Slashdot Mirror
Free Software at Risk Under Lemon law
mpawlo writes: "Newsforge published a piece I wrote on a lemon law for software. That is - what would happen if shrinkwrap limitation of liability clauses would be banned? I think Microsoft and the GNU Project would both suffer."
I love this little quip:
"We all know that the open and distributed model for development described in Eric S. Raymond's book "The Cathedral and the Bazaar" is much better and creates more reliable products than any closed non-distributed development model. "
I'm wondering if the author can substantiate this claim with facts.
This is the primary problem with Open Source advocacy, it relies a lot upon blind faith.
huge difference (#13146)
by Anonymous Reader on 2002.05.11 13:21
I am not a lawyer (thankfully), but I do know that if I pay for something, and it fails, I am entitled to compensation. If it fails from negligence or designed error, then there can be punitive damages. But let's examine the case of a Linux/BSD web server, running Apache, MySQL, and PostNuke.
To be safe, I download for free a non-commercial Linux such as Debian, or FreeBSD. I might be mistaken, but both are developed by groups of people, and anyone is allowed entry if they are competent enough coders. But a group is not a company. The whole corporation/private/public/IPO thing. I acquire, freely and legally, a copy of their work. They might have benefactors and patrons, but that isn't the same as employers.
So I download Apache, MySQL, and PostNuke. All fall under the same category. Maybe MySQL doesn't, then just replace MySQL/PostNuke with Perl/DBI.
So now a huge bug develops, a hole so large, it had to be coded in Redmond. I lose all my data, my competitors get my secrets, and I'm on unemployment line next to Enron execs. Who do I have to blame?
Let's see, someone or some people worked on a project that was supposed to do some particular task. They made it freely available, source and all, so that others might work on it as well. They made no claims about it's security, stability, etc. Others may have, but they did not misrepresent the software in any way.
I did not contribute, but I saw an opportunity to use their work. So I did. They received nothing from me, not money, not anything. And, the whole time, the company kept no secrets about the product, and in fact, by making the source available, does just the opposite.
There was no intent to decieve, nor any misrepresentation. By not purchasing the product nor any sort of service contract, I entered into no agreement with the group.
Going in, I understand the risks. I assume the responsibility if problems occur. This is 180 degrees different from microsoft, since they make plenty of claims, and since there is a legal agreement between a company and microsoft, and because they are marketing a product with known liabilities.
No, free/open source software doesn't stand to be shut down, rather it stands to gain tremendously. The problem is for companies like RedHat which sell and service open source software. So, form the commercial standpoint, it hurts linux companies who don't have billions to spend on lawyers, like er um, microsoft. But it doesn;t hurt open source software.
rob mandel
^^^----- Posted anonymously here
The legislation would skyrocket production costs for Microsoft if the company were forced to release foolproof products.
Why would this happen? Car manufacturers used the same "skyrocket production costs" argument with the lemon law with cars. But it just doesn't mean that everything needs to be perfect. Instead it just ensures some basic quality control such as practiced in Japan.
As for free software, it would just mean that some of the legal entities that support a packaged product (i.e., Red Hat) would be held to the same standards. IANAL, but if the FSF says 'this isn't a complete product' they can't be held liable any more than a tire company could be for some idiot putting the wrong tire on their car.
While I don't favor turning the sharks loose on software companies, it is obvious there NEEDS to be some sort of liability and responsibility for bugs.
Some sort of "lemon law" that would REQUIRE the publisher to either correct bugs, and distribute patches for free, or else refund the purchase price IS needed.
What needs to stop is companies like MS being able to leave gaping holes in their products, then correct some of them, and releasing them as "upgrades", ala Windows 98 SE and ME... Those were not really "new" OS's, they were service releases that increased the stability of `98...
In all honesty, the commercial software publishers have brought this on themselves. Sure, MS distributes patches for free for the worst holes (ala, the ones that make Code Red, Nimda, and Klez work), but the fact is, they let their products LEAVE the house with those bugs in the first place.
I see bad consequences for free software out of this, created for it by the closed source companies. Perhaps there can be an exception written in for companies that release source, and in effect, have industry wide peer review of their code.
Eventually, if such a law isn't passed, sooner or later the sharks are going to class action sue and crack away ALL such limitations in the EULA's.
There is too much money and lost productivity happening right now due to software defects.
What we need is a defined list of responsibilities, passed into law, that can't be EULA'ed away.
=== The price of freedom is eternal vigilance
Neither the federal government nor any state has ever had any sort of warranty/liability law that would affect gifts (transactions involving no payment or consideration), unless the defect was willful and intentional (ie trojans). There is no negligence protection for gifts. I highly doubt that any such software lemon law would break with this ancient precedent.
The GPL clause disclaiming only nondisclaimable warranties exists solely for severability purposes; the "unless prohibited by law" clause appears in almost every warranty disclaimer.
Don't hurry to modify me as a troll, but listen up. The whole point of this law is to cause software developers to pay more attention to the software they develop their software and especially QA it. If there is a Hospital or a goverment database running on software that fails, the developers SHOULD be prosecuted by LAW for this.
The only little detail the law is missing is that people should be expecting what they pay for. If you pay hundreds of thouthands of dollars for lots of software licenses that is ment to be run doing mission-critical operations, the developer should be held liable for his work, because he's getting quite a sum of money. This shall not applicate to Free Software, since it's duh, FREE. You don't go around asking for support for a 10-year old TV set you got for free from a friend.
Does anyone even know for sure what exactly does this law look like ? How many revisions is it supposed to go through ?
No problem, just blame the crash on the library developers and kernel hackers.
Even assuming that such a "lemon law" could be passed (which is, to my mind, a dubious proposition in and of itself), it wouldn't affect Free/Open Source Software (or even proprietary freeware) at all because there's no contract between the the author/distributor of the software and the user.
While IANAL, I did consult one about this once - when you give something away, you have no obligation to the recipient. Specifically, the recipient can't sue you if the product is defective in some manner.
The lemon law applies if you have no recourse but expensive repairs at you own expense to a product which doesn't function as advertised.
Granted Apache should serve up web pages and FTP should transfer files and php should work on the server to generate HTML pages or whatever else you programmed it for. AS ADVERSITED...
But, with open source code, you get the source code, you get access to the entire open source community.
With open source, you get to roll you own on if you want a particular product to something nobody ever thought of making that product do.
With M$ or anyother canned software company, you'd better be able to convince them that its in their interest ($) to provide it.
With open source, you get to take out features you don't want in the product.
With M$ or anyother canned software company, you're fucked . Features NEVER disappear regardless of how stupid, downright bug-riggen, security hole prone or outright nefarious they are.
