Slashdot Mirror
Microsoft Sued for Defective Software
Door-opening Fascist writes "eWeek is reporting that a South Korean citizen action group, People's Solidarity for Participatory Democracy, is suing Microsoft for putting the SQL Slammer vulnerability into Windows. They are doing so on behalf of the South Korean people and businesses affected by SQL Slammer."
Gates: Ballmer, loyal comrade, I've an assignment for you.
Ballmer: Yes, master?
Gates: Say, how much would it cost to purchase the country of South Korea?
Do you like German cars?
First, this is not good if he wins, because someone could sue a GPL author for the same kind of deal.
Second, it seems that it would be like suing Stephen King for causing nightmares.
If tits were wings it'd be flying around.
Conspiracy theories inside, who actually intends to put a vulnerability into a product? Perhaps this should be "not fixing the vulnerability" or potentially even "ignoring the problem". I don't think any of Microsoft's programmers intentionally insert bugs into their shipping products... although... nah, it couldn't be.
I hope the Judge kicks these people through the goalposts of life.
Ow wait, South-Korea.. Those are the good guys, right? Dagnammit!
SCO employee? Check out the bounty
Shut up and patch your systems like the rest of the planet.
Software isn't a physical thing so it's impossible to make it bug-free.
You knew about this vulnerability for months, there was a patch for it, and you did nothing about it."
Pick a defense, any defense...
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
As much as I hate Microsoft, this is total BS. If this becomes precedent, how the hell can anyone write an opensource app? Software is a clear case of when "buyer beware" is neccesary. Get software from the people you've grown to trust for not releasing bug-ridden shit. I really don't see how it could work any other way.
"Question with boldness even the existence of a god." - Thomas Jefferson
Although the zealots will be amused by this story, this could set a dangerous precedent for other similar vulnerabilities (especially unintentional ones). What happens, for example, when some group of people (in this case, a country) decides to sue the openSSL group for a flaw in their encryption that allowed credit card numbers to be stolen?
I'm glad to see that someone is trying to hold MS liable for their mistakes, but this is the wrong way to go about it.
If you can't beat them, arrange to have them beaten. -George Carlin
Not that I'm expecting much to come from this, but the more attention drawn to the problems (and the more people who say, "We're not just gonna sit around and take it anymore"), the better.
I just hope that the Koreans are a lot more stubborn than all the U.S. states that have ever-so-quickly accepted MS's settlement offers...
Clearly they haven't read their software agreements. It specifically states that MS is not responsible for damage caused as a result of their products. A better chance to procecute MS would have been during the Code Red incident. One might have argued that not being proactive enough about patching consitituted "negligence" on their part. I guess it can't hurt to try!
Fellow Americans, this blow by Korea against the great American bastion of Microsoft is just the latest act in a string of transgressions by this rogue state. Te must remember that they are part of the axis of evil. As all of you undoubtedly know from watching the news, we believe they already have several nuclear weapons, and they are currently working on developing more.
Many American lives have been killed by the Koreans, and if we don't stop Korea now with diplomacy or force if need be, there will certainly be more bloodshed in the near future.
They are a rogue state, and while it may be true that when people may think of Korea, they think great Starcraft/Warcraft players, cell phones, and cheap cars, we must remember that they are a dicatatorship lead by a megalomaniac leader, Kim Jong Il, who wants to see the downfall of the West.
We must view Korea as the threat and enemy to global peace and the American way like they are.
Thank you and God bless America.
George W. Bush
President, United States of America
fuck them!
Wow. Your logic is flawless.
In other news MS is worth more than Ty(15982) ...
I somehow doubt that Microsoft intentionally put this hole into SQL server, so that should probably steer clear of anything malicious. Negligence, perhaps, but this would open a whole can of worms (at least, if it were to show up in the US courts. Although now that this is happening in SK, I'm sure it'll make its way to our shores soon enough.)
I feel sorry for the companys who were sent to their knees over this vulnerability, but if there was a patch out months and months beforehand that could've avoided all this, the end-user needs to share some of the blame for this... There's not much more Microsoft could have done for it, if they'd forced the installation of the patch they'd have been even higher on the privacy zealots' shitlists than they already are.
I do seem to recall in the back of my mind that there was some nasty side-effect of the patch though, although it escapes me at the moment...
They actually bought Windows in the first place!!
Intresting to note that they are suing over a SQL vulnerability. Why don't they extend it to the whole 9x line of releases for its insucerities?
But in the recent days of doze security, I feel the XP firewall is a good add in.
I do feel however that the firewall should be enabled by default, not disabled. I've tried products such as black ice and zone alrm to find them annoying and overly useful. this XP firewall is transparent and has no annoying warnings =) Good security move!
-Grumpy old man.
Is it true that more people vote for the winner of American Idol, than vote for the president? -Ali G.
Let it be noted that Microsoft already had SQL SP3 out which fixed the problem before it ever occurred. PSPD should try using a vulnerability that could actually hold water in court like Code Red or it's dirivative, or any other Word ActiveX open-execution macro vulernability.
You buy the software, you choose to use it, YOU DEAL WITH THE CONSEQUENCES.
True, Slammer was bad, but it's not like MS intentionally added it, and they DID agree to a EULA when they installed it. Of course software companies should be responsible, but it's not like MS isn't trying (though they're not doing a terribly good job.) Idiotic lawsuits like this set a bad precedent.
using namespace slashdot;
troll::post();
They're suing MS, because their (South Korea's) tech people suck? Correct me if I'm wrong but I'm pretty sure that MS had a patch out for the slammer months before the outbreak... it's their own fault if they can't keep their servers updated.
Username taken, please choose another one.
Well the GPL specifically says that it comes with absolutely no warranty and that if it happens to wipe out all your hard drive data, that's just too bad.
:)
Therefore, assuming that the GPL is immune, we can now relax and laugh at Microsoft's plight.
If they expect governments to enforce the overzealous EULAs, and to insinuate the product has real monetary value and it should be criminal to misuse it, then they should be liable for its actions. The door swings both ways. To use the ridiculous but relevant car analogy, check out Ford/Firestone with the tire recall, they hat to eat a big huge monetary crap-sandwich to make up for that. They also have to provide parts for cars for 5 years after they sell them, by law, and they must also be subject to anti-lemon and consumer protection law.
While I don't foresee Microsoft getting chastised, lambasted and castigated as it should be here in the US where being a rich company has many, many benefits, I do see an opportunity for Microsoft to have to be held accountable for its actions in the EU and Asia. Also in Asian countries the logic is: If you expect me not to pirate this, it better do something good.
I hope this teaches Microsoft that the venue by which they made the 40 billion they have sitting in the bank is us, the victims of pre-installs on new PCs (I believe 80% of the MSFT revenue is from pre-install), we should get a piece of that if we are wronged by the software.
There is a huge disparity between what is claimed on the glossy box and what is delivered in reality, and the consumer needs to be protected from fraud and fiscal liability due to product failure.
It applies to every other business. Software should be the same.
Also, EULAs claim the license isn't transferable and resalable, I content that this means it then has no value. No one can tell you you can't sell your used car.
Legalize the constitution. Think for yourself question authority.
If this goes through, it could set a precedent of liability for software bugs... that's bad, of course.
Here's an interesting thought: maybe closed source software could be hit harder by this because keeping the source closed could be considered hiding the vulnerability? IANAL, of course.
Another thing - aren't there liability issues for engineers in other fields as well - like holding a bridge engineer accountable if the whole thing falls down? Of course, a software bug isn't quite that serious, but still...
