What's So Precious About Bad Software?

David Gerard invites to read Carla Schroeder from Enterprise Networking Planet, who gets down to the real reason why companies want to keep their code proprietary, with examples. Quoting: "We are drowned in tides of twaddle about precious IP, Trade Sekkrits, Sooper Original Algorithms that must not be exposed to eyes of mere mortals, and all manner of silly excuses. But what's the real reason for closed, proprietary code? Embarrassment."

kinda true

[sdedeo (683762)]

As a scientist, I write a lot of code to do things that other people have already done. I sometimes think about "releasing" it -- informally, without a license, just on a webpage or something. But it really is embaressment that holds me back -- it's poorly documented, full of hacks, and basically inelegant.

I remember as an undergraduate suggesting to my advisor that I release my (actually rather pretty) code that I wrote to do general relativistic raytracing around neutron stars. His response? "People will not understand your code, they will misuse it, and then they will blame you when it gets them in trouble." You might expect someone who's doing raytracing around compact objects to not be so silly as to do something like that, but I think you'd be mistaken: I know I treat the few publicly available codes in my field (e.g., camb [camb.info]) with great disrespect, bitch all the time, and generally am part of the large community that makes it far more trouble than it's worth for the poor people who worked so hard on it.

Re:kinda true

[irtza (893217)]

I agree with your sentiments as well; however, I got over that sense of embarassment. I am not a computer scientist by profession. I write code to accomplish a task I wanted to do. The code is largely funcional, but may break around end cases or often has poor exception handling. Every now and then, I'll go back and clean some code up. I decided that there may be people who are willing to take this code and fix it up, or maybe somebody who can't program is looking for something quick and dirty to do what I have already done. For this reason, I released a substantial number of my programs as a single package on sourceforge. Some functionality is redundant to other projects, some is not.

Heck, I just realized I could recruit people here ;) if they are willing to help.

Re:

[sdedeo (683762)]

I'm not sure what field you're in, but mine is small (at most 10,000 people, but actually much less.) Giving away code -- it carries with it responsibility, in the sense that if you do give away code people think you are saying "I am so cool that what I have done is better than whatever you haven't released." Sort of like, I don't know, the difference between keeping a diary and publishing a diary on livejournal. It generates problems.

It might be something to do with the bizarre psychological fact that p

Re:

[irtza (893217)]

intersting thoughts. I am in medicine; however, only a small fraction of the programs are related to medicine. I have in there general utilities that I have used for mass conversion of file formats (usually one text file format to another), or to allow me to get access to datasets others have published.

Some of the programs are for personal use - such as to automate the creaation of a photoalbum for web publishing.

I just don't see the problem with letting people know that I am not a good programmer. I have

Re:

[sdedeo (683762)]

Interesting. Releasing code unrelated to the core field seems fine (I may have done that myself, including little "bug fixes".) It's when you come to release code that does something related to your core competency that things become problematic -- people could use it to (unfairly) judge your work.

Re:

[j-pimp (177072)]

I'm not sure what field you're in, but mine is small (at most 10,000 people, but actually much less.) Giving away code -- it carries with it responsibility, in the sense that if you do give away code people think you are saying "I am so cool that what I have done is better than whatever you haven't released." Sort of like, I don't know, the difference between keeping a diary and publishing a diary on livejournal. It generates problems.

I guess it really depends on the nature of the code. My pet open source project (see sig) has gotten hardly any feedback. I have a trickle of downloads, usually 2-8 a day, one anonymous bug report and some feedback from the author of UltraDefrag after I contributed documentation to his project. So the problem I've had with open sourcing my code is that no one cares. This is probably partially due to the fact that no one wants a SQL front end to MS Access databases and there are better frontends to SQLite.

Re:

[BronsCon (927697)]

I would have moderated parent as insightful, but I prefer to comment and elaborate. There may be an advantage to releasing your sloppy code. Someone might come along, clean it up and show you what was wrong with it. Sure, that code isn't going to get you any job offers. The next program you write after learning how to make pretty code might, though.

Re:kinda true

[letxa2000 (215841)]

But what's the real reason for closed, proprietary code? Embarrassment."

Oh, please. That's got to be the goofiest premise I've seen in a long time.

Code is kept "secret" because the companies, rightly or wrongly, think it gives them a competitive advantage. Heck, some companies should be embarrassed about the appearance of their product, do you really think some suits care about how it looks on the inside? Does Coke keep its formula secret because it's embarrassed or because it wants to make its product harder to copy? Same goes for software.