GPL'ed software comes with the source. Feeling screwed? You can DO something about it.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
... their lightplane industry before inventing any new product liability laws.
It got so that anyone who flew whilst drunk and crashed a plane that he hadn't maintained for years could sue the manufacturer for many millions with a fair chance of winning. And even if the manufacturer won their legal costs would wipe out the profit on many aircraft. So basically the US lightplane industry closed down. (It has since started up again, as a shadow of its former self, following some law changes.)
OK, that didn't affect all that many people. Closing down the software industry would be a different game altogether.
Let's say I write some super-important thing using the ABC and XYZ toolkits. My program fails and bad stuff happens. Do the people suing me have to prove that it was my code, and not in ABC or XYZ, that failed? Do I have to prove that it was not my code? And finally, how the hell could you prove something like that, anyway? [Especially if it was not repeatable - what if it was the OS, or the hardware, or something else entirely?]
I really don't understand why this is called a lemon law, actually. A car that's a lemon doesn't work, or works for a while and then throws a rod or something. I don't quite see the analouge between that and software.
In fact, someone mentioned a web server dying at some important moment, and the users of that web server losing a lot of money (ebay or amazon or something). Does this qualify under a lemon law? If I have to get somewhere important, and my car doesn't start, can I actually sue the makers of the car?
...is that Microsoft spends a lot on marketing to tell you that their stuff will streamline your business, keep your toilet from clogging, and whiten your teeth while you sleep.
Meanwhile, their EULA practically says that you're better off playing Russian Roulette with five bullets and only one empty chamber, than to trust their software in a mission/enterprise-critical environment. We can't get access to their source code to check it for bugs ourselves, which would shift liability to us if we could do so, did, and then okayed it for use-- we just have to take them at their word, and hope that the server farm doesn't melt down and bankrupt our company.
Free software, on the other hand, is just 'out there'-- it's like finding a still-wrapped condom on the street. Sure, you can pick it up and use it, but if bad things happen, well, how is that anyone's fault but your own?
Liability-eliminating EULAs are an affront to any kind of truth-in-advertising regulations. A software company should definitely be able to be held financially liable for losses caused by failings in its products-- not to a degree that would instantly put them out of business, but a fair amount. Say, equal to their annual marketing/advertising budget?
Let's look at it with the car company analogy. Suppose Ford's commercials said that the airbags in their cars would save you and your family's lives? Okay, now suppose someone dear to you was killed in a head-on collision while driving a Ford. How would you feel if, when you tried to sue, Ford said, "But wait, your loved one agreed to the EULA by deploying the airbag... let me read you this paragraph from it that says, if the airbag does not work as we said it would, we aren't liable."
Many of you are discussing this and saying it doesn't apply to OSS.
Technically, under thet respect, it doesn't apply to Microsoft either.
If you buy a uesd car, and in the next couple months have to put a lot of money into it to keep it running (i.e. a prime candidate for the 'lemon law'), you don't sure Ford/GM/whoever for making a crappy car that no longer works, you sue the person who sold it to you. In effect, you sue the distributor for charging you for a crappy product, not the publisher.
It should be the same with software. Microsoft ships software to retailers and OEMs, windows get sold to consumer, consumer is unhappy, consumer sues retailer/OEM. After this, the OEM will no longer buy windows from Microsoft, so the quality of the product and the strength of the corporation will be indirectly affected, but it shouldn't be directly. If 50 owners of windows sue Microsoft, many will lose as they don't have the resources to beat out a large corporation in a legal battle. If Dell or HP/Compaq stopped selling windows with its PCs because they got a very large bad review from those consumers who bought their PC, it will have a much larger impact on Microsoft and its lines of products.
In this case also, with OSS, the writers would not be the ones who can be sued, but the corporations (RedHat, Hummingbird, Ximian et. al)
Most open source software seems to be in the perpetual beta state anyway, but if a lemon-law were to pass, maybe the commercial vendors would move toward this as well. Never releasing a "finished" version, just alphas, pre betas, betas, preview editions, release candidates, etc, etc, etc.
If this were to happen, it might actaully help the public, forcing the commercial vendors into a system where they actaully have to admit that thier product is never finished. Maybe then the public would stop shelling out money every time the latest edition comes out, lining the pockets of Gates and company.
If there is a Hospital or a goverment database running on software that fails, the developers SHOULD be prosecuted by LAW for this. But what about the hospital or government? Shouldn't they bear a good deal of the responsibility for either selecting solid software, or hiring someone to select such? In what manner is the liability to be limited? If I install RandomLittleUtilityX and it runs fine, and then install BigCorporateAndGenerallyTrustedProgramY and it breaks all over the place but runs fine on computers that don't have RLUX installed, is that RLUX's designer's fault, BCAGTPY's designer's/distributor's fault, or mine? If I write up a quick little utility to do something on my computer and it gets onto other computers through some P2P utility unintentionally and causes problems, should I have to pay for damages?
Think!
That is - what would happen if shrinkwrap limitation of liability clauses would be banned?
Any company without $40 billion in cash to pay for lawsuits would go out of business. Microsoft would rule the world.
The analogy of the automotive lemon refers to a specific instance of a car that has faults. When ever single car of that type has a fault it is a design flaw, and can lead to a recall in the extreme cases. Of course in software, there are only global design flaws.
But software systems are complex, and they will always have bugs. And the industry is too powerful to permit a law that would not recognize this and regulate it the same way simpler products are regulated.
All of us who have written software know why we want to disclaim liability, and people who use it know why they accept those disclaimers. It's a hard problem to figure out if there is a middle ground that will satisfy both user and author.
Has it been over a year since you last donated to the Electronic Frontier Foundation
I wouldn't be surprised that if a company can demonstrate to a court that it has a rigourous QA program in place then liability might be reduced
To prove liability there has to be neglect. If cars are produced in a plant where all the safety standards are met, then if something happens to the car, it is considered an act of God.
There would need to be an industry-standard QA process in order to prove that a particular company was neglectful and therefore responsible for damages caused by product failure. If a company followed the standard process, then no hard could be done if a bug made it into the released version.
int func(int a);
func((b += 3, b));
If sensibly implemented, this would put the burden of responsibility on commercial distributors of open source software. If I download an open source product from some coder's website, there's no transaction, there's no contract, and no liability. However, if I pay $100 to RedHat to purchase the same software, that should be treated the same as if I paid Microsoft for the same, and they should bear the burden of responsibility.
I would even go so far as to say that such a law would be good for open source developers, if not the open source "community" which is full of many leeches. Many of the companies that sell open source software these days are playing the "something for nothing" model; they take open source software that someone else has written, put it in a box, and charge for it, without undertaking development themselves. (See, for example, the controversy over OpenOSX.com.)