Google: AARD:
A Serious Message and the Code That Produced It.
Microsoft included a bug in the Win 3.1 Beta that caused Dr. DOS users to crash.
Unsurprisingly the makers of Dr. DOS lost their jobs, like many other victims of malicious code.
Hard sell for the exploit that caused slammer. Maybe other exploits/bugs.
.DLL. Even though no one ever used the .DLLs in question ( I think it was .hda, .hdq files ) they could have been. You could argue that someone could have written a program that used to long a URL and crashed IIS. The slammer was using a port in a way it was never intended to be used.
SQL has a pretty good record for security. The exploit had also been patched before the worm.
The exploit was not put in on "purpose". I guess it could have been, but that is a pretty hard to believe.
The virus spread fast, but only because there is not a million SQL servers out there exposed. So it spread across the web fast, big deal.
Furthermore good administration ( especially for a db server), ie. a good firewall could have blocked it. There is the desktop engine that could have been hit, but most apps that use it are still in the server category.
The exploit itself is not a defect. Sure it could be used by an attacker, but in itself it didn't make the software defective. This could spawn a big argument. Is an exploit that would never actually impede a program unless someone uses it really a bug?
Code red was a buffer overrun in an ISAPI
I agree that companies should be held accountable, but intent and the way a company handles the defect also.
MS essentially called a recall by issueing the patch. It said, send in the part and we'll fix it, but in a more modern approach. How can you sue a company that found the exploit and offered a free fix?
This seems to be quite a bit of a stretch. Of course it would make sense if they were suing for damages caused by the slammer fiasco, but to accuse Microsoft of intentionally putting the bug in there is quite ridiculous. Either way, the outcome of the case will have overall grave consequences.
--
Adobe's anti-counterfeiting softw
Anyway there is a very important point about *incidents* like this : they get people's attention about the completly crazy EULAs that some SW companies (namely Micosoft) and content providers (RIAA/Hollywood mob) are currently imposing to they 're costumers ...
imposing a bit of regulation about the limits of what could be put in a EULA is IMHO a very good think ...
if the ppl who launched this lawsuit make the
Cheers from Portugal
Obviously they haven't read Microsofts EULA for SQL Server 2000 which simply states:
Owned.
(I am not a Korean laywer)
Does anybody know if the click-through license is worth a rat's ass in Korea? Does Korean law give the plantifs an edge that they wouldn't have in the US? Any Korean laywers out there?
Right... South Korea's currently at 56% pirated.
Kim Jong Il pointed to buggy software produced at redmond as sure signs of american belligerence against DPRK.
"american hegemoney moust stop ! the secureless systems we have can be used to launch attack on our country", he was heard saying.
Siggy Say, Siggy Do
Quoting from the article: "The action is predicated on the country's Product Liability Act, which enables consumers to sue for damage resulting from products. There is some question, however, as to whether software qualifies as a product under the terms of the law."
IOW, they're going to argue that South Korea's Product Liability Act (a) covers software and (b) supercedes MS's disclaimers in the EULA.
Microsoft is distributing insecure software on purpose in order to boost the need for their 'trusted computing' master-plan.
Disclaimer: By reading this statement you agree that I will not be held responsible for any damage resulting from such use.
Who is stupid enough to sue anyone, especially Microsoft, for something they didn't have control of. Sure it could have been prevented, but seriously if they took the time to look over every inch of code to make sure there were no flaws, we'd probably still be using windows 3.1. If your going to sue Microsoft come up with something that will actually stand up in court ... Although I hate to say it Microsoft isn't really that bad, but they could be much much better.
Following Microsoft's audit of South Korea, North Korea has agreed to dismantle its nuclear program, fearing repercussions.
For wrecking Blizzard's Diablo servers.
or "or fitness for a particular use" is a concept in most legal systems and is what would determine this case. In the U.S., even if the license says "this may not work, tough.", the consumer still has a right expect it to work for the advertised purpose.
So you could recover damages from a car that explodes when you try to start it, since that's not what a "car" is supposed to do. But you can't recover damages froma car that explodes when you hit a tree, since that is outside the expected use of a car.
I'd say there's no case here since SQL did what it was supposed to do, it just had a flaw. Since the flaw was not covered by any warranty, tough luck.
-Ryan C.
-Ryan C.
This is funny, considering the crushing amount of spam that comes from misconfigured boxen in the .sk address space. As has been pointed out, the patch was available well before slammer hit. That they didn't apply it points more to poor administration than anything else.
The truth about Scientology, Xenu, and you: Operation Clambake
The agreed to the EULA before use, which specifically states that Microsoft wont be held libel for most things ( beyond original purchase price )...
So.. not much of a leg to stand on..
---- Booth was a patriot ----
If Microsoft wins then they still get to develop bug infested software and rape consumers at will. Bad (unless you're into that kind of thing).
Very simple. There's a lot of alternatives to Microsoft software. If you're stupid enough to fall for MS's "We render the Hacker Obsolete" despite protestations of a good percentage of industry professionals, it's your problem. Cope. You can't expect software to be perfect, _ESPECIALLY_ Microsoft products. Maybe this will coerce these companies that have had trouble to go with more secure open source alternatives and maybe understand that there is plenty of alternative to Microsoft.
One thing that's true to just about ANY EULA, including BSD, GPL, etc., is that there is no warranty on software security exploits. It's pretty explicitly stated on the Microsoft EULA as well. These companies can cope. It's a bullshit lawsuit and I don't even know why it's coming about unless it's to ward people away from Microsoft. Frankly, I think it'll garner more animosity than converts if you ask me.
Karma: Non-Heinous
Does anyone think I can win ... ... I'm planning on sueing ...
My windows PC keeps crashing
And besides, supposing the judge rules in favor of SK, it validates arguments against the OSS/FS communities, that there isn't anyone to be held responsible for the code. So I'm rooting for Microsoft on this one. Curses! Darn situational ethics...
regarding the poor incompetent sys-admins that you blame for the spreading, just a few quickies to you : did you read the advisory that MS posted regarding the *bug* and it 's side effects (at the time of the propagation) ? did you took a look at the patch application details (completly braindead)?
and no, thank god i 'm not a Win* sys admin
Think again
Cheers from Portugal
Okay - so if my neighbor is a jerk and runs through my livingroom with his Ford expedition - I can sue Ford for making a vehicle that is "defective" or "buggy" because it is capable of smashing through walls? Yeah, right.
And if I'm driving down broadway and clip a messenger on a bike - that's the auto manufacturer's fault for making a vehicle that can hurt someone? Yeah, okay.
Windows & SQL with Code Red and Slammer are like vehicles with an idiot behind the wheel.
Like suing mcdonalds for getting fat - it's not their fault you can't close your piehole.
With as rampant as piracy is in Asia, M$ can probably knock the case down to a single count since the only person that has a license over there is Bill Gate's sponsored Sally Struther's hungry child.
To Alcohol! The cause of, and solution to, all of life's problems.
SQL has a pretty good record for security.
I have noticed a trend recently that people are more and more often referring to SQL Server as SQL. This is wrong! SQL is an ISO standard, and this habit, which I have noticed especially among Microsoft staff, of trying to conflate the standard with the Microsoft product is just another example of the company trying to create a meme that is misleading.
Call me old fashioned, but I like a dump to be as memorable as it is devastating - Bender
Has anyone actually tried to interpret the SQL Server license agreement?