Heck, many open source products are no beauty to peer into, either. The code is so nasty that the argument of "If you don't like it, you can fix or modify it yourself" is reduced to a smart-ass comment with no real validity. Modify that code? First you have to be able to understand the mess. Unless you've been responsible for the mess from the beginning, or have a lot of time to invest in figuring out the mess, good luck with that.

Re:kinda true

[Kadin2048 (468275)]

Code is kept "secret" because the companies, rightly or wrongly, think it gives them a competitive advantage.

I'm not saying this is never true, in fact I think it's probably the case more often than not. But at least in some cases, I've known/seen companies who have indicated a willingness to open-source their code -- meaning that they've thought about the competitive aspects and realize that it's not going to hurt, and might help, them -- suddenly drag their feet at the last minute, or spend months or years "preparing" to open-source their code. I think this is directly related to embarrassment over the poor state of their codebase.

I think there's a feeling that in order to open-source something, you have to have it all wrapped up in a neat little bundle, that you can't just take last Tuesday's CVS checkout and dump it onto a web server somewhere as a tarball, even if that's what the community really, really wants. (A dirty tarball today being better than a slick project and a wiki and everything in three years.)

I've actually seen this happen; you can get management on board with the OSS concept in the abstract, but when it comes to actually giving out their code, and they start feeling like it might make them look bad ... suddenly they clam up and come up with excuses. This is most apparent when the code being considered is abandonware or otherwise dead, and the only effect it could possibly have is to hurt a competitor; companies (and individuals) are paranoid of the damage to their reputation that messy code could have, particularly if lots of insecurities or design flaws are exposed.

Re:kinda true

[mcrbids (148650)]

I've known/seen companies who have indicated a willingness to open-source their code -- meaning that they've thought about the competitive aspects and realize that it's not going to hurt, and might help, them -- suddenly drag their feet at the last minute, or spend months or years "preparing" to open-source their code. I think this is directly related to embarrassment over the poor state of their codebase.

Yep, here I am. I'm a CTO of a rapidly-growing software company. Our big money maker is a product initially conceived as a "quick project" of a few months' duration and was given similar consideration on design and construction. But it worked! It solved a need at a level that was unanticipated, and now, 4 years later, is satisfying 20x the dataset and 100x the customers originally envisioned.

And it was not originally designed for this level of scale.

So, going from a single, solo software engineer, to several programmers, (and growing fast) and developing a rapidly growing suite of products in a rapidly growing company, the cash-cow project remains, alas, solely in my hands.

Does the product work well? Yes, at least, reasonably well. Users routinely rave about how much time it saves and how it's improved their professional lives. It works well for the problem it solves and the problem is not met effectively by any competitor.

But, the dirty secret is that it's simply inelegant. It's a bunch of not-well-structured code only organized by a sloppy ad-hoc naming convention and riddled with minor bugs that are fixed quickly and distributed well, but shouldn't exist in a better design in the first place.

And, once saddled with the code, Code Inertia takes place [kimbly.com] and it becomes an exercise in how to move to something more sane while doing the following:

1) Keep the customers happy through multiple upgrades that don't appear any different than original. Introduce features that are obvious just fast enough to make it all seem worthwhile!

2) Keep the additional costs of development inline with "maintenance level". This cuts the rate of improvement, and also increases the amount of inertia accumulated with #1, since #1 is written to the "old way".

3) Improve the codebase enough to provide meaningful results demonstrated to the august powers, (this means ROI) and

4) Clean up the kludge enough to allow for improved pace of future development. You want to get rid of all the uglies, but there are so many since a few of your original, naive assumptions about the problem were simply wrong.

It's a hard row to hoe, and there's a bit of a "loan" being made, where design decisions early on made to shortcut development woes carry a long-term burden, almost like an interest rate. Since the company has passed the million-dollar-a-year stage, arguing about those original decisions is pointless; the only thing to do now is to figure out how to take what you started with and make it do what you need it to do hereafter.

I've been working for over a year on a basic design decision change that will close out lots of badness and produce almost an order of magnitude better data integrity. Since starting the project, we've almost tripled in client base, and yet I won't be done for at least another year, if ever.

