GitHub -- just to expose some of our shoddy programming, last-minute hacks, vulgar comments cursing out other programmers, and maybe even some proprietary company information that we had no idea was in that code base.<p>There&#x27;s no upside, but possibly plenty of unknown downside.

A number of reasons come to mind:<p>1. They might not have the source any more. There&#x27;s a depressingly large amount of software that was created, that no-one has the source code to. It might have been lost in a server crash, it might have been stored on a medium which is now unreadable, or people might have just not cared about it after the product was shipped and who knows where it is now?<p>2. There might be legal reasons preventing them from releasing it. For example, be a software patent covering part of the code which they licensed for their commercial use, but which prevents them from releasing it as open-source. An example here would be Doom 3&#x27;s shadow volume code - the open-source release didn&#x27;t actually include the code that shipped with the game, instead it included a slower (yet not patent-encumbered) algorithm. Unless you built absolutely everything in-house and licensed nothing from anyone else, it can be tricky to work out whether you&#x27;re actually allowed to release the source to your product.<p>3. It might reveal other things that should be private to the company. Often source code has overly-tight integration with things like your in-house version control, or your build system, or other things of that nature. Perhaps your debug build automatically uploads crash logs to your bug tracker, and includes credentials for doing that which were stripped out of the release build? In order to do an open-source release, you need to look through your entire code to figure out if there is anything sensitive there, and remove it (in a way that doesn&#x27;t stop the product working).<p>And finally...<p>4. What benefit does it get them? Gathering up, scrubbing, testing, and releasing an open-source product takes a substantial amount of effort, and hence a substantial amount of money. And you&#x27;d be hard-pressed to see a return on that investment in anything except vague, largely-meaningless &quot;community good will&quot;.

At On2, we open-sourced Theora (initally called VP3) partly because I (the CTO at the time) worried that if the company failed, all our IP would be locked up forever due to complex legal obligations to investors and customers.<p>The other reason we did it -- the reason that convinced the CEO and board -- was that we figured as we developed better products (VP4, VP6 etc) it would be preferable for us business-wise if the N-1 product was free to everyone. Otherwise, inferior competitors would continue to profit by undercutting us on price. It&#x27;s impossible to undercut free.<p>I guess I answered the opposite question -- why do companies EVER open source their old products? The culture of VC-backed and public companies is not especially conducive to making the decision to do so, even with old products.<p>One argument you will hear against doing so is simple: old, free products might compete with new, profitable ones. There is no real business incentive to take that risk.

To OP:<p>How long have you been in development, specifically corporate development?<p>Imagine code with no modern tools or development process and a limited number of people that might understand how and why it was written. Code written under pressure or by overly clever geniuses. Code not under source control with no or little documentation. Code written for companies that don&#x27;t exist or have changed hands numerous times. Archived to media that no one has computers or drives or OSes for...

I don&#x27;t work for a big company, so this is purely speculation, but there could be many reasons why it&#x27;s not done.<p>* Documentation Time<p>If you&#x27;ve got a big project, it could take weeks, even months to properly document some software to a position where it could be used by someone outside of the company. Sure you have your internal documentation but it can often be incomplete, or make assumptions that the person reading it knows about other bits of the company.<p>* Deployment<p>Big projects will often use very specialized hardware, software and environments, to the point where it could be nearly impossible to deploy outside of the company. It could depend on internal services that can&#x27;t be open sourced because there still used, or are an important part of the business. Take Google Reader, yes it would be nice if it was open sourced, but internally it probably uses services, databases, APIs specialized just for Google, it&#x27;s probably been optimized to work on Google&#x27;s hardware, with their webserver, with their OS build etc.<p>Reddit is another example of this, Reddit&#x27;s code is open source, and while it can be deployed, it&#x27;s not easy. This seems mostly because it&#x27;s been built to work on a very specialized set of software versions, and in a very specific environment. Larger open source projects tend to be tested on a multitude of environments, with applications only deployed or built internally, there&#x27;s no point because you can very accurately control your environment.<p>* Some of the code is still used<p>Some, or even big chunks of the code could still be being used in current software. If you&#x27;ve got a library that&#x27;s particularly useful, you might keep using it. If it works there&#x27;s no point re-writing it just for a new project.<p>* The code is very bad<p>We all know it happens, a project contains terrible code, bad bugs and maybe even security issues, they never bothered getting fixed because they were never noticed. Given the opportunity to look through the code people might pick up on these issues and it would look bad on the company.<p>* Open source is complicated<p>Open source seems to come along with a whole host of fun things to deal with, GitHub issues, ranty blog posts, forks, copyright, licenses can all get a bit complicated. Even if it&#x27;s old software that isn&#x27;t used anymore you probably need to do some degree of management before things get too out of hand. Even a single tweet can have a big impact on a company, or a products reputation, so particularly at larger companies they&#x27;d probably want it managed in some way.<p>Anyone else got anything to add?