... accesses or otherwise utilizes the services of the Server Software (which techically includes every worm infected machine) and seeing as the server was behind a website, that would come under Hardware or software that reduces the number of Devices directly accessing or using the Server Software does not reduce the number of required CALs. The number you need is based on the number of distinct inputs to the hardware or software "front end." ...so therefore you would theoretically need a license for anyone who could access your site, which right now is a total of around 619 Million people if it is connected to the Internet.
In court:
Judge: "So can the court see the software license for this software?"
(shuffling of paper)
"Ah we see from this that you have 10 user licenses for your SQL server."
"Yes your honour"
"...yet your server was connected to the Internet - correct?"
"Correct your honour"
"But according to this license agreement, you must acquire a separate CAL for each Device that
*thud*
Judge:"...and then we have the Windows 2000 server CAL's..."
IT WON'T AFFECT OPEN SOURCE
When a company sells you a product that company is accepting a certain amount of liability for that product (unless you clearly absolve them of this liability via a legal contract). If the product fails to work as advertised, causes damages that it shouldn't cause, etc then the company is liable.
This does not describe an open source project however. I as an open source developer am not selling you anything. There is no implied contract between you and I. You are simply taking something that I'm giving to the world at large for free and using it however you wish (within the possible restrictions of a passive license agreement). If you use my product and it borks your filesystem, I am not liable. If you find a flaw in my product that open a security the size of Montana, I am not liable. You haven't bought anything from me. I haven't received a penny from you for my product. There is no contract, not even an implied one. Therefore there is no liability. Simple.
Saying that I as an open source developer am liable is like saying that I as a freelance author am liable for something I write if you quote me and found the quote to be inaccurate. I am not liable to you (I might be liable for libel if I was writing about a person as fact but I'm not liable to you if you quote me).
To think that an open source developer is liable is absurd. I can't believe the sheer number of comments thinking this will be the case. One comment was made that OpenSSL might very well be liable for an SSL exploit that was used to gain access to credit card information. That's absurd! That's like saying Anderson Windows is liable for not making a window that a burglar can't break to gain unathorized access to a home. Try to think before you type people.
The Hallilujia Chorus is heard...
Hopefully, M$ loses the suit and gets a black eye. Even if this whole thing doesn't help the OS community or even force M$ to change its evil ways, a black eye is better than nothing at all...
Blog Prophyts - Right On, Man
I'm just wondering where did all these click-thru EULA supporters suddenly come from? Any previous postings about licences went something like 'the EULA is not legal','I agreed to it but I did not understand it so it is not binding', and 'click thru licencing has not been proven in court'
EULA's have been one of the biggest things for slashdotters to complain about, now it seems everyone is supporting them and saying that ' the EULA states MS cannot be held libel and since the EULA is law and legal and binding they are SOL and can't sue'
WTF is going on? Bring back the normal EULA-hating world I used to love.
Don't let a single paragraph in the article dictate to you what this is about -- the people who are suing aren't SQL Server licensees, so the EULA has no bearing.
IANAL, but it seems pretty clear that the reporter missed the difference between damage inflicted ON a licensee and damage inflicted BY a licensee.
Regarding Microsoft's communication skills -- agreed -- but who would rely on Microsoft for all of their security info ?
Cheers,
JAKD
I think you meant that the pathfinder had 3 KNOWN bugs in it's software, nobody will ever know how many it really had...
"I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
While it is true that everyone who got hit with SQL slammer is a victim of their own actions because they purchased M$ products in the first, place and they didn't patch it. Seems their have been enough previous M$ security problems that everyone should no better. However the quality if commercial software pretty much sucks, and I think for the good of the industry and those who work in it if their was some impetus to improve quality. Maybe if companies were more concerned about quality then the race to bottom to hire H1-B's, off-shore work, and generally not give a crap about quality would stop. Unfortunately software companies will not be concerned to improve the quality of their products unless their is finacial incentive to do so, so maybe it is about time the users started holding software providers responsible for their products. No other industry has such a lack of standards, and such disregard for quality. Maybe the lawsuit is BS, but hopefully it is a starting point for a greater concern for QA throughout the industry.
MM
This post is provided free of charge, and with no warranty of fitness or merchantability.
You could've hired me.
why boxes at Microsoft were not patched against SQL Slammer. Do they sue themselves, fire the admin or simply replace the servers with free software?
Friends don't help friends install M$ junk.
I'll get modded down as redundant, but it needs to be said as many times as possible (and I don't see much of it in this thread [reading @ +1]):
A legal remedy here would set a really bad precedent - as a software developer who is not unrealistic about my skill level, I am terrified of software liability becoming either law or accepted assumption.
If MS loses this, I see absolutely no way I could defend myself if, god forbid, a program I wrote or even maintained caused catastrophic dataloss, or in worse cases, physical injury.
Note: Ironically, just *yesterday* I was bitch-slapped, albeit in an odd way, by Slammer: in certain situations, applying one of the hotfixes to SQL server that closes the Slammer vuln. without having SQL Server SP2 installed *completely* horks up SQL Server. The ISP (Rackspace) of a dedicated rack unit I "manage" on contract (client has almost no $$$) installed said hotfix in the process of physical maintenance, so I got a panicked call from my client in NYC that the "server is down". A couple of hours worth of research later, I was fine, but it sucked my afternoon away.
I hate the stacks of dependant/conflicting patches and service packs, not to mention the damn bugs, but I'd prefer to take the risks on this end than be open to litigation of software I write contains bugs.
--astro
I'm also wondering if/how many of the copies of Windows that precipitated in Slammer were legal. Asia is notorious for its pirated software problems. Not that I'm insinuating anything but Microsoft might be able to say "Well a lot of the machines were illegal anyway therefore in breach of our support. I'm sorry but we can't be held accountable for criminal use blah blah blah-"
Possible?
What is music when you despise all sound?
Gates: Hey lapdog...get over here!
Ballmer: Sir, I don't like it when you call me...
Gates: Shut up lapdog.
Ballmer: Yes, sir.
Gates: Buy Korea.
Ballmer: What's by Korea?
Gates: No, purchase it.
Ballmer: Which one?
Gates: There's more than one?
Ballmer: North and South.
Gates: Oh...does it matter? No. Buy both.
Ballmer: I don't have that kind of money sir.
Gates: Charge it to the company.
Ballmer: Yes sir.
I got nothin'.
It could be, now that M$ thinks of security as a "profit center".
Other than that, they have consistently ignored everyone else's advice about everything from email to security models. What sane person makes an email client that runs as root and automatically executes code sent to it? They were warned and ignored the warnings for whatever reason. There are many instances of pure negligence on Microsoft's part. We have all paid for it too.
Friends don't help friends install M$ junk.
Microsoft's dislcaimer of warranty is ineffective on several levels. First, under the UCC, a purchaser has a right to a "perfect tender" - that is that the purchase perfectly conforms to what whatever was purchased purports to be. For example - you could not sell a vcr that only worked 50% of the time when it felt like it, or only on a wednesday, (unless you disclosed that up front) and the purchaser agreed in a definite and seasonable expression of assent. Some legislation has proposed so scale this back in the terms of software (UCITA).
Second, products come with an implied warranty of merchantability and fitness for purpose. It essentially means that they are manufactured correctly and that they will be able to do what it is claimed they do.
Bottom line is that anyone can claim that there is no warranty that goes along with their product, but some warranties the court will imply and refuse to not enforce, or will enforece other law tantamount to a warranty. The implied warranties above are examples of those that rise above that of contract, that they can be enforced regardless of what is put in the agreement. The agreement may create a presumption that you have waived these rights, but the court could also find that agreement void as unconscionable.
