Slashdot Mirror
BBC Commentator Goes After Software Licensing
An anonymous reader writes "Bill Thompson, a regular commentator on the BBC World Service programme Go Digital, criticizes current software licenses (including the GPL) for giving developers 'freedom from responsibility which would be considered wholly unacceptable in almost any other sphere of activity, public or private'." From the article: "A friend of mine is a children's writer. When she writes a non-fiction book she is typically asked to sign a contract that indemnifies the publisher against legal costs resulting from errors of fact in the book. If she was to suggest a school experiment that involved drinking sulphuric acid, because she'd confused it with acetic, then she'd be in big trouble. Yet I can't do anything when a company produces software that exposes my online banking details to any script kiddie with time to spare, because I've agreed a license that removes such liability. "
I agree. I should be able to sue CmdrTaco for getting me fired.
Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
Publisher is to Author as
...BZZZZZT!
Software User is to Developer
I read
It's about time that someone got up and did something about this. It's time we realized the customer comes FIRST and our comfort and legal safety POST.
Trying to become famous by taking photos. Visit my homepage please.
I bet his wife gives away her books for free, too. On a more serious note, this is more expansion of the culture of victimization and the lack of responsibility that is taking over the Western world. Nothing is ever our fault, we muyst always find someone else to hold responsible for problems that we should be tough enough and capable enough to not get into or to solve ourselves.
The keyword is that people agree to these license. If you don't agree, don't use the software. Or, you could buy more expensive software that comes such a guarantee. I can't think of any specific examples, but I'm sure the software that runs pacemakers has some sort of guarantee. However, it's very expensive.
Bradley Holt
Little Johnny was a boy. He isn't anymore. For what he thought was H20 Was H2S04
If religous zealots don't believe in Evolution, then why are they so worried about bird flu?
Sadly, legislation is probably the only way to make software developers--or rather, their companies--more liable. What, you expect the free market to take this one on? Who here honestly expects a company to decide it's competitive to be more liable?
No I'm not trolling.
The license is an agreement. If you don't like the terms, don't accept the license, and don't use the software.
There is a lot of crap out there about companies liking proprietary software because it gives them someone to sue when the software breaks catastrophically. That Microsoft has about a $40 billion dollar war chest, earned almost entirely through the sale of very broken software, pokes some big holes in that theory.
You're getting software for free. Don't bitch about indemnity in the license.
The solution, I think, is that the realms of coding and of liability need to be separated. Let the coders code and let service companies such as IBM work together with them to provide support and, if needed, liability for customers that need it. This is exactly what happens when IBM "sells" Linux to Wallstreet, for example. They sell the kind of responsibility for the software that individual developers could by no means provide.
I would hope that Mr. Thompson considered the alternative that people often hold others accountable for their own ignorant actions. Yes, a publisher is often held accountable for the stupid actions of a reader (who would be stupid enough to drink sulphuric acid?). But is that situation an indictment of the author, or the court system that allowed an ignorant person to use the courts to make whole an action that the claimant should be responsible for?
No, I do not believe that everyone should be left to fend for themselves without ANY regulation. If someone produces a medication and makes a claim that a patient considered reasonable, and they get more ill or die as a result, then the company should be held accountable. But to make every fucking business activity subject to error and omission insurance will wreak holy hell on our economy. E&O insurace requirements will guarantee that
1) software development will slow,
2) software for process control will halt due to liability questions,
3) make lawyers and insurance companies rich,
all without one single shred of evidence that any of these effects actually made software development any *better*.
When I install software, especially for the first time, I do NOT have it on my production machine. Why do people like Thompson like doing things like this? Why should a software publisher spend heavily to debug (and still not get EVERYTHING) in a manner that *assures* the E&O insurer that it will not delete Mr. Thompson's latest mp3?
"Rocky Rococo, at your cervix!"
And shouldn't the companies that implement the code be responsible for the insecurities, instead of passing the buck onto the developer? If a company incorporates a piece of software, and does nothing to lock down the program, doesn't change passwords, doesn't configure it properly, shouldn't the company be responsible? A developer is responsible to a degree, but so is the user. It takes two to tango, and going back to the quote, if a kid drinks sulphuric acid, how did he get it? The parents are responsible for the kid... Just like the system is the responsibility of the owner/operator...
Don't get me wrong...bugs suck, but suing someone over it is as equally bad as releasing buggy software.
"But see, if we had to ensure that everything worked all the time, it would take too long and nothing would happen. There would be no software."
"Oh, I hadn't thought of that," says the commentator whose argument proceeds to disappear in a puff of reality.
Meanwhile, Industry, rather content with itself, goes on to prove that black is white and white is black and is sued into oblivion by the DMCA.
If brevity is the soul of wit, then how does one explain Twitter?
In many cases, there is no option for a more expensive software that comes with a guarantee. Yes, some software like hospital life support and air traffic control come with a guarantee, but that is why you will see many 'normal' sw mfgs license mention these applications by name and say that you should not use their product in these environments.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
You can always sue a service provider (bank, etc.) for such things as making your personal information public. They in turn however, cannot sue the software company (necessarily) because they (the bank) had an opt in. You can sue bacause you had no say in what systems the banks use, so you cannot be held accountable. You didn't agree to waive your rights and to accept liability.
