[mrandish]

> open source server code if you are going to cease support

When I was a senior exec at a big public tech company, there was a product we decided to discontinue and we thought would be nice to just open source. Somehow I ended up in charge of managing that process and was shocked at how complex, time-consuming and expensive it was in a multi-billion dollar, publicly-traded corp vs some code my friends and I wrote.

Legal had to verify that there was no licensed library code used and that we had clear, valid copyright to everything there. The project had been written over several years, merged with a project we'd acquired with a startup, some key people weren't around any more, the source control had transitioned across multiple platforms, etc. And even once we nailed all that down sufficiently, we didn't get an "all clear" from legal, we just got a formal legal opinion that any liability was probably under $1M. And then we had to convince an SVP to endorse that assumption of $1M potential liability and make a business case for approval to the CEO.

For a public company, the default assumption for any online game would be "the server side code WILL be open sourced" (under threat of prosecution). That means legal would mandate "No commercially licensed libraries can be used, any open source libraries will have to be vetted to ensure the license is compatible and everything else will need to pass IP and compliance audit." That will certainly have an impact on development time frames and economics.

[gbear605]

That’s exactly the benefit of a law - it’s a forcing measure to require businesses to invest in processes to understand open sourcing, and to go forward when otherwise no one would make a business case for approval.

[brobdingnagians]

And makes it more expensive. There is the seen benefit and then the unseen cost. Every game released will have to account for the possibility of it, and will create issues for people who really didn't want those issues. After awhile people will forget there are associated issues and costs, but they will still be there.

[fluoridation]

Every game released whose developers have chosen to complicate its design with a client-server architecture. It's not like this is going to hurt the little three-man teams making games on shoe-string budgets. Yeah, it's going to make big budget games a little more expensive, just like how cars with seatbelts are a little more expensive to build, and like how it's a little more expensive to do proper waste management instead of dumping sludge into a river.

[furyofantares]

> Every game released whose developers have chosen to complicate its design with a client-server architecture.

Huh? Client-server architecture does make things more complicated to implement but it's not THAT bad. And you (usually[1]) do it in service of multiplayer, not because you're big budget or just want to complicate things.

Among Us was literally a three-person team.

[1] I find there are some major benefits to it, especially in post-LLM-world, and have been strongly considering it for some of my solo-dev single-player projects.

[VorpalWay]

Remember back in the old days when you could just run your own game server, even though it wasn't open source? That would work too. Or peer to peer LAN gaming, why is that not popular any more?

Designing a game to use developer hosted servers is a choice they made. Probably to squeeze money from microtransactions.

[darkwater]

> Or peer to peer LAN gaming, why is that not popular any more?

This. I mean, modern game companies could setup a common (for every game) Headscale or similar solution, let group of friends create their own private VPN between them punching through any NAT and host their own distributed multiplayer game. Yes there is still some involvement server aide from the company but it could be easily shared between games. And if support ends, you still leave players with the option to use their own LAN/VPN system.

[imtringued]

Offering an .exe download is much less of a burden than open sourcing at gunpoint.

[pjmlp]

Because they cannot profit from it hence why.

Centralised servers allow for subscriptions and other stuff.

[gsich]

because real P2P is hard for realtime stuff. Be it timing or network port forwarding issues.

[fluoridation]

A lot of games have tacked-on online features to excuse the existence of the server to enable DRM, and a lot of multiplayer games arbitrarily don't offer a way for clients to double as local servers like in the heyday of arena shooters.

[furyofantares]

Sure, but the existence of such annoying things does not mean that's the only reason to use a client-server architecture and that it would only affect those games.

[Chaosvex]

Among Us is also incredibly simple compared to the services required to support some AAA games and even then, their networking code was riddled with exploits that no professional would have written, including RCEs.

Didn't stop it from being a fun, successful game but there's no comparison to the work and complexity involved in larger games.

[furyofantares]

I'm aware. What's that got to do with anything?

[Folcon]

Agreed, I'm pretty much doing the same thing for my indie game

It's now a lot more tractable to build a multiplayer game, on the other hand balancing it is a whole other kettle of fish

[hparadiz]

What? This a mandate in law that requires a company to do work in order to comply. Studios will spin out LLCs for a game so that if it fails it doesn't end up as a liability. Unintended consequence: more dead games.

[fluoridation]

It's impossible for the law to cause more games to die, because already the default fate of online games is for them to die. If, with the law, a studio chooses to use an LLC to create the game to conditionally release sources once it shuts down, that was a game that without the law would have died anyway because the studio wouldn't have chosen of its own volition to release sources.