Suggestion: some level of government should add a law requiring that any software their department uses HAVE A WARRENTY. Everyone right now disclaims warrenties (MS, GNU, etc.) - with a new market requiring software warrenties, the most secure software will actually win! Any guesses where I'll place my bets?
A witty [sig] proves nothing. --Voltaire
Unless I missed something, these AREN'T SQL Server licensees ... hence, EULA doesn't apply.
Cheers.
They should at least have a warning during installation of the software for those who aren't aware. Sort of like the "unplug your computer before installing" warnings that come with hardware. Something like:
WARNING: Unplug your computer before installing this software. And under no circumstances should you connect it to a network until all the patches have finished downloading and installing.
This text is not here.
Fuck the system? Nah, you might catch something.
--didn't think of that one. If software isn't a product, then what is it?
I am not sure on the entire liability issue right this second, but comes a time that any "industry" needs to come to grips with reality, and I think that time will be soon probably. Computers and the software to run them have had decades now to get established and to come out of thier "honeymoon" stage, with the EULA "get out of jail free" cards. the hardware is warrantied. The software sure needs something.
There needs to be some sort of consumer protection and warranty. Eventually there will have to be, it's about inevitable. Everything else man made has one. If that means much less "new" is released and a lot more "improved", I'm all for it. If it means less variety but better quality, I am all for it. If it means that "paid for-sale" software with a warranty gets so expensive that "free" dominates with a shareware and volunteer concept, I'm all for it. and I see that as an EXACT dividing line, it's for sale, it needs a warranty, if it's a "freebie, here try this, see if you like it" type deal, it doesn't need a warranty. I think that is fair and rational.
OR, wait until a few more worms or whatever hit all one day, the mother of all net shutdowns, and have the government force something down your throat that is beyond a warranty into planned, controlled, licensed.
As an aside, can you imagine the first major software vendor TO offer a warranty? How much of a marketing edge would that be, given they had really done their auditing and were actually confident their offering was decent enough to offer the warranty? I think they would get uberrich, well deserved cash for superior outstanding coding efforts. I know some custom stuff does, but anything major mass market? Does it even exist yet? I honestly don't know, but myself as joe consumer, I might just be tempted to purchase an OS offering like that, and pay much serious cash for it.
most EULA state in legalese what I'm about to paraphrase: "If you lose money as a result of using our software, it's your loss and yours alone. You cannot sue us for damages even if the damages resulted from using our software."
Oh yeah - remember, you never own most commercial software packages - you but the right to use them only.
When will people realise that buying software from a large company such as i.e. Microsoft isn't going to get them more "rights" then using free software is going to get them. Both camps have a none liability clause, which means, you can't sue either of them for damages! But at least one camp (which shall remain nameless) has the option of sending them a check and make the software you use more usable/bugfree for them. Also, you have the choice of hiring a third party code-reviewer /directly/ , who /can/ be sued directly if he fsck's up reviewing the code. This model, called free, or OS by others, is based on the knowledge, or merit of this particalular individual. So, why take the risk of challenging a EULA to which you've already agread, when you can sue a freelancer who doesn't come around with what he/she promissed, namely a secure system.
Free/OSS software is a risky bussiness, that's why only the best of the best apply. Think about that before your next "convenient" purchase!
First, if Microsoft's EULA already prevents them from being sued, software is as-is, why do they release patches in the first place?
This isn't a question about whether or not a user can sue, but a more basic matter of accountability and responsibility. These are the most fundamental issues in selling anything to the public.
Microsoft is responsible for this snafu, but they have never been held accountable. Their bugs, their glitches, their crashes. Its become a running joke with techies. It shouldn't.
When Slammer first hit, people said installing the patches required taking down the servers, running several patches, and praying it still worked. No garunatees about anything. What's the justification? Time wasn't available. Who could afford to do this? How high was it on MS list of things that had to be done?
But no one is mentioning those same arguments now. Its South Korea's fault for not doing the updates.
As I recall weren't the patches buggy enough to cause another major security hole?
We know Microsoft is responsible. We know who should be held accountable. But MS throws in a disclaimer and all is good. The disclaimer is not a silver bullet. There must be accountability for faulty software, no matter who wrote it.
Will it stifle open source development? Probably scare off crap coders is what it will do. If everyone working together reviews, checks, and verifies, they are going to catch most of the bugs before it goes out the door. The remaining bugs are fixed with patches.
I honestly don't see anything wrong with suing them. The EULA is not a catch all. The EULA should be thrown out, and rewritten. Users have the right to hold developers accountable.
Its about time someone figure out how.
Strangely, none of the posts so far have mentioned the author(s) of Slammer as being one of those responsible for this mess. They're certainly harder to find (ok, they'll probably never be found), but shouldn't the culpability be shared with those who exploited the problem? It's not as though the server didn't perform its primary function correctly (storage and retrieval of database records), it's that it had a security vulnerability.
To borrow the Ford Pinto analogy from previous posts, it seems somewhat like somebody cutting your brake lines and then you suing Ford for making the lines so easily accessible. I think the person who cut the lines is truely responsible.
.. now that is really superior point. I think you might have hit on an inkling of a class action case there. WHAT IF, all the thousands of companies who WEREN'T running microsoft anywhere could show an historical record of constant microsoft vulnerabilites that actually caused THEM verifiable business loses? Over and over and over yet again? You can show the court you are trying your best to run a business, but constantly you suffer losses. show the judge and jury the hard figures. How many hosters and non microsoft users could you get to sign on for a class action, and pick a judicial venue with a chance to at least get heard?
It's (the debate on eula and liability) always been about people who installed microsoft and clicked the EULA. To stick with the beat into the ground car analogy, how long would the driving public at large put up with broken down belchfires littered all over the roads, just causing a mess, knowing they will always cause a mess, with belchfire rakeing in the profits to beyond ridiculous levels, before belchfire, inc. wound up in court?
Any reasonable judge and jury would conclude thaty belchfire wqas a public menace and ban their cars from the roads after the third time the nations interstates got shutdown almost completely. I mean, they probably would do that. Well???? Between viruses and worms and whatnot, that's a LOT of money lost over the years while microsoft stands back and goes "neener neener neener, we have a get out of jail free card, neener neener, suckers" whilst standing on top of cash mountain..
Umm.. Microsoft didn't launch the attack, the dude who write the Slammer exploit did. Sue the criminal for causing the damage, not the device he used. Might as well sue gun manufacturers for not making guns human friendly.
"Derp de derp."
Actually, a better analogy would be if you did lock your door - but a vulnerability was discovered in the lock that made it (say) openable by jiggling the handle. Yes, you should get a new lock - but at your own cost, when it was poor lock design to begin with?
An unlocked door would be like leaving the root (or administrator) password blank, and the account enabled.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
I think they are evil as much as the next guy, but currently they do hold water in the legal system...
Until that is changed, suits such as this will be simply dismissed....
---- Booth was a patriot ----
One of the advantages of using M$ products according to M$ itself is that with Windows, there's someone always liable for the product (as opposed to, say, Free and Opensource Software).
Well MS asked for it.
The news here is not so much that MS might be held accountable for their product, they won't be, and for about a gazillion reasons.
The news is that someone actually decided there was some benefit in even bringing up such a hopeless suit. Maybe they are trying to shake down MS ? Dunno. But the news for me is that someone would even bother to bring this suit on in the first place, considering the defendant in it.
Hey, no one is perfect.. And the point DID get across, true?
