Slashdot Mirror
Microsoft Sued for Defective Software
Door-opening Fascist writes "eWeek is reporting that a South Korean citizen action group, People's Solidarity for Participatory Democracy, is suing Microsoft for putting the SQL Slammer vulnerability into Windows. They are doing so on behalf of the South Korean people and businesses affected by SQL Slammer."
Gates: Ballmer, loyal comrade, I've an assignment for you.
Ballmer: Yes, master?
Gates: Say, how much would it cost to purchase the country of South Korea?
Do you like German cars?
First, this is not good if he wins, because someone could sue a GPL author for the same kind of deal.
Second, it seems that it would be like suing Stephen King for causing nightmares.
If tits were wings it'd be flying around.
Conspiracy theories inside, who actually intends to put a vulnerability into a product? Perhaps this should be "not fixing the vulnerability" or potentially even "ignoring the problem". I don't think any of Microsoft's programmers intentionally insert bugs into their shipping products... although... nah, it couldn't be.
I hope the Judge kicks these people through the goalposts of life.
Ow wait, South-Korea.. Those are the good guys, right? Dagnammit!
SCO employee? Check out the bounty
Shut up and patch your systems like the rest of the planet.
Software isn't a physical thing so it's impossible to make it bug-free.
You knew about this vulnerability for months, there was a patch for it, and you did nothing about it."
Pick a defense, any defense...
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
As much as I hate Microsoft, this is total BS. If this becomes precedent, how the hell can anyone write an opensource app? Software is a clear case of when "buyer beware" is neccesary. Get software from the people you've grown to trust for not releasing bug-ridden shit. I really don't see how it could work any other way.
"Question with boldness even the existence of a god." - Thomas Jefferson
Although the zealots will be amused by this story, this could set a dangerous precedent for other similar vulnerabilities (especially unintentional ones). What happens, for example, when some group of people (in this case, a country) decides to sue the openSSL group for a flaw in their encryption that allowed credit card numbers to be stolen?
I'm glad to see that someone is trying to hold MS liable for their mistakes, but this is the wrong way to go about it.
If you can't beat them, arrange to have them beaten. -George Carlin
Clearly they haven't read their software agreements. It specifically states that MS is not responsible for damage caused as a result of their products. A better chance to procecute MS would have been during the Code Red incident. One might have argued that not being proactive enough about patching consitituted "negligence" on their part. I guess it can't hurt to try!
Fellow Americans, this blow by Korea against the great American bastion of Microsoft is just the latest act in a string of transgressions by this rogue state. Te must remember that they are part of the axis of evil. As all of you undoubtedly know from watching the news, we believe they already have several nuclear weapons, and they are currently working on developing more.
Many American lives have been killed by the Koreans, and if we don't stop Korea now with diplomacy or force if need be, there will certainly be more bloodshed in the near future.
They are a rogue state, and while it may be true that when people may think of Korea, they think great Starcraft/Warcraft players, cell phones, and cheap cars, we must remember that they are a dicatatorship lead by a megalomaniac leader, Kim Jong Il, who wants to see the downfall of the West.
We must view Korea as the threat and enemy to global peace and the American way like they are.
Thank you and God bless America.
George W. Bush
President, United States of America
fuck them!
Wow. Your logic is flawless.
In other news MS is worth more than Ty(15982) ...
I somehow doubt that Microsoft intentionally put this hole into SQL server, so that should probably steer clear of anything malicious. Negligence, perhaps, but this would open a whole can of worms (at least, if it were to show up in the US courts. Although now that this is happening in SK, I'm sure it'll make its way to our shores soon enough.)
I feel sorry for the companys who were sent to their knees over this vulnerability, but if there was a patch out months and months beforehand that could've avoided all this, the end-user needs to share some of the blame for this... There's not much more Microsoft could have done for it, if they'd forced the installation of the patch they'd have been even higher on the privacy zealots' shitlists than they already are.