[hparadiz]

If a studio on it's last legs is required to service a failing product instead of working on a new one the studio will simply close and not comply. That's what tends to happen with forced regulations like this.

[RobotToaster]

If they're spun out as an LLC then there's also zero legal risk to to the parent company to dumping the server code to GitHub as open source.

[account42]

Technically in both cases the risk is nonzero as a wholly owned subsidiary LLC doesn't just let you avoid all risk while still keeping the profits.

[thayne]

Really the parent company should be held accountable for that. But that is a more general problem with LLCs that is already causing significant harm.

[sowbug]

Putting on my Pollyanna hat...

Or it could make it a lot cheaper, if the server were developed entirely on open-source infrastructure from the start. Hopefully the actual game logic would be developed entirely in-house, making it easier to audit before releasing.

[jurgenburgen]

Most likely the engine providers would spin off their server components as OSS for this express purpose so their customers can easily comply. This regulation could be a huge win for making the game industry adopt more OSS.

[hedora]

The beauty of making it a criminal issue is that those costs go away.

When the library vendor licenses some proprietary crap to a game server vendor, they take on the risk that their library may fall under the open source requirement when the game server shuts down.

At shutdown, criminal law says the library vendor must open source. Since criminal law preempts contract law, no amount of weasel words in the software license change that.

Even if the upstream vendor is out of business or something and did not provide source, surely, the binaries fall under the the open source clause.

Problem completely solved, and no lawyers need to be paid after the fact. (Library vendors might want to pay lawyers to tell them not to license to game servers, or not. Either way, that's not the customers' problem.)

[Dylan16807]

If you plan for it from the start, it's a small cost. And the simpler the game development process the cheaper it gets.

[socalgal2]

It is not. Most of the full online game stacks are not open source and most of the open source ones are poor and under featured

[fluoridation]

That could change once a law comes out requiring all new developments to be designed differently. Besides, no one is talking about open sourcing the server code. Releasing binaries and patching the client to talk to a local instance is perfectly acceptable. A developer would then just need the ability to redistribute compiled builds.

[lowdude]

That was my initial thought as well, but on second thought it does not seem like such a good idea to provide binaries that will never get patched for a public-facing service. Sure, not the company’s issue anymore, but still…

It might make a community rewrite of the server code easier, but that would likely only be attempted for very few games.

[account42]

A lot of things are costly until they become required by law - then vendors have no choice but making that part of the price they compete on.

[varispeed]

Middle ground could be completely open API from the start, so community could build alternative server from the ground up.

[account42]

Having a documented API and the game actually abiding by it would probably be way more expensive than ensuring you can dump the source code on the community on end of life. The latter is only (sometimes) costly now because the industry is not built around it.

[rexpop]

Not everything that makes a product more expensive to release is the end of the world.

[account42]

The costs won't be high if doing things that way are industry standard as required by law so all middle ware is already certified for it.

And its not like its a bad thing for a company to calculate in the full cost from the start rather than offloading it onto society when they drop the product.

[socalgal2]

Yes, an many indie devs will not be able to clear it.

[duxup]

Seems like it would it would put smaller developers in a bind / limit what games even bother with server side systems.

[foresto]

Of course, it would also create a demand for open-source game server libraries, which would surely appear after a while and make the whole process much easier.

So while I believe you about all those difficulties existing today, it's plausible that they would mostly fade away over time. I think temporary growing pains would be an acceptable price for the significant long-term public benefit.

[throwaway85825]

Unreal is open access but not open source.

[WalterBright]

This difficulty has been greatly reduced by git. With git, you can have the complete provenance of every line of code.

Git has ended the accusations people have leveled at me for code theft. (I beat them all back because I had meticulous documentation and the accusers always had nothing. Git just made that easy.)

For my work, Git (and Github) have been a godsend.

[Nition]

Nah, you just open source it in a broken state without anything that had separate licensing, so nobody is happy and the law is followed.

[JacobKfromIRC]

This would be a way better outcome than the current default. I've even seen this suggested before [1].

If game-specific logic is not public, information needed for reverse engineering could be completely missing, but if game-specific logic is available plus the names of the missing libraries, reconstruction of the game should be possible eventually.

[1] https://drewdevault.com/blog/Open-sourcing-video-games/ (See "What if I don’t completely own my game?")

