Not assurances that if they meet their funding goal they'll open source. Not a pinky promise to open source in the future. Not magnanimous decision by upper management to open source if the business fails.
It's open sourcing from the outset so that people who invest in their technology can be assured they've fulfilled their promise to the community.
Pay for products that produce open source software and hardware. Pay artists that put out libre/free work. Demand projects that ask for money and "will open source in the future" open source now before taking your money.
In my view, finger wagging at corporate entities not open sourcing their products after end-of-life amounts to posturing.
This is the most important part. The markets can be shifted in our favor if the consumers unite and vote with our wallets. Even the biggest MNCs can't resist the demands by a united consumer front. Well known brands have been disappeared after they offended their customer base.
This is very difficult in practice, but not impossible. It will need a cultural shift among consumers and that will need a lot of grassroots work by a group of dedicated individuals. But it has been done before - for example, consider the role FSF played in making free software so common. To begin with, consumers have to be taught to believe in and rely on our collective bargaining power, instead of reluctantly accepting exploitative corporate bs. The next will be to take smart decisions on each product. Obviously, only a small group within the society would know what is harmful and what we really need. We should develop a culture where the concerns and recommendations of the subject experts are quickly disseminated among the larger consumer community.
I know the above sounds too ambitious. But it's not nearly the hardest goal anyone has achieved through sheer will. Whenever I raise this point in relation to any specific topic on HN, someone always replies with a cynical, dismissive and defeatist take, often arguing that the consumer-hostile product has the 'market demand'. They rarely address the market manipulation that the manufacturers resort to, and the fact that those poor product choices are the result of missing consumer vigilance. Besides it's easy to sound smart by scoffing at someone else's suggestions. But it takes hard work to make a positive impact on society with an original idea.
This has to be legally enforced to turn around.
This is very naive. "We can solve the climate emergency if the consumers unite and stop living the way they live", sure. But obviously the consumers don't do that, even knowing that their children will die because of it.
> We can solve the climate emergency if the consumers unite and stop living the way they live
This is wrong in two ways. The first is that it is a strawman. The consumers are the biggest emitters. The big corporations, militaries and billionaires are. Second, we did solve a related problem with market pressure - the stratospheric ozone depletion and the ozone hole.
Again as I said before, it's easy to call it naive or scoff at it any number of ways. But people have achieved much harder goals. And that takes a lot of skill and effort.
If you think that the ozone problem was remotely of the same level of difficulty as climate change, then you don't understand the problem.
> But people have achieved much harder goals.
There is no much harder goal than surviving on Earth, and we are measurably not only completely failing, but we keep accelerating in the wrong direction! We are making it worse, faster everyday.
Ozone depletion too was a global problem that needed international coordination to solve. But the reason why it was solved while the climate change crisis wasn't, isn't the 'level of difficulty' you're referring to. It's the perverse economic incentives behind the centralized fossil fuel trade. Unlike ozone depltion, climate change issue was known at least as early as 1892. We had more than enough time to find and implement the solutions. But even today when we have viable long term solutions, the pervesion of global politics against them is splendidly evident. We really could have solved the climate change crisis if we wanted to.
That's why I always emphasize shifting the market dynamics - the supply and demand balance. That's the only way we can overcome those perverse incentives. But people simply refuse to connect the dots that deep, instead preferring to insult those who do. And the reason is simple. It will break the comfort bubble that you're in, if you have to take some responsibility to solve it.
> There is no much harder goal than surviving on Earth, and we are measurably not only completely failing, but we keep accelerating in the wrong direction! We are making it worse, faster everyday.
If only there was/were some solution(s) for that.... Oh! Wait!
1. Biodiversity loss. We are measurably living in a mass extinction that is happening orders of magnitude faster than the famous one of the dinosaurs. It is due to what humans do when they have abundant energy. If we all had a nuclear reactor in our pocket, we would still be destroying the biodiversity, so it's not just a fossil energy problem.
2. Climate change. It's only the beginning, and the cause of it is the CO2 we release by burning fossil fuels. Society as we know it depends on abundant energy, and 80% of the energy we use is fossil. The solution to climate change is degrowth, but nobody wants to accept it.
3. Energy abundance. Energy became abundant thanks to fossil fuels, and those are not unlimited. Conventional peak oil was in 2008, and Europe's economy has been slowing down since then (though Americans like to think that it's slowing down because the Europeans are lazy). Eventually (soon), the global economy will slow down because of that. Which will bring global instability (even though now doesn't sound like the most stable it has ever been).