I do seem to recall in the back of my mind that there was some nasty side-effect of the patch though, although it escapes me at the moment...
They actually bought Windows in the first place!!
Let it be noted that Microsoft already had SQL SP3 out which fixed the problem before it ever occurred. PSPD should try using a vulnerability that could actually hold water in court like Code Red or it's dirivative, or any other Word ActiveX open-execution macro vulernability.
You buy the software, you choose to use it, YOU DEAL WITH THE CONSEQUENCES.
True, Slammer was bad, but it's not like MS intentionally added it, and they DID agree to a EULA when they installed it. Of course software companies should be responsible, but it's not like MS isn't trying (though they're not doing a terribly good job.) Idiotic lawsuits like this set a bad precedent.
using namespace slashdot;
troll::post();
They're suing MS, because their (South Korea's) tech people suck? Correct me if I'm wrong but I'm pretty sure that MS had a patch out for the slammer months before the outbreak... it's their own fault if they can't keep their servers updated.
Username taken, please choose another one.
If they expect governments to enforce the overzealous EULAs, and to insinuate the product has real monetary value and it should be criminal to misuse it, then they should be liable for its actions. The door swings both ways. To use the ridiculous but relevant car analogy, check out Ford/Firestone with the tire recall, they hat to eat a big huge monetary crap-sandwich to make up for that. They also have to provide parts for cars for 5 years after they sell them, by law, and they must also be subject to anti-lemon and consumer protection law.
While I don't foresee Microsoft getting chastised, lambasted and castigated as it should be here in the US where being a rich company has many, many benefits, I do see an opportunity for Microsoft to have to be held accountable for its actions in the EU and Asia. Also in Asian countries the logic is: If you expect me not to pirate this, it better do something good.
I hope this teaches Microsoft that the venue by which they made the 40 billion they have sitting in the bank is us, the victims of pre-installs on new PCs (I believe 80% of the MSFT revenue is from pre-install), we should get a piece of that if we are wronged by the software.
There is a huge disparity between what is claimed on the glossy box and what is delivered in reality, and the consumer needs to be protected from fraud and fiscal liability due to product failure.
It applies to every other business. Software should be the same.
Also, EULAs claim the license isn't transferable and resalable, I content that this means it then has no value. No one can tell you you can't sell your used car.
Legalize the constitution. Think for yourself question authority.
If this goes through, it could set a precedent of liability for software bugs... that's bad, of course.
Here's an interesting thought: maybe closed source software could be hit harder by this because keeping the source closed could be considered hiding the vulnerability? IANAL, of course.
Another thing - aren't there liability issues for engineers in other fields as well - like holding a bridge engineer accountable if the whole thing falls down? Of course, a software bug isn't quite that serious, but still...
Google: AARD:
A Serious Message and the Code That Produced It.
Microsoft included a bug in the Win 3.1 Beta that caused Dr. DOS users to crash.
Unsurprisingly the makers of Dr. DOS lost their jobs, like many other victims of malicious code.
Hard sell for the exploit that caused slammer. Maybe other exploits/bugs.
.DLL. Even though no one ever used the .DLLs in question ( I think it was .hda, .hdq files ) they could have been. You could argue that someone could have written a program that used to long a URL and crashed IIS. The slammer was using a port in a way it was never intended to be used.
SQL has a pretty good record for security. The exploit had also been patched before the worm.
The exploit was not put in on "purpose". I guess it could have been, but that is a pretty hard to believe.
The virus spread fast, but only because there is not a million SQL servers out there exposed. So it spread across the web fast, big deal.
Furthermore good administration ( especially for a db server), ie. a good firewall could have blocked it. There is the desktop engine that could have been hit, but most apps that use it are still in the server category.
The exploit itself is not a defect. Sure it could be used by an attacker, but in itself it didn't make the software defective. This could spawn a big argument. Is an exploit that would never actually impede a program unless someone uses it really a bug?
