M
Story
When hardware goes end-of-life, companies need to open-source the software
Do you know what the single, most effective way to ensure end-of-life projects open sources the software and hardware? It's if it's *open source*.

Not assurances that if they meet their funding goal they'll open source. Not a pinky promise to open source in the future. Not magnanimous decision by upper management to open source if the business fails.

It's open sourcing from the outset so that people who invest in their technology can be assured they've fulfilled their promise to the community.

Pay for products that produce open source software and hardware. Pay artists that put out libre/free work. Demand projects that ask for money and "will open source in the future" open source now before taking your money.

In my view, finger wagging at corporate entities not open sourcing their products after end-of-life amounts to posturing.

At the same time, consumer hardware isn't a niche hobby market
> Pay for products that produce open source software and hardware. Pay artists that put out libre/free work. Demand projects that ask for money and "will open source in the future" open source now before taking your money.

This is the most important part. The markets can be shifted in our favor if the consumers unite and vote with our wallets. Even the biggest MNCs can't resist the demands by a united consumer front. Well known brands have been disappeared after they offended their customer base.

This is very difficult in practice, but not impossible. It will need a cultural shift among consumers and that will need a lot of grassroots work by a group of dedicated individuals. But it has been done before - for example, consider the role FSF played in making free software so common. To begin with, consumers have to be taught to believe in and rely on our collective bargaining power, instead of reluctantly accepting exploitative corporate bs. The next will be to take smart decisions on each product. Obviously, only a small group within the society would know what is harmful and what we really need. We should develop a culture where the concerns and recommendations of the subject experts are quickly disseminated among the larger consumer community.

I know the above sounds too ambitious. But it's not nearly the hardest goal anyone has achieved through sheer will. Whenever I raise this point in relation to any specific topic on HN, someone always replies with a cynical, dismissive and defeatist take, often arguing that the consumer-hostile product has the 'market demand'. They rarely address the market manipulation that the manufacturers resort to, and the fact that those poor product choices are the result of missing consumer vigilance. Besides it's easy to sound smart by scoffing at someone else's suggestions. But it takes hard work to make a positive impact on society with an original idea.

  • palata
  • ·
  • 59 minutes ago
  • ·
  • [ - ]
> The markets can be shifted in our favor if the consumers unite and vote with our wallets

This is very naive. "We can solve the climate emergency if the consumers unite and stop living the way they live", sure. But obviously the consumers don't do that, even knowing that their children will die because of it.

  • pjmlp
  • ·
  • 6 hours ago
  • ·
  • [ - ]
Consumers vote with their wallet buying disposable electronics at 1 euro shops kind of quality.

This has to be legally enforced to turn around.

  • ·
  • 6 hours ago
  • ·
  • [ - ]
> This is the most important part. The markets can be shifted in our favor if the consumers unite and vote with our wallets.

have you even glanced at what touching hardware manufacturing involves? The amount of NDAs alone ends this. anything with a smidge of processor performance requires it, same for virtually every method of manufacturing anything.

also, FSF did jack squat.

In most cases the market rewards closed source. You can't reasonably expect that to change by pressuring consumers. We need regulation here.
Such regulation would inevitably introduce exceptions for products with limited-time use (because it doesn't make sense to support everything forever), manufacturers would explicitly mark all products as such, and consumers wouldn't even find it wrong.

New incentives to would hit market reality where most people want cheap devices, not lifetime support for something they themselves consider practically disposable.

If most consumers don't care, regulation won't help. Much like climate change.

I don't claim there's any easy answer.

To your point, market rewards are complex and doesn't always reward closed source. I would say the markets can reward companies that add value, and companies can add value by servicing a demand at reduced costs. One cost reduction measure is to use FOSS. For example, if you're building a data center, one cost saving measure is to use Linux as the underlying operating system over MS Windows.

I partially agree that pressuring consumers has issues, but the consumers we're talking about in this context are programmers, software developers, electrical engineers and other technically minded folk. Many projects only target dozens or hundreds "consumers" and, for those, advocating for purchasing FOSS might be a valid strategy.

I'm open to regulation but it's a coarse tool that favors large corporations. In my opinion, one way to larger regulation is to start small, show value from a growing community adoption and then try to push bigger. Linux was a toy operating system until it wasn't.

