What's So Precious About Bad Software?

David Gerard invites to read Carla Schroeder from Enterprise Networking Planet, who gets down to the real reason why companies want to keep their code proprietary, with examples. Quoting: "We are drowned in tides of twaddle about precious IP, Trade Sekkrits, Sooper Original Algorithms that must not be exposed to eyes of mere mortals, and all manner of silly excuses. But what's the real reason for closed, proprietary code? Embarrassment."

kinda true

[sdedeo]

As a scientist, I write a lot of code to do things that other people have already done. I sometimes think about "releasing" it -- informally, without a license, just on a webpage or something. But it really is embaressment that holds me back -- it's poorly documented, full of hacks, and basically inelegant.

I remember as an undergraduate suggesting to my advisor that I release my (actually rather pretty) code that I wrote to do general relativistic raytracing around neutron stars. His response? "People will not understand your code, they will misuse it, and then they will blame you when it gets them in trouble." You might expect someone who's doing raytracing around compact objects to not be so silly as to do something like that, but I think you'd be mistaken: I know I treat the few publicly available codes in my field (e.g., camb) with great disrespect, bitch all the time, and generally am part of the large community that makes it far more trouble than it's worth for the poor people who worked so hard on it.

Re:kinda true

[irtza]

I agree with your sentiments as well; however, I got over that sense of embarassment. I am not a computer scientist by profession. I write code to accomplish a task I wanted to do. The code is largely funcional, but may break around end cases or often has poor exception handling. Every now and then, I'll go back and clean some code up. I decided that there may be people who are willing to take this code and fix it up, or maybe somebody who can't program is looking for something quick and dirty to do what I have already done. For this reason, I released a substantial number of my programs as a single package on sourceforge. Some functionality is redundant to other projects, some is not.

Heck, I just realized I could recruit people here ;) if they are willing to help.

Re:kinda true

[letxa2000]

But what's the real reason for closed, proprietary code? Embarrassment."

Oh, please. That's got to be the goofiest premise I've seen in a long time.

Code is kept "secret" because the companies, rightly or wrongly, think it gives them a competitive advantage. Heck, some companies should be embarrassed about the appearance of their product, do you really think some suits care about how it looks on the inside? Does Coke keep its formula secret because it's embarrassed or because it wants to make its product harder to copy? Same goes for software.

Heck, many open source products are no beauty to peer into, either. The code is so nasty that the argument of "If you don't like it, you can fix or modify it yourself" is reduced to a smart-ass comment with no real validity. Modify that code? First you have to be able to understand the mess. Unless you've been responsible for the mess from the beginning, or have a lot of time to invest in figuring out the mess, good luck with that.

Re:kinda true

[Maurice]

Years ago I posted the source to a neural net implementation that I did while in school. It was a very simple one with just regular back propagation, and the code was documented with examples. Soon after that I started receiving all kinds of email asking for help with the code from people clearly trying to use it to do their Comp Sci homeworks or projects. I started out with courteous and helpful replies, but at some point people ask questions which really have nothing to do with the software (and more to do with whatever that person is working on) -- to the point where they are wasting your time and you have to cut them off. Then they get annoyed and start insulting you.

Re:kinda true

[Kadin2048]

Code is kept "secret" because the companies, rightly or wrongly, think it gives them a competitive advantage. I'm not saying this is never true, in fact I think it's probably the case more often than not. But at least in some cases, I've known/seen companies who have indicated a willingness to open-source their code -- meaning that they've thought about the competitive aspects and realize that it's not going to hurt, and might help, them -- suddenly drag their feet at the last minute, or spend months or years "preparing" to open-source their code. I think this is directly related to embarrassment over the poor state of their codebase.

I think there's a feeling that in order to open-source something, you have to have it all wrapped up in a neat little bundle, that you can't just take last Tuesday's CVS checkout and dump it onto a web server somewhere as a tarball, even if that's what the community really, really wants. (A dirty tarball today being better than a slick project and a wiki and everything in three years.)

I've actually seen this happen; you can get management on board with the OSS concept in the abstract, but when it comes to actually giving out their code, and they start feeling like it might make them look bad ... suddenly they clam up and come up with excuses. This is most apparent when the code being considered is abandonware or otherwise dead, and the only effect it could possibly have is to hurt a competitor; companies (and individuals) are paranoid of the damage to their reputation that messy code could have, particularly if lots of insecurities or design flaws are exposed.