I suppose the argument is moot - if I hadn't come up with the original product in time, the whole business would have failed. The company, then on the rocks, would have closed, and it would all be for naught. But, with the compromises made, it can be amazing just how badly inertia sets in.

Moral? Write the best quality code you can within the budget you have. Always. Because you'll live with a significant percentage of whatever you create, and the future costs of change may well be orders of magnitude more than your initial cost of creation. And you'll never quite know what it is that you end up living with.

PS: While it might sound like I'm complaining, I'm not! I'm living the dr

Re:kinda true

[DudeTheMath (522264)]

In the field my employer works in, namely, financial software, we are mostly competing with our customers. What we do isn't necessarily hard, but is complex. We've put years of experience into the software. Any of our customers is trying to decide whether to do these calculations in-house or farm it out to us. If our source code was readily available, we'd get a lot of "Thanks, but we've got what we need now!" instead of sales. It's not proprietary algorithms, it's not trade secrets, it's simply the thousands of programmer-hours that have made an intricate piece of software what appears obvious in hindsight. We do occasionally release the source under an NDA for a customer with an odd platform we can't provide some kind of object module for, but that's certainly the exception. We aren't embarrassed by the state of our code; we just want to make sure we're paid for the work.

Re:

[rucs_hack (784150)]

I'm in exactly the same position. I'll be obtaining my phd in a few months, and I planned to release the full source code for my work, which amounts to over ten thousand lines of code (machine learning and EA's in my case). It all works, and what it does is pretty cool. However code written over three years, haxxed about, experimented with and cannibalized at times to make utilities does not in fact make a nice release candidate.

There ought to be an open source project to clean up research code and make it

Re:

[rucs_hack (784150)]

the most likely event would be that I release the code, people look at it who are interested in the algorithms, they recoil in horror, and my reputation drops.

If there was a place that *expected* shitty research code I wouldn't mind, but I have a current open source project that I wouldn't want tainted with the bad coder rep my research code would likely generate.

I've got a fully working temporal neural network sat in a deep directory that I'm sure someone would like, if I can tidy it up first. I've not fou

Re:kinda true

[Maurice (114520)]

Years ago I posted the source to a neural net implementation that I did while in school. It was a very simple one with just regular back propagation, and the code was documented with examples. Soon after that I started receiving all kinds of email asking for help with the code from people clearly trying to use it to do their Comp Sci homeworks or projects. I started out with courteous and helpful replies, but at some point people ask questions which really have nothing to do with the software (and more to do with whatever that person is working on) -- to the point where they are wasting your time and you have to cut them off. Then they get annoyed and start insulting you.

Re:kinda true

[ratboy666 (104074)]

Way back... way, way back...

I developed a system that decoded phototypsetting codes, and imaged onto a laserprinter.

I wrote the software using Borland Turbo Pascal, 8087, so it required a math coprocessor. One of the sales reps aquired a 286 laptop that didn't have a socket for a coprocessor, and wanted to demo the software.

I used Borland Turbo C to do a quick hack to emulate the 8087. Worked fine, but I didn't want to support it. Still, it was (somewhat) useful, and I released it as a hack (emul87 on simtel).

Fast forward 8 or 9 years... I got a call from someone claiming to be a "consultant", who had a client using emul87. Apparently, it didn't work on a new machine! And if I didn't fix it RIGHT AWAY, I would be SUED!

Of course I told him to take a flying fuck at a rolling doughnut -- and he went away.

So, this stuff happens. Go figure.

Re:

[budgenator (254554)]

Considering that one of the major foundations of scientific method is repeatability, so to me not releasing the source code is like getting your data through divne revelation.

Two reasons...

[Kjella (173770)]

1. What others don't know, won't hurt you. Any improperties in the code, any patents violated, any sarcastic remarks in the source - if you don't release source, they won't see it.
2. If you can't see it, you can't take it. Most companies would like to get paid, and the honor system is short on honor. One thing is corporate software - but are you really going to go into people's houses and see if they have a pirated version of Photoshop? Not going to happen, so they design up all sort of serial numbers and activation and whatnot that's incompatible with showing source - you'd just comment out those bits.

Re:Two reasons...

[ShatteredArm (1123533)]

I think #2 would be the major reason here. It's not just to hide "bad code". Why would you put all kinds of money and resources into your work, just to have someone else take it and profit off it after just a few tweaks? It's like asking, "Why doesn't Coca-Cola release their secret recipe?" Is it because it's bad?