One minor point on regulation: From what I understand, there are some stipulations for (US) government grants to ensure FOSS artifacts get produced. I think violations of these conditions is common place. So we needed regulation in this area, we successfully got it and now we see that it's only as good as enforcement.

> For example, if you're building a data center, one cost saving measure is to use Linux

You're giving an example where a proprietary service benefits from open source. It supports the opposite point to what you're trying to say: not only the market rewards proprietary products, but open source actually helps proprietary products. If you open source your code, you risk helping your competitor.

> Many projects only target dozens or hundreds "consumers" and, for those, advocating for purchasing FOSS might be a valid strategy.

Again that's off topic. The goal is to enable technical people to make EOL products work for everyone.

> So we needed regulation in this area, we successfully got it and now we see that it's only as good as enforcement.

Which is a bit of a chicken-and-egg problem: in order for regulations to be enforced, we need the enforcer (a government) to be more powerful than the enforcee. But after we have allowed TooBigTech to appear and become more powerful than governments, it's difficult to expect anyone to enforce the regulations, right?

> What I am asking for: publish a basic GitHub repo with the hardware specs and connection protocols. Let the community build their own apps on top of it.

This concept works fine for the author's example of a kitchen scale, but fails when the device in question is something like a router that has secure boot with one key burned into e-fuses.

In that case we need both open software and a requirement that the manufacturer escrow signing keys with someone so that after EOL any software can be run.

Forcing the release of signing keys would be a security disaster. The first person to grab the expired domain for the auto update server for a IoT device now gets a free botnet.

The only real way to make devices securely re-usable with custom firmware requires some explicit steps and action to signal that the user wants to run 3rd-party firmware: A specific button press sequence is enough. You need to require the user to do something explicit to acknowledge that 3rd-party software is being installed, though.

Forcing vendors to release their security mechanisms to the public and allow anyone to sign firmware as the company is not what you want, though.

Embedded devices that go on the internet by (to update) themselves are an anti-pattern.

I run a bunch of stuff using Home Assistant via the Zigbee integration - the Zigbee host on the local server gets to decide where to install updates from - which was the security mechanism for most most software for most of history.

Get your stuff from a reputable source. Signage keys are nice, but they don't work as the sole security measure in an unsound supply chain.

The OTA firmware update keys ideally shouldn't be the same as the secure boot keys.
  • jcgl
  • ·
  • 6 hours ago
  • ·
  • [ - ]
…how do the updates get booted then?
ROM bootloader loads a second stage bootloader (e.g. [1]). The ROM bootloader verifies that the second stage loader is signed with keys fused into the MCU. The second stage bootloader in turn verifies application images shipped by the vendor, using a different set of keys.

When the vendor discontinues support for the device, they make available to their customers an optional update to the second stage bootloader that allows any application image to run, not just images signed by the vendor. This updated second stage loader is signed with the keypair fused into the MCU, and so it will run as per normal. They ideally make it so this update can only be installed with some sort of local interaction with the device, not automatically over the air.

Devices in the field running ordinary OEM firmware continue to be protected from malicious OTA updates. Customers who wish to unlock their devices also have the means to do so.

This is very technically straightforward to implement, but it needs to be considered when the device is designed. Regulations would be required to make sure that happens.

[1] https://www.trustedfirmware.org/projects/mcuboot/

  • jcgl
  • ·
  • 4 hours ago
  • ·
  • [ - ]
That does sound better, but haven't you just made the unlocked seconds stage bootloader functionally equivalent to secure boot keys?

Instead of [get released SB keys] -> [boot arbitrary payloads]

It becomes [get unlocked second stage bootloader] -> [boot arbitrary payloads]

Although, I guess that the details matter in terms of the process used to supply OTAs and second stage bootloaders. If changing to the unlocked bootloader requires physical access (or some such thing), then I could see that working.

Is there anything else I'm missing?

Secure boot is desirable for a lot of reasons including design protection (stopping your product being cloned), supply chain security, preventing malicious updates etc.

The question is one of how you can hand control to the user without endangering your legitimate commercial interests as well as the security of the rest of the fleet, exactly how you tackle that will depend on the product.

> Forcing the release of signing keys would be a security disaster. The first person to grab the expired domain for the auto update server for a IoT device now gets a free botnet.