The only solution we have to those is that we need to stop living the way we live, and we need to do it fast. It's already too late so it will hurt, but the faster we react, the lesser it will hurt.
The reality is too bad for most of us to accept it, and by not accepting it we make it even worse. We're pretty much screwed. There is a business to make on "not being defeatist" and offering "solutions" for a "sustainable growth", but that's just business, that won't save us.
have you even glanced at what touching hardware manufacturing involves? The amount of NDAs alone ends this. anything with a smidge of processor performance requires it, same for virtually every method of manufacturing anything.
also, FSF did jack squat.
Do you think all that came out of the vacuum? It was set into motion over several decades of gradual erosion of user rights. Ultimately, everything is subject to the laws of supply and demand. If you can't see that far, you're thinking a level too shallow to see the problem and possible solutions.
> FSF did jack squat.
People don't simply scorn at FSF or anyone else like this just because they don't like it. I guess that explains the sophistication of your arguments.
To your point, market rewards are complex and doesn't always reward closed source. I would say the markets can reward companies that add value, and companies can add value by servicing a demand at reduced costs. One cost reduction measure is to use FOSS. For example, if you're building a data center, one cost saving measure is to use Linux as the underlying operating system over MS Windows.
I partially agree that pressuring consumers has issues, but the consumers we're talking about in this context are programmers, software developers, electrical engineers and other technically minded folk. Many projects only target dozens or hundreds "consumers" and, for those, advocating for purchasing FOSS might be a valid strategy.
I'm open to regulation but it's a coarse tool that favors large corporations. In my opinion, one way to larger regulation is to start small, show value from a growing community adoption and then try to push bigger. Linux was a toy operating system until it wasn't.
One minor point on regulation: From what I understand, there are some stipulations for (US) government grants to ensure FOSS artifacts get produced. I think violations of these conditions is common place. So we needed regulation in this area, we successfully got it and now we see that it's only as good as enforcement.
You're giving an example where a proprietary service benefits from open source. It supports the opposite point to what you're trying to say: not only the market rewards proprietary products, but open source actually helps proprietary products. If you open source your code, you risk helping your competitor.
> Many projects only target dozens or hundreds "consumers" and, for those, advocating for purchasing FOSS might be a valid strategy.
Again that's off topic. The goal is to enable technical people to make EOL products work for everyone.
> So we needed regulation in this area, we successfully got it and now we see that it's only as good as enforcement.
Which is a bit of a chicken-and-egg problem: in order for regulations to be enforced, we need the enforcer (a government) to be more powerful than the enforcee. But after we have allowed TooBigTech to appear and become more powerful than governments, it's difficult to expect anyone to enforce the regulations, right?
New incentives to would hit market reality where most people want cheap devices, not lifetime support for something they themselves consider practically disposable.
If most consumers don't care, regulation won't help. Much like climate change.
This concept works fine for the author's example of a kitchen scale, but fails when the device in question is something like a router that has secure boot with one key burned into e-fuses.
In that case we need both open software and a requirement that the manufacturer escrow signing keys with someone so that after EOL any software can be run.
The only real way to make devices securely re-usable with custom firmware requires some explicit steps and action to signal that the user wants to run 3rd-party firmware: A specific button press sequence is enough. You need to require the user to do something explicit to acknowledge that 3rd-party software is being installed, though.
Forcing vendors to release their security mechanisms to the public and allow anyone to sign firmware as the company is not what you want, though.
I run a bunch of stuff using Home Assistant via the Zigbee integration - the Zigbee host on the local server gets to decide where to install updates from - which was the security mechanism for most most software for most of history.
Get your stuff from a reputable source. Signage keys are nice, but they don't work as the sole security measure in an unsound supply chain.
When the vendor discontinues support for the device, they make available to their customers an optional update to the second stage bootloader that allows any application image to run, not just images signed by the vendor. This updated second stage loader is signed with the keypair fused into the MCU, and so it will run as per normal. They ideally make it so this update can only be installed with some sort of local interaction with the device, not automatically over the air.
Devices in the field running ordinary OEM firmware continue to be protected from malicious OTA updates. Customers who wish to unlock their devices also have the means to do so.