Code red was a buffer overrun in an ISAPI
I agree that companies should be held accountable, but intent and the way a company handles the defect also.
MS essentially called a recall by issueing the patch. It said, send in the part and we'll fix it, but in a more modern approach. How can you sue a company that found the exploit and offered a free fix?
Anyway there is a very important point about *incidents* like this : they get people's attention about the completly crazy EULAs that some SW companies (namely Micosoft) and content providers (RIAA/Hollywood mob) are currently imposing to they 're costumers ...
imposing a bit of regulation about the limits of what could be put in a EULA is IMHO a very good think ...
if the ppl who launched this lawsuit make the
Cheers from Portugal
Obviously they haven't read Microsofts EULA for SQL Server 2000 which simply states:
Owned.
Except MS has the same wording in their license.
Michael Loves Me!
(I am not a Korean laywer)
Does anybody know if the click-through license is worth a rat's ass in Korea? Does Korean law give the plantifs an edge that they wouldn't have in the US? Any Korean laywers out there?
Right... South Korea's currently at 56% pirated.
Following Microsoft's audit of South Korea, North Korea has agreed to dismantle its nuclear program, fearing repercussions.
For wrecking Blizzard's Diablo servers.
or "or fitness for a particular use" is a concept in most legal systems and is what would determine this case. In the U.S., even if the license says "this may not work, tough.", the consumer still has a right expect it to work for the advertised purpose.
So you could recover damages from a car that explodes when you try to start it, since that's not what a "car" is supposed to do. But you can't recover damages froma car that explodes when you hit a tree, since that is outside the expected use of a car.
I'd say there's no case here since SQL did what it was supposed to do, it just had a flaw. Since the flaw was not covered by any warranty, tough luck.
-Ryan C.
-Ryan C.
This is funny, considering the crushing amount of spam that comes from misconfigured boxen in the .sk address space. As has been pointed out, the patch was available well before slammer hit. That they didn't apply it points more to poor administration than anything else.
The truth about Scientology, Xenu, and you: Operation Clambake
Does anyone think I can win ... ... I'm planning on sueing ...
My windows PC keeps crashing
With as rampant as piracy is in Asia, M$ can probably knock the case down to a single count since the only person that has a license over there is Bill Gate's sponsored Sally Struther's hungry child.
To Alcohol! The cause of, and solution to, all of life's problems.
SQL has a pretty good record for security.
I have noticed a trend recently that people are more and more often referring to SQL Server as SQL. This is wrong! SQL is an ISO standard, and this habit, which I have noticed especially among Microsoft staff, of trying to conflate the standard with the Microsoft product is just another example of the company trying to create a meme that is misleading.
Call me old fashioned, but I like a dump to be as memorable as it is devastating - Bender
Has anyone actually tried to interpret the SQL Server license agreement?
... accesses or otherwise utilizes the services of the Server Software (which techically includes every worm infected machine) and seeing as the server was behind a website, that would come under Hardware or software that reduces the number of Devices directly accessing or using the Server Software does not reduce the number of required CALs. The number you need is based on the number of distinct inputs to the hardware or software "front end." ...so therefore you would theoretically need a license for anyone who could access your site, which right now is a total of around 619 Million people if it is connected to the Internet.
In court:
Judge: "So can the court see the software license for this software?"
(shuffling of paper)
"Ah we see from this that you have 10 user licenses for your SQL server."
"Yes your honour"
"...yet your server was connected to the Internet - correct?"
"Correct your honour"
"But according to this license agreement, you must acquire a separate CAL for each Device that
*thud*
Judge:"...and then we have the Windows 2000 server CAL's..."