This is, of course, a much better business model than conventional software development... they get all of the money for none of the work. These are the people who would be most hurt by product liability laws... and forcing people who profit from the open source community to be responsible for it as well doesn't seem like such a bad idea to me.
This simply is not something we ever have to worry about. I'm sure Microsoft owns enough congresspeople that they could get it laughed off the floor. And they have significant interest in doing so, because they are going to be the first company the sharks go after if something like this becomes law.
:)
Microsoft is our friend here.
Why couldn't one limit the maximum liability to, say, 10 times the license / distribution price? So a typical private MS customer might claim some thousand dollars while a company or school (with a single contract covering thousands of machines) could start multi-million dollar lawsuits. Obviously, the risk for authors of free software is then still zero. For linux distributors, the liability might be limited to the non-free software parts (like yast in SuSE) and to the editing process (identification of alpha/beta/production grade software). In any case, big money will only be at stake for companies which make big money.
Ultimately, however, the burden of proof will be where this law fails. Say Windows crashes. Who is at fault? What program were you using when it crashed? Was it Microsoft Certified? What hardware do you have in your system? One slightly faulty RAM chip can cause lots of crashes. Is that Microsoft's fault? Oftentimes Linux will be able to handle the fault better than Microsoft. Does that make Windows a Lemon?
What about drivers, programs with Ring0 access? Giving a program access to the hardware is an inherent liability because it can cause a crash. Then you get into the interactions of various drivers..I've had cases with DriverA running HardwareA and DriverB running HardwareB. There was a crash, and removing HardwareB solved the problem, but so did simply upgrading DriverA. Who's at fault?
Windows, by itself, is actually quite stable. If these laws come about, what would end up happening is that Microsoft would always shove off the blame for a "lemon" on a third party, and they'd have the money and lawyers to do it.
Haven't you ever seen the phrase, "In no case shall [provider]'s liability be construed to extend further than the price paid for the product." If I buy RedHat from LinuxCentral.com for $10, I don't think I can reasonably expect to sue them for a million dollars. Can't they explicitly state that I can't?
Secession is the right of all sentient beings.
I'm usually on the "left" of most arguments, but software is one area where the "market" should be allowed to make these decisions. If someone doesn't like a piece of software, go use something else! If anything, bad commercial software being allowed to exist only pushes FS/OSS software usage way up anyhow. :)
The only instance I'd be ok with this is in embedded systems for medical devices, etc, where if stuff doesn't work... people DIE. So in this case, the problems of intervention are definitely outweighed by the possible weight of what could happen if the gov't doesn't stand in. As it is, most embedded systems like this do have a good reputation (if they didn't, they'd cease to exist), but when actual lives are at stake, it's a different issue, so the added weight of punishment for negligence, etc, is acceptable.
The Free desktop that Just Works
How can you be sued for providing information to someone?
If this does come to pass, it'll mark the last time I distribute a binary, that's for damn sure.
If you were blocking sigs, you wouldn't have to read this.
The company for which I work develops custom software. IANAL, but one of the ways we limit liability is through collecting and documenting requirements for the software, and testing that those requirements were met. We also follow a strict software development process, which supports out ability to develop a quality product. By developing this documentation, we are able to pass liability off to our customers. I.e., They have agreed that our software meets their requirements and our tests are sufficient to prove that it does. Now, if we knew our software didn't meet the specification, that is different (usually called FRAUD).
I would think that something like this would work for the larger Open Source projects. If they could have the requirements of the project documented (i.e., what it is suppose to do) and have tests written to verify this, then they may have a out. The problem is M$ case is that they know of the problem, or their quality process is not sufficient, and do nothing about it.
The dogcow says "Moof!"
Your example of the GIMP is a pitiful one for two reasons. The first is that the GIMP is held up by patents in various areas. The second is that GIMP and Photoshop are not the kinds of products that the article is talking about. Say what you will of the GIMP's features and interface, it is no less dependable a program than Photoshop. I've never heard tales of GIMP users losing critical data any more so than Photoshop users.
Perhaps comparing IIS breakins vs. Apache breakins, especially given that there are more Apache servers on the web (and probably run by more amateurs than IIS admins). Or FreeBSD vs. Windows 2000 vulnerabilities. Or, to be fair, sendmail vs. Exchange (although I'm guessing a lot of people are using things like exim these days). Or how about PostgreSQL vs MSSQL?
These are critical pieces of software that are actually vulnerable to massive data loss. GIMP and Photoshop do not qualify in the same way. Throwing out the term "anecdotal evidence", does not change the fact if you look at the list, you'll find that more often than not, open software beats or at least matches the security and reliability record of its closed counterparts.
"I may not have morals, but I have standards."
I think any liability laws would unfairly punish smaller companies.
Some people are in favour of Lemon Laws specifically because they dislike Microsoft and think that Microsoft software is insecure. This is stupid and shortsighted.
Deal with Microsoft's monopoly abuses seperately. Monopolies come and go but bad legislation is forever.
Create laws that arm consumers with security information. Perhaps a grading scheme where software that doesn't connect to the internet is given a A rating. If it is a client then it gets a B rating. If it is a server it starts at C then for every three exploits within the last year the rating increments by one.
After you have informed the consumer you can let the market decide. If they still use software with a G rating then that's their own problem.
Many people claim these laws would force MS to fix their bugs/security holes...but don't they already? The problem I see is that no one patches. Look at Code Red. The patches for it were out a long time before it hit. If everyone patched it would have been a big non-event.
I say companies should fire incompetent people that don't maintain systems. That last thing we want is regulation in the software industry.
That's funny. Market forces are the reason so much mass-market software is crap now. Customers preferred more features, mostly idiotic bells and whistles, and the illusion of tech support, to product quality.
OK, now that there's a monopoly situation, it's not just the market in the driver's seat anymore, at least on the desktop. But it was still a relatively free market when consumers had the choice between feature-laden dreck and more tightly-focused products with better quality. So now they change their minds and want quality? The market allocates resources according to buyer's preferences, and generally does that efficiently. That doesn't mean that buyers always choose the technically best product.
Anyway, the real driving force in this initiative is the lawyers trying to get their mouthparts into a nice big pool of cash. And if they happen to destroy another industry in the process, well, it won't be the first time.
And there's not even the consolation that more regulation will hurt Microsoft. Higher barriers to entry tend to protect monpolies, not break them up. It's the little guys and the innovators who will be screwed. They don't have the deep pockets to pay the lobbyists to subvert the regulations. And if GPL'd software happens to become a victim of collateral damage, Congress and the legal profession won't give a shit, because there's no money in it for them anyway.