This is very technically straightforward to implement, but it needs to be considered when the device is designed. Regulations would be required to make sure that happens.
Instead of [get released SB keys] -> [boot arbitrary payloads]
It becomes [get unlocked second stage bootloader] -> [boot arbitrary payloads]
Although, I guess that the details matter in terms of the process used to supply OTAs and second stage bootloaders. If changing to the unlocked bootloader requires physical access (or some such thing), then I could see that working.
Is there anything else I'm missing?
The question is one of how you can hand control to the user without endangering your legitimate commercial interests as well as the security of the rest of the fleet, exactly how you tackle that will depend on the product.
How would you envision the opt-in process for the unlocked second stage bootloader?
Have you seen the state of embedded device security? It is already an unmitigated disaster.
Since you bring up botnets, there are far more exploited security vulnerabilities because a vendor EOLed support (or went bankrupt) and their firmware contained bugs that cannot be fixed because a signed firmware is required, or the source code was not provided than because their signing keys were leaked and someone is distributing malicious updates.
> Forcing vendors to release their security mechanisms to the public and allow anyone to sign firmware as the company is not what you want, though.
Yes, it is what I want. I am perfectly aware of the potential downsides and what I am proposing is worth it. The product is already EOL. In our current era of enshittification, vendor pinky promises to implement a user-bypass in their signed boot chain is not good enough. Look at the Other OS controversy on the PS3 if you want an example of this in practice, or Samsung removing bootloader unlocking in their One UI 8.0 update.
> The only real way to make devices securely re-usable with custom firmware requires some explicit steps and action to signal that the user wants to run 3rd-party firmware: A specific button press sequence is enough. You need to require the user to do something explicit to acknowledge that 3rd-party software is being installed, though.
The vendor has implemented an internal pad on the laser-welded, weather sealed, IP-rated smart watch that must be shorted to disable secure boot. Opening the device to access this will essentially destroy it, but we preserved the vendor's secure boot signing keys so missioned accomplished!
I agree that devices shouldn’t be locked by the manufacturer AND I think that silently unlocking all devices all at once could do harm.
If security was an unmitigated disaster on every device then it would be trivial to root them all and install your own software, wouldn’t it?
Their argument is that an unlocked firmware would allow us to override regulatory restrictions like the RF output power or the IMEI number. That argument has some merit. However, my opinion is that such restrictions should be implemented as hardware interlocks that are unchangeable through software. Thus, we would be free to change the software as we like. Sadly, both the manufacturers and the regulatory agencies tend to completely ignore that solution, so that they can retain their excess control.
This is the goal of law enforcement and justice in general and in this argument, a hardware manufacturer is substituting this role, when we say that, we can see the overreach. Manufacturers aren't public entities able to make such decisions.
Locking people out of their phone does not raise the skill or effort ceiling much, as there still presumably would be software restrictions in place.
But I do agree that we should be able to unlock and relock the bootloader. That's one of the reasons GrapheneOS supports the Google Pixel, for instance. The security model relies on the locked bootloader.
Yeah sure there's a few cases where it make sense but they are few and far between.
It is desirable for anyone who doesn't want malware.
The OS is borked even before you install even a single of these highly sandboxed third party apps.
While in theory that model sounds great, in practice the security is worse than your average Linux distribution and the only people which managed to make it work is the GrapheneOS non-profit representing less that 0.1% of the devices.
(And ironically the only secure Android rom doesn't fully pass Play Integrity)
I don't know if there is much value in arguments like "in theory that's great, but in practice I don't trust anyone other than X so anything that is not X is worse".
So we're back to square one then, it's pointless because you can't trust mobile OS like you can with desktop OS.
Before talking about secure boot, Android needs a way to attest what's in the OS we're saying we are booting...
I'm not even sure Google themselves are fully aware of what's inside specific models.
> I don't know if there is much value in arguments like "in theory that's great, but in practice I don't trust anyone other than X so anything that is not X is worse".
I would rephrase it as why attesting that we have an unknown and outdated OS is valuable to the phone owner?
> I would rephrase it as why attesting that we have an unknown and outdated OS is valuable to the phone owner?
I am not sure if you're genuinely not understanding what the secure boot does, or if you're just venting about the situation with mobile phones.