---- Booth was a patriot ----
Like it or not, open source writers are part of a software community that includes Microsoft. If Microsoft loses a case like this, there is no reason why someone couldn't bring a suit against open source writers who "put bugs" in the software they write as well as all of the open source community (most are easily traceable) who didn't catch the bugs. Of course, not being Microsoft, we'd pretty much have to throw up our hands, scream uncle, and pay since it takes money to win one of these cases. Let's hope the world stays focused on Microsoft and the other biggies and stays away from the small fry.
Actually, there's another point there in that the way you win one of these big cases is to first build precedence against those who can't afford to defend themselves. If some consortium of law firms in the US were to decide to take a real attack at Microsoft, they would first prepare the ground by attacking those who can't defend themselves for a couple of years.
So, whose going to develop the means to use cvs while masquerading who you are?
If there is any legal eagles in the audience, what is the precedent involving a seriously defective car that causes injury/death/damage? This defect would have a notice sent out somewhere/somehow offering the capacity to take the car back to the shop and replace the defective part, but the user either didn't know or didn't follow through with the effort involved.
This seems to be what this software has done: there was a defect and a capacity for a customer to do work to fix it, they didn't do it, and damage resulted.
Any cases like this with products in the automotive area, and did they favour the defendant or the plantiff?
Best wishes,
Robert
-----
Cast a Cold Eye
On Life, on Death
Horseman, pass by
--W.B. Yeats' gravestone
In American law (and presumably that of Korea), there are certain things that one cannot sign away. For example, river boats always use to make passengers sign a waiver (essentially an EULA) saying that they were not responsible for luggage lost if the boat sank. However, it was decided in a famous court case that this was an unreasonable requirement. Ever since that case, all river boat owners were responsible for recompensing passengers for lost belongings. Depending on Korean law, MS may or may not be responsible for damages caused by its products performance, regardless of what the EULA says.
The argument in your second paragraph is easier. Car manufacturers *are* required to recompense people for damages suffered when their car failed to operate properly. (Or McDonalds paying $8 million for someone who spilled coffee on herself.) There is always plenty of blame to spread around. The question is if there is enough blame due MS to convince a Korean court to make them liable.
Regardless of whether it is possible to make software that is 100% bug free, it is certainly possible to make a greater effort to remove bugs than MS makes: a longer beta period (and cut it out with these unrealistic dates for next release), more quality assurance efforts, hiring Kevin Mitnick to try to crack it, etc.
Even if MS loses this lawsuit, it won't end software releases. They'll buy liability insurance and do more testing (as mandated by their insurer). Compare this to the medical field: not only must all steps be taken to fix damage caused by negligent behavior, but compensatory damages are paid as well--thus the high price of malpractice insurance.
Open source software is both more and less vulnerable to this. More because it is transferred without charge and cannot simply increase its price to include the cost of insurance. Less, because there is no charge and thus no claim against earnings or property (and there may not be any property of the programmers in the country that is using the software); further, since the source is available, it is more reasonable to claim that due diligence involves checking for bugs (and fixing them--something MS software users cannot do). Note that distributing binaries weakens this somewhat over source only distributions.
I don't see this as a valid lawsuit. Microsoft had relesaed a patch for the vulnerability that slammer uses months before the worm showed up.
Truely, if any one (or any company) deserved to be sued for putting out shitty software, its Micro$oft. ...But, I think that this is a really bad idea and sets a very bad precedent that could ruin the software industry as we know it (and I'm including Open Source here - especially open source).
...Not that OSS would die altogether, but we would have to start releasing code anonymously.
If people start flinging lawsuits at software producers then it'll kill open source pretty quick (OK, maybe kill is too strong; how about 'chill' or 'drastically reduce').
Micro$oft at least has $40Billion in the bank to fight such suits, but your average open source programmer doesn't have enough cash to even hire a lawyer for a couple of hours. These sorts of lawsuits could quickly have a chilling effect on OSS creation.
If you could sue companies for this kind of software errors and win. the prices of sofware would rise to astronomical levels, as companies would have to compensate for the risk of losing money in large lawsuits. This would mean that you could just as well do all your development in house, and if you started out by expanding GPL:ed source for your in house projects you would certainly not release your program to the general public for the same reasons.
God is REAL! Unless explicitly declared INTEGER
For those of you hoping to see MS lose this one, think for a minute how RedHat, Lindows, Apple, etc would be in any different of a position. There has been a lot of root exploits lately that required patching. Is everyone going to sue RedHat?
I'm reasonably sure MS could write an OS that almost never crashes it that was their primary goal. The problem is, you'll run it on hardware that they have validated and ok'd, and it will probably cost 20-30k for a copy.
This is merely another example of the old software tradeoff: good, fast, cheap, pick 2.
the eWeek article is refering to this Chosun Ilbo article in a Korean daily newspaper. The lawsuit is part of the 3 way lawsuit against the South Korean Information Minister, ISPs, and the South Korean division of Microsoft. Again this is the SOUTH KOREAN division of Microsoft for failing to inform Korean ISPs of the patch and its signifigance. These are people and businesses who were knocked off the grid for days and had nothign to do with microsoft's licensing. Thus a class action lawsuit. The idiot poster makes it sound completelly different.
They can't sue m$ for this.
1) A patch exists.
2) Software has bugs. It's a fact of life. If you dont' like bugs, don't use software. (Or hardware for that matter).
3) M$ never claimed their products are perfectly secure. "Secure" is relative. M$ platforms are secure to an extent. Weather that's goo enough is up to the individual.
Once again another case of M$ being in the right. I hate these, but it's stupid to say they're bad JUST because they're M$. They do enough bad stuff to satisfy anyone's faming needs. I'm glad that a fair number of perople do oppose this, though.
Yes there was a patch out BUT it couldn't be installed on a great deal of systems without some serious hacking, something which Microsoft ADMITTED TO. It actually broke some installations. Not the kind of thing you want to be responsible for as a BOFH on a SQL Server serving 10,000's of users.
Conor "You're not married,you haven't got a girlfriend and you've never seen Star Trek? Good Lord!" - Patrick Stewart
It's more like someone tells you that they found out that all the locks from some manufacturer use the same key--are you then liable if you did not get around to changing the locks before someone uses their key to open the door and steal all your stuff? Does time make a difference? What if you find out after the theft, at the moment of the theft, seconds prior to the theft, an hour, a week, a year? What if you there is only one lock manufacturer (although a door manufacturer includes its own locks with its products and there are instructions on the internet to make your own locks) and the last time they had to replace locks with a problem it turned out that they didn't actually lock? What then?
To get back to reality, there are plenty of reasons not to patch servers. Notice that the Slammer crashed parts of MS's network. Further, note that the patch you mention was cancelled out by a later patch so that people actually had to apply a third patch to eliminate the vulnerability. Again. Does it make a difference to you on which patch they were? If the patch came out yesterday, last week, last month...
MS patches are just as buggy as the original software (in fact, they might be even more buggy, since they don't go through the same review process as the original release does). On a production server can you afford to take the risk that MS's patch of the week won't cause data loss or introduce a new security vulnerability? Is it reasonable to expect small installations (with only one SQL Server, maybe as an SBS 2000 box) to be able to keep up with the massive amounts of information that come out and choose the correct patch schedule?