I'm just wondering where did all these click-thru EULA supporters suddenly come from? Any previous postings about licences went something like 'the EULA is not legal','I agreed to it but I did not understand it so it is not binding', and 'click thru licencing has not been proven in court'
EULA's have been one of the biggest things for slashdotters to complain about, now it seems everyone is supporting them and saying that ' the EULA states MS cannot be held libel and since the EULA is law and legal and binding they are SOL and can't sue'
WTF is going on? Bring back the normal EULA-hating world I used to love.
why boxes at Microsoft were not patched against SQL Slammer. Do they sue themselves, fire the admin or simply replace the servers with free software?
Friends don't help friends install M$ junk.
I'll get modded down as redundant, but it needs to be said as many times as possible (and I don't see much of it in this thread [reading @ +1]):
A legal remedy here would set a really bad precedent - as a software developer who is not unrealistic about my skill level, I am terrified of software liability becoming either law or accepted assumption.
If MS loses this, I see absolutely no way I could defend myself if, god forbid, a program I wrote or even maintained caused catastrophic dataloss, or in worse cases, physical injury.
Note: Ironically, just *yesterday* I was bitch-slapped, albeit in an odd way, by Slammer: in certain situations, applying one of the hotfixes to SQL server that closes the Slammer vuln. without having SQL Server SP2 installed *completely* horks up SQL Server. The ISP (Rackspace) of a dedicated rack unit I "manage" on contract (client has almost no $$$) installed said hotfix in the process of physical maintenance, so I got a panicked call from my client in NYC that the "server is down". A couple of hours worth of research later, I was fine, but it sucked my afternoon away.
I hate the stacks of dependant/conflicting patches and service packs, not to mention the damn bugs, but I'd prefer to take the risks on this end than be open to litigation of software I write contains bugs.
--astro
I'm also wondering if/how many of the copies of Windows that precipitated in Slammer were legal. Asia is notorious for its pirated software problems. Not that I'm insinuating anything but Microsoft might be able to say "Well a lot of the machines were illegal anyway therefore in breach of our support. I'm sorry but we can't be held accountable for criminal use blah blah blah-"
Possible?
What is music when you despise all sound?
Gates: Hey lapdog...get over here!
Ballmer: Sir, I don't like it when you call me...
Gates: Shut up lapdog.
Ballmer: Yes, sir.
Gates: Buy Korea.
Ballmer: What's by Korea?
Gates: No, purchase it.
Ballmer: Which one?
Gates: There's more than one?
Ballmer: North and South.
Gates: Oh...does it matter? No. Buy both.
Ballmer: I don't have that kind of money sir.
Gates: Charge it to the company.
Ballmer: Yes sir.
I got nothin'.
Microsoft's dislcaimer of warranty is ineffective on several levels. First, under the UCC, a purchaser has a right to a "perfect tender" - that is that the purchase perfectly conforms to what whatever was purchased purports to be. For example - you could not sell a vcr that only worked 50% of the time when it felt like it, or only on a wednesday, (unless you disclosed that up front) and the purchaser agreed in a definite and seasonable expression of assent. Some legislation has proposed so scale this back in the terms of software (UCITA).
Second, products come with an implied warranty of merchantability and fitness for purpose. It essentially means that they are manufactured correctly and that they will be able to do what it is claimed they do.
Bottom line is that anyone can claim that there is no warranty that goes along with their product, but some warranties the court will imply and refuse to not enforce, or will enforece other law tantamount to a warranty. The implied warranties above are examples of those that rise above that of contract, that they can be enforced regardless of what is put in the agreement. The agreement may create a presumption that you have waived these rights, but the court could also find that agreement void as unconscionable.
They should at least have a warning during installation of the software for those who aren't aware. Sort of like the "unplug your computer before installing" warnings that come with hardware. Something like:
WARNING: Unplug your computer before installing this software. And under no circumstances should you connect it to a network until all the patches have finished downloading and installing.
--didn't think of that one. If software isn't a product, then what is it?
I am not sure on the entire liability issue right this second, but comes a time that any "industry" needs to come to grips with reality, and I think that time will be soon probably. Computers and the software to run them have had decades now to get established and to come out of thier "honeymoon" stage, with the EULA "get out of jail free" cards. the hardware is warrantied. The software sure needs something.