The secure boot is there to attest that the OS running on your phone is coming from the manufacturer and has not been tampered with by a malware. If you don't trust the manufacturer or if the manufacturer doesn't update the OS frequently enough, then I guess you should look for another manufacturer. GrapheneOS is pretty much up-to-date.
> you don't trust the manufacturer or if the manufacturer doesn't update the OS frequently enough, then I guess you should look for another manufacturer.
The only manufacturers in the world publishing device trees nowadays must be Fairphone and OnePlus because even Google stopped releasing them with the last Pixel. So here you go, you I gave you the entire list of manufacturers (two) for which to my knowledge secure boot provides some value to the phone owner (some others might exist), I'm willing to include GrapheneOS as a third case where it makes sense even if it's not the stock OS.
And the only rom in the world being updated on time is also GrapheneOS (yes, even Pixels still have delays)
You say correct things, but you make wrong conclusions. Secure boot does provide value to the phone owner, period. Not against the manufacturer, but there is pretty much nothing consumers can do against the manufacturer except trusting it.
IIRC, a certain Marvell SoC datasheet says multiple key slots are supported, but the boot ROM only supports reading the first entry (so really, only one key is supported).
You couldn't boot straight from boot ROM -> UEFI for instance.
But I don't know if there is a pragmatic way to approach that. I mean, I could also say "it should be illegal to produce e-waste", but what does that mean and how do we actually do it?
Simple things like "if an electronic device, through no fault of the owner, can no longer perform it's main function, then the owner is due a full refund. A company may escape the refund by placing all software required to run the product in the public domain."
It'd miss cases like fly by night companies, but you could catch big players like google disabling their thermostats for non-hardware reasons.
that seems like it can be addressed by making sure that the regulators who enforce these laws have more object permanence than a 6 month old baby.
like, if I try to sell a "metal sculpture" that by sheer coincidence is capable of firing 9mm ammunition, I'm going to have the ATF knocking on my door real quick, and they're not going to be fooled by me claiming "no that's art"
Why would the ATF go after them instead of YOU?
But then again, one problem is that Big Tech has enough money and power to completely overwhelm the regulators...
Open source windows 10 would cannibalise Microsoft’s long term objectives.
Let’s all not forget the ones who wouldn’t want this to happen are the same ones who hold all the power. No government will ever force this.
I think this is an important point: it's already impossible to enforce antitrust laws because TooBigTech has the power, and when an entity big enough tries to regulate (like the EU), then the US government prevents them from doing it.
Equally, nothing stops you running XP on the device forever. (There are plenty devices out there that are.)
So this whole line of comments is somewhat off-topic to when hardware is bricked.
Can you imagine if UBNT had to open source its EOL boot chain, so that Cambium was legally entitled to roll its firmware for old Unifi kit? And Vice Versa?
The result might not be "Old hardware supported by the community" the result might be "Eternal product updates so we can legally prevent Cambium from taking our customers"
What manufacturers should be required to do, at a minimum, is remove any impediment to you running whatever alternative software you choose.
Ideally we should just be designing products so they don't have external dependencies. A smart speaker should be able to stream over the local network on a standard protocol which doesn't rely on an external server existing. A lightbulb should be able to be paired using a generic standard without running through the OEMs servers.
Thankfully for some devices this does seem to be the trend. Matter over Thread smart devices are not dependent on proprietary hubs, apps, or external servers.
Heres a kicker. I really dont care about the average person. I care about multimillion dollar stacks of hardware that have support rug pulled on them, leaving millions of customers stuck. I care about small businesses that invest in their communities and find themselves locked into a single vendor without the cost to overhaul their network to move to another one.
Throw your Dlink home router in the bin every 3 years. I literally dont care.
>Ideally we should just be designing products so they don't have external dependencies.
This is good too. But even then, I would apply this logic to stuff like Meraki, where major features go away if you dont buy the license. Lightbulbs are beneath my notice/contempt.
The actual proposal in this blog doesn’t make much sense. Having the specs of a device isn’t going to change much because they can be determined by anyone examining the PCB. Most devices don’t have a simple connection protocol, like the Spotify Car Thing used as an example.
Now for many products, nobody would spend the time needed to make it actually work, but for some it may be nice.
But I agree that it is more complicated than it seems, and realistically that would be on a case by case basis.
My personal pet example of this is old cameras, lenses, and digital backs. Plenty of great hardware out there that currently requires very extensive reverse engineering to use that would be made a lot easier with firmware & schematics.