So it's not about us needing more laws, it's about which laws will most benefit the greed and lust for power of those who actually run this country. Parasites don't care about their host's freedom, only about how much blood they can extract. The underlying problem is that they're making the decisions in the first place, not us. Nothing will change until that changes.
Get your teeth into a small slice: the cake of liberty
If the software behaves as promised, no liability laws can affect you. Therefore, it only makes sense to specifically promise that the behavior of the program is documented by the accompanying source code. Since source code is the ULTIMATE documentation, there can be no false representation. For free software, this is not an issue because it's distributed with the code.
Ask Microsoft to ship full source code with their products for a full disclosure of what it actually does. Since they're not willing, you have to take their word for it, which is hardly comforting.
All MS has to do is ask these questions:
1) Is all of your hardware HQL approved?
2) Are you running only Microsoft products (if you have a single custom ASP page running on your server answer no)?
3) Are you running the current versions of all software and protocols used?
4) Do you have all current updates and service patches applied?
5) Was/Is your installation completed and maintained by someone who is MSCE for every aspect, component, and method of use for the MS software and protocols you are using?
If you have answered no to any of these questions, you are TSOL.
Such a law would be good in the context of a reformed liability law. Right now if someone is .001% liable they can still pay 100% of the damages. This applies if they didn't know or intend the outcome.
Open Source software can be much like a public park. There should be an exemption for free, public *anything* that doesn't involve criminal negligence. If you don't pay admission, it would be up to you to make sure you don't do anything stupid on the play equipment.
At that point, Red Hat, SUSE, etc. can assume as much or as little liability as they want as they add a paid layer on top of the commons.
Further, Source is stuck somewhere being a device (like a toaster) or a book. If you don't like the ending of a book, or how the cake turns out, the book is in no way defective. If you can't follow instructions, or even if you simply won't, or the instructions are wrong or dangerous, you normally can't sue the author. You can sue if the toaster is defective and is actually an ignition source when used as directed.
An EULA in the usual form Microsoft uses basically declares it to be a device. If I can't read it or analyze it or quote it, but only use it, it is a device and not a book. Also it says you don't even own it (even the single copy as under copyright).
GPL on the other hand says lets discuss, improve, analyze the work, and by the way, you can run it and maybe use it to do something useful (like a recipe in a cookbook). It might be used as a device, but it is still a "book". And I think you could tweak the GPL if necessary to make it legally fall into the same liability category as a book.
Between tort reform, and resolving the device / artistic work dichotomy, I think GPLed software would thrive.
But we do not have wise leaders, and Microsoft sends more money to prevent clear thought on the part of our legislators.
At least for Free Open Source Software.
:-)
It doesn't include "It's free, use it on your own risk, it's not final version"
In general it excludes licenses like commercial, GPL, FreeBSD, etc. as they are now, but it can't exclude open wide beta testing, prerelease promotion. So, with adding to GPL restrictions clause like that, that would define software as such, would be possible to avoid lemon law restrictions.
Software in development never matures to it's final stage. Yes, I know people like 1.0, 2.0 etc. But where is the final stage? Simply defining always "Development in progress, but this is what it's done so far", would avoid that kind of law. On the other hand people have no signed contract or receipt to show that as evidence at the court.
I know that in case such law would be passed, I would just make a clause on my web page. "ENTER" if you.... "LEAVE" if you.... Works for XXX pages.
Putting on web page something likethat is easy. Here is an example
"Enter if you're interested in this software, but by entering you agree that this software hasn't matured to it's final stage (at least out of legal points, which don't allow free software to be passed on in different way, then being treated as work in progress), you also agree that software has provided you with license which defines how this software should be treated regarding distribution, usage etc. just the same as this software would reach it's final stage.
Considering legal points passed by "lemon law", this clause and describing maturity state of this software, it's unfortunate necessity for this software being able to be passed on freely."
Of course, I'm from Europe and I'm not concerned with stupidity like that.
Hope somebody is not offended with my bad English...
Signature Pro version 1.13.2-3 release 83.5 beta3try7 after-breakfast edition
shiny new SUV if the manufacturer also released the blueprints?
Well, I'd figure those blueprints were there for a reason. So that if there was any problem, I would be in as good a position as posible to fix it myself. I doubt that the blueprints would eliminate manufacturer liability, but seems like they would go a long way in that direction.
Now I don't know if his fears are well founded or not, but I'm sure he had some reason for taking the action of yanking the previously available source. Perhaps an anti-lemon law with an explicit "software made available for no cost is exempted" would be better, although even then I'm not so sure it's a good idea. Should Red Hat be held responsible if one of the beta products in the distribution is buggy (say, the situation with Mozilla a year ago)? Besides, what level of bugginess is okay? Is 99% uptime sufficient? 99.999%? 100%, every crash results in a lawsuit? I just don't know about this...
"The question of whether a computer can think is no more interesting than that of whether a submarine can swim" -EWD
I think publishing the source should allow the disclaimers to be in force. MS does publish the source to some customers, and GNU to everybody. With the source you can (in principle) verify the functionality and absence of backdoors, and you can (in real life) fix problems yourself instead of having to wait for a Service Pack or other official upgrade.
This is pretty much the key. All that is needed to get OSS off the hook is the line in the documentation "This product does exactly the source code says it does. All other documentation is purely opinion."
What would Lemmy do?
I like this analogy. However, is it fair to say that a software project like WinXP Pro (2+Billion lines of code, right?) or something as complex as an Enterprise Relational Database Engine is actually far more complex then a Car - especially when defining a "reasonable working condition". Either a car is running reasonably well, or it's not. Either it meets simple safty regulations, or it's not. With software, the functionality is not only far more complex, but the potential failures are also far more complex. Many times it takes a serious investigation just to determine which software package caused the problem (was it caused by Linux? Mod_Perl? Apache? MySql?), and even then we aren't always sure. "Best Guesses" may work for debugging and fixing a problem but it won't work in court.
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
If I build a tree house on my property that is unsafe and someone tresspasses and uses this tree house (which I haven't even said he could use) and gets hurt then I am potentially liable both crimally and civilly. It's called an attractive nuiscence.
I didn't charge anybody anything... I didn't even give permission for it to happen. Yet I am still at fault.
Just because I don't profit off of a transaction doesn't give me a right to put somebody at risk - financially or physically - unless perhaps I am completely forth right; and even then often not. And simply saying "Well, at your own risk," is not completely forth right, not even close.
The only different with purchasing the product is that the legal agreement is explicit. And in an explicit agreement risk can be accepted by the customer. But in the implicit agreement it is assumed that risk is accepted only if it obvious.Otherwise you're buying the right not to be put in a dangerous situation. Which u can't buy because u fundamentally own this as a citizen.
As for the suggestion that there can't be a law suit because there is no company - I think it is pretty clear in the american litigation system there are no lack of defendants.
the SVLA.
That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze
Remember what got the ball rolling with car manufacturer liability. Ford manufactured a car that roasted its occupants when hit from behind. Ford figured it would be cheaper to pay the victims than it would be to fix the car. When this surfaced, public outcry did the rest.
Most cases aren't as clear-cut. Continuing on the car industry example, can you hold a vendor liable if you're not wearing seatbelts, and suffer serious injury as a result? Probably not. Can you sue if you are injured in a parking accident by the airbag? Probably not. Now, why were you injured in the first place by said airbag? Because they are inflating with the power required to restrain a person not wearing seatbelts. Anything wrong with this picture? You bet. The consumer has a responsibility of his own, in this case: wearing the seat belt.
Liability is eventually determined by a judge and a jury, and in corner cases it's just a lottery, which is why car manufacturers err on the side of safety -- theirs, not the safety of the customers who are wearing seat belts.
The same thing is looming on the horizon when a software lemon law gets introduced. Vendors will still go to great lengths to skirt their responsibility, and even if that works to "improve" the product, chances are the consumer will be hurt in the end.
For a preview of things to come, look at Microsoft's security fix to Outlook. It is available, so like seat belts, common sense holds that if you don't apply it, you willfully accept the consequences. But unlike seat belts (which are at worst an inconvenience), applying this patch will cripple Outlook beyond being usable.
You can't win this one. Frankly, I'd settle for a law that demands truth in advertizing w.r.t software products.
Bert Driehuis -- All I asked was a friggin' rotatin' chair. Throw me a bone here, people.
Create laws that arm consumers with security information. Perhaps a grading scheme where software that doesn't connect to the internet is given a A rating. If it is a client then it gets a B rating. If it is a server it starts at C then for every three exploits within the last year the rating increments by one.
I think this sounds pretty nice, but it has problems. For instance, clients are not necessarily more secure than servers, a well-written anonymous ftp server could theoretically be infinitely more secure than a poorly-written web browser which downloads and executes code without express permission.
Also, most linux distributions would minimally start at a "C" rating under this scheme, while windows 98 would begin at "B" (without enabling "file/printer sharing"). Which do you consider to be more secure on the average? Do the ratings reflect that?
These problems are indicative of a greater flaw in this scheme, software doesn't have to rigidly conform to _any_ model, be it client/server, P2P, etc. Laws take a long time to be changed, software can be changed in weeks (witness Microsoft's court history.. pretty soon they might be stopped from producing Windows 95 ;) - if we draft laws or even form committees which define certain software paradigms as insecure, software will simply change paradigms to achieve a higher rating until the ratings-board is able to change criteria to match.
Alternatively, we could have panels of elected security-analysts pore-over every piece of software that is voluntarily-submitted for a rating (in source form), at a cost to the software producer (based on some criterion I don't know), and they could arbitrarily grant ratings based on their findings.
I don't know that this is the best solution, but it sounds more practical, it's similar to other analogous (movie ratings, supreme court, etc.) systems for ideal-compliance which are already in place and doing a reasonable (not perfect) job.
Thoughts?
Under "lemon laws," free software authors most likely will not face any liability, mostly because the software is FREE. Lemon laws exist to protect paying consumers from being sold something under the pretense of it being a quality product, and ending up with a piece of junk. If someone gets a product for free, however, the consumer cannot go after the provider, because the consumer got it for free anyway.
The same sort of thing would likely be written into software lemon laws. It would have to be, to protect students from software they produce and release for free as part of a programmer's educational process. Volunteers who code for charities and non-profits are in the same boat. Coders giving away their code to people who know that they aren't getting a commercial product don't have much to worry about.
How about a law (not aimed just at software) that says that when a company advertises a product as having certain qualities, then it is responsible for the product actually performing as advertised. I'm not sure _why_ such a law is needed in the first place, as it would seem to me that to advertise that a product is fit for a certain purpose and then to hide lawyerly gobbledygook in the EULA contradicting all their advertising is fraud....
Hmm, lemon law is there to protect the consumer. When a car is bad, the consumer get its money back.
GNU, BSD, other open source programs aren't sold. People already get their money back.
End of discussion. Story moderation: -1 Troll
--- Hindsight is 20/20, but walking backwards is not the answer.
What about allowing the transferral of costs caused by defects in software at the user level, instead of at the producer level? Insurance does this quite well. The costs of insuring your company (or yourself) against defects would be based on what software you are using. The cost of insuring a given piece of software would be a function of claims paid because a particular piece of software was found at fault. Perhaps, companies could even be allowed protection from software they produce and use internally. There are a number of complexities that I can see arising, but here I'm just presenting this as an idea.
I'm very wary of trying to use traditional liability law in the software industry. I fear that, if software liability is implemented (and it WILL be implemented) in a traditional manner, the ultimate casualty will be openness, not pocketbooks.
Use of traditional liability law would almost certainly make development of truly open and free software impossible. Even if the producers of free software are allowed a large amount of protection from litigation, very few will use it precisely because they will have no recourse should they be affected by a defect in such software.
As far as the broader software industry in general is concerned, it would shut tight as a trap. Many people have put in alot of hard work to get software companies to be more forthcoming with regards to defects, especially as they relate to security. This hard work has paid off quite well. It has made our lives much easier. Do we want to return to the days when it was next to impossible to get patches, let alone information on what the problem actually is? If sofware companies are made liable for defects in a traditional manner, only a select few will have access to bug announcements, and then they will only have access under a NDA. Life will become extremely difficult for those of us responsible for making sure machines are running and secure. Any public acknowledgement of a bug could then be possible grounds for a lawsuit, which is just a bad place to be. Any information we would get would normally be a result of a law suit, and probably too late to be of any real use. I value the amount of information I have access to. It has saved me countless hours, and I don't want to see that go away.
We need to find some way to induce some sort of liability for non-criminally negligent defects without sacrificing openness. Will this work? I think it has a chance to.
Don't you think we would have switched back if the OSS really wasn't better?
Yes and No.
(1) No, many Open Source advocates are quite willing to use an inferior product to maintain philosophical purity, forward a political/religious agenda, or to stroke their egos by being elite, rebellious, etc. I don't mean to imply all advocates are like this. Back in the day I would have killed to have Linux on a PC at home rather than have to dial in to the VAX at school, but science and engineering majors are geek home turf for OSS. We too often think what is good for us is good for all.