To get back to the Pinto comparison, what if you did look but you couldn't see because there was a tree? So you inch out a bit; then a bit more; then a car coming around the blind curve hits you because the driver happened to glance away at the critical moment? Both you and the other driver are badly burned in the explosion. You were both wearing your seat belts and would have been uninjured if not for the faulty gas tank. Who's responsible for the burns? It's not at all unreasonable to claim that the *burns* are at least partially Ford's fault. This is the most analagous to the MS situation. The maintainers followed a reasonable, albeit unagressive, upgrade path (the same one that many MS admins followed) and got burnt.
yet if your car was to suddenly veer off the road from a known defect you'd expect the auto company to deal with it! Driving the car down the road doesn't generally cause the wheels to just 'fall-off'! That is the issue with MS.
Maytag repair guys are what 100,000-to-1 with their insalled base? even doctors are about 100-200-to-1. yet PCs are supposed to be 10 or 20-to-1 for admins. It's a crock! If any other business system was this terrible, it would be bankrupt in a year! And MS only answer is that the admin should run around and babysit the system? They offer automated updates, then again blame the admin for not "testing". You all check the gas quality going in your car before you fill up right. Or, you consult medical texts after going to the doctor just to be sure he called your illness right.
I'm sorry, this stuff should just work. Compaies have invested 10 years and billions of dollars into windows and it still doesn't just work! Billy designed the system so that MS had 'plausable deniability' After all, they don't make hardware [not their fault], or drivers [not their fault], or systems [oems didn't test, not our fault], or software [sure we have Secret APIs but not their fault], they pretend to train admins [but not their fault if admin shamans don't dance right], and of course users because they make the computer do "stuff" MS might not have planned! [if MS did plan it, they'd charge more!] They have no techincal support without outrageous fees [Linux cost is mostly support--and you can afford to use it!] Well, it's basicly like OSS only costs more. They offer the same package of benifits!
That said, I don't think a lawsuit is the way to go either. We're trying to get rid of stupid IP laws, not tie ourselves to them more! If the liability cost of software goes up, then free software will die a horrible death. We're not sophisticated enough to have software "building codes" yet and license "Software Accountants" to set them up. Even then without 100% control of a system, you just can't have that kind of liability...Then again, maybe that's what MS wants [OK we know they want it] total control of the systems and your wallets!
according to this Korean page, defendants include major Korean ISPs (KT, Hanaro et al.), Korean Govenment Dept. of IT, and finally, Microsoft. So they're suing the dumb admins and M$ altogether.
Maybe the confusion arose from the source eWeek is refering, Chosun Ilbo. It's not a very reliable source for arguable matter. Believe me... In case you can read Korean, that is to say.
If you dont agree to the EULA then you dont have a license to use and are a criminal, so you cant sue anyone over its problems...
Even blows the case earlier in the process of a simi-legit complaint.
I agree its a different country with different laws, but Microsoft doesnt have to abide by any stupid judgements either.
---- Booth was a patriot ----
They do enough bad stuff to satisfy anyone's faming needs. I'm glad that a fair number of perople do oppose this, though.
WTF? This gets modded up? This moderator's just as illiterate as the poster...or as much in a hurry as the moderation just "gets things done quickly..." - better hope that the doctor who has his life in your hands spells the prescription right before you start taking it...or hope that he/she knows the difference between UV and IV...
db
Cig:
ôô
UCC is a United States law. What do the south koreans have?
The fact that Bush mushes together the Koreas for the masses is kind of in line with him claiming that we bombed Iraq because of terrorism.
May we never see th
Why is legal liability for faulty software such a bad thing? I just don't understand why so many /.'ers are so against this.
Every other profession is legally liable for what they do.
There's kind of a pragmatic issue here.
Knowing about an issue and not releasing a patch or at least an alert could reasonably be considered neglient. We *have* the technology to do so, and there's good reason for having the justice system punish people who do not do so.
However, we do not currently have tools that can check for any and all errors in programs, and do not currently have the ability to write bug-free programs that are in the hundreds of thousands of lines or more. Thus, there's not much point in punishing people who release buggy code -- because it can't possibly make people produce bug-free code.
Now, there are a few exceptions. Civil engineering can involve quite complex systems, and at one point we didn't have good methods to see whether a civil engineering project is flawed. However, they're generally well understood, and conceptually simpler than a large software package. Furthermore, the failure of a civil engineering project can frequently cause immediately and unavoidable loss of life. Computer software can *sometimes* do so...and software developers that are in this position generally are considered to be liable.
May we never see th
There is a fundamental difference between software sold by Microsoft and software released as open source. Open source, effectively, is someone tinkering with code, and revealing everything they do, good and bad. Open source is about doing cool things cooperatively. If someone wishes to use the product - great. But then let the user beware.
Microsoft is *selling* a product. They are taking *money*. The are providing a product/service for a fee. Money being the universal exchange of value, it is expected that you receive an equivalent value. Having spent money, you should, in capitalistic principle, be allowed to hold some reasonable expectations - that is that the damn thing works.
You see the difference? Open source software is not a product. It would be like a kid in your neighborhood putting together widgets and giving them away. You can't sue for good will. *Selling* widgets, on the other hand, implies a responsibility.
So, if any precedent is set by this, it will be that software manufacturers should be liable for the mistakes they make. And frankly, it's about freaking time that was established. All this nonsense about "software is not a product you can put a warranty on" is wishful thinking at best, and softheadedness at least. If you can charge 10K for a software package, it had better be a product or the system is totally messed up.
Sidebar from an article on Slammer in the Feb.3, 2003 issue, page 12:
... it's only with Service Pack 3 that it became easy to install".
"...many IT departments did not install the initial patch because installation could not be scripted. Instead, DBAs were required to manually stop each instance of the software running in their organizations, rename or remove some files, and paste the patch files into each instance
~REZ~ #43301. Who'd fake being me anyway?
Gates: we have been forced by international presure to ensure that all supported software is up to date and all un supported software is deactivated. All of your servers are belong to us.
I buy a car. It has defective seatbelts. Ford recalls the car, but I don't take mine in to get it fixed.
6 months later, can I sue them if the seatbelt fails?
Interesting how the lawyers will field this one. It will probably come down to how accessable Microsoft makes it's patches.
I'm sure a few thousand mostly African-American Floridians will have some problems dismissing the fact that their incredibly important vote was prevented from being made. Losing one's voting right for no good reason is not a trivial thing. I'm not talking about pregnant and hanging chads here--more people lost their right to vote in Florida in 2000 than the number of votes difference between Bush and Gore. Since the Democrats don't seem to be concerned with the matter, and the Republicans benefit from pushing the issue aside, these voters have no major political party to turn to for getting off those scrub lists and regaining their right to vote. A lot of the people on those scrub lists were believed to be Democratic Party voters too.
The same company that prevented these thousands of (disproportionately African-American) voters from voting in Florida in 2000 (a Choicepoint subsidiary called Database Technologies) stands to be paid millions of dollars by the Bush administration to collect detailed personal information on the populations of foreign countries.
If this is the first time you've heard of these would-be voters, consider reading "The Best Democracy Money Can Buy" by Greg Palast, an American investigative reporter for the BBC who broke the story that was largely ignored by American popular media (and appears to be treated as somehow trivial today).
So, no, I won't forget about it and I won't push it aside as some historical footnote. The U.S. Presidential election of 2000 was not as simple as pushing the election decision to a handful of U.S. Supreme Court judges.
Digital Citizen
An insane heavily armed brother living in the upstairs flat who is currently playing chicken with the Tactical Armed Response Group who are camped in the living room. A bunch of neighbours who stole their house once and might have another go. An uncertain job in a dying industry.
Their only bright spot is they have Broadband . And an obsession with lan games that has led to some playing themselves to death. Then MS lets Slammer close down the korean system.
It's a wonder they haven't f**king invaded Redmond let alone sue.