There needs to be some sort of consumer protection and warranty. Eventually there will have to be, it's about inevitable. Everything else man made has one. If that means much less "new" is released and a lot more "improved", I'm all for it. If it means less variety but better quality, I am all for it. If it means that "paid for-sale" software with a warranty gets so expensive that "free" dominates with a shareware and volunteer concept, I'm all for it. and I see that as an EXACT dividing line, it's for sale, it needs a warranty, if it's a "freebie, here try this, see if you like it" type deal, it doesn't need a warranty. I think that is fair and rational.
OR, wait until a few more worms or whatever hit all one day, the mother of all net shutdowns, and have the government force something down your throat that is beyond a warranty into planned, controlled, licensed.
As an aside, can you imagine the first major software vendor TO offer a warranty? How much of a marketing edge would that be, given they had really done their auditing and were actually confident their offering was decent enough to offer the warranty? I think they would get uberrich, well deserved cash for superior outstanding coding efforts. I know some custom stuff does, but anything major mass market? Does it even exist yet? I honestly don't know, but myself as joe consumer, I might just be tempted to purchase an OS offering like that, and pay much serious cash for it.
When will people realise that buying software from a large company such as i.e. Microsoft isn't going to get them more "rights" then using free software is going to get them. Both camps have a none liability clause, which means, you can't sue either of them for damages! But at least one camp (which shall remain nameless) has the option of sending them a check and make the software you use more usable/bugfree for them. Also, you have the choice of hiring a third party code-reviewer /directly/ , who /can/ be sued directly if he fsck's up reviewing the code. This model, called free, or OS by others, is based on the knowledge, or merit of this particalular individual. So, why take the risk of challenging a EULA to which you've already agread, when you can sue a freelancer who doesn't come around with what he/she promissed, namely a secure system.
Free/OSS software is a risky bussiness, that's why only the best of the best apply. Think about that before your next "convenient" purchase!
First, if Microsoft's EULA already prevents them from being sued, software is as-is, why do they release patches in the first place?
This isn't a question about whether or not a user can sue, but a more basic matter of accountability and responsibility. These are the most fundamental issues in selling anything to the public.
Microsoft is responsible for this snafu, but they have never been held accountable. Their bugs, their glitches, their crashes. Its become a running joke with techies. It shouldn't.
When Slammer first hit, people said installing the patches required taking down the servers, running several patches, and praying it still worked. No garunatees about anything. What's the justification? Time wasn't available. Who could afford to do this? How high was it on MS list of things that had to be done?
But no one is mentioning those same arguments now. Its South Korea's fault for not doing the updates.
As I recall weren't the patches buggy enough to cause another major security hole?
We know Microsoft is responsible. We know who should be held accountable. But MS throws in a disclaimer and all is good. The disclaimer is not a silver bullet. There must be accountability for faulty software, no matter who wrote it.
Will it stifle open source development? Probably scare off crap coders is what it will do. If everyone working together reviews, checks, and verifies, they are going to catch most of the bugs before it goes out the door. The remaining bugs are fixed with patches.
I honestly don't see anything wrong with suing them. The EULA is not a catch all. The EULA should be thrown out, and rewritten. Users have the right to hold developers accountable.
Its about time someone figure out how.
Strangely, none of the posts so far have mentioned the author(s) of Slammer as being one of those responsible for this mess. They're certainly harder to find (ok, they'll probably never be found), but shouldn't the culpability be shared with those who exploited the problem? It's not as though the server didn't perform its primary function correctly (storage and retrieval of database records), it's that it had a security vulnerability.
To borrow the Ford Pinto analogy from previous posts, it seems somewhat like somebody cutting your brake lines and then you suing Ford for making the lines so easily accessible. I think the person who cut the lines is truely responsible.