(2) Yes, many people who do try Linux, FreeBSD, etc. immediately return to Windows after deciding the OSS wasn't for them for whatever reason. I don't mean to suggest that there is anything wrong with Linux, FreeBSD, etc., just that they are still pretty much built by geeks for geeks.
Personally I think the future will bring a hybrid approach, part open, part closed. MacOS X is a good example. Other examples will be more open source libraries used by commercial apps, examples: compression, encryption, image processing, etc.
First, warranties only are meaningful in the context of a commercial transaction. There's no reason to expect a warranty on a free good. So this is not a problem for free software.
Second, warranties aren't that expensive to manufacturers. Under 5% of the cost of a car is in the warranty. More to the point, in the gambling industry, where full financial responsibilty for errors and downtime is the norm, GTech, which runs lottery systems, pays out about 0.3% of revenue in penalties.
Compensatory damages and blame management are real issues. But this comes up in other areas, and the suppliers work it out between themselves, as in the Ford vs. Firestone tire failure issue. In computing, we should expect full warranties on the OS from manufacturers who preload an OS. Let Dell and Microsoft argue between themselves who's responsible.
Finally, manufacturers who don't offer a full warranty should have to put a giant "AS-IS" on the box, like those signs that appear on used cars.
If I purchased the software commercially then I expect the software to be merchantable. Is that so much to ask? I dumbfounds me why anyone can think this wrong.
It's not about warranties, disclaimers, licenses, or anything like that. It's about honesty. If you tell me your product works, I give you money for it, and it doesn't work, I want my money back. Plain and simple. To print on the back of a shrink wrap box that MyFoo Deluxe does X, Y and Z, when it in fact does not do X, Y or Z at all is fraud.
Sure, go ahead and disclaim your warranties. But make sure those disclaimers are disclosed to be before the commercial transaction is completed.
A Government Is a Body of People, Usually Notably Ungoverned
The obvious retort is to say that, under any "free" license, if the user is not satisfied with the product then they got what they paid for. Conversly, if I shelled out $5,000 for some software program, I expect some kind of warranty or guarantee about the (1) reliability and (2) usefulness/suitability of the product.
;).
Think about it this way; most lemon laws strive to ensure that both parties come out with a fair deal. The idea is to ensure that neither party is "taken" by the other and that a "dealer" of a product is responsable for providing some measure of quality. Cars, for instance, in a lot of places can be sold as-is without any warranty if the seller does not qualify as a dealer. A dealer is qualified as someone who does it as a business (usually quantified by, say, 5-10 cars per month). The goal of any software lemon law should be similar - hobbyists should be exempt because they are (1) not participating to generate profit and (2) not explictly (or even implictly) providing any warranty or guarantee w.r.t. the software. Conversly, if you are in the business of selling software you SHOULD be held to a higher standard than that of a hobbyist.
RedHat, for instance, should be required to provide a warranty comparable to one that Microsoft would be required to provide on their respective OS products. Besides the for-profit nature of their businesses, they both participate in a manner that requires trust between themselves and the consumer. eg. when I buy a copy of RedHat Linux, I expect and trust that it will perform as they describe. If it does not perform as they describe, I should have the opportunity to return the product for a refund or exchange (the same rule goes for Windows, btw).
Retailers and dealers should be held accountable too. Why? Because, as I mentioned before, they trade in a manner that requires a certain level of trust.
What is the benchmark that says if a product has performed as it says it will? What recourse should the consumer have against the company that created the software? Does the consumer fight with the dealer, distributor, or manufacturer? Valid arguments could be made for all three. However, I believe there should be an implicit warranty between the manufacturer and the consumer. After all, most sane people would blame Microsoft for the shortcomings of Windows - not Dell or Office Depot
Okay, all that deals with the idea of the software not performing as expected. Okay. Fine. What about damages? Spyware can be said to cause damage and, yet, they "clam" to be exempt because they put it in the agreement? What if Office crashes and takes all my important documents with it? What liability does Microsoft have when someone exploits a security hole and makes off with your important (lets say, trade secret, financial, etc) documents? Is there/should there be an implicit or explicit limit to the liability of a company? I happen to feel that a entity (individual or company) should be liable for any damage that their product causes (software or otherwise). But does misuse get factored in? If I run FORMAT.COM on my harddrive, is Microsoft liable because it took my saved e-mail with it? Is RedHat liable for my lost Windows partition if I accidently choose to install it over top?
I guess I've provided more questions than answers, but I'm just thinking out loud here. I do think it is very important to watch how this pans out - to make sure hobbyists aren't discoruaged because of possible legal implications.
Price, Quality, Time. Pick none. What, you thought you had a choice?
What's "appropriate"? Simple: if something you did causes harm to someone else, then you should do your best, within reason, to remedy the situation. What's "within reason"? Simple: if it's within your power and it's not going to break you (cause "undue hardship"), it's "within reason" (and note that this should not be considered in isolation, but in context of all the other liability cases that may arise from the harmful act. So it should not be possible to kill a company or to destroy an individual through a multitude of liability lawsuits).
The problem is that here in the U.S., you can be held liable even if you make a best effort to remedy the problem. So, for instance, if a bug in your software causes problems for someone else, then fixing the bug in a reasonable amount of time (in other words, a short enough period of time that the bug has no significant additional effect on the victim after you've been notified of it) and giving the bug fix to the victim should be considered sufficient effort in many cases. But the way liability cases seem to go here in the U.S., it wouldn't be nearly enough.
That's because here in the United States, it seems that the jurors often take the stance that the "victim" has no responsibility whatsoever for what happens. For instance, it doesn't seem to matter whether or not the victim researched the alternatives, spoke with others about their experiences with the product, read the manual, etc. -- the victim is considered blameless regardless. And to make matters worse, in the U.S. there's this idea called "joint and severable liability" which, in essence, seems to mean that even if you're responsible for only 2% of the damage, you can be made to pay for 100% of it.
Now, in Microsoft's case, it's often that they do not make a best reasonable effort to fix the bugs in their software and, when they do, they often charge extra for them (a.k.a., software upgrades). Microsoft is by no means the only company that does this (in fact, many software companies do the same thing), and it's only Microsoft's immense market penetration that makes them notable here.
I could go on for some time, but the bottom line is that liability in this country is so screwed up that I'm not convinced that it's possible to write a reasonable law, except perhaps for one that completely dispenses with the notion of "joint and severable" liability, and perhaps one which forbids suit against someone who has already faced a lawsuit on the same liability issue.
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
CMYK is patented, and licensing this patent is not at all cheap. Certainly, it's not something that's possible for a piece of software like the gimp.
