Slashdot Mirror
Calling Software Reliability Into Question
phillymjs writes "CNN is running a story on software reliability, and how the lack of it may cost more and more lives as technology creeps further into everyday products. It appears a debate is finally starting amongst everyday (read: non-geek) people about vendor liability for buggy software. Some opponents of the liability push are unsurprising: Says the story, 'Microsoft contends that setting [reliability] standards could stifle innovation, and the cost of litigation and damages could mean more expensive software.' The article also says, however, that consumers' favortism of flashy products over reliable ones is partly to blame for the current state of software."
The trouble is, the more accustomed users become to bugs, the harder it is to get them reported and fixed. If my computer crashes, I just reset it and get back to work. I don't bother to investigate what caused the bug, to try to reproduce it, to contact the vendor (hah!) and try to work out the problem. Crashes occur much too frequently for that.
OTOH, if computers were reliable enough to crash only once every few years, then users might report every crash that happens, the vendor can diagnose it, and fix the bug or family-of-bugs so that it never happens again. This is roughly what happens when a mainframe crashes, I believe - it's a big event.
Imagine if when your microwave crashed, you could call some hotline, they would come and replace the microwave and take away the old one for analysis. Instead, even on complex software systems the standard first resort for the help line is 'reboot and see if it goes away'.
-- Ed Avis ed@membled.com
IMO if a company is unwilling to supply you with the source code (under whatever license) to let you see and fix problems that exist they should have no possible exemption from litigation, no matter what POS EULA they persuade you to sign.
They are asking you to place your trust in them that their code is good enough to bet your business on. If their software is not all it's cracked up to be and you had no chance to check their claims (but instead had to take their word for it) then they clearly are responsible for breaking their word.
Unless they told you that it was a buggy product that you couldn't rely on in the first place... now that would make for amusing adverts.
(Can you imagine Windows boxes with cigarette-health-warning style labels on them saying "The Computer-General warns that this product may be bad for your business.")
Beep beep.
Isn't the trend towards "flashy products" rather than reliable ones the same reason why current marketing pushes sex rather than product qualities (Pepsi, A&F, etc), movies flaunt big-name actors and actresses, and people won't go see a movie unless it has a high PG-13 or R rating (PG? It's got to be boring). This is the same reason why Legos now has 3-piece dumptrucks and 8-piece Hogwarts castles. Why is this? Dumbed-down education? Why is it that people have just started to gobble up whatever the media tells them rather than understanding what they need for themselves. *sigh* What's society coming to?
And Bill Gates turns to the CEO of GM Motors and says, 'Why is your technology moving so slowly? If you advanced at the same rate as we do, we would have flying cars by now!' Immediatly the CEO of GM turnes to Billy and says, 'Because the government doesn't allow us to build cars that crash 4 times a day.'
This is what Microsoft is, quite rightly, afraid of. If I can sue Microsoft for $100k because IE crashed, MS isn't going to have time to do anything except fix bugs. This isn't even entirely their own fault, since the nature of programming makes it impossible to write any large program without bugs. And unless you grandfather all of MS's products, they'd be screwed.
But this is even worse. Unless the laws are written to special-case free software, we might see Linus sued because Linux crashed one day. RMS might end up $15m in debt because Emacs ate somebody's email. How's that for stifling innovation? If I (personally) might get sued for some bug I missed, there's no way I'm going to give away my programs.
The guy in the article advocates only a limited sort of liability: you're liable only up to a point, or only if you don't divulge the bugs you know about. But does anyone out there really think the politicians, who are more in the pocket of trial lawyers than of anyone else, are going to make it hard to sue?
Why should liability be software or hardwar based?
If i design a system to move some gears via an operator pressing big electronic buttons as a mechanical engineery, why should an electronic engineer who designs a program to operate the gears be exempt?
We are both designing a system to do a job. As an electronic engineer, I make my system based on some OS, so either I or the OS manufacturer (which, I add, licences an OS, if it is used against the license terms, it is my liability) has the liability.
Don't be lazy allocating responsibility.
"As for the idea that open source software should be exempt - I doubt that you'd accept the idea that cars should be exempt from safety standard if they provided you with the blueprints :-)."
But I would if the car were given to me for free with the blueprints. When I use such a car I am knowingly accepting the conditions that, while the designers may have done their best to make it work properly, I accept the risk of failure. That's where the no free lunch part comes in for free stuff - you don't get to nail hides to the wall if it doesn't do what you want. If you want someone behind it, pay them to take the legal risk. Otherwise, you're at the mercy of the developer's good will unless you want to become an auto mechanic. The difference is - with the blueprints, I can figure my way out. Commercial software sues you if you try the equilivent operations.
Anyway. Bad analogy. The act of paying someone an agreed upon sum for support is where the responsibility part comes in. Not supplying blueprints.
"I object to doing things that computers can do." -- Olin Shivers, lispers.org
I disagree about the article's assertion that there is no liability for defects in software.
I deal with embeddeded controls in industrial control equipment all of the time. I just had to change my insurance company last year and my rates went up because companies are being held accountable and insurance companies are paying out when people screw up. Many companies don't want to insure programmers anymore. Sounds like the hammer is coming down to me.
You may not be able to sue MS the next time Excel craps out on you but I assure you that you could sue a programmer because the system that he programmed dumped 1000 gallons of a toxic substance into your containment area or because you just released a toxic cloud of ammonia from your plant.
When the stakes are high, programmers tend to have to test a lot more. You still have to remain economically viable though. Three lines of code a day may work for NASA but the rest of us can't afford to be that inefficient. Of course the stuff that I can blow up is at most worth 10's of millions of $, not billions.
When it comes to embedded control apps, I don't think that things are much worse than they are for our physical counterparts. Yeah a plane crashed because of a bug in an altitude control system but they also crash because of other design problems in the mechanical, electrical, and materials engineering areas. I don't think that programmers are any less aware that lives depend on their work than any other type of engineer.
If you are doing number crunching types of applications, you also tend to run the code through a battery of tests. You can definitely be sued for screwing that stuff up.
Now little controllers in your dishwasher and your run of the mill desktop apps are held to a lower standard, I agree. You are rewarded by the market for getting new stuff out the door cheaply and quickly. You can certainly argue that it shouldn't be that way but the masses have spoken. If your stuff gets too far out of hand then the market will let you know. MS is definitely feeling the pressure from OSS and rightly so. I can bet you that they are atleast trying to respond. I can definitely see a big improvement between the Windows XP that I run on my notebook and desktop and the NT 4 that I ran a few years ago. I can also see that Windows 2000 is much better than NT 4 was on the server, but it isn't good enough yet and that is why a lot of people are moving to Linux for things like web servers, DB machines, etc. The market is speaking.
I would say that programmers are ultimately held accountable. I would hate to see things swing too far out of hand as I do think that it would ultimate stiffle innovation.
If something is inherently unreliable then you don't need to fix it: you find ways to live with it. A perfect example of this is the internet itself. TCP is a reliable transport provided over IP, an unreliable internetworking layer.
Make no mistake: IP is explicitly and deliberately unreliable. This keeps it simple, and allows upper layers to choose appropriate quality of service parameters for their application.
How this relates to the issue of unreliable application software is fuzzy: but its pretty obvious that humans have adapted to the reality of the situation: the power-cycling protocol is just one example of the ways in which we cope.
If a situation is life-critical, then I'd be happier knowing that the system is designed to cope with glitches then if the system assumes these glitches have been tested out of existance. Cosmic Rays really do exist, so some level of unreliability is guarenteed!
Opinions my own, statements of fact may contain errors