Put yourself in the bank's shoe however. When you install an OS or any application that comes with a EULA, you have the choice to not use it if you don't agree. It's not ideal, and it puts you at risk, but you have a choice. That will always be the deffence of the software companies.
The argument can be made however that you actually DON'T have a choice, only the illusion of one. If you need to provide a service (or rather, have a service provided to you) and every product out there has a self indemnifying EULA then what option does a user have?
- I didn't spel chek
http://www.watacrackaz.com
From the Windows XP Home EULA, with caps removed to get past lameness filter: and so on and so on.
With this amount of legal protection, I feel completely safe using Microsoft products!
Let's make all software developers totally legally responsible for their programs. That way, the only people who can afford to write software are huge companies, and even computer progamming for hobbyists ceases to exist because of the liability issues surrounding the creation of code. It'll be sort of like the doctors who have to buy really expensive malpractice insurance as protection against frivolous lawsuits, only the people who have to pay in this case won't be pulling down doctors' salaries.
Medial equipment, avionics, there's plenty of stuff that is specifically made for situations where failure is not an option. Consumer software is not such a thing.
Free Mac Mini Yeah, it's
Can you imagine what the lawsuit would be like when some user says "Software X deleted some file" and the software company says "No, it didn't." How would you go about proving this either way? Or in the case where perhaps a virus or something performs an attack on your software like perhaps a buffer overrun attack and causes the file to be deleted? OMG this would be messy for both sides. I can't imagine trying to make a jury understand the issues involved! I think they would end up picking a winner rather arbitrarily based on the personality of the lawyers and witnesses.
Avoid Missing Ball for High Score
Just so you know, malpractice premiums do not decrease for doctors in states where malpractice awards are capped to $250,000. Most lawsuits are launched when doctors maim or kill patients due to negligence, not because of highly publicized frivolous reasons. Your analogy is flawed, to say the least.
Now let's get back on topic. It's wrong for people to make excuses for bugs in code which expose my personal information to hackers, stalkers and marketers. I'd just as soon see the industry grind to a halt until they find a way to nip these miscreants in the bud. And no, I can't opt out of this dangerous system unless I stop driving (so much for being able to get food), close my bank account (yeah, hide my money under my bed so a thief has a reason to physically rob me and then kill my whole family to get rid of witnesses), declare myself dead (to retire my SSN - whoops, that's illegal, welcome to Club Fed! - or at least, welcome to joblessness) and practically move out of the country (well, actually that's a good idea if Canada is my destination).
Thanks to stupid programmers there's absolutely no way anyone can protect themselves from identity thieves. The only reason why someone hasn't hijacked you is that they don't care to.
Now please, come back after you find yourself having to fight for years to fix your credit after a hacker stole your personal information off Lexis-Nexis and then tell me they shouldn't stop the digital train for some major overhauls. Until you're a victim of the gaping flaws in the digital fortress you really don't understand the sharpness of that sword of Damocles that is swinging back and forth over your head.
--- Grow a pair, liberals... stop letting the Republicans bully you!
FTA: "Programmers have built their business models on a freedom from responsibility which would be considered wholly unacceptable in almost any other sphere of activity, public or private. [1]
We all pay the cost in wasted time, lost files, hacked systems and reduced productivity [2]. Our children spend time in lessons waiting for interactive whiteboards to be repaired [3] while businesses around the world suffer from crashes and security breaches. [4] "
Hey, you know what, Bill? You don't like the fact that you accept the responsibility and risk when you use the software? Then don't use it.
I bank online, not because I need to, but because it is convenient. I accept that there is a slight risk involved. If I only banked brick-and-mortar, and my banking information was hacked, who is liable? The bank, because they CHOSE to use software that is insecure, KNOWING that it is potentially insecure, is who I hold liable.
I enjoy using the internet. Do I need to use it? No. But because I want to use it, I accept that there is risk, and do my best to protect myself.
[1] Not so. How many stunt shows always start with a disclaimer that no one should try the stunt at home? Fore-warned is fore-armed.
[2] We all also reap the rewards of the software. Do our kids ride bikes, Bill? When they fall and scrape their hands, do we send the medical bill to the bike distributor, manufacturer, or retailer? We accept a certain level of risk. If the bike design is faulty, that is a different issue -- but then again, we never signed a usage agreement that disclosed that there might be problems.
[3] Why doesn't that classroom have a dry-erase board or a chalkboard? Why is the teacher incapable of instruction without it?
[4] Businesses would suffer more if there were no innovation in software due to possible lawsuits. Businesses would be better off putting systems in place to prevent hackjobs, to make sensitive information secure even if their system is compromised, to prevent extreme loss of business due to system downtime.
I think it is ridiculous for every tomdickandharry to want someone else to be responsible for the risk that they voluntarily took on.
Software is not a necessity. It is a tool that we use to help us do things more efficiently. The tradeoff for that efficiency is risk.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
I have no problem with someone claiming "as-is" on software given away or sold for a small fee; it is completely unreasonable to expect someone who is not receiving any money or receiving very little money for a piece of software to be able to afford to offer warranty protection. However, I do have a bit of a problem with companies releasing buggy software at premimum rates, and then disclaiming any responsibility for their own misