Comment by georgeecollins
25 days ago
It seems like the fair solution to this problem is to open source server code if you are going to cease support for an online game. That way the community has the opportunity to run their own servers if they want to.
I also really support giving 60 day notice if an online game is going to shut down. Places I have worked have had policies like that for games they are sun setting and I think the best game publishers think a lot about how to do that operation. It's not simple, because if people think a game is going away their behavior changes. And nothing sucks like buying online content for a game right before it shuts down. No matter what you do people will tell you they didn't know the game was shutting down. And if you give away content that you previously sold that also sometimes angers the community.
The problem is when companies know a game isn't working they tend to want to shut it down right away because the money they spend keeping it up is never coming back. And maybe the company is going to die too. So I do support a law for a 60 day notice.
> open source server code if you are going to cease support
When I was a senior exec at a big public tech company, there was a product we decided to discontinue and we thought would be nice to just open source. Somehow I ended up in charge of managing that process and was shocked at how complex, time-consuming and expensive it was in a multi-billion dollar, publicly-traded corp vs some code my friends and I wrote.
Legal had to verify that there was no licensed library code used and that we had clear, valid copyright to everything there. The project had been written over several years, merged with a project we'd acquired with a startup, some key people weren't around any more, the source control had transitioned across multiple platforms, etc. And even once we nailed all that down sufficiently, we didn't get an "all clear" from legal, we just got a formal legal opinion that any liability was probably under $1M. And then we had to convince an SVP to endorse that assumption of $1M potential liability and make a business case for approval to the CEO.
For a public company, the default assumption for any online game would be "the server side code WILL be open sourced" (under threat of prosecution). That means legal would mandate "No commercially licensed libraries can be used, any open source libraries will have to be vetted to ensure the license is compatible and everything else will need to pass IP and compliance audit." That will certainly have an impact on development time frames and economics.
That’s exactly the benefit of a law - it’s a forcing measure to require businesses to invest in processes to understand open sourcing, and to go forward when otherwise no one would make a business case for approval.
And makes it more expensive. There is the seen benefit and then the unseen cost. Every game released will have to account for the possibility of it, and will create issues for people who really didn't want those issues. After awhile people will forget there are associated issues and costs, but they will still be there.
54 replies →
Yes, an many indie devs will not be able to clear it.
Seems like it would it would put smaller developers in a bind / limit what games even bother with server side systems.
Of course, it would also create a demand for open-source game server libraries, which would surely appear after a while and make the whole process much easier.
So while I believe you about all those difficulties existing today, it's plausible that they would mostly fade away over time. I think temporary growing pains would be an acceptable price for the significant long-term public benefit.
Unreal is open access but not open source.
1 reply →
This difficulty has been greatly reduced by git. With git, you can have the complete provenance of every line of code.
Git has ended the accusations people have leveled at me for code theft. (I beat them all back because I had meticulous documentation and the accusers always had nothing. Git just made that easy.)
For my work, Git (and Github) have been a godsend.
Nah, you just open source it in a broken state without anything that had separate licensing, so nobody is happy and the law is followed.
This would be a way better outcome than the current default. I've even seen this suggested before [1].
If game-specific logic is not public, information needed for reverse engineering could be completely missing, but if game-specific logic is available plus the names of the missing libraries, reconstruction of the game should be possible eventually.
[1] https://drewdevault.com/blog/Open-sourcing-video-games/ (See "What if I don’t completely own my game?")
1 reply →
> so nobody is happy and the law is followed.
An outcome so common they invented a word for it: https://en.wikipedia.org/wiki/Malicious_compliance
This is already common with source releases for games and it is much much much better than no source release at all. A lot of the proprietary middle ware ends up being not that hard to replace after all.
The final phase of Symbian OS was becoming the open-source Symbian Foundation. This required the existing codebase, hundreds of thousands of files, to be categorised properly (mostly homegrown, some acquired, some licensed) and where necessary restructured so that each directory only had one kind. Painful, exacting, tedious archaeology which all-but-froze development for weeks. Like a long-deferred merge, the cost to pay for belatedly resolving a mess of licenses is daunting.
Only retroactively.
To be fair, it was in a time and age where BOM was not that common. I am assuming nowadays, with BOMs being in place, the process should be much easier.
BOMs are used when they're legally required or if the company has a sufficiently mature cyber security stance, but those both tend to focus mostly on shipped client code versus server-onlt code. Usually you end up with a highly fragmented set out different "BOMs" that are only present as language-specific lock files for the proteins of code that support it.
Lots of games are written in C++ to this day for example so they can eek out every bit of possible performance no matter the trickery required. I would presume this extends to server side of MMOs etc too. C++ has no standard build system even, it's sort of settled on CMake mostly, which has minimal native (working) support for dependencies even, let alone lock files and/or BOMs.
More likely, those commercially licensed libraries will wind up needing to adjust their terms to allow for this kind of release.
(Also, legal will basically never give an 'all clear'. That's not their job, their job is to inform you of the risks, and so it's extremely rare that they will not come up with some)
> Legal had to verify that there was no licensed library code used
Your company did not tracked libraries licenses in the first place?
Consider that there might be a difference between knowing which licensed libraries you used and verifying that your usage of them fully complied with the current license terms when releasing the source code. For example, licensing a library for binary distribution might not cover releasing a copy of a header file, modified copy of something you got from support before a bug fix made it into a release, some random utilities used for preprocessing data, etc. even though for years your developers might not have made the distinction because it wasn’t open source when they were actively working on it.
4 replies →
Historically, the game industry often enough wasn't even able to track the final source code of their past releases.
That is already the case in enterprise projects for many years now.
Since around 2010, that in most projects I am involved, the CI/CD pipelines can only talk to internal repos with vetted dependencies.
You can still do whatever locally, however the build will break when using non authorised dependencies.
> That will certainly have an impact on development time frames and economics.
I don't think there would be much of an impact long term as third party frameworks would be forced to adapt their licensing or die. It's not like years old source code is really as valuable as some companies pretend.
A lot of the pain you experienced is mainly due to making the decision to open source after the code was already written rather than from the start - its really no different than any other late requirements change.
I’m curious if you think the law would cause companies to keep better track of these things as development happens. If there was tracking for all the shared libraries from the get go, I’m guessing it would have been an easier transition?
Better to just publish the protocols/APIs and let the community roll their own
Often, especially on competitive games, the server is basically a full client, but just without graphics. The server will often run physics simulations etc, so that it can validate that nobody is cheating.
Sure, in some cases you can roll your own server, but often it's impossible.
1 reply →
If the market is big enough licensed libraries will just change their terms.
Is your argument that companies would be forced to obey the laws if they are mandated to open source discontinued games? And it's a... bad thing?
Not OP, but it's more the warning not to underestimate the cost required for compliance, and apprehension of this cost may deter their creation.
Huh? The point is that game developers would never be able to use commercial libraries again. Thus making all development significantly more expensive.
3 replies →
If the bill is properly worded open sourcing the code shouldn't imply that all 3rd party libraries also have to be open sourced.
> shouldn't imply that all 3rd party libraries also have to be open sourced.
That's a very reasonable way to address the issue of 3rd party licensed IP. I expect something like that will get incorporated into the legislation. In fact, I'm confident it will because well-funded lobbyists will ensure that common sense concern and its very reasonable solution are heard.
Then Electronic Arts and Microsoft will sell their existing server code to newly formed companies (which they happen to own). Then their captive game studios will start releasing new versions where the publicly released "server source code" is five pages of #IfDefs followed by a call to "Start_Totally_3rd_Party_GameServer" in the new library that's not required to be included in the mandated release.
For extra credit, the newly formed 3rd party entity will be incorporated and domiciled in Ireland, Malta or whatever country is currently most tax and currency exchange advantaged. Then the license fees their captive studios have to pay to use the 3rd party library get offshored and tax sheltered - while being large enough amounts to prove this definitely isn't a sham transaction!
To be clear, I don't approve of this myself. In fact, I hate it. But I worked at a high level in a top ten publicly traded tech giant long enough to see how the armies of soul-eating MBAs, lawyers, consultants and lobbyists can subvert anything. Fortunately, only half my soul was eaten and some of it has regrown.
It should if it wants to prevent malicious compliance by spinning out essentially the whole server into a "third party" library.
AI today may be able to streamline that process.
Have it read and compare the code with what it knows about open source. Many AI engines can also google that and give a comprehensive list of similarities.
Reduces the list of things to check by maybe orders of magnitude and months to days.
> open source server code if you are going to cease support
> Legal had to verify that there was no licensed library code used and that we had clear, valid copyright to everything there.
I can tell you the other side of that equation. There's no poison pill -short of outright fraud- that will kill an acquisition of a software company, than open source code embedded deep in the product.
I've been in both sides of the table of M&A activity, and in the due dilligence, smart acquirers will always look at the code and libraries in use. If there's anything that even has the hint of open source, that is heavily scrutinized: what is open source by default can't be owned by anyone and if it cannot be owned, it doesn't have IP value.