I was just playing around with home automation, and I have built quite a few custom devices over the past few months.
Just to illustrate what I mean:
I have an old furnace - it's interface is literally: pull this pin down to ground and the furnace starts up. It's incredibly easy to work with. Later furnaces from this manufacturer have some proprietary protocol that seems very difficult to interface with, from what I gathered from the internet.
But, even yet more modern versions support the standardized OpenTherm protocol and is very hackable again.
Something else: Hardware tends to be amortized away into a commodity. A ton of modern devices essentially run on ESP32s, raspberry Pis (or some other open SoC) or smartphone hardware with Android.
I (and others have) just started hacking around with an ESP32-S3 based HMI - it's and LCD screen married to and ESP32-S3, integrated into a very nice case with a small touch screen panel. I was able to whip up a custom professional looking GUI in a couple weekends and integrate it into my (fully local, open source, HA-based) home automation system. It runs ESPHome and uses LVGL to draw the UI.
I've had friends over and they remarked about how nice it looked, and asked about the brand and were suprised when I told them I hacked it together. It looks good enough that you could sell it and works very well.
This is more achievable as code itself is often shared across multiple devices, some not EOL, and often not even owned by the HW producer but licensed under non FOSS compatible terms.
Repurposing bricked Nest Gen 1 & 2 thermostats with custom software. Giving old hardware new life through open source innovation. No Longer Evil is a right-to-repair firmware and cloud replacement for Nest Thermostats that frees your device from Google’s cloud dependency. By flashing custom firmware, your thermostat will operate independently and connect to No Longer Evil’s platform (or your own self-hosted server), giving you complete control over your device data and settings.
There must be international legal minimum standards of post-sales support and EOL archival caretaking to really reduce e-waste and allow things people paid for to endure rather than forced planned obsolescence like cloud-side or update-based bricking. The corrosive consumer mindset of "new, new, new"; fragile, undocumented, closed-source, short-life tech; and throwing away expensive things is absurd.
Mediatek devices are beyond hope, but some could be saved this way that are otherwise trash.
If the company disappears... what happens to the devices and the cloud storage?
I've been really enjoying the product (it's really well done, the mobile app works perfectly well) but it's a scary thought.
I also found this Reddit thread [1] with some language from the company supposedly saying they would do their best to launch alternative tooling if they disappeared, but I can't find this language anywhere else online.
[0] https://news.ycombinator.com/item?id=45341781
[1] https://www.reddit.com/r/homeautomation/comments/1b8vei3/wha...
Anybody else want to crowdfund? :)
P.s. if you end up absolutely bricking it, but at least get one great blog post out of it, it’s still worth it ha
- this also extends to software
- when it has been 25 yrs since a game has released, you are no longer making money from your game big time
- companies should be forced to open source their games at this point in time
- so that we can revive games that companies like ubisoft keep shutting down and removing from steam libraries completely
Clearly the Windows NT kernel is older than 25 years, and is still making money.
And it's not alone. My own company is still actively developing and selling a program first released in 1998. Even if we wanted to Open Source every build 25 years after it's release, it might be difficult to figure out how to store the code that long.
We originally backed up on tape. Good luck restoring that now. Then writable CDs; those have likely degraded (and we'd need to find an old CD Drive to read them.)
Even most hard drives of the era are no longer usable - MFM, SCSI ,ATA none of those interfaces exist, and drives were tiny. If you had to choose a media today, that you'd be confident would work in 25 years, what would you pick?
Sure, our active code survives because we simply clone the archive every time we replace the server, but we don't have a history if every build ever.
Seems like a million years ago I wrote some games. The source code is long gone. (Well it's on 5.25 floppy disks in my garage for 30 years, so functionally gone.) The compiler to make it is long gone. The OS and physical hardware is long gone (although emulators exist. ).
I'm sorry to say, but making laws for old software is basically pointless.
Not the one from 25 years ago.
>Seems like a million years ago I wrote some games. The source code is long gone. (Well it's on 5.25 floppy disks in my garage for 30 years, so functionally gone.)
Legal requirement would have ensured great care in preservation of said source.
>I'm sorry to say, but making laws for old software is basically pointless.
If it's pointless, then copyright should expire much earlier.
um yes, that one. updated, yes. added to, yes. But a huge chunk of the code that shipped then is still shipping now.