Have you seen the state of embedded device security? It is already an unmitigated disaster.

Since you bring up botnets, there are far more exploited security vulnerabilities because a vendor EOLed support (or went bankrupt) and their firmware contained bugs that cannot be fixed because a signed firmware is required, or the source code was not provided than because their signing keys were leaked and someone is distributing malicious updates.

> Forcing vendors to release their security mechanisms to the public and allow anyone to sign firmware as the company is not what you want, though.

Yes, it is what I want. I am perfectly aware of the potential downsides and what I am proposing is worth it. The product is already EOL. In our current era of enshittification, vendor pinky promises to implement a user-bypass in their signed boot chain is not good enough. Look at the Other OS controversy on the PS3 if you want an example of this in practice, or Samsung removing bootloader unlocking in their One UI 8.0 update.

> The only real way to make devices securely re-usable with custom firmware requires some explicit steps and action to signal that the user wants to run 3rd-party firmware: A specific button press sequence is enough. You need to require the user to do something explicit to acknowledge that 3rd-party software is being installed, though.

The vendor has implemented an internal pad on the laser-welded, weather sealed, IP-rated smart watch that must be shorted to disable secure boot. Opening the device to access this will essentially destroy it, but we preserved the vendor's secure boot signing keys so missioned accomplished!

But you can still do both. Put a key into escrow that unlocks the device fully, but the key can only be used if the device is physically manipulated. This could mean holding down a button as it boots ups to put it into “enter the unlock key” mode. The mode is useless until the key is published and the key is useless without physical access to the device. And you don’t need to open anything. This could be a purely software thing. As long as you can somehow externally communicate with the device via a button, Bluetooth, Ethernet, etc. you can create a system that would allow this. Hell, you could use a magnet to trigger it.

I agree that devices shouldn’t be locked by the manufacturer AND I think that silently unlocking all devices all at once could do harm.

> Have you seen the state of embedded device security? It is already an unmitigated disaster.

If security was an unmitigated disaster on every device then it would be trivial to root them all and install your own software, wouldn’t it?

I think that's a fair distinction, and it highlights that "just publish the protocol" isn't sufficient for every class of device
Locked bootloader should just be competely forbidden, even for brand new devices. Hardware and phone owners have the right to make any change they see fit on their device, no matter if the manufacturer thinks it's ok or not.
  • palata
  • ·
  • 57 minutes ago
  • ·
  • [ - ]
There are security reasons to use locked bootloaders.

But I do agree that we should be able to unlock and relock the bootloader. That's one of the reasons GrapheneOS supports the Google Pixel, for instance. The security model relies on the locked bootloader.

I agree with you fully on this. Unfortunately, the odds are stacked very unfavorably against us. It's not just the manufacturers who resort to these underhanded profiteering tactics. Even the regulatory agencies are for locking down the firmware.

Their argument is that an unlocked firmware would allow us to override regulatory restrictions like the RF output power or the IMEI number. That argument has some merit. However, my opinion is that such restrictions should be implemented as hardware interlocks that are unchangeable through software. Thus, we would be free to change the software as we like. Sadly, both the manufacturers and the regulatory agencies tend to completely ignore that solution, so that they can retain their excess control.

It's trivially easy to break those restrictions with off the shelf SDR hardware you can buy rather cheaply.

Locking people out of their phone does not raise the skill or effort ceiling much, as there still presumably would be software restrictions in place.

I always found this claim completely bogus, you can always do something illegal with your phone, there's no way to prevent everything with software.

This is the goal of law enforcement and justice in general and in this argument, a hardware manufacturer is substituting this role, when we say that, we can see the overreach. Manufacturers aren't public entities able to make such decisions.

How about just allowing key enrollment with a physical button?
This is very much not an option on most embedded devices. They allow one key to be burned once.

IIRC, a certain Marvell SoC datasheet says multiple key slots are supported, but the boot ROM only supports reading the first entry (so really, only one key is supported).

Unless it becomes a law, and the hardware makers adapt.
  • palata
  • ·
  • 56 minutes ago
  • ·
  • [ - ]
My Google Pixel allows adding custom keys, which GrapheneOS uses. So I guess that's technically feasible?
I totally agree with the frustration of having hardware I would like to keep using but can't because it got EOL. Like a smart speaker or something.