Coca-Cola's secret recipie

[Jeremy_Bee (1064620)]

Why doesn't Coca-Cola release their secret recipe? Is it because it's bad?

Coca-Cola's "secret recipe" is basically just to add massive amounts of sugar.
McDonalds "secret sauce" amount to mixing ketchup with mayonaise.

So, Yes. Part of the reason for these kinds of secrets is that they are "bad" in a sense.
At the very least, it would be embarrassing to the companies in question to have stuff like this spelled out. :-)

Re:

[fyngyrz (762201)]

code is protected by copyright law

So are music recordings. And we all know how well that's worked out, right?

As an earlier poster said, with precise insight: "The honor system is short on honor." We know this. There is no possible doubt about it. And with open source, it only takes one person to steal something in literally seconds that took many years to develop and hone. This is the reality that commercial developers have to live with.

Speaking as a closed-source, commercial software vendor, I

Re:

[msuarezalvarez (667058)]

code is protected by copyright law

So are music recordings. And we all know how well that's worked out, right?

Hmm, how? Have all artists starved to death, production and distribution companies collapsed, and is music no longer being created and played because the economic incentive has disappeared?

Re:Two reasons...

[Unoti (731964)]

What's stopping them from compiling the important our-eyes-only stuff into an executable and putting the rest of the magic in a library which is released?

More improtantly, what's there to motivate them to do that? It's extra work for development, extra work for support, longer time to market, more risk of malfunction compared to just writing the code naturally. And what's the benefit? If I were managing a programming that wanted to do that, I'd ask him what the benefit is for this extra work and complexity, and if he didn't have an answer, I'd tell him to focus on what's important and get this product out the door without goofing off.

Re:

[WNight (23683)]

I get your point, but modularizing your code is hardly ever a waste.

Technically it's usually a win for complexity alone - two smaller pieces are easier than one large one. But then there's the benefit that once all your heavy-lifting is nicely wrapped up, you can start coding the rest of your app in Python or something much nicer than C/C++.

It goes back too...

[iknownuttin (1099999)]

American Airlines and their Sabre booking software. AA had a tech edge back in the 70's with their software. Other airlines actually rented, not licensed, AA's software.

In a nutshell, I think corps think that their software is soooo competitively important, that they don't want to release it - regardless of how bad it is.

Re:It goes back too...

[darkmeridian (119044)]

Sabre was crucial technology that kept AA at the head of the pack. The system was quick and assigned the quickest available flight to each passnger. Sabre began as a military system for assigning interceptors to incoming targets, but there was clearly an application to assigning passengers to planes. Sabre eventually got spun off into its own company. Travelocity is based on SABRE technology.

Another reason for secrecy is that SABRE was used to manipulate rankings to favor American Airlines flights over others. This eventually got outlawed by the federal government as unfair competition.

Often companies can't release it for legal reasons

[AaronW (33736)]

A lot of software contains proprietary libraries or other pieces of software provided by 3rd parties, which they are not allowed to distribute. It can be a huge job to strip or re-write those libraries, like what Sun had to do with Solaris, and if it's old software, it just isn't worth their time.

Been there. Seen that. Got the T-shirt.

[thatskinnyguy (1129515)]

Some of the proprietary code that I've seen is like a beater car:
-Held together with duct tape and bondo
-Only works by the hand of God
-Looking at it is an example of several works in progress from several different people

Yes. Companies that do that have a right to be embarrassed.

Then again, I've seen the other side of the spectrum where the proprietary code is "SOOPER" efficient and works better than any out of the box solution. Isn't that why you do things in-house to begin with?

Re:Been there. Seen that. Got the T-shirt.

[dc29A (636871)]

It is much worse than that in my opinion. I had to recode many parts of this ancient yet very important financial application. You wouldn't believe the horrors in that code. Goto galore, single threaded server components, buffer overflows and whatnot. However, that was nothing compared to the plethora of security deficiencies. Database root user with blank password for one. Absolutely no auditing. Everything sensitive transmitted in clear text. Insane amount of business logic bugs. If this company releases this source code, it closes shop next day because people would realize how insecure their software is.

Another application I worked on, had vendors dictate features and managers (without any technical background) gave us encryption routines. Worse than hacks, retarded XOR and shift routines that a 2 year old could crack. These same managers have used really badly coded RadioactiveX components made for browsers as a "high performance" server component. And of course they wonder why their servers can't take any load.