Re:kinda true

[ratboy666]

Way back... way, way back...

I developed a system that decoded phototypsetting codes, and imaged onto a laserprinter.

I wrote the software using Borland Turbo Pascal, 8087, so it required a math coprocessor. One of the sales reps aquired a 286 laptop that didn't have a socket for a coprocessor, and wanted to demo the software.

I used Borland Turbo C to do a quick hack to emulate the 8087. Worked fine, but I didn't want to support it. Still, it was (somewhat) useful, and I released it as a hack (emul87 on simtel).

Fast forward 8 or 9 years... I got a call from someone claiming to be a "consultant", who had a client using emul87. Apparently, it didn't work on a new machine! And if I didn't fix it RIGHT AWAY, I would be SUED!

Of course I told him to take a flying fuck at a rolling doughnut -- and he went away.

So, this stuff happens. Go figure.

Re:kinda true

[DudeTheMath]

In the field my employer works in, namely, financial software, we are mostly competing with our customers. What we do isn't necessarily hard, but is complex. We've put years of experience into the software. Any of our customers is trying to decide whether to do these calculations in-house or farm it out to us. If our source code was readily available, we'd get a lot of "Thanks, but we've got what we need now!" instead of sales. It's not proprietary algorithms, it's not trade secrets, it's simply the thousands of programmer-hours that have made an intricate piece of software what appears obvious in hindsight. We do occasionally release the source under an NDA for a customer with an odd platform we can't provide some kind of object module for, but that's certainly the exception. We aren't embarrassed by the state of our code; we just want to make sure we're paid for the work.

Re:kinda true

[mcrbids]

I've known/seen companies who have indicated a willingness to open-source their code -- meaning that they've thought about the competitive aspects and realize that it's not going to hurt, and might help, them -- suddenly drag their feet at the last minute, or spend months or years "preparing" to open-source their code. I think this is directly related to embarrassment over the poor state of their codebase.

Yep, here I am. I'm a CTO of a rapidly-growing software company. Our big money maker is a product initially conceived as a "quick project" of a few months' duration and was given similar consideration on design and construction. But it worked! It solved a need at a level that was unanticipated, and now, 4 years later, is satisfying 20x the dataset and 100x the customers originally envisioned.

And it was not originally designed for this level of scale.

So, going from a single, solo software engineer, to several programmers, (and growing fast) and developing a rapidly growing suite of products in a rapidly growing company, the cash-cow project remains, alas, solely in my hands.

Does the product work well? Yes, at least, reasonably well. Users routinely rave about how much time it saves and how it's improved their professional lives. It works well for the problem it solves and the problem is not met effectively by any competitor.

But, the dirty secret is that it's simply inelegant. It's a bunch of not-well-structured code only organized by a sloppy ad-hoc naming convention and riddled with minor bugs that are fixed quickly and distributed well, but shouldn't exist in a better design in the first place.

And, once saddled with the code, Code Inertia takes place and it becomes an exercise in how to move to something more sane while doing the following:

1) Keep the customers happy through multiple upgrades that don't appear any different than original. Introduce features that are obvious just fast enough to make it all seem worthwhile!

2) Keep the additional costs of development inline with "maintenance level". This cuts the rate of improvement, and also increases the amount of inertia accumulated with #1, since #1 is written to the "old way".

3) Improve the codebase enough to provide meaningful results demonstrated to the august powers, (this means ROI) and

4) Clean up the kludge enough to allow for improved pace of future development. You want to get rid of all the uglies, but there are so many since a few of your original, naive assumptions about the problem were simply wrong.

It's a hard row to hoe, and there's a bit of a "loan" being made, where design decisions early on made to shortcut development woes carry a long-term burden, almost like an interest rate. Since the company has passed the million-dollar-a-year stage, arguing about those original decisions is pointless; the only thing to do now is to figure out how to take what you started with and make it do what you need it to do hereafter.

I've been working for over a year on a basic design decision change that will close out lots of badness and produce almost an order of magnitude better data integrity. Since starting the project, we've almost tripled in client base, and yet I won't be done for at least another year, if ever.

I suppose the argument is moot - if I hadn't come up with the original product in time, the whole business would have failed. The company, then on the rocks, would have closed, and it would all be for naught. But, with the compromises made, it can be amazing just how badly inertia sets in.