Actually, a better analogy would be if you did lock your door - but a vulnerability was discovered in the lock that made it (say) openable by jiggling the handle. Yes, you should get a new lock - but at your own cost, when it was poor lock design to begin with?
An unlocked door would be like leaving the root (or administrator) password blank, and the account enabled.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Ok, fine, that's not what I'm worried about. I'm worried about how this will affect the closed source that I develop. You know, the kind that I get paid to write? You mean a customer can now sue me or the company I work for, even though they insisted on having the software completed in an unreasonable amount of time without testing, and put it into production well before it was ready for that? Wonderful.
--Drunk as in Beer
The news here is not so much that MS might be held accountable for their product, they won't be, and for about a gazillion reasons.
The news is that someone actually decided there was some benefit in even bringing up such a hopeless suit. Maybe they are trying to shake down MS ? Dunno. But the news for me is that someone would even bother to bring this suit on in the first place, considering the defendant in it.
If there is any legal eagles in the audience, what is the precedent involving a seriously defective car that causes injury/death/damage? This defect would have a notice sent out somewhere/somehow offering the capacity to take the car back to the shop and replace the defective part, but the user either didn't know or didn't follow through with the effort involved.
This seems to be what this software has done: there was a defect and a capacity for a customer to do work to fix it, they didn't do it, and damage resulted.
Any cases like this with products in the automotive area, and did they favour the defendant or the plantiff?
Best wishes,
Robert
-----
Cast a Cold Eye
On Life, on Death
Horseman, pass by
--W.B. Yeats' gravestone
I don't see this as a valid lawsuit. Microsoft had relesaed a patch for the vulnerability that slammer uses months before the worm showed up.
Truely, if any one (or any company) deserved to be sued for putting out shitty software, its Micro$oft. ...But, I think that this is a really bad idea and sets a very bad precedent that could ruin the software industry as we know it (and I'm including Open Source here - especially open source).
...Not that OSS would die altogether, but we would have to start releasing code anonymously.
If people start flinging lawsuits at software producers then it'll kill open source pretty quick (OK, maybe kill is too strong; how about 'chill' or 'drastically reduce').
Micro$oft at least has $40Billion in the bank to fight such suits, but your average open source programmer doesn't have enough cash to even hire a lawyer for a couple of hours. These sorts of lawsuits could quickly have a chilling effect on OSS creation.
the eWeek article is refering to this Chosun Ilbo article in a Korean daily newspaper. The lawsuit is part of the 3 way lawsuit against the South Korean Information Minister, ISPs, and the South Korean division of Microsoft. Again this is the SOUTH KOREAN division of Microsoft for failing to inform Korean ISPs of the patch and its signifigance. These are people and businesses who were knocked off the grid for days and had nothign to do with microsoft's licensing. Thus a class action lawsuit. The idiot poster makes it sound completelly different.
They can't sue m$ for this.
1) A patch exists.
2) Software has bugs. It's a fact of life. If you dont' like bugs, don't use software. (Or hardware for that matter).
3) M$ never claimed their products are perfectly secure. "Secure" is relative. M$ platforms are secure to an extent. Weather that's goo enough is up to the individual.
Once again another case of M$ being in the right. I hate these, but it's stupid to say they're bad JUST because they're M$. They do enough bad stuff to satisfy anyone's faming needs. I'm glad that a fair number of perople do oppose this, though.
Yes there was a patch out BUT it couldn't be installed on a great deal of systems without some serious hacking, something which Microsoft ADMITTED TO. It actually broke some installations. Not the kind of thing you want to be responsible for as a BOFH on a SQL Server serving 10,000's of users.
Conor "You're not married,you haven't got a girlfriend and you've never seen Star Trek? Good Lord!" - Patrick Stewart
yet if your car was to suddenly veer off the road from a known defect you'd expect the auto company to deal with it! Driving the car down the road doesn't generally cause the wheels to just 'fall-off'! That is the issue with MS.