But I don't know if there is a pragmatic way to approach that. I mean, I could also say "it should be illegal to produce e-waste", but what does that mean and how do we actually do it?

If you aren't looking at capturing 100% ewaste, then simple laws around liability and penalties for reduced functionality is all you'd need.

Simple things like "if an electronic device, through no fault of the owner, can no longer perform it's main function, then the owner is due a full refund. A company may escape the refund by placing all software required to run the product in the public domain."

It'd miss cases like fly by night companies, but you could catch big players like google disabling their thermostats for non-hardware reasons.

The only thing you'd achieve doing that is to change the "main function" of a device to somethings silly, like a thermostat being sold as an art decor with the optional additional of functioning as a thermostat too.
> change the "main function" of a device to somethings silly, like a thermostat being sold as an art decor

that seems like it can be addressed by making sure that the regulators who enforce these laws have more object permanence than a 6 month old baby.

like, if I try to sell a "metal sculpture" that by sheer coincidence is capable of firing 9mm ammunition, I'm going to have the ATF knocking on my door real quick, and they're not going to be fooled by me claiming "no that's art"

> making sure that the regulators who enforce these laws

But then again, one problem is that Big Tech has enough money and power to completely overwhelm the regulators...

Probably much easier when the seller is in China and selling the product in the US on Amazon.

Why would the ATF go after them instead of YOU?

This is why the legal system is run by people with brains and reasoning and not python scripts. A real person will see that a thermostat is actually a thermostat.
Where does it end, should EOL windows be open sourced because some software/games/hardware do not work on newer windows versions?

Open source windows 10 would cannibalise Microsoft’s long term objectives.

Given that Microsoft currently intends to productize Windows users' data to build AI that replaces their users' jobs, it seems reasonable to cannibalize those long-term objectives...
Oh no I’d love to watch Microsoft burn, but I’m pointing out that any open sourcing abandonware is not in any businesses corporate interests. They’d sooner ‘support’ software forever by a yearly pointless update.

Let’s all not forget the ones who wouldn’t want this to happen are the same ones who hold all the power. No government will ever force this.

> Let’s all not forget the ones who wouldn’t want this to happen are the same ones who hold all the power. No government will ever force this.

I think this is an important point: it's already impossible to enforce antitrust laws because TooBigTech has the power, and when an entity big enough tries to regulate (like the EU), then the US government prevents them from doing it.

Windows isn't hardware. If the laptops were only capable of running a particular version of Windows XP, then yes they should either be unlocked or their firmware open sourced to allow running something else.
Linux will run on "anything" and is especially good on old OSS. So I feel like MS is the least affected by this whole proposal.

Equally, nothing stops you running XP on the device forever. (There are plenty devices out there that are.)

So this whole line of comments is somewhat off-topic to when hardware is bricked.

  • ezst
  • ·
  • 13 hours ago
  • ·
  • [ - ]
If that's one way to get to Microsoft abusive planned obsolescence and absurd e-waste, I take it
  • herf
  • ·
  • 14 hours ago
  • ·
  • [ - ]
Most systems now "fail closed" because they are based on a code signing chain of trust that has no exceptions. It would be better if some portion of these systems were made to "fail open" - you don't want a botnet to take over in this situation but you should be able to delegate code signing duties to a new party when the original one goes under or stops supporting a device.
A classic example of this is the Google Nest Learning Thermostats Version 1 and 2. With a decent bounty, these £220 ($400+) devices have been given a new lease of life by the team behind:

https://nolongerevil.com/

Repurposing bricked Nest Gen 1 & 2 thermostats with custom software. Giving old hardware new life through open source innovation. No Longer Evil is a right-to-repair firmware and cloud replacement for Nest Thermostats that frees your device from Google’s cloud dependency. By flashing custom firmware, your thermostat will operate independently and connect to No Longer Evil’s platform (or your own self-hosted server), giving you complete control over your device data and settings.

Nobody expects lifetime support, but killing basic functionality because an app backend or roadmap disappeared is hard to justify, especially when the device still works electrically and mechanically
> Now, I'm not asking companies to open-source their entire codebase. That's unrealistic when an app is tied to a larger platform. What I am asking for: publish a basic GitHub repo with the hardware specs and connection protocols. Let the community build their own apps on top of it.