>> Legal requirement would have ensured great care in preservation of said source.
Um, no. The cost of that "great care" would simply have to be built into the initial release. More likely we'd just ignore the problem (who expects this thing to last 25 years anyway?) and then in 25 years, assuming we're still around, we'll wait for someone to what? Take us to court? "Sorry judge, source has gone in the great fire of 07"). Judge does what? issues us a fine? (Said fine being anyway lower than the cost of the "great care" you mentioned....)
Copyright serves a very different purpose. It protects the binary from being copied by others for commercial gain. That's not a law for "old software" - (nobody cares about Visicalc), it's a law for current software (ie, it's still illegal to pirate Windows 2000).
That might actually be good for security. If APIs must be public, proper cloud security becomes necessary (rather than relying on obscurity).
They listened to the second part, but not the first.
During summer I had to build around this non-free libraries but their subscription ended when people responsible were in vacations and the project was paused because of design bugs for two months, so they did not plan to renew the license for two months. Still my part had to carry on in the mean time.
I added an open source library as a fallback, even if it was 4x slower. Because of delays the license was renewed 3 months later when design issues were addressed. If they had designed around open source from the start I would have a better time. It was a real pain to replicate the functionality around the open source library. It was not a drop-in, not very far but far enough to cause hard to find bugs, in nasty calculational code. That had a number of bugs already and bad code quality.
My experience.
There are two major things that undermine this for software: copyright durations, and lack of source code. Software copyright durations should be at most a few years, and to be eligible for copyright, software should have its source code published or at minimum held in escrow, so that when the copyright expires it is still useful.
We already require patents to be published in exchange for the protection we give them; software copyright needs to be the same.
It is if you buy carefully: I don't buy hardware that can't be used with linux or whatever I deem necessary. And then, there's the car...
Moreover if the hardware is composite, that should apply to its components.
There are already plenty of devices, from old phones to vacuum robots, where we have that or near enough.
Technically, we know how we could maintain/re-flash these devices.
Yet, we don't. Why? lack of standardization, specially the boot process in non-x86 platforms.
Having to maintain per device images is not really practical at scale.
I'd be fine if manufacturers had to have some kind of standard "nutrition facts" label of what will happen to its functionality if support is ended.
Have you tried pointing an LLM agent at a decompiled apk? It could probably write you protocol docs for it.
Browsed top commenters' site. Only outlier is abetusk here who has his hobbyist stuff available openly, but nothing professional.
I don't get it. Why don't any of you guys do the thing you want others to do? Be the change you want to see in the world.
The economics of leasing vs buying are well understood by the general public. Allow them to make an honest decision at the time of purchase.
This isn't even the case: generally leased things have to work for some defined period of time ("the least period").
I also think a distinction should be drawn between things bricked because they require a server connection, vs devices bricked because the rightful owner has chosen to do so because they have been stolen.
Also, "end of life" is hard to define. Does it mean not being produced, ordered or sold? After how many days, months, etc.?
In simple terms, if a company has a continuum of products of a certain category over time, the designs (hardware, software, manufacturing, testing, etc.) are typically evolutionary in nature.
This means that product B inherits from product A, C from B, etc. When product C goes to market, A and B might be EOL. Open sourcing anything related to product C means relinquishing their intellectual property.
Nobody in their right mind would do that unless a unique set of conditions are in place to have that make sense. In general terms, this does not happen.
...although it could be "no more product support, talk to random people on github"
actually, don't know why there couldn't be legislative or tax support for these kinds of things.
I love to see this future but knowing this, company would never do this
the app used to store data for up to 5 users to keep track over time. I miss that!
What? Was it storing the data on a cloud server? In that case it's a different story, but a local app should continue working essentially indefinitely.
All this focus on source code is IMHO missing the point. RMS also missed this point when he started the GNU project. Source code is neither necessary nor sufficient for (legal) freedom. They just need to relinquish the copyright and release any keys and such getting in the way. Lots of examples otherwise --- I'll refer you to the cracking scene, game modding, etc.
In the physical world, products can be "EOL" for decades and the aftermarket will fill in the void if there is demand, often even when the original product is still in production. The original manufacturer never released blueprints and other comparable-to-source-code information; they just don't try to stop the aftermarket. Mid-century cars are a great example of this.
tl;dr: stop demanding source code, start demanding freedom.