Embarrassment is probably a good reason why companies withhold source code, but I think it's more the fear of losing business over extremely shitty and insecure software is their primary concern.

"Trade Sekkrits, Sooper Original Algorithms"

[rueger (210566)]

God. My question is who would want to attribute their name to juvenile mis-spellings of common words like that. Really, there's no secret why commercial operators would keep their code secret, no need for speculation. It's a business! If you can do it, and your competitor can't, then you make money and win.

Re:"Trade Sekkrits, Sooper Original Algorithms"

[Sique (173459)]

I wonder why SAP is still in the business of ERPs then. SAP's R/3 code is open (but not freely distributable). If you are interested in the inner workings of SAP's R/3, log in with developer priviledges (or just SAP*), fire up the R/3 builtin debugger and look how the code is actually working.

Yes. You can build a successful business with proprietary code and still show it to the world.

Duh

[styryx (952942)]

It's obvious why code is closed source; it's a security matter. You seem to be forgetting ignorance is strength.

(No, really, it was all sarcasm.)

Don't forget NIH syndrome

[$RANDOMLUSER (804576)]

Then there's the Not Invented Here effect. Need B-trees? Don't buy a third party implementation, 'cause that costs money, and don't use an open source one, 'cause it's encumbered with GPL, just write your own b-tree library. Of course, it's not as pretty and bug free as the other implimentations, but it's OURS; and yeah, it would be embarassing to let other people see how crufty it is. I think this is one of the secrets of Java's popularity, most everything is built in already.

Re:Don't forget NIH syndrome

[fyngyrz (762201)]

It it were only happening with B-trees. I have seen projects that even ignored libc, and had their on memory management, special logging and tracing routines

We have our own memory management; we do it because it allows us to ensure that there are no memory leaks, anywhere, ever. We have our own linked list management because it is a fraction of the size of the alternatives and does exactly what we need. We have our own file dialogs (and treeview dialog logic) because the OS offerings were buggy for almost a decade. We have our own JPEG routines because we need to load all manner of proprietary and oddball JPEGs. We have our own tree structure code for our ray tracer, particle systems and so on because we can make really big trees and unless we control the memory allocation, the tree becomes too fragmented in memory for it to be handled efficiently. I could go on like this for quite a while. In short, though, there are some very good reasons to skip over the canned solutions. And that's assuming that the canned solutions work perfectly, as described.

When one of your operating platforms is Windows, you either learn to do for yourself or you end up with a buggy application, because Windows itself is prone to long term unfixed (and sometimes unfixable) problems. Write your own code and you can eliminate the problems. That's a pretty strong motivation.

Code in libc may be hard to beat when it comes to doing what that code does; but who is to say you need exactly what libc offers? Memory management is a good example. We require firewalled memory boundaries, cumulative usage tracking by routines and by blocks of routines, named memory groups, live overrun detection, dead pointer detection, real-time and post-run logging. And the code has to be really, really good... if there's a bug, we can't wait for the libc maintainer(s) to fix it. With these kinds of needs, pretty soon you end up writing code. It's pretty straightforward, really.

There's a competitive advantage, too. If a bug is found, your turnaround time can be measured in hours if it is in your own code. For every bug that turns out to be a consequence of an OS or otherwise "not your code" library, bugfixes are much more likely to take longer or simply be impossible. Example? We can process streams of image frames. MS's file dialog let you select many files at once. Seems like a natural fit, right? Click on one file, shift click on another, you've got a block, we should process them. Winner! Well, yeah. But.

If you selected more than about 100 files, MS's file dialog would fail to properly terminate the returned file names, and cut off the last one arbitrarily. Leading to all manner of things, not the least of which was not the behavior that the user was trying to achieve. But wait, there's more! Unless the customer, completely unintuitively, selected the last file first and the first file last, the files would be provided to us by the OS out of order. So? (I hear you thinking.) Just process them in the other order, right? Well, yeah, but the first file in the list we got would be mangled in the natural order. And besides, it wasn't the first one the user selected, just a mangled file name somewhere around number 100 or so. What a mess.

We complained to MS for years about these things without result, until I had simply had enough and wrote our own file dialog. End of problem. Now it just works. Plus, since I was writing it anyway, I did it so the file dialog offers tree views, thumbnails, properties, regular expressions, file management, clipboard tricks, you name it.