Claiming that a piece of software is inadequate because the maker of the competing software uses legal means to stop competitors from implementing a piece of functionality is really quite stupid.
himi
My very own DeCSS mirror.
Ok, so they're talking about a law that says software producers can be liable.
We know no details, yet are already saying this law could be the end of OSS. Please. For one thing, anyone can contribute to OSS anonymously, thus eliminating liability.
Also, there can be exemptions in the law for FSF, OSS, free, and other humanitarian-ware. It doesn't make sense to have liability for people who give stuff away freely.
Also, even for corps like MS, these laws don't necessarily mean every flaw is something they can be sued for and held liable for. The wording of the law will tell exactly how liable they are. Should MS be held liable if there's a small bug in its GUI, which was easy to miss? No. Should they be held liable if there's a major flaw which causes massive data loss, or if there's virus or otherwise malicious code in their software? Yes.
Yes, software isn't like cars. But we can still treat it like cars -- anything that was very serious and major should have been caught; minor things are not a big deal.
If Ford makes a car and the heated seats don't work, that isn't cause for a lawsuit. Similarly, if MS makes an OS and some erroneous extra feature doesn't work, that's not cause for a lawsuit either.
However, if Ford makes cars with airbags that don't open, they should be held liable. Similarly, if MS releases a new OS which destroys your data upon shutdown, they should be held liable.
social sciences can never use experience to verify their statemen
Not something that allows lawsuits for any
problems. But a law that said something like:
"If the provider of the program gave a guarantee
that the program would function as intended, on
the customers particular system configuration,
and the customer operated the program according to
instructions given by the provider, then a lawsuit
for any damages resulting from use of the program
may be filed."
That could be useful and not stall closed or open
source development at all. It would allow recourse
for people who have recieved absolute guarantees
that a program would work in a mission critical
situation, but also protect developers against
frivolous lawsuits. Anything more specific would
not provide benefits to harmed consumers, anything
more general would stall development. Though, current
truth in advertising laws probably allow for lawsuits
in such circumstances already.
Most lemmon laws state that products sold to customers must be of a certain minimum quality. This would not impact OSS development projects because they do not sell products or product licenses (live treditional software vendors do). Most OSS organizations that seek to proffit directly from the software being written, tend to sell support contracts. A typical example of this is MySQL AB. It's reasonable to assume that any software lemmon law would contain language similar to lemmon laws relating to other products. This language is usually limited to products sold to a customer, so, again, OSS development activities would not be affected, however anyone seeking to sell softare - typically those with business models tied to BSD style licenses - will probably be impacted and will have to shift to the service and support model of outfits like Redhat. Zealots like Stallman and ESR whould be thrilled by this.
On the other hand the Microsoft lobying machine should be in full force, makind the entirely inane argument that "If this legislation is going to screw us over it should screw over OSS as well". We can only hope that legislators will be able to see through such arguments.
--CTH
--Got Lists? | Top 95 Star Wars Line
Mod the parent up, please.
/should/ be held responsible for your negligence. If you're incompetent, then you should be held responsible for any claims of competence you made. And if you're not willing to accept responsibility for what you do, you shouldn't be doing it.
What is so terribly horrifically frightening about taking reasonable responsibility for your own competence? The same kind of responsibility that an engineer making a component for a car takes, or a builder building a house, or anything else like that?
It's quite simple: do the best job you can, as responsibly as you can, and taking all due care. If something goes wrong after that, then you should be safe from punitive liability. If you're negligent, then you
The only people who can avoid responsibility for their actions are children - is this industry really that immature?
himi
My very own DeCSS mirror.
For instance, clients are not necessarily more secure than servers,
This is absolutely true. However, servers are rated lower than clients for two reasons. First, servers are connected to the internet for longer. Second, servers accept connects from unknown hosts.
In practical terms, this means that if hax0rs want to take advantage of my browser bugs, they first have to send me an icq message claiming that there are pictures of Ana Kornakova on their website. I would immediately visit the site and become infected with virus that makes phone calls to Mongolia from 2 am to 4 am every day. However, with a webserver they can own my box without tantalizing me with images of tennis players. (Clearly the first scenario is preferable.)
Also, most linux distributions would minimally start at a "C" rating under this scheme, while windows 98 would begin at "B" (without enabling "file/printer sharing").
That's not a flaw. A "C" rating is not a bad rating; it just means that there is an open port that users should be careful about.
These problems are indicative of a greater flaw in this scheme, software doesn't have to rigidly conform to _any_ model, be it client/server, P2P, etc.
P2P nodes would be considered servers.
You bring up a good point by using Windows and Linux distributions as examples. Most software comes as collections of programs. In this case take the program with the worst rating and apply it to the whole distribution. If fingerd has 9 exploits in the last year and it is turned on by default then the distro would get an "F" rating.
One of the great things about this system is that it is extremely easy to rate software. Just count the exploits that are possible in the default settings and assign a letter. A college graduate could do it on his fingers.
Would open source software be unrated? Who would bare the cost of rating open source software?
One of the good things about this system is how easy and cheap it is. Software organistations already keep track of vulnerabilities so now they just need to add them up and apply a rating accordingly.
Would the distributor of an open source application be the responsible party? Define distributor while we are at it -- Red Hat? Source Forge? Download.com? The implications are potentially enormouse.
Anyone who charged money for software would be responsible to rate their software.
Red Hat would be responsible because they have CD's that you may buy from them. CheapBytes.com would be responsible to provide ratings too. (Obvious Cheepbytes has an easier job because their rating is the same as the original RedHat rating).
Sourceforge would not be responsible for rating the software on their website because they do not charge for it.
Microsoft would have to rate IE even though they do not charge for it because it comes on a CD which they do charge for.
It would be a difficult situation if SourceForge charged people for downloads. It is not feasable for them to keep track of vulnerabilities in the software on their site. One solution is to give unrated software a default rating of "F."
I like the letter "F" because it forces people to wonder whether the software is unrated or else just really bad. This would make people more cautious about downloading random files from off the net.
If you raise the cost of entry to a market you are protecting the current players -- i.e.: invoking a rating system, passing a liability law, etc. will help to make sure that the same players are in power for years to come.
If anything the exact opposite is true. New players start out with a perfect score and lower their score as vulnerabilities in their software is found.
You are correct, the definition of an exploit is a little bit complicated.
A DoS would not even factor in as an expliot in this system. The only exploits that count in this system are ones that either allow illegal read access or destroy data.
The real tricky issue is that companies are not going to count bugs that they discover themselves. We can only make them tell about vulnerabilities that were already known to people in the outside world. On the other hand, we want people who find bugs to report it privately to the software vendors so a fix can be made.