If you&#x27;re talking about games then the answer is licensing. There are a zillion licenses around the audio stack, the video stack, perhaps the game art or the game characters etc etc. None of that licensing allows you to release the source code (and thus the source material) to the public.<p>For non-games it can also be about licensing (or as others have mentioned providing evidence that you used code in an unlicensed way) or about support (nobody wants to answer questions about the code).

-legal problems (licensing, liability)<p>-proprietary technology (ie Google Reader hooks into Google backend extensively)<p>- Cost of getting it ready for open source (usually a large sunk cost already)<p>- They may still make money out of it in the future (ie selling old games with emulation)

Software products usually have some 3rd party components in there, and they can&#x27;t release the code for them because they don&#x27;t own the copyright. This is the #1 reason why OS&#x2F;2 can&#x27;t be open-sourced.

Probably because projects which were not designed to be open source rely on too many internal systems to be worth open sourcing.<p>The google feedback tool springs to mind, the google engineer that made it is working towards open sourcing it but because it want created with that in mind it is taking ages to remove its dependency on loads of internal Google stuff.

Because it is not how open source movement works.<p>The big idea about open source is that if you&#x27;re making something useful for many other people and if it is sane, readable, manageable, then you will get lots of feedback, testing and even patches with bug fixes and improvements.<p>This is the story of nginx - when it was open sourced, people found it useful for themselves, and then they start using it, which leads to the extensive testing, fixes, patches, etc. Now it has several forks, including tengine.<p>The other story is the story of RedHat at times of RHEL4. They decided that they will maintain their own set of patches for kernel and glibc. Eventually kernel&#x27;s src.rpm contained a hundred of patches. This was a mistake, because they should send those patches into main tree instead, and, if patches proven to be correct and useful, they would get feedback and testing and code reviews for free. As far as I remember, they did so with RHEL5.<p>There are another important stories about how community ceased to improve open source projects after they being acquired by big companies - no one wants to improve other people&#x27;s property. MySQL and Xen were the most well-known examples.<p>So, there is no use to open source anything which no one need, except, may be some hobbyists and marginals.

These are all very good reasons posted below, but I believe that the most important reason is corporate mindset . The powers that be - mostly old-hands- view software as physical &quot;property&quot; and unwilling to let go. Sharing it is seen as sacrilege! Also is seen as providing competitors a peek under the kimono and giving them an advantage.<p>It is the same reason that many pharmas don&#x27;t release the data of their failed trials. How much better the world would have been had we had a commons of the failed drug trials. <i>sigh</i>

Software is written scratch, while the products like the GameBoy are made from dozens of closed source components. Sharp owns the IP on the CPU. What could they open source in a GameBoy?

Why would they? There&#x27;s plenty of downside and not much upside?

In the case of something like the Gameboy, Nintendo still profits from selling old software for that platform, emulated on their newer consoles.<p>The more interesting question is in the cases of businesses that fail. Though I can&#x27;t imagine this happening, it would be wonderful if the law specified that if a bankrupt company is liquidating its assets and cannot find a buyer for its source code, that it be open sourced.