No, it wasn't perfect first time out the door, but within a few weeks of release, the customers had ferreted out the weak points and they were all fixed and the working application was back in the customer's hands. I haven't seen a bug report on the file dialog in years now. But if I do... I'll put that bitch down like a KKK'er at an MLK rally.

It isn't wasn

Code Paranoia

[edibobb (113989)]

Most companies who protect their code don't need to worry too much about it. It would take their competitors as much time to steal their code as it would to write new code. Analyzing a "foreign" project and then integrating it into another usually takes a lot of time. And then, the result would probably not be as good as new code. There might be some "ahh... so that's how they do that!" moments, but probably not worth the effort of stealing and analyzing the software. The main reason I would protect code would be to prevent lawsuits. Someone could analyze the code, find flaws, stage losses, and sue. Even this is pretty unlikely in a medium-to-small sized company.

Obvious?

[dracocat (554744)]

Well, we invested a lot of money and resources to get the product written so that we could make money from it.

If we publish it and another companies takes it and uses it to make a competing product we will make less money.

Do we need another reason?

Intellectual bugs

[by Anonymous Coward]

Having worked for a large stupid company, this really rings true. We were a startup with a product that did X. A big famous large stupid company bought us and said, ok, we want this HUGE thing Y that does this and does this and does this and does this- and it has to be built on X (because it was "prestigious", although it did NOTHING similar) and totally integrated with it and the Y data types have to be completely intermingled with X data types so you can transfer objects from the context of X to the context of Y seamlessly. (I have to change details to protect the guilty, but imagine that X was a raytracer, and Y was a vote counting system.)

So we basically spent a year fucking up X into a conglomerate X-Y system, and ended up doing all sorts of horrible things to get it done on time ("fooling" old code, etc.) And I found out for myself how disheartening it is to be ordered to do something hopeless that makes no sense. Meanwhile we discovered that the sales guys had been running around for months promising a system that did X and Z, and that it would be ready next month. They called a meeting. (This is one thing they were good at- scheduling meetings.) They said we need to combine X, and this "Z" we've been promising, into one product. (Z would be a missile guidance system.) X was "prestigious", Z was the hot new thing, and Y was going out of style (denoted henceforth as "y", lower case). Only two customers used y, but they were IMPORTANT ACCOUNTS.

So there's a panic where everyone is trying to convert X-Y to X-y-Z (something nobody in their right mind would want), in the absence of any specifications at all. ("You guys are smart! Tell us what we want it to do!") And it's getting nowhere and bugs are starting to appear in X and people are using old versions like with XP and Vista. So much time passes that we could have written Y from scratch and Z from scratch without fucking up X at all. (I'm simplifying things somewhat, because I ran out of letters- there were a few more after Z.)

Right in the middle of it all, they pulled everyone into a meeting with patent lawyers and demanded that each of us produce a list of all the intellectual property in the application. The top 20 most patentable things.

What do you write? "System and method to cope with your incompetence?" I shudder to think that they might have filed a patent that prevented someone from doing something worthwhile, but I doubt they found anything they did that anyone would ever want to repeat.

Look at the losers and you'll see ... losers

[kscguru (551278)]

This blogger did something quite insidious and quite stupid: she chose only examples that support her claim. Let's look at all her ugly/evil/l3me closed-source whipping boys:

Diebold

The poster child for make-a-buck quick. Diebold saw a "need" for electronic voting software, lobbied a few politicians to get sweetheart deals, and came up with substandard, shoddy software. Same moral as always: you get what you pay for, and the gov't paid for the lowest bidder.

Samsung's Linux rootkit

So Samsung wrote some truly crappy Linux drivers? Well, Samsung's printer driver looks like it was written by a college intern on his first assignment - which probably means it was written by a college intern on his first assignment. Do you really thing Samsung is going to assign their best developers to writing a Linux driver, especially when Linux folks will just reverse-engineer it anyway because they don't like something about it? No, Samsung is going to give the project to the lowest-level code monkey they can find. OF COURSE the code looks crappy.

BIOSes

Did you know there are exactly two major BIOS vendors out there? That there are no more than a hundred or so professional BIOS developers in the world? Yet there are more copies of BIOS software out there than Windows; everybody expects BIOS to support new whiz-bang features (boot from USB, PXE boot, boot device ordering, processor errata, microcode updates). There simply aren't enough people to make BIOS code look good. BIOS programming is hard - harder than writing a kernel. It's understaffed, and the code quality shows. You think BIOS vendors stick with BIOS because they want lock-in? Ha. How about they don't have enough people to create a replacement, they are too busy patching up last year's code with this year's features.