The actual proposal in this blog doesn’t make much sense. Having the specs of a device isn’t going to change much because they can be determined by anyone examining the PCB. Most devices don’t have a simple connection protocol, like the Spotify Car Thing used as an example.

I understand the idea as "provide what is necessary for someone to reuse the hardware". Just the bare minimum, like how to flash a firmware and a minimal firmware.

Now for many products, nobody would spend the time needed to make it actually work, but for some it may be nice.

But I agree that it is more complicated than it seems, and realistically that would be on a case by case basis.

Honestly between the ability to flash firmware, interface specs, and maybe PCB schematics that should be enough to use an old device for a motivated individual.

My personal pet example of this is old cameras, lenses, and digital backs. Plenty of great hardware out there that currently requires very extensive reverse engineering to use that would be made a lot easier with firmware & schematics.

I think we are in a middle of a dark age.

I was just playing around with home automation, and I have built quite a few custom devices over the past few months.

Just to illustrate what I mean:

I have an old furnace - it's interface is literally: pull this pin down to ground and the furnace starts up. It's incredibly easy to work with. Later furnaces from this manufacturer have some proprietary protocol that seems very difficult to interface with, from what I gathered from the internet.

But, even yet more modern versions support the standardized OpenTherm protocol and is very hackable again.

Something else: Hardware tends to be amortized away into a commodity. A ton of modern devices essentially run on ESP32s, raspberry Pis (or some other open SoC) or smartphone hardware with Android.

I (and others have) just started hacking around with an ESP32-S3 based HMI - it's and LCD screen married to and ESP32-S3, integrated into a very nice case with a small touch screen panel. I was able to whip up a custom professional looking GUI in a couple weekends and integrate it into my (fully local, open source, HA-based) home automation system. It runs ESPHome and uses LVGL to draw the UI.

I've had friends over and they remarked about how nice it looked, and asked about the brand and were suprised when I told them I hacked it together. It looks good enough that you could sell it and works very well.

I actually think this is a great idea. Not even for "Open Source".

Can you imagine if UBNT had to open source its EOL boot chain, so that Cambium was legally entitled to roll its firmware for old Unifi kit? And Vice Versa?

The result might not be "Old hardware supported by the community" the result might be "Eternal product updates so we can legally prevent Cambium from taking our customers"

Open source isn’t going to happen on any real scale, because pretty much any non-trivial commercial product is going to have a ton of third party IP that the manufacturer has no right to give you.

What manufacturers should be required to do, at a minimum, is remove any impediment to you running whatever alternative software you choose.

It's the bare minimum but not good enough imo. If your smart home products rely on an external server which no longer exists, the average person will never install a 3rd party firmware and self host the servers. They will just throw it in the bin.

Ideally we should just be designing products so they don't have external dependencies. A smart speaker should be able to stream over the local network on a standard protocol which doesn't rely on an external server existing. A lightbulb should be able to be paired using a generic standard without running through the OEMs servers.

Thankfully for some devices this does seem to be the trend. Matter over Thread smart devices are not dependent on proprietary hubs, apps, or external servers.

>the average person will never install a 3rd party firmware

Heres a kicker. I really dont care about the average person. I care about multimillion dollar stacks of hardware that have support rug pulled on them, leaving millions of customers stuck. I care about small businesses that invest in their communities and find themselves locked into a single vendor without the cost to overhaul their network to move to another one.

Throw your Dlink home router in the bin every 3 years. I literally dont care.

>Ideally we should just be designing products so they don't have external dependencies.

This is good too. But even then, I would apply this logic to stuff like Meraki, where major features go away if you dont buy the license. Lightbulbs are beneath my notice/contempt.

The article calls for releasing and unlocking the api to the device, not for releasing all it's code as OS as the title seemd to suggest.

This is more achievable as code itself is often shared across multiple devices, some not EOL, and often not even owned by the HW producer but licensed under non FOSS compatible terms.

Phones that don't get updates for 12 months also should be required to unlock their bootloaders, so a 3rd party ROM can be installed, or at least Magisk can be loaded.

Mediatek devices are beyond hope, but some could be saved this way that are otherwise trash.