You say the car manufacturer isn't liable if you send your car into a tree leading to catastrophic failure.
But what happens when someone else sends a tree into your car leading to catastrophic failure AND exploiting the design of your car to send trees into your neighbors' cars, some having the same design exploitability?
A car with a faulty lock and a canopy roof that can be used as a makeshift a catapult is rather suspect, even if you tell the car owners how to use a welding iron to fix it and offer free single use welding torches to the affected owners.
Someone set us up the bomb, so shine we are!
Certainly until this comes to court (wherever), it will be pretty hard to tell what this really is about. However, in looking at the PSPD web page about this lawsuit, it appears to me as if it is claiming damage to all Korean Internet users caused by the MS bug (hard to dispute), and the crux of the question the court will have to decide is whether MS was negligent in allowing the bug to be released. The claim is that by negligently allowing the bug to escape Redmond in the first place, MS shares responosibility in the consequential damages that ensued.
All these comments about EULA, and whether a product was purchased, and you get what you pay for, and Open Software has no warranty, etc. are not relevant.
If MS released software into the wild which caused widespread actual loss to Internet-connected systems and their owners, whether or not those owners were MS customers, then is MS liable for those damages?
Starts to sound like going after the author of a virus/worm. The boundary between the actual virus/worm which exploits a security flaw and the ubiquitous system which contains the flaw gets very fuzzy in the eyes of a lawyer who might be able to prove negligence.
Of course, IANAL (sounds pr0n-like, doesn't it?), but I wonder about ambulance-chasing or its equivalent, and definitely view it with mixed emotions. No matter how much I might side with the plaintiffs in this case.
In theory, practice and theory are the same. In practice, they rarely are.
And it is easy to craft simple software that is perfect. Take something like an FFT algorithm. It is easy to write one with no flaws of any kind, that'll do its job perfectly. However, take a whole computer, with OS, drivers, and software, all written by different people, all interacting and you will have problem. What's more you have to deal with the element of improper use. Exploits like the slammer worm are a misuse of the software. It was sending data tot eh SQL server in a non-standard, unapproved, and non-useful way. This caused undesired behaviour.
Sorry, but when you take all that, it is basically impossable to design a perfect complex system, software or not. I mean, take a car, something which is rather less complex, more mature, more expensive, and better understood than a computer. Even when used as intended, problems crop up from time to time (hence safety recalls).
However when used not as intended, you can have catastrophic results. Cars were not intended to be impacted into other objects, espically at high speeds. Car maker realise that this is something that may happen, so they try to design to help, but it still doesn't do much. If you run your car into another car at, say, 80mph headon, you will disable both cars beyond the point of repair and most likely kill everyone involved, espically if you neglect to use your seatbelts.
This is a known fault, and there ever are some ways to help prevent it from being as problematic. A race car cockpit and associated safety harness, for example, will have a much better chance of keeping an occupant alive at those speeds. However it is impractical for many reasons and so not used.
Now compare this to the SQL worm. This was an unknown problem with the design, only discovered later. It could only be caused by unintended and unadvised operation, hence it not being initally known. When it was discovered, a patch was released that completely eliminated the problem. Also, the problem could, and should, have been made totally null by using an additonal safety device, a firewall. Finally, the result of it was just network and system downtime, not injury or death.
Given how complex computers are, I don't see this as being a problem of the software companies. They wrote software, tested it and believed it to operate proerly, and fixed it when a problem from unintended operation was discovered.
No, it's more like your friend Larry made some rope and has extra, so he gives it to you. You decide to go mountain climbing with the rope. Larry never said it was safe for anything, let alone using it to suspend yourself over a 200 meter high cliff. If the rope breaks and you fall, then should you (or your surviving family) really feel justified in suing Larry?
They'd probably get a tax break for it too, so in a round about way, it will all be thanks to the American public. :)
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
The parent post was irrelevant and absurd. With that in mind, I will make a contribution of similar value.
It is official; Netcraft confirms: Stephen King is dying
One more crippling bombshell hit the already beleaguered Beowulf Cluster community when IDC confirmed that Stephen King's market share has dropped yet again, now down to less than a fraction of 1 percent of all Hot Grits sold. Coming on the heels of a recent Netcraft survey which plainly states that Stephen King has lost more market share, this news serves to reinforce what we've known all along. Stepehen King is collapsing in complete disarray, as fittingly exemplified by failing dead last [samag.com] in the recent Sys Admin comprehensive networking test.
You don't need to be a Kreskin [amdest.com] to predict Stephen King's future. The hand writing is on the wall: Stephen King faces a bleak future. In fact there won't be any future at all for Stephen King because Stephen King is dying. Things are looking very bad for Stephen King. As many of us are already aware, Stephen King continues to lose market share. Red ink flows like a river of blood.
FreeStephen King is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeStephen King developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeStephen King is dying.
Let's keep to the facts and look at the numbers.
Natalie Portman leader Theo states that there are 7000 users of Natalie Portman. How many users of In Soviet Russia are there? Let's see. The number of Natalie Portman versus In Soviet Russia posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 In Soviet Russia users. 1. 2.??? 3. Profit! posts on Usenet are about half of the volume of In Soviet Russia posts. Therefore there are about 700 users of 1. 2.??? 3. Profit!. A recent article put FreeStephen King at about 80 percent of the Stephen King market. Therefore there are (7000+1400+700)*4 = 36400 FreeStephen King users. This is consistent with the number of FreeStephen King Usenet posts.
Due to the troubles of Walnut Creek, abysmal sales and so on, FreeStephen King went out of business and was taken over by Waggly Cocks who sell another troubled OS. Now Waggly Cocks is also dead, its corpse turned over to yet another charnel house.
All major surveys show that Stephen King has steadily declined in market share. Stephen King is very sick and his long term survival prospects are very dim. If Stephen King is to survive at all it will be among OS dilettante dabblers. Stephen King continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, Stephen King is dead.
Fact: Stephen King is dying
So Microsoft are surprised that people use their SQL Server software to run databases on the internet?
Get your own free personal location tracker
Hear, hear!
If you put an SQL server on the internet, open for the world to see, you deserve what you get.
If you put a windows box on the internet, even more so (not that the system is terribly insecure in theory, but it's difficult to keep secure and there are *very* few competent administrators out there that can do it).
A windows box with MS SQL server, on the net, open for the world - what did they expect?!?
Sue the fuckers! When I take over, people like that will be toiling in the uranium mines (along with a few other selected individuals).
The SQL Slammer vulnerability had been patched for MONTHS prior to the appearance of Slammer....how the hell is MS liable for thie sysadmins not having the freaking brains to patch their software? I give this the finger.
Right now the "no warrenty" clause in microsoft's EULA protects them. But this is outragous. They are SELLING a product and make many advertising claims about how great it is. The law needs to be changed so that when you sell closed-source software, you are required to warrent your product regardless of the EULA.
my salary will go up since people might sue me for mal-practice like a doctor if I screw up? :)
That's a scary thought though, that I could be liable for any bad code I write... er I mean, this would have no affect on me because I'm a genius and never make a mistake.
As much as we all like to harp on Microsoft and how much there software sucks and what not this kind of lawsuit sets a terrible precidence.
Sure, I realize that GPL'd software typically says the software is distributed as is with no warrenty or guarentee... blah blah blah.
However, having written some GPL's software myself I have to ask the question, how am I going to pay to defend myself if I get sued next? The answer is simple, I can't.