Netscape

Yup, the Netscape codebase is an ugly mess. You'd think they implemented features without planning months ahead, almost like they were competing with some other major web browser ... the Netscape mess is a result of competition. I know enough former Netscape engineers to know they don't write crappy code. But when your schedule gets cut from 1 year to 3 months to compete with Redmond, crap will result. Remember, Open Source has the luxury of not having schedule competition - if a company delivers a feature late, developers will find themselves out of a job.

StarOffice/OpenOffice

Isn't the revisionist history here fun? Do you really think Sun was proud of the StarOffice codebase? No, Sun released it because the Open Source community begged for it (and Sun was the most likely to give in), and Sun wanted an office suite competitor to have SOMETHING to start from. No one ever claimed StarOffice code was any good; the only claim here is that StarOffice was better than nothing. You think Sun's best engineers worked on StarOffice? No, they worked on Solaris and Java. (With apologies to anyone who did work on StarOffice.)

So... we look at five projects that have every right to contain crappy code, and therefore conclude that companies keep code closed to hide crappy code? Pick crap and you will see crap. How about some successful projects: Microsoft Windows (kernel), Adobe Photoshop, VMware?

Different Approaches

[quo_vadis (889902)]

Another thing to consider is the fundamentally different mentalities the two camps (open source vs closed source) have. For closed source, all that matters is shipping a working product. So what if it breaks if you have more than 4GB of RAM or your directory naming convention must be exactly so. The open source approach on the other hand tends to be we wont call our product done till the code is perfectly optimized for all systems from a VAX to a Blue Gene. Also, one must consider that individuals and companies are at different ends of the spectrum when it comes to reasons why they have not released code. For individuals, there is personal criticism from programmers about their code. But, one has to keep in mind that not all individuals are programmers. If a recent physics PhD chooses to release the code he used to process output of his high energy particle physics simulations for his thesis, he would be heaped with scorn for spaghetti code despite the fact the code accomplished its primary purpose (get enough data to get the guy his degree) and did it in a reasonable time frame. For companies, there is simply a strong sense of possessiveness. They are loath to give away anything; including code for products they dont use or support anymore.

Soooo True

[SolitaryMan (538416)]

At my previous place of employment this reason for keeping software closed was actually named several times by different people.

Ridiculous article.

[rjh (40933)]

The proposition here is "upper management knows the code is a mess and is embarrassed by it, so they insist on keeping the code closed."

Who here thinks upper management knows what code looks like, at all? Not bad code, not good code, but code, period. Does anyone really believe that the executives who make policy decisions about whether to release code are in any way qualified to comment on code aesthetics?

Hell, I think most programmers are unqualified to comment on code aesthetics. For a lot of people, programming is just the daily grind. People who actually put their heart and soul into crafting a piece of mathematical art are very rare. So if management can't recognize good code and an awful lot of the IT department is apathetic to good code, how is it possible that the decisionmakers know enough to be embarrassed by the code?

And if we can realize this in just ten seconds of thinking, why didn't Schroeder think of it herself?

As near as I can tell, the reason why companies like closed source is very simple: it preserves the asymmetry of information necessary for their bottom line. A free market depends on both parties knowing the product being bought and sold. When you buy a new car, you can read Consumer Reports, you can read Car and Driver, you can read any of a dozen specialist automotive rags that will tell you in excruciating detail what a certain car's dual overhead cam configuration means in context of their competitor's choice for a single overhead cam. The buyer has complete access to information, and that puts the buyer in a position of strength.

Asymmetric information, where the seller knows far more than the buyer, puts the buyer in a position of weakness. If the product is a black box, then you can't really get an informed independent critique; you have to instead rely on the claims of the people selling the product. Which is great, as long as you're the seller.

Re:

[Epistax (544591)]

Our CEO refers to our code as "spaghetti code". I work for a multinational corporation with an engineering base of a few hundred in the US and a hundred or so in India, as well as a manufacturing base of around a thousand (I believe) in East Asia.

The code has been incrementally worked on for at least fifteen years, so yes it is more or less a jumble of sorts. Efforts have failed to make it cleaner, and have actually made it worse. The solution is obvious, and we're doing it now. My point is although o

I have seen some of this first hand.