Mediatek has always been more open than others -- the bootloader wasn't even locked on most generic Androids, and SPFlashTool easily gets around it. For the newer devices, there's MTKClient: https://wiki.postmarketos.org/wiki/Mtkclient
This is why I chose a phone that can run mainline GNU/Linux by design, with lifetime updates.
In my experience, whenever you mandate open source software, you get software so unusable that it might as well be closed-source. Like, it doesn't compile, and they ignore all bug reports.
That's a chicken-little, FUD argument because if it were required by law, then everyone would have to do it and be held to the same standard.
True
  • wmf
  • ·
  • 14 hours ago
  • ·
  • [ - ]
Dumping responsibility on "the community" could backfire in a big way. It sounds good at small scale but it becomes a form of entitlement if the whole industry does it.
It’s pointless anyway because there is always someone in the community who comes along and rips out support for old hardware. Because, you know, EOL, doesn’t matter that it’s a stationary target.
  • bsaul
  • ·
  • 1 hour ago
  • ·
  • [ - ]
funny how ideas are in the air. I had the exact same idea of having EU enforce that just 2 weeks ago.
How about requiring all APIs to be open? Companies are free to run/maintain/drop servers and apps, but we'd have the ability to use the hardware we bought, if we write our own apps.

That might actually be good for security. If APIs must be public, proper cloud security becomes necessary (rather than relying on obscurity).

One great example/case for this would be Aura Frames (recommended to me by a few folks here when I posted an Ask HN) [0]

If the company disappears... what happens to the devices and the cloud storage?

I've been really enjoying the product (it's really well done, the mobile app works perfectly well) but it's a scary thought.

I also found this Reddit thread [1] with some language from the company supposedly saying they would do their best to launch alternative tooling if they disappeared, but I can't find this language anywhere else online.

[0] https://news.ycombinator.com/item?id=45341781

[1] https://www.reddit.com/r/homeautomation/comments/1b8vei3/wha...

I have had an itch to disect an Aura frame and do something akin to the Tonie Box jailbreak. But I am too afraid of being responsible for bricking our frame and I can't justify spending the money on one just for R&D.
If you’re confident that you can reverse it, happy to throw $50 at this. It would be extremely great if you did this.

Anybody else want to crowdfund? :)

P.s. if you end up absolutely bricking it, but at least get one great blog post out of it, it’s still worth it ha

Probably be the same as the email addresses for the Kodak Pulse Frame, or Sony Dash, both really awesome products that the manufacturer just killed the backend services and bricked them to an extent.
A huge feature of copyright is that it is time-limited. When the copyright period expires, it passes into the public domain and belongs to everybody.

There are two major things that undermine this for software: copyright durations, and lack of source code. Software copyright durations should be at most a few years, and to be eligible for copyright, software should have its source code published or at minimum held in escrow, so that when the copyright expires it is still useful.

We already require patents to be published in exchange for the protection we give them; software copyright needs to be the same.

Llms are getting quite good at decompiling things to idiomatic code. How much better do they have to get before open source is a moot point?
Open source is as much about the source as it is about the license. Having a source you don’t have the rights to is not worth much.
That is kind of my point. Open or closed, it is only the license that matters.
Since the article is about open-sourcing the interface and not the software itself, why only when the product goes end of life?

Also, "end of life" is hard to define. Does it mean not being produced, ordered or sold? After how many days, months, etc.?

I guess it depends? -Software updates no longer available -Customer support no longer exists -End of legal (or voluntary) obligations to stock replacement parts and offer repair services for the hardware
  • natas
  • ·
  • 13 hours ago
  • ·
  • [ - ]
"EOL hardware should mean open-source software"

It is if you buy carefully: I don't buy hardware that can't be used with linux or whatever I deem necessary. And then, there's the car...

One time I worked at a non-SV megacorp and they estimated the cost of open sourcing one project. It would've taken between 2 and 6 months and cost mid-six figures. Even if they wanted to pay for this when the product is about to be abandoned, they literally can't if they licensed some non-free IP.
They should do it from the start.
- my opinion is going to sound very controversial here

- this also extends to software

- when it has been 25 yrs since a game has released, you are no longer making money from your game big time

- companies should be forced to open source their games at this point in time

- so that we can revive games that companies like ubisoft keep shutting down and removing from steam libraries completely

This might be true for games, but its not universally true for software.