I hope I dont sound like a goofy idealist but... All of these issues (rightly) point out that the major barrier to open-sourcing is cost. Doesn&#x27;t this seem like a very effective use of kickstarter? However, I can see just negotiating with a vendor of legacy software could be a lot of work and require a good bit of technical know-how for a volunteer on kickstarter.

I agree with this. I think that even products that aren&#x27;t core to a business could be open-sourced. Twitter is a great example of open-sourcing code that is not critical to their core business. I think it&#x27;s a great way to give back as well as helping your company get notoriety.

There is only one success story I can think of where open source revived a faltering product: Eclipse.<p>I suppose the conclusions from that can be quite open:<p>a) It doesn&#x27;t happen often enough to know how effective it would be<p>b) The product has to be useful enough to attract a community to maintain it, which might be a rare condition

There are quite a lot of reasons, but these come to mind first:<p>There&#x27;s a shockingly large number of projects out there that use &quot;borrowed&quot; code. This is in the sense that they may use code from open source projects (and didn&#x27;t distribute the code back as stipulated in the license), code that they&#x27;ve inherited from other companies that may or may not have been part of a legal acquirement or through the much heard &quot;Corporate Espionage&quot;, which sounds sexier than it really is.<p>Usually, it&#x27;s just an intern or someone else who finds out the default password to source control and&#x2F;or CVS server and sends out a few feelers to someone interested. Next thing you know, he plugs in a thumb drive and now he&#x27;s a free agent with a plane ticket and fancier watch.<p>Early games especially were like this since being <i>first</i> often meant being successful at courting investors (this was before the video game crash of &#x27;83).<p>Source: I once did a freelance job ages ago where the dev team manager, who used to work at a gaming company, freely admitted that it happened quite a lot in the industry. Maybe it&#x27;s still happening.<p>Then there are cases where the source is outright appalling in the number of hacks, re-hacks, back-hacks and any number of ducktape and hope holding libraries together. No one of sound mind would ever let anyone else see that mess. Let alone give the impression that some of that code survives in some form in modern software.<p>Can you imagine how many vulnerabilities exist? For all we know, it may be possible to do a lot more than install Linux on a Gamecube. <a href="http://www.gc-linux.org/wiki/Main_Page" rel="nofollow">http:&#x2F;&#x2F;www.gc-linux.org&#x2F;wiki&#x2F;Main_Page</a><p>Of course there are also the times where &quot;works of art&quot;, as it were, are lost to history. As jbri said, there are times where large projects often are destroyed for silly reasons like crashes or even recycling.<p>I&#x27;ve bought several used hard SCSI drives back in the day on eBay that may have belonged to one such company (SCSI was expensive, yo!) I have no idea what the project was or what I may have in my hands, but it looked like a whole lot of assembly, a bunch of esoteric C (which might as well be assembly) and some proprietary language code, that resembles a cross between Pascal and Python to my untrained eye, and I don&#x27;t think anyone outside knew how or where to compile.<p>Now did they copy this stuff before selling it off? Who knows. This was after the dot com crash, so I have no idea if even the original owners were involved in the sale since many of those companies&#x27; assets were liquidated in a very short period of time. And we know how delicate they can be when money is at stake.<p>Then there are issues with licensing (kinda related to the first point) and already mentioned by people here. Open source, as samarudge said, is complicated. If your legalese isn&#x27;t kosher, you can expect to lose a buttload of cash in a lawsuit(s) even if you win. Especially with the threat of patent trolls around, you can bet fewer companies are willing to risk OS-ing their code.

Hardware too! We should have the original hardware for our childhood game consoles running in FPGAs! One FPGA with NES, SNES, Master System, Sega Genesis, Atari...

Because someone else could update that old product and start competing with the newer version.

Google Reader may come to mind..

Why don&#x27;t you start a web-service to help companies opensource products?

Embarrassment

They&#x27;re morons not to.<p>Word of mouth in appreciation of a good deed or good product is the most compelling sales pitch you&#x27;ll ever hear.