My first draft idea is to define an exploit as a bug that meets the following criteria.
1) In the default settings.
2) Allows illegal read access or destroys data.
3) Has been reported to the vendor 2 or more months previously.
I think 2 months is a reasonable time to create a fix. Also the rating doesn't require companies to explain how they aquired a poor rating only to make the rating available.
For example, there was a known problem with Solaris once that went for nearly a full year without being fixed. That was a case where the fix existed but business reasons made them not release it. Under this rating system Sun could decide not to release the fix but just increment their rating and everyone would be happy.
Something that really bugs me is the comment that this lemon law could kill "OpenSource and Free Software" alltogether. In the case you guys from the US haven't noticed: There are other countries with other laws.
Of course here in Germany a vendor or producer is liable for what he sells, too. But this liability has limitations! In Germany you CANNOT sue McDonald's because you failed to notice that coffee may be hot and McDonald's hasn't provided you with that information! You CANNOT sue a toy company for selling Superman capes without providing a warning that those capes won't give you the ability to fly! And even if you can sue a company for liability (i.e. because they failed to give notice about poisons or side-effects in their products), you won't be rich!
German jurisdiction mostly follows the customs and the common sense. That means: if you pay 1000 Euro for product A it is NOT regarded in the same way as product B which you got for free.
Besides: do you really think that OpenSource and Free Software are dead the same moment the US leaves the building?
-- Beware the Jabberwock, my son!
That's funny. Market forces are the reason so much mass-market software is crap now. Customers preferred more features, mostly idiotic bells and whistles, and the illusion of tech support, to product quality.
OK, now that there's a monopoly situation, it's not just the market in the driver's seat anymore, at least on the desktop.
Specifically in a monopoly situation the customer is not in the driving seat at all!
But it was still a relatively free market when consumers had the choice between feature-laden dreck and more tightly-focused products with better quality.
When was this time? That certainly hasn't been for several years.
These are consumer protection laws. Consumers in general can't look at millions of lines of code and determine if a product is usable. Acutally, programmers aren't likely able to determine if a software product is going to be reliable in anything like a practical period of time even if they have the source. They might be able to determine that some software is really bad, but having source code shouldn't be a way to get out of liability. All software should be held to the same standards.
My personal opinion is that this law would be bad for consumers, because the price of software products would be driven up to pay for new houses for liability lawyers.
It would be bad for business because their software costs would go up dramatically. If these companies want more reliablitiy, they have ways of achieving it now. It costs money, but it appears they are willing to live with a level or software problems as long as the software is less expensive.
It's bad for the software industry because much of the software would have to be radically redisigned in order to be "bug free". This is a tremendous effort, and they can't get a return on the investment until the development is done. A large percentage of the companies wouldn't be able to afford to redesign their software and would simply go out of business. That would trash the tech sector, and put the stock market into yet another crash.
These politicians don't want this law to pass. They're just trying to take advantage of anti-Microsoft and anti big business sentiments to get votes.
The author makes a very poor argument. Consumers have a reasonable expectation of performance from (e.g.) MS Windows because they pay for it. You can't make the same argument for software that you get for free.
This bill cannot kill open source *development*. It may, however, make the selling of open source software much more difficult. If this bill passes, companies like RedHat would now be liable for bugs in Linux. Of course, RedHat can (and does) take a snapshot of Linux and make lots of modifications and tweaks before making a release, but there's no way they're going to catch all of the bugs. They're best bet would be to get heavily involved in the system of releases of open source software. This will be very tricky, though, as developers will not be happy to see a company have such control...
Jason
Your liability is your job.
While I agree with most of your points about Photoshop, there is one extremely important area PS handles that GIMP doesn't (not even a little bit, as I understand it). That area is CMYK. For an ameteur RGB is just fine, but a professional absolutely needs CMYK, since that's what high end output devices use.
Why CMYK? I can't say for sure, not being a graphic designer, but I assume it produces higher color depth. The K stands for black, which obviously isn't a component of RGB. I do have some friends who are graphic designers, so I could ask them if you really want to know. I did recently interview for a job at a print house, which is where I learned that high end printers, etc, use CMYK.
I would guess that adding CMYK to GIMP is non-trivial. My reasoning is that it's a fundamentally different way of handling color. There could also be some IP issues if some company owns patents regarding CMYK printing. I'm sure a google search would turn up more information.
I've wondered for some time why graphic designers don't think GIMP is ready for them, and it's true that most of the time they seem unable to give a real reason. I asked in as nice a way as possible, and CMYK is the only answer I got. It may not be the only problem, but I think if it could be solved, the rest would be pretty minor.
Under capitalism man exploits man. Under communism it's the other way around.
How much does a pro license for Adobe Photoshop cost? Even a small design house could probably afford to pay $2000-4000 (PS Lic. $600 x 3-7 seats), and have a gimp developer fix CMYK support in a few days. Unlimited licensing, too, so it would be an even bigger bargain for big graphic art firms.
Sorry. this makes absolutely no sense. It brings everything back to the elitist idea that normal people should not install their own software. It's like buying a car and finding a disclaimer that says "everything this car can do can be determined by examining the engine." I mean, a car is an open source system, all you need is a wrench.
Well, as someone who codes for a living and restores old cars as a hobby, I would question the approprateness of your analogy on several grounds (relative complexity, production methods, equipment requirements, ...) but let's run with it for now:
From the Free-as-in-speech angle, source code is a means for programmers to communicate with each other and with computers. If you're neither a computer nor a programmer then the communication is obviously not intended for you, so why complain if you can't understand it ? Stretching your car metaphor to the extreme, this would be like saying it was wrong to receive a set of car blueprints (source code) you couldn't understand - if you can't understand them, you should be buying your car ready-made (binary), like "normal" people do.
I'm guessing though that you're more referring to software that is distributed as binaries, where the Free-as-in-speech issues aren't really relevant other than to ensure that the source is available to you to use if you have or choose to acquire the skills to interpret it. If you buy your car ready-built, you have several options:
(a) you can buy one with a warranty from a dealer at a higher price that reflects that warranty
(b) you can buy one from a private party and rely on your own skills to evaluate it.
(c) you can buy one from a private party and get someone who has the appropriate skills (your friendly mechanic) to check it out for you.
(a) would be buying commercial software, (b) would be a programmer downloading source and figuring out what it does before building and installing it, (c) would be your "whole new market for people just to read source code."
It does already work that way in the car world - or as close as a bad metaphor will allow, anyway - why is it so wrong in the world of software ? People who don't know how to change their oil have to pay someone else to do it for them. Is that really "elitist" ?
What would Lemmy do?