We all know that lawsuits, no matter how rediculous can crush the little guys. If Microsoft losses this lawsuit then it just makes it more likely others will be sued for similar types of things.
People have to realize software has bugs. Not just Windows, but all software. I think it is perfectly reasonable to expect a fix for a bug or security hole in a timely manner. I have to say, as far as I know Microsoft acted in a timely manner with regards to this situation.
Of course I agree Microsoft should take security into mind earlier in the design process but I don't think they are sitting there in Redmond making software they know is going to be riddled with security holes and bugs. It really is unfortunet that the average consumer would rather buy an operating system because it has semi-transparent windows and a large collection of avaible 3D games then a solid security record. Which of course means that we whom care about things like that get hung out to dry because we make up the minority of the userbase.
So anyway, for once I hope Microsoft actually wins a lawsuit so that perhaps we don't have to deal with such rediculous lawsuits here in the open source community in the future.
Comment removed based on user account deletion
Comment removed based on user account deletion
..can run you over with...
Loading...
You don't have a case or anything, and you wouldn't win if it went to trial, but you could sue some random guy, and most random guys would settle rather than have a trial. Especially if you've got a lot of money and could somehow work copyright infringement into it.
IIS runs only 25% (and sinking) of webservers, yet ALL mass-infections so far hit it and none Apache which runs over 60%.
I don't know where you got that idea. There have been two MAJOR Apache worms in the past year.
I've also heard these signs referred to as "dust in the eye" (I can't find a link, though). Signs such as "management not responsible for theft or damage" are not binding but at the same time posting such a message is not illegal, either.
Well, hey, I didn't spend all those years playing Dungeons and Dragons and not learn a little something about courage.
The problem will be that this lawsuit is prohibited by MS's EULA. If the company was using Windows and MS SQLserver they accepted that agreement, if they didn't accept the agreement they either wern't using said software or were using it illegaly (w/o accepting the EULA). This lawsuit is dead in the water!
The lawsuit is not even close to dead:
There is a chance that the EULA could be treated like a waiver. In US courts all waivers of responsibility are seen as attempt to avaid liability. Every lawyer says to use them and not one has ever stood up in court. They intimidate some people into not fileing a suit but have no value if challenged.
Professional Politicians are not the solution, they ARE the problem.
~If MS can't secure their own network from their own products vulnerabilities what hope does their customers have??
AS if MS does anything but development and Sales. From what I know, they outsource their own MIS and Tech Support. I know of at least two companies that do this role for them.
"the difference between myself and a madman is that I am not mad" -Salvadore Dali
Comment removed based on user account deletion
I think you missed part of the thread. I was talking about free/open source software.
OK, the patch was a bit of a pain to install. So, let's say after review it was found that patching wasn't worth the downtime.
How bout them firewalls? If your MS SQL server has to talk to others over the internet, how bout restricting that port to certain IPs?
-- taking over the world, we are.
is just another example of the company trying to create a meme that is misleading
Do you realize how paranoid and conspiracy theorist that sounds? If you worked with SQL Server all the time, or read about it much, then it's very convenient to not say "SQL Server {2000}" anytime you want to refer to it. Folks don't use "GNU/Linux", or "Red Hat Linux 8.0", or "Microsoft Windows XP Professional"--they say "Linux", "Red Hat" and "Windows". Linguistically, it's perfectly natural.
There's also something to be said for what's necessary to successfully implement a patch in a corporate environment anyway. As a recent discussion about an update in Office 2k mentioned, the sysadmin also wouldn't be doing their job if they simply deployed an untested patch in to a live environ. While it's true the patch was out for sometime beforehand, how many other patches, also "critical" were made available at about that time and since, and what criteria should one use to decide which ones go on the top of the "critical" list for immediate deployment and which "critical" patches can afford to wait a while, due to monetary, manpower and time constraints?
Buy the President
Parts of Asia aren't exactly known for following licensing agreements.
Could one of the reasons they didn't do the upgrades is the fear that the Service Pack would detect a pirated version?
Which would you be more afraid of MS shutting you down, or a possible security problem? One company wouldn't think anything of it. Get a whole bunch of these "Not Me's" companies and then you've got a big problem.
From the sounds of it, the Slammer / Sapphire Worm was a combination of flukes that caused it to grow as fast as it did, 2 orders of magnitude faster than Code Red. Very interesting reading... http://www.cs.berkeley.edu/~nweaver/sapphire/
You're dead wrong. Bush won the election fair and square.
LOL. Wow, that's pretty funny. Actually, my friend, it's you who is dead wrong. Bush did not win the election fair and square. Bush purchased the election. And when that almost failed to get him elected, he had his daddy give the Supreme Court a call and made them stop the recount that would've proved Al Gore the winner. Make no mistake. Gore won the popular vote, and if it weren't for a bad case of corruption in Florida, thanks to GW's brother Jeb, he would've won the electoral vote too.
... you did not become a doctor, a pilot, or a civil engineer.
Software companies (and programmers) want to provide software as a realiable tool without the responsibility that comes with assuming so.
IANAL but write like a drunk one.
How many times do you need to hear that later patches reopened the vulnerability and that MS patching system is too onerous on System Administrators (their work is not to keep track of the bizarre patterns of MS patch releases).
IANAL but write like a drunk one.
... later patches reopened the vulnerability.
And it has been documented widely enough the nightmare that it can become to install some MS patches (hint, SAs have work to do besides pacthing buugy products).
IANAL but write like a drunk one.
Why does hardware have to be super-hardened for military use, and, then, they go and install Windows?!?
Maybe because the market is not swallowing the MS marketing pitch anymore and it's one of the last ways to force a purchase.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Because Chairman Bill is a controlling shareholder
I have seen the Register article before but had trouble believing it. It's such a blatant conflict of interest. Do lives not matter anymore? Does Bill Gates not know where to draw the line in his conquest?
Healthcare article at Kuro5hin
I'll grant some credit for this, but not a lot. It was improper of me to leave out the Hispanic would-be voters, and for that I apologize. I can't independantly verify whether Choicepoint has received money or not, but I believe it is likely they will get more business for the stated research. However these objections leave aside a major issue--the 2000 U.S. Presidential election left out more voters than there was difference in votes between the two leading candidates. Is anyone working on reinstating the voting rights of the people who were disenfranchised? Democrats and Republicans both have the media's attention right now. They could draw national attention to this, but are they working on fixing this? I'd hate for registered legal voters to be kept out of the polls.
This objection perpetuates a myth in reporting that isn't often discussed--the idea that you can "just report the facts". Since I made it easy for you to read the sources I referred to, I am obviously encouraging you to do so. I am not at all discouraging you from determining your own take on the matter. Finally, perhaps you don't know this, but Slashdot makes it easy for anonymous posts to be overlooked. Your input is likely to be read more if you post under an account name. Thanks for your input, but your tone is uncalled for.
Digital Citizen
The "irony" was that the one that Gore won was based on the criteria that the Bush campaign was pushing at the time.
It's all completely and utterly irrelevant.
The margin of victory was too far inside the margin of error. Why would Gore winning by 12 votes be more credible than Bush winning by 100? (If anything a smaller margin for a Gore victory would be even less credible as you're even deeper into the statistical noise zone.)
Florida was merely the final result of an election where frankly neither candidate did much to enthuse the populace.
Final note: we wouldn't have even had to have worried about Florida if Gore could have even carried his home state. (Personally I found the fact that more people in CT voted for Lieberman than for Gore/Lieberman to be very illustrative of the Gore campaign.)
--- I wish I could hear the soundtrack to my life. That way I'd know when to duck.