Clearly the Windows NT kernel is older than 25 years, and is still making money.

And it's not alone. My own company is still actively developing and selling a program first released in 1998. Even if we wanted to Open Source every build 25 years after it's release, it might be difficult to figure out how to store the code that long.

We originally backed up on tape. Good luck restoring that now. Then writable CDs; those have likely degraded (and we'd need to find an old CD Drive to read them.)

Even most hard drives of the era are no longer usable - MFM, SCSI ,ATA none of those interfaces exist, and drives were tiny. If you had to choose a media today, that you'd be confident would work in 25 years, what would you pick?

Sure, our active code survives because we simply clone the archive every time we replace the server, but we don't have a history if every build ever.

Seems like a million years ago I wrote some games. The source code is long gone. (Well it's on 5.25 floppy disks in my garage for 30 years, so functionally gone.) The compiler to make it is long gone. The OS and physical hardware is long gone (although emulators exist. ).

I'm sorry to say, but making laws for old software is basically pointless.

  • snvzz
  • ·
  • 8 hours ago
  • ·
  • [ - ]
>Clearly the Windows NT kernel is older than 25 years, and is still making money.

Not the one from 25 years ago.

>Seems like a million years ago I wrote some games. The source code is long gone. (Well it's on 5.25 floppy disks in my garage for 30 years, so functionally gone.)

Legal requirement would have ensured great care in preservation of said source.

>I'm sorry to say, but making laws for old software is basically pointless.

If it's pointless, then copyright should expire much earlier.

>> Not the one from 25 years ago.

um yes, that one. updated, yes. added to, yes. But a huge chunk of the code that shipped then is still shipping now.

>> Legal requirement would have ensured great care in preservation of said source.

Um, no. The cost of that "great care" would simply have to be built into the initial release. More likely we'd just ignore the problem (who expects this thing to last 25 years anyway?) and then in 25 years, assuming we're still around, we'll wait for someone to what? Take us to court? "Sorry judge, source has gone in the great fire of 07"). Judge does what? issues us a fine? (Said fine being anyway lower than the cost of the "great care" you mentioned....)

Copyright serves a very different purpose. It protects the binary from being copied by others for commercial gain. That's not a law for "old software" - (nobody cares about Visicalc), it's a law for current software (ie, it's still illegal to pirate Windows 2000).

We can indeed see the benefit of releasing game source code with the old Mario and GTA recompilations.
  • ·
  • 13 hours ago
  • ·
  • [ - ]
I disagree. The average consumer needs to be educated that if a remote server can brick a device you have already paid money for, you do not own it. It has been leased.

The economics of leasing vs buying are well understood by the general public. Allow them to make an honest decision at the time of purchase.

  • jen20
  • ·
  • 12 hours ago
  • ·
  • [ - ]
> The average consumer needs to be educated that if a remote server can brick a device you have already paid money for, you do not own it. It has been leased.

This isn't even the case: generally leased things have to work for some defined period of time ("the least period").

I also think a distinction should be drawn between things bricked because they require a server connection, vs devices bricked because the rightful owner has chosen to do so because they have been stolen.

> And here's the thing: with vibe-coding making development more accessible than ever, this isn't just for hardcore developers anymore. Regular users can actually tinker with this stuff now.

Have you tried pointing an LLM agent at a decompiled apk? It could probably write you protocol docs for it.

True, but most probably you wouldn't be legally allowed to redistribute your driver or software.
  • m463
  • ·
  • 14 hours ago
  • ·
  • [ - ]
I think bose did a wise thing with their speakers. Turns "company makes my purchase worthless" to "my purchase now has open source software".

...although it could be "no more product support, talk to random people on github"

actually, don't know why there couldn't be legislative or tax support for these kinds of things.

> tax support for these kinds of things

What are you hoping for with tax support?

  • m463
  • ·
  • 13 hours ago
  • ·
  • [ - ]
write-off product if open sourced, or make it charitable or ...

nevermind, government rarely does this right.

Bose didn't open source anything, the stories' titles were false.
This is where I hope EU do their magic
Vintage hw is even harder to find drivers, BIOSs, SDKs, schematics, manuals, and such for because there's no assurance of proper archival. This is almost always seen whenever downloads were hidden behind Flash, CGI, JS, or other dynamic / link-rotten URI or were on an ftp server which IA failed to mirror.