[www.sorehands.com (142825)]

Back at Aspen Technology, I was working with the IRMA card. They provided source code (In C)for their file transfer code for $100. I tried their code and found really dumbass bugs, such as:

int wait_x(int milsec)

But, when they didn't want it to wait, they would would call wait_x().


When I wrote a list of bugs, it was 3 pages, single spaced.

When at Microsystems Software, there were functions named, "we_are_fucked" and comments that
said, "I know this is crap, but Dick wanted this now. I'll fix this later."

That was 3 years after that programmer left.

No.

[oGMo (379)]

No, this isn't the reason things are kept proprietary. Stop and think for half a second:

1. Design, Policies, Marketing
2. Development
3. Delivery

If something is going to be designed and released Open Source, this is decided up front. It has legal implications, especially when you might be interfacing with external third-party libraries and making platform decisions. Then code is written.

Things are exactly the opposite: closed source leads to poor code. No one's going to see it. The product has to get out of the door fast. You hire crappy budget programmers. You don't enforce disciplines of good design and code. Marketing runs the show. There is no ability for the community to see, contribute, and fix. All of these things about the closed source process make crappy code easy. I've seen them all.

But of all of these, no, crappy code is not the reason people don't release their source. I've seen plenty of craptastic code released by companies, that of all things is hardly going to stop them. Especially when improving the code is one of the benefits of releasing it.

doubt is a barrier to entry into a market

[technoCon (18339)]

Last week at XP West Michigan, the speaker advanced the theory that a company with an older codebase is invariably a competitive disadvantage and that anyone who builds a new system that does the same thing will eat their lunch. He went so far as to claim that this mechanism would result in Microsoft's doom. And I partially agree because "technical debt" in a codebase behaves just like this.

I think that an existing codebase may occasionally NOT be a mess or a competitive drag on a company. I'm not claiming this is frequent, but that it is possible.

Now, let's suppose I'm a young, hungry company who wants to eat a big, established company's lunch. If I know his codebase is chock full of "technical debt," I'll know he's at a disadvantage because everything he does to respond to me will have to carry along the burden of that technical debt. This means I have a better chance of beating him than if he's got clean code. BUT if I don't know if his codebase is crufty or not, that'll sew doubt into my analysis. That doubt will give me pause and provide a barrier to entry into that market.

You'll note that I made no mention of IP heretofore.

Thus, the company with a codebase that is ashamed of its codebase will be keep the extent of its cruftiness secret, to discourage competitors. Conversely, if a company knows its codebase rocks may consider IP to keep things mum, but if it buys into the line of thinking above, it may show off its codebase to warn off potential competitors.

Re:

[canuck57 (662392)]

(see what happens in google, etc). These people think they have a team of very good programmers but it's a bunch of tired old-timers.

Google old timers are very rich.

Re:

[julesh (229690)]

Exhibit A is Windows itself?

I don't need to read any further.

Right. Because, of course, Windows is perfect, so the article must be wrong.

You don't need to be a zealot to realise that Windows is probably pretty close to the classic definition of the codebase that's outgrown its original purpose by an order of magnitude or more and is now getting pretty hard to maintain. Why else did it take MS 6 years to release Vista, which isn't really much more of an upgrade over XP than XP was over 2K (which took them

Re:Can't help but agree

[Dachannien (617929)]

There used to be an Obfuscated Perl Contest [wikipedia.org] (in the spirit of the International Obfuscated C Code Contest [ioccc.org]). I suspect that the reason they stopped holding the contest is because of the risk of someone inadvertently causing a universe-collapsing paradox with their contest entry.

Re:Can't help but agree

[by Anonymous Coward]

> There used to be an Obfuscated Perl Contest

I've always wondered how they get the acronym "CPAN" from that. :-)

Nah

[markov_chain (202465)]

it's still there, they just renamed it "Perl Contest" ;)

Re:

[Tim Browse (9263)]

BS. Sweetheart, the only time Windows ever booted in 5 seconds for me was when I installed a Linux distribution to dual boot and the installer resized the NTFS partition to something much, much, much smaller. That's the only time that phenomenon has ever happened to me, so no, you are not getting 5 second boot times with Windows.

Indeed. That's probably why the poster actually wrote:

It takes 5 seconds to start booting windows on my notebook, my PC is the same.