Moral? Write the best quality code you can within the budget you have. Always. Because you'll live with a significant percentage of whatever you create, and the future costs of change may well be orders of magnitude more than your initial cost of creation. And you'll never quite know what it is that you end up living with.

PS: While it might sound like I'm complaining, I'm not! I'm living the dr

Two reasons...

[Kjella]

1. What others don't know, won't hurt you. Any improperties in the code, any patents violated, any sarcastic remarks in the source - if you don't release source, they won't see it.
2. If you can't see it, you can't take it. Most companies would like to get paid, and the honor system is short on honor. One thing is corporate software - but are you really going to go into people's houses and see if they have a pirated version of Photoshop? Not going to happen, so they design up all sort of serial numbers and activation and whatnot that's incompatible with showing source - you'd just comment out those bits.

Re:Two reasons...

[ShatteredArm]

I think #2 would be the major reason here. It's not just to hide "bad code". Why would you put all kinds of money and resources into your work, just to have someone else take it and profit off it after just a few tweaks? It's like asking, "Why doesn't Coca-Cola release their secret recipe?" Is it because it's bad?

Re:Two reasons...

[Unoti]

What's stopping them from compiling the important our-eyes-only stuff into an executable and putting the rest of the magic in a library which is released?

More improtantly, what's there to motivate them to do that? It's extra work for development, extra work for support, longer time to market, more risk of malfunction compared to just writing the code naturally. And what's the benefit? If I were managing a programming that wanted to do that, I'd ask him what the benefit is for this extra work and complexity, and if he didn't have an answer, I'd tell him to focus on what's important and get this product out the door without goofing off.

It goes back too...

[iknownuttin]

American Airlines and their Sabre booking software. AA had a tech edge back in the 70's with their software. Other airlines actually rented, not licensed, AA's software.

In a nutshell, I think corps think that their software is soooo competitively important, that they don't want to release it - regardless of how bad it is.

Re:It goes back too...

[darkmeridian]

Sabre was crucial technology that kept AA at the head of the pack. The system was quick and assigned the quickest available flight to each passnger. Sabre began as a military system for assigning interceptors to incoming targets, but there was clearly an application to assigning passengers to planes. Sabre eventually got spun off into its own company. Travelocity is based on SABRE technology.

Another reason for secrecy is that SABRE was used to manipulate rankings to favor American Airlines flights over others. This eventually got outlawed by the federal government as unfair competition.

Often companies can't release it for legal reasons

[AaronW]

A lot of software contains proprietary libraries or other pieces of software provided by 3rd parties, which they are not allowed to distribute. It can be a huge job to strip or re-write those libraries, like what Sun had to do with Solaris, and if it's old software, it just isn't worth their time.

Obvious?

[dracocat]

Well, we invested a lot of money and resources to get the product written so that we could make money from it.

If we publish it and another companies takes it and uses it to make a competing product we will make less money.

Do we need another reason?

Intellectual bugs

Having worked for a large stupid company, this really rings true. We were a startup with a product that did X. A big famous large stupid company bought us and said, ok, we want this HUGE thing Y that does this and does this and does this and does this- and it has to be built on X (because it was "prestigious", although it did NOTHING similar) and totally integrated with it and the Y data types have to be completely intermingled with X data types so you can transfer objects from the context of X to the context of Y seamlessly. (I have to change details to protect the guilty, but imagine that X was a raytracer, and Y was a vote counting system.)

So we basically spent a year fucking up X into a conglomerate X-Y system, and ended up doing all sorts of horrible things to get it done on time ("fooling" old code, etc.) And I found out for myself how disheartening it is to be ordered to do something hopeless that makes no sense. Meanwhile we discovered that the sales guys had been running around for months promising a system that did X and Z, and that it would be ready next month. They called a meeting. (This is one thing they were good at- scheduling meetings.) They said we need to combine X, and this "Z" we've been promising, into one product. (Z would be a missile guidance system.) X was "prestigious", Z was the hot new thing, and Y was going out of style (denoted henceforth as "y", lower case). Only two customers used y, but they were IMPORTANT ACCOUNTS.

So there's a panic where everyone is trying to convert X-Y to X-y-Z (something nobody in their right mind would want), in the absence of any specifications at all. ("You guys are smart! Tell us what we want it to do!") And it's getting nowhere and bugs are starting to appear in X and people are using old versions like with XP and Vista. So much time passes that we could have written Y from scratch and Z from scratch without fucking up X at all. (I'm simplifying things somewhat, because I ran out of letters- there were a few more after Z.)

Right in the middle of it all, they pulled everyone into a meeting with patent lawyers and demanded that each of us produce a list of all the intellectual property in the application. The top 20 most patentable things.

What do you write? "System and method to cope with your incompetence?" I shudder to think that they might have filed a patent that prevented someone from doing something worthwhile, but I doubt they found anything they did that anyone would ever want to repeat.

Look at the losers and you'll see ... losers

[kscguru]

This blogger did something quite insidious and quite stupid: she chose only examples that support her claim. Let's look at all her ugly/evil/l3me closed-source whipping boys: Diebold The poster child for make-a-buck quick. Diebold saw a "need" for electronic voting software, lobbied a few politicians to get sweetheart deals, and came up with substandard, shoddy software. Same moral as always: you get what you pay for, and the gov't paid for the lowest bidder. Samsung's Linux rootkit So Samsung wrote some truly crappy Linux drivers? Well, Samsung's printer driver looks like it was written by a college intern on his first assignment - which probably means it was written by a college intern on his first assignment. Do you really thing Samsung is going to assign their best developers to writing a Linux driver, especially when Linux folks will just reverse-engineer it anyway because they don't like something about it? No, Samsung is going to give the project to the lowest-level code monkey they can find. OF COURSE the code looks crappy. BIOSes Did you know there are exactly two major BIOS vendors out there? That there are no more than a hundred or so professional BIOS developers in the world? Yet there are more copies of BIOS software out there than Windows; everybody expects BIOS to support new whiz-bang features (boot from USB, PXE boot, boot device ordering, processor errata, microcode updates). There simply aren't enough people to make BIOS code look good. BIOS programming is hard - harder than writing a kernel. It's understaffed, and the code quality shows. You think BIOS vendors stick with BIOS because they want lock-in? Ha. How about they don't have enough people to create a replacement, they are too busy patching up last year's code with this year's features. Netscape Yup, the Netscape codebase is an ugly mess. You'd think they implemented features without planning months ahead, almost like they were competing with some other major web browser ... the Netscape mess is a result of competition. I know enough former Netscape engineers to know they don't write crappy code. But when your schedule gets cut from 1 year to 3 months to compete with Redmond, crap will result. Remember, Open Source has the luxury of not having schedule competition - if a company delivers a feature late, developers will find themselves out of a job. StarOffice/OpenOffice Isn't the revisionist history here fun? Do you really think Sun was proud of the StarOffice codebase? No, Sun released it because the Open Source community begged for it (and Sun was the most likely to give in), and Sun wanted an office suite competitor to have SOMETHING to start from. No one ever claimed StarOffice code was any good; the only claim here is that StarOffice was better than nothing. You think Sun's best engineers worked on StarOffice? No, they worked on Solaris and Java. (With apologies to anyone who did work on StarOffice.)

So... we look at five projects that have every right to contain crappy code, and therefore conclude that companies keep code closed to hide crappy code? Pick crap and you will see crap. How about some successful projects: Microsoft Windows (kernel), Adobe Photoshop, VMware?

Different Approaches

[quo_vadis]

Another thing to consider is the fundamentally different mentalities the two camps (open source vs closed source) have. For closed source, all that matters is shipping a working product. So what if it breaks if you have more than 4GB of RAM or your directory naming convention must be exactly so. The open source approach on the other hand tends to be we wont call our product done till the code is perfectly optimized for all systems from a VAX to a Blue Gene. Also, one must consider that individuals and companies are at different ends of the spectrum when it comes to reasons why they have not released code. For individuals, there is personal criticism from programmers about their code. But, one has to keep in mind that not all individuals are programmers. If a recent physics PhD chooses to release the code he used to process output of his high energy particle physics simulations for his thesis, he would be heaped with scorn for spaghetti code despite the fact the code accomplished its primary purpose (get enough data to get the guy his degree) and did it in a reasonable time frame. For companies, there is simply a strong sense of possessiveness. They are loath to give away anything; including code for products they dont use or support anymore.

Ridiculous article.

[rjh]

The proposition here is "upper management knows the code is a mess and is embarrassed by it, so they insist on keeping the code closed."

Who here thinks upper management knows what code looks like, at all? Not bad code, not good code, but code, period. Does anyone really believe that the executives who make policy decisions about whether to release code are in any way qualified to comment on code aesthetics?