[account42]

Yes, partial source is still very useful. I don't think the law should allow for it though as companies could intentionally put as much as possible into "proprietary" libraries that they conveniently only license for binary distribution from a totally unrelated company that for no reason at all is owned by the same stakeholders. Much better to just require everything to be there and then have the industry adapt.

[mrandish]

> so nobody is happy and the law is followed.

An outcome so common they invented a word for it: https://en.wikipedia.org/wiki/Malicious_compliance

[account42]

This is already common with source releases for games and it is much much much better than no source release at all. A lot of the proprietary middle ware ends up being not that hard to replace after all.

[thombat]

The final phase of Symbian OS was becoming the open-source Symbian Foundation. This required the existing codebase, hundreds of thousands of files, to be categorised properly (mostly homegrown, some acquired, some licensed) and where necessary restructured so that each directory only had one kind. Painful, exacting, tedious archaeology which all-but-froze development for weeks. Like a long-deferred merge, the cost to pay for belatedly resolving a mess of licenses is daunting.

[throwaway85825]

Only retroactively.

[whateverboat]

To be fair, it was in a time and age where BOM was not that common. I am assuming nowadays, with BOMs being in place, the process should be much easier.

[aaravchen]

BOMs are used when they're legally required or if the company has a sufficiently mature cyber security stance, but those both tend to focus mostly on shipped client code versus server-onlt code. Usually you end up with a highly fragmented set out different "BOMs" that are only present as language-specific lock files for the proteins of code that support it.

Lots of games are written in C++ to this day for example so they can eek out every bit of possible performance no matter the trickery required. I would presume this extends to server side of MMOs etc too. C++ has no standard build system even, it's sort of settled on CMake mostly, which has minimal native (working) support for dependencies even, let alone lock files and/or BOMs.

[rcxdude]

More likely, those commercially licensed libraries will wind up needing to adjust their terms to allow for this kind of release.

(Also, legal will basically never give an 'all clear'. That's not their job, their job is to inform you of the risks, and so it's extremely rare that they will not come up with some)

[watwut]

> Legal had to verify that there was no licensed library code used

Your company did not tracked libraries licenses in the first place?

[acdha]

Consider that there might be a difference between knowing which licensed libraries you used and verifying that your usage of them fully complied with the current license terms when releasing the source code. For example, licensing a library for binary distribution might not cover releasing a copy of a header file, modified copy of something you got from support before a bug fix made it into a release, some random utilities used for preprocessing data, etc. even though for years your developers might not have made the distinction because it wasn’t open source when they were actively working on it.

[aaravchen]

Also, every company I've ever worked at, including ones producing regulated products like medical or home appliances, uses the beuracracy to take the stance of "Considered Risk". Rather than spending all the tone knowing for sure they comply, they make a "best effort" (the level of which varies a lot by company and industry) and bank on never getting closely questioned about the specifics. Releasing publicly is exactly that "closely questioned about the specifics" though.

[watwut]

This is a non problem. We use libraries with standard licenses and there is finite set of them - like 4. And I work on fairly large software.

If your company has issue achieving this, then it was simply not complying with those licenses.

You can go through all licenses just by checking their list in maven. None of that is hard or expensive.

[acdha]

We have considerably more than 4, some of which are custom works of companies which have been selling under their terms since the 80s. No, I don’t think it’s a huge problem but if you have a lawyer who doesn’t at least want to check, you need a better lawyer.

[account42]

This is actually something that a law requiring source code releases would end up improving though as those companies would be forced to standardize their licenses or find themselves without customers.

[account42]

Historically, the game industry often enough wasn't even able to track the final source code of their past releases.

[pjmlp]

That is already the case in enterprise projects for many years now.

Since around 2010, that in most projects I am involved, the CI/CD pipelines can only talk to internal repos with vetted dependencies.

You can still do whatever locally, however the build will break when using non authorised dependencies.

[account42]

> That will certainly have an impact on development time frames and economics.

I don't think there would be much of an impact long term as third party frameworks would be forced to adapt their licensing or die. It's not like years old source code is really as valuable as some companies pretend.

A lot of the pain you experienced is mainly due to making the decision to open source after the code was already written rather than from the start - its really no different than any other late requirements change.

[marsbars241]

I’m curious if you think the law would cause companies to keep better track of these things as development happens. If there was tracking for all the shared libraries from the get go, I’m guessing it would have been an easier transition?

[umvi]

Better to just publish the protocols/APIs and let the community roll their own

[mrgaro]

Often, especially on competitive games, the server is basically a full client, but just without graphics. The server will often run physics simulations etc, so that it can validate that nobody is cheating.