Most deals that ran into this issue would stop dead in their tracks, and it would take a while to spin back up, that is if the deal went thru at all
I don't follow. What IP value is there in game server code? I would wager usually none. And I would imagine the amount of games made without open source software somewhere in the stack could be counted on one hand.
Open source is a pretty broad umbrella. I doubt a company would say Slay The Spire 2 was poisoned by Godot and that there's no IP value.
3 replies →
Hey I already liked the proposed law, you don't have to keep trying to sell it.
It doesn't need to be open source, you only need to provide server binaries to download. This was the standard until circa 2010. People were able to host dedicated servers themselves.
That would be an improvement over nothing, but closed-source means that the game is still going to die as soon as someone finds a security vulnerability (or even just a gameplay glitch) that can't be feasibly patched.
Imagine an MMO where special text in the chat causes viewers' clients to crash, or a glitch exists to duplicate items or money, or where anybody can crash the server to run arbitrary commands.
I play SubSpace (a MMO spaceship game released in the 90s) to this day. It was shut down soon after release.
The original server binaries were left on the original CDROM by a programmer.
Then PriitK, a creator of Kazaa and then Skype and Joost!, went on to re-create the client due to cheating/hacking, naming it Continuum.
Years later the server is reimplemented as A Small Subspace Server (ASSS), making it a complete fan remake of the original game (sans graphics). This is also when we finally got server side mods, everything before that was client only or a hack.
We even got on Stream Greenlight.
https://store.steampowered.com/app/352700/Subspace_Continuum...
3 replies →
That implies the community that builds around it would not reverse engineer and remake the binaries. Which many already do (to be fair), it just so happens that it's way, way harder when the servers are entirely gone already for a game and you have no way to capture server/client traffic for example. Even if the binaries are flawed, just having those in there and being able to spin up a server to see the packet flow already greatly helps in preservation, much more if you have the binary itself and can also peek at server logic for certain things like conflict resolution, instead of having to guess post-game-shutdown!
> Imagine an MMO where special text in the chat causes viewers' clients to crash, or a glitch exists to duplicate items or money, or where anybody can crash the server to run arbitrary commands.
No need to imagine. Pretty much all of that (minus the last part) happened in Amazon’s New World MMO in the first few weeks.
Though I wouldn’t be surprised if the last part did happen and we just didn’t know about it.
Modern Warfare 2 and 3 have an unpatched RCE. Still available on Steam.
1 reply →
> That would be an improvement over nothing, but closed-source means that the game is still going to die as soon as someone finds a security vulnerability (or even just a gameplay glitch) that can't be feasibly patched.
No, it just means you need need to limit players to a trusted community - but that is usually how things work anyway because malicious players don't need any exploits to make a game unfun.
Having a working implementation means that you have the means to re-make/re-build it from scratch. People are resourceful and would make a implementation without such limitations. Companies on the other hand after years of known vulnerabilities and still selling the game haven't fixed yet:
https://techcrunch.com/2023/02/28/gamers-are-fixing-a-video-...
So then you just only play it with trusted friends. It's still better than the current situation
Although I get the idea of providing server binaries but if one has to absolutely do it, then provide great modding efforts behind it.
But I have found that the greatest modding efforts/community can be generated by open source. Balatro for example is easily modified in the sense that although it might not be open source but iirc its lua files are visible.
There are other games as well which have something similar imo although that being said its possible to create modding efforts without open source in general too with say something like for example old versions of counter strike.
Personally I would prefer open source though if its possible but I understand that some game studious might be worried about it but I don't quite understand it if they are shutting down the game anyway though. I think that @mjr00's comments are nice about third party library etc. which cause issues in open sourcing so its good to have a discussion about that too (imo)
I want to host a closed search server that's not being updated on today's internet. It might be good enough for home use, but definitely not if I want my friends to connect.
For playing with your friends you can use a VPN to not expose the potentially dangerous server to the wider internet. And sandbox both server and client as much as you feel needed depending on the value of "friend".
Closed source binaries rot.
It would like a month to the community to figure out the APIs and few years to decompile it... If they really want to.
1 reply →
No worse than the closed source binaries of the games themselves, surely.
GOG has a whole business around making old closed source binaries run
1 reply →
I run a lot of closed sourced binaries that are over 30 years old.
False. Expectations and environments change, but if you choose to you can also keep those constant.
> It seems like the fair solution to this problem is to open source server code if you are going to cease support for an online game. That way the community has the opportunity to run their own servers if they want to.
It's nice in theory, but in practice many (most?) games are using middleware they don't have the rights to redistribute as open source. IIRC when the source code for Doom, the first major commercial game that went open source, originally came out, it had all of the sound code removed because it was dependent on a third party library. Not that you're going to have sound code in a server, but you may be using third party libraries for networking, replays, anti-cheat, etc.
If bills like this pass there'd be financial pressure for middleware providers to either license under terms that allow distribution at the game's end-of-life, or allow their middleware to be easily severed while still leaving the game playable - else they'd lose out on all customers selling games in California/EU/etc.
Which is also a nice side effect to reduce intellectual property barriers for developers that do already want to distribute their server or source code.
This has an easy solution. If the middleware cannot be used in a new regulatory environment then it will either die or adapt.
Sometimes the easy solution isn't easy for all sides or even realistic. "Fuck the publishers" is easy but not going to get a lot of publisher buy in.
We all agree there is a foolproof method to fixing all bugs - delete all the code.
We also all probably agree that isn't the optimal balance.
3 replies →
This is not the only possible outcome. Another approach would be not to offer software within the affected region. U.S. local news is often not available to European visitors now due to GDPR. Similarly, Canadian news outlets are not available on Facebook due to Bill C-18. If I was an indie game developer I would consider this approach and simply avoid selling within California.
Larger game studios would likely adjust as you say. However they too could adjust in such a way that they only offer subscriptions within California as that appears to exempt them from this rule. Many outcomes are possible beyond simply adjusting to the legislation in the way you are suggesting.
2 replies →
Then don't. People will find a way to replace those.
So?
A) This state is not inherent but a result of there being no general requirement to release the sources. Middle ware would use different licenses if that was required to have any customers.
B) Omitting the sound code did not stop the community from releasing source ports based on that release, with sound of course.
> That way the community has the opportunity to run their own servers if they want to.
That might be fine for very small titles - where the "game server" is a relatively simple binary that can be run anywhere. Larger titles depend on a huge amount of infrastructure, for authentication, progression, matchmaking, etc... It's not feasible to open-source all of that, especially given that it may well still be in use for more recent titles.
> It's not feasible to open-source all of that, especially given that it may well still be in use for more recent titles
If they're still running their authentication server (for example), then they wouldn't need to release that service.
Patching the game to no longer contact the authentication server would also be acceptable, for services that aren't a core part of the game. It's pretty likely the game already allows this for development/debugging.
If they've accepted money from people to buy the game, and don't want to keep the authentication service running, and don't want to patch the game to no longer require the authentication service, and don't want to refund people, and don't want to release the authentication service so others can run it - I think it's fair for a regulation to force one of those.
So do games just have to have a perpetual endowment to fund any shared component costs? This seems like a logical conclusion. You wouldn't get scalability from reuse (e.g. reusing an auth library).
Or what's likely cheaper is budgeting for that patch in the game.
You may bemoan "oh they just don't want to release the auth service", but it functionally shuffles the cost math.
I'd personally rather the 5% cheaper games than trying to play a multiplayer only game 20 years later wtih 6 people on the server.
3 replies →
Plenty of games (especially MMOs) have lots of gameplay logic in the server. In many cases that is intertwined with the rest of the intrastructure, like databases, logging, deployment or even subscription services. Lots of games simply wouldn’t be functional without the publisher’s infrastructure.
Of course that is regrettable and could be changed, but it would require a significant change in incentives.
Authentication is an interesting example - it sounds like might be the easiest component to remove. But without authentication, you don't have identity. And without identity you have no viable notion of accounts - and without accounts you don't have persistence, entitlements, progression, achievements, or any of the meta aspects that are deeply entwined with modern games. Not to mention how extensively identity ties into Matchmaking - another fairly complex backend service.
This legislation might be more persuasive if it were tied to a reasonable time limit, but I don't see anything of that nature in the text. An obligation to support or refund customers that lasts for a fair timespan (ie. preventing rugpulls) is far less onerous than an obligation to release your code to satisfy someone's nostalgia.
1 reply →
Excuses. If there is a legal requirement you can watch all those concerns evaporate away.
Game engines/code aren't all open source. The game developer might not have the legal rights to release the source.
Also, does this stop at games? Why not any online service ever? Why not any program at all?
Gaming might be unique in the sense that it's the only industry where 1) consumers make a one-time purchase of a product, but then 2) the manufacturer remains responsible for the online component.. forever? I can't think of any other examples in real life where this happens across an industry (maybe a few niche products).
Maybe this is the reason MS has been pushing Game Pass so hard, to get rid of the "purchase" part entirely.
Well I don't want the company I bought the game from to be completely in charge of the online component. If it helps them make more money then good for them but they need a winddown plan.
Any company that willfully chains a device to their cloud platform in such a way should get the same treatment, whether the cloud offering is free as in beer or paid. It's happening a lot more than you might think.