Maytag repair guys are what 100,000-to-1 with their insalled base? even doctors are about 100-200-to-1. yet PCs are supposed to be 10 or 20-to-1 for admins. It's a crock! If any other business system was this terrible, it would be bankrupt in a year! And MS only answer is that the admin should run around and babysit the system? They offer automated updates, then again blame the admin for not "testing". You all check the gas quality going in your car before you fill up right. Or, you consult medical texts after going to the doctor just to be sure he called your illness right.
I'm sorry, this stuff should just work. Compaies have invested 10 years and billions of dollars into windows and it still doesn't just work! Billy designed the system so that MS had 'plausable deniability' After all, they don't make hardware [not their fault], or drivers [not their fault], or systems [oems didn't test, not our fault], or software [sure we have Secret APIs but not their fault], they pretend to train admins [but not their fault if admin shamans don't dance right], and of course users because they make the computer do "stuff" MS might not have planned! [if MS did plan it, they'd charge more!] They have no techincal support without outrageous fees [Linux cost is mostly support--and you can afford to use it!] Well, it's basicly like OSS only costs more. They offer the same package of benifits!
That said, I don't think a lawsuit is the way to go either. We're trying to get rid of stupid IP laws, not tie ourselves to them more! If the liability cost of software goes up, then free software will die a horrible death. We're not sophisticated enough to have software "building codes" yet and license "Software Accountants" to set them up. Even then without 100% control of a system, you just can't have that kind of liability...Then again, maybe that's what MS wants [OK we know they want it] total control of the systems and your wallets!
Sidebar from an article on Slammer in the Feb.3, 2003 issue, page 12:
... it's only with Service Pack 3 that it became easy to install".
"...many IT departments did not install the initial patch because installation could not be scripted. Instead, DBAs were required to manually stop each instance of the software running in their organizations, rename or remove some files, and paste the patch files into each instance
~REZ~ #43301. Who'd fake being me anyway?
I buy a car. It has defective seatbelts. Ford recalls the car, but I don't take mine in to get it fixed.
6 months later, can I sue them if the seatbelt fails?
Interesting how the lawyers will field this one. It will probably come down to how accessable Microsoft makes it's patches.
Certainly until this comes to court (wherever), it will be pretty hard to tell what this really is about. However, in looking at the PSPD web page about this lawsuit, it appears to me as if it is claiming damage to all Korean Internet users caused by the MS bug (hard to dispute), and the crux of the question the court will have to decide is whether MS was negligent in allowing the bug to be released. The claim is that by negligently allowing the bug to escape Redmond in the first place, MS shares responosibility in the consequential damages that ensued.
All these comments about EULA, and whether a product was purchased, and you get what you pay for, and Open Software has no warranty, etc. are not relevant.
If MS released software into the wild which caused widespread actual loss to Internet-connected systems and their owners, whether or not those owners were MS customers, then is MS liable for those damages?
Starts to sound like going after the author of a virus/worm. The boundary between the actual virus/worm which exploits a security flaw and the ubiquitous system which contains the flaw gets very fuzzy in the eyes of a lawyer who might be able to prove negligence.
Of course, IANAL (sounds pr0n-like, doesn't it?), but I wonder about ambulance-chasing or its equivalent, and definitely view it with mixed emotions. No matter how much I might side with the plaintiffs in this case.
In theory, practice and theory are the same. In practice, they rarely are.
that's not entirely true. at least not in terms of popular vote.
"Not entirely true"? You're dead wrong. Bush won the election fair and square. According to the constitution, he won. End of story. There is no special rules for winning the popular vote. There's no half-winning or half-losing. He won. Complaining otherwise just demonstrates a non-understanding of the US Constitution. Get over it.
And no, I didn't vote for Bush. I voted for Gore. And who do I blame for his loss? Gore himself, for running an awful, pandering, uninspired campaign. I also blame the Nader-ites, who, in their quest to make a political statement, managed to cut off their noses to spite their face.