There must be international legal minimum standards of post-sales support and EOL archival caretaking to really reduce e-waste and allow things people paid for to endure rather than forced planned obsolescence like cloud-side or update-based bricking. The corrosive consumer mindset of "new, new, new"; fragile, undocumented, closed-source, short-life tech; and throwing away expensive things is absurd.

with most of the electric are just oem stuff from china, how are you going to enforce it?
Is there an RSS feed?
Hey, thank you! I've just added it https://www.marcia.no/rss.xml (I'm only starting to write and forcing myself to write one article a day, so I'm afraid not every day will be worth your time)
Dear EU Santa, please force Meta to open source the Facebook Portal as well so I can repurpose relatively decent hardware for something useful and fun, rather than e-waste.
More like drivers should be open source to begin with.
This would be fantastic. I'm trying to write an audio driver for my HT|Omega eClaro PCIe soundcard for Linux by leveraging kernel modules for cards with a similar BOM. It is mostly working, but the main hurdle is the inability to increase the volume to >= 50% of the volume in Windows. I'm setting attenuation correctly to the correct DAC registers and I can hear the opamp relay click on, but can't adjust the final gain. It sure would be great to have the Windows driver source. Worse yet, the company is unresponsive to my requests for any info (schematics, gain setting sequence, anything).
Run Windows driver in a VM and pass-through your device, then dump the registers and compare.
Browsed OP's website. Zero open-source content.

Browsed top commenters' site. Only outlier is abetusk here who has his hobbyist stuff available openly, but nothing professional.

I don't get it. Why don't any of you guys do the thing you want others to do? Be the change you want to see in the world.

Should be a law. But also sell hardware with extensive documentation and if possible conform to a standard.

Moreover if the hardware is composite, that should apply to its components.

  • wilg
  • ·
  • 12 hours ago
  • ·
  • [ - ]
I think you should be allowed to stop supporting a hardware device without open sourcing the software, full stop. I just think that's the least bad option.

I'd be fine if manufacturers had to have some kind of standard "nutrition facts" label of what will happen to its functionality if support is ended.

but because the app is no longer in development, it's essentially useless

the app used to store data for up to 5 users to keep track over time. I miss that!

What? Was it storing the data on a cloud server? In that case it's a different story, but a local app should continue working essentially indefinitely.

All this focus on source code is IMHO missing the point. RMS also missed this point when he started the GNU project. Source code is neither necessary nor sufficient for (legal) freedom. They just need to relinquish the copyright and release any keys and such getting in the way. Lots of examples otherwise --- I'll refer you to the cracking scene, game modding, etc.

In the physical world, products can be "EOL" for decades and the aftermarket will fill in the void if there is demand, often even when the original product is still in production. The original manufacturer never released blueprints and other comparable-to-source-code information; they just don't try to stop the aftermarket. Mid-century cars are a great example of this.

tl;dr: stop demanding source code, start demanding freedom.

if EOL hardware become open source and community can support it then community would extend that EOL product and making it extensively harder for older customer to buy new product

I love to see this future but knowing this, company would never do this

Nice concept, yet, this isn't realistic but for a few special cases.

In simple terms, if a company has a continuum of products of a certain category over time, the designs (hardware, software, manufacturing, testing, etc.) are typically evolutionary in nature.

This means that product B inherits from product A, C from B, etc. When product C goes to market, A and B might be EOL. Open sourcing anything related to product C means relinquishing their intellectual property.

Nobody in their right mind would do that unless a unique set of conditions are in place to have that make sense. In general terms, this does not happen.

Instead of trying to regulate everything, perhaps it would be better if consumers educated themselves and did not buy devices that do not run locally using open protocols in the first place. For me, it's a hard requirement -- I will not buy a "smart" anything device that isn't supported offline by Home Assistant. This restricts my choice set, but so be it. Sometimes, it means doing more work. I won't buy a Ring camera, so I had to build my own system using generic RTSP cameras, some hard drives and a PC.
I'm pleasantly surprised to see this opinion gain popularity on HN. When I raise the same point, someone usually replies with a cynical and sometimes snarky dismissal. I just wrote a long rant about it [1] in support of somebody else who made the same point.

[1] https://news.ycombinator.com/item?id=46612531