Sure, in some cases you can roll your own server, but often it's impossible.

[account42]

Impossible is too strong of a word.

[throwaway85825]

If the market is big enough licensed libraries will just change their terms.

[dudul]

Is your argument that companies would be forced to obey the laws if they are mandated to open source discontinued games? And it's a... bad thing?

[thombat]

Not OP, but it's more the warning not to underestimate the cost required for compliance, and apprehension of this cost may deter their creation.

[avarun]

Huh? The point is that game developers would never be able to use commercial libraries again. Thus making all development significantly more expensive.

[wsve]

But what commercial software licenses are you using to write backend server architecture for a video game? There's no need for a dependency on FMOD or anything (unless you're doing something very unusual)

[rahkiin]

Big AAA games have access to Unreal or Unity code and they change the code to fit their needs. They are not able to share the Unity/Unreal code

[account42]

They are not able to share that code now because licensing the code in a way that it cannot be shared is currently a viable business model for Unreal and Unity - that would change with the proposed law and the middle ware providers will be forced to adopt different terms if they want to continue existing.

[guelo]

If the bill is properly worded open sourcing the code shouldn't imply that all 3rd party libraries also have to be open sourced.

[mrandish]

> shouldn't imply that all 3rd party libraries also have to be open sourced.

That's a very reasonable way to address the issue of 3rd party licensed IP. I expect something like that will get incorporated into the legislation. In fact, I'm confident it will because well-funded lobbyists will ensure that common sense concern and its very reasonable solution are heard.

Then Electronic Arts and Microsoft will sell their existing server code to newly formed companies (which they happen to own). Then their captive game studios will start releasing new versions where the publicly released "server source code" is five pages of #IfDefs followed by a call to "Start_Totally_3rd_Party_GameServer" in the new library that's not required to be included in the mandated release.

For extra credit, the newly formed 3rd party entity will be incorporated and domiciled in Ireland, Malta or whatever country is currently most tax and currency exchange advantaged. Then the license fees their captive studios have to pay to use the 3rd party library get offshored and tax sheltered - while being large enough amounts to prove this definitely isn't a sham transaction!

To be clear, I don't approve of this myself. In fact, I hate it. But I worked at a high level in a top ten publicly traded tech giant long enough to see how the armies of soul-eating MBAs, lawyers, consultants and lobbyists can subvert anything. Fortunately, only half my soul was eaten and some of it has regrown.

[account42]

It should if it wants to prevent malicious compliance by spinning out essentially the whole server into a "third party" library.

[JoeAltmaier]

AI today may be able to streamline that process.

Have it read and compare the code with what it knows about open source. Many AI engines can also google that and give a comprehensive list of similarities.

Reduces the list of things to check by maybe orders of magnitude and months to days.

[IG_Semmelweiss]

> open source server code if you are going to cease support

> Legal had to verify that there was no licensed library code used and that we had clear, valid copyright to everything there.

I can tell you the other side of that equation. There's no poison pill -short of outright fraud- that will kill an acquisition of a software company, than open source code embedded deep in the product.

I've been in both sides of the table of M&A activity, and in the due dilligence, smart acquirers will always look at the code and libraries in use. If there's anything that even has the hint of open source, that is heavily scrutinized: what is open source by default can't be owned by anyone and if it cannot be owned, it doesn't have IP value.

Most deals that ran into this issue would stop dead in their tracks, and it would take a while to spin back up, that is if the deal went thru at all

[Capricorn2481]

I don't follow. What IP value is there in game server code? I would wager usually none. And I would imagine the amount of games made without open source software somewhere in the stack could be counted on one hand.

Open source is a pretty broad umbrella. I doubt a company would say Slay The Spire 2 was poisoned by Godot and that there's no IP value.

[gmane]

I think you miss how sophisticated some game server code is. Taking fighting games for example: they have entire processes to have both clients predict what the other client will do, and then have the server arbitrate the different client solutions into a "fair" result based on latency, player inputs, etc. There are problems that game servers solve that could have applications in other areas, and have a lot of value.

[meheleventyone]

Fighting games usually run peer to peer either with deterministic lockstep or rollback both of which are managed on the client. For actual gameplay at most there’d be a relay as a server. But almost certainly a bunch of ancillary services to support matchmaking and so on.

[Capricorn2481]

Sure, I didn't say server code wasn't important, but that doesn't make it an IP concern. Not in the way OP was suggesting.

[account42]

Hey I already liked the proposed law, you don't have to keep trying to sell it.