Hell, I think most programmers are unqualified to comment on code aesthetics. For a lot of people, programming is just the daily grind. People who actually put their heart and soul into crafting a piece of mathematical art are very rare. So if management can't recognize good code and an awful lot of the IT department is apathetic to good code, how is it possible that the decisionmakers know enough to be embarrassed by the code?

And if we can realize this in just ten seconds of thinking, why didn't Schroeder think of it herself?

As near as I can tell, the reason why companies like closed source is very simple: it preserves the asymmetry of information necessary for their bottom line. A free market depends on both parties knowing the product being bought and sold. When you buy a new car, you can read Consumer Reports, you can read Car and Driver, you can read any of a dozen specialist automotive rags that will tell you in excruciating detail what a certain car's dual overhead cam configuration means in context of their competitor's choice for a single overhead cam. The buyer has complete access to information, and that puts the buyer in a position of strength.

Asymmetric information, where the seller knows far more than the buyer, puts the buyer in a position of weakness. If the product is a black box, then you can't really get an informed independent critique; you have to instead rely on the claims of the people selling the product. Which is great, as long as you're the seller.

Re:Can't help but agree

> There used to be an Obfuscated Perl Contest

I've always wondered how they get the acronym "CPAN" from that. :-)

Re:Don't forget NIH syndrome

[fyngyrz]

It it were only happening with B-trees. I have seen projects that even ignored libc, and had their on memory management, special logging and tracing routines

We have our own memory management; we do it because it allows us to ensure that there are no memory leaks, anywhere, ever. We have our own linked list management because it is a fraction of the size of the alternatives and does exactly what we need. We have our own file dialogs (and treeview dialog logic) because the OS offerings were buggy for almost a decade. We have our own JPEG routines because we need to load all manner of proprietary and oddball JPEGs. We have our own tree structure code for our ray tracer, particle systems and so on because we can make really big trees and unless we control the memory allocation, the tree becomes too fragmented in memory for it to be handled efficiently. I could go on like this for quite a while. In short, though, there are some very good reasons to skip over the canned solutions. And that's assuming that the canned solutions work perfectly, as described.

When one of your operating platforms is Windows, you either learn to do for yourself or you end up with a buggy application, because Windows itself is prone to long term unfixed (and sometimes unfixable) problems. Write your own code and you can eliminate the problems. That's a pretty strong motivation.

Code in libc may be hard to beat when it comes to doing what that code does; but who is to say you need exactly what libc offers? Memory management is a good example. We require firewalled memory boundaries, cumulative usage tracking by routines and by blocks of routines, named memory groups, live overrun detection, dead pointer detection, real-time and post-run logging. And the code has to be really, really good... if there's a bug, we can't wait for the libc maintainer(s) to fix it. With these kinds of needs, pretty soon you end up writing code. It's pretty straightforward, really.

There's a competitive advantage, too. If a bug is found, your turnaround time can be measured in hours if it is in your own code. For every bug that turns out to be a consequence of an OS or otherwise "not your code" library, bugfixes are much more likely to take longer or simply be impossible. Example? We can process streams of image frames. MS's file dialog let you select many files at once. Seems like a natural fit, right? Click on one file, shift click on another, you've got a block, we should process them. Winner! Well, yeah. But.

If you selected more than about 100 files, MS's file dialog would fail to properly terminate the returned file names, and cut off the last one arbitrarily. Leading to all manner of things, not the least of which was not the behavior that the user was trying to achieve. But wait, there's more! Unless the customer, completely unintuitively, selected the last file first and the first file last, the files would be provided to us by the OS out of order. So? (I hear you thinking.) Just process them in the other order, right? Well, yeah, but the first file in the list we got would be mangled in the natural order. And besides, it wasn't the first one the user selected, just a mangled file name somewhere around number 100 or so. What a mess.

We complained to MS for years about these things without result, until I had simply had enough and wrote our own file dialog. End of problem. Now it just works. Plus, since I was writing it anyway, I did it so the file dialog offers tree views, thumbnails, properties, regular expressions, file management, clipboard tricks, you name it.

No, it wasn't perfect first time out the door, but within a few weeks of release, the customers had ferreted out the weak points and they were all fixed and the working application was back in the customer's hands. I haven't seen a bug report on the file dialog in years now. But if I do... I'll put that bitch down like a KKK'er at an MLK rally.

It isn't wasn