2 replies →
> I can't think of any other examples in real life where this happens across an industry
Vehicles? Maybe not necessarily forever, but I'd expect the large car manufacturers to all still have some level of support for a 20-year-old car...
3 replies →
Amazon just ended support for older Kindles. Not sure how that's any different.
It's more like it's the only software industry that still has a relevant amount of non-subscription based one time sales. I guess this will be the end of that.
1 reply →
Am I the only one who remembers that multiplayer was just peer to peer? Like we had multiplayer before every studio decided they wanted to host their own servers, it was just what the guy with broadband in the neighborhood ran or something my ISP provided.
The issue is nobody gets that option if the ability to run a server is made unavailable to the public.
An online service requires the continual investment in the costs required to run the service and comes with the expectation that the service happening on someone else's computer could cease to exist the second you stop paying or at the end of the current contract cycle.
A game although specified as a license is treated and described as a purchase that is expected to work forever on the end users device so long as it fits the specs.
I wonder where the 'extents' of the game product/service you buy can be defined. I could foresee a game client/server/toolkit like Bioware's Neverwinter Nights being released but as a barebones legally compliant framework that lets you play. Then on the other side of the line they have an optional online service that provides a scenario to play in (running the same server the public has), if that service goes away the game still works, just as buying a load of D&D kits doesn't give you a DM to run games in perpetuity. As another example, there's a lot of servers for games like Counter-strike where the experience and how it runs the gameplay is modded server-side only.
1 reply →
> The game developer might not have the legal rights to release the source.
Then the game developer/publisher should choose to use another technology or be ready to replace that piece when game reaches EOL. If no game developer can use that technology, the vendor will end up loosing a lot of sales. They can then decide if more permissive license would make sense.
It's just going to push all multiplayer games to be sold as a service. The users will get used to this because they basically already are used to it for every other piece of software.
There is basically zero chance that when given the choice between "structure billing as a service" vs "rewrite everything and open source it" that they will choose open source.
Guarantee X years of server time from launch. If you shut down early, pro rated refund and open source server code. After the launch window, close server with no penalty if desired, but just still open source code. Or keep server open if it's profitable. Or some other option.
The specifics can be hammered out, but something middle ground seems sensible.
When the 6 person startup I worked for shut down, the founders spent a few months of their own time to open source the product because people still liked it, they just didn't wanna pay for it.
So people were allowed to selfhost.
Of course this probably doesn't scale or work for every company but I thought it was nice to see.
Based on comments below the solution is to make the API public and publish the architecture design, along with the binaries.
This way the company can avoid spending too much money on open sourcing the code, and the community can just rewrite the server while keeping the original binaries running.
Many developers with good will actually tried that and gave up due to lots of problems. This is not just bad ROI but also a legal minefield. Engineers usually cannot argue against this kind of risks. Enforcing this will unlikely work in higher courts. Though something like open sourcing protocols for server reimplementation may have some chances.
While I see problems in the law but the spirit is reasonable. We need to push toward this direction. At least there should be difficult economical trade-off for publishers when they decide to shut down the game. Nowadays, some random executive just takes look into some excel, see some games have declining revenue and decides to "simplify the business" without much thoughts. This has to stop.
> It seems like the fair solution to this problem is to open source server code if you are going to cease support for an online game. That way the community has the opportunity to run their own servers if they want to.
Said this in another comment: In case a company or new management wants to renew an IP, maybe there should be a waiting period like 1-5 years before they are legally required to release/open-source the server code.
Or how about this: what if, in order to launch a new online-only game in the first place, companies have to submit a copy of the source code as it is on launch day, to the courts or wherever. Then the courts could release it if the game hasn't been active for N years...
I think this is a more desirable solution for customers than a refund anyway--if I like a game, I don't want my $60 back in exchange for never being able to play it again. I just want to keep playing it.
Yes, the $60 is nothing compared to your time investment into a game you like.
> It seems like the fair solution to this problem is to open source server code if you are going to cease support for an online game. That way the community has the opportunity to run their own servers if they want to.
For a number of reasons (licensing issues, code being lost, etc.) this will only work if source code must be escrowed long before that time.
Just make it a literal crime for corporations to interfere with community work on games they don't care about supporting. The problem will take care of itself. People are more than willing to put in the work themselves, it's just that hateful corporations will send them cease and desist letters if not actual lawsuits.
This doesn't make sense. The developers should only be obligated to provide a dedicated server plus an in-game server browser that supports a standardized service discovery protocol. The players must figure out themselves how to run the software on their computer.
> open source server code
No, and requiring this will likely give the opposition counter points.
You don't need the source code at all. You only need the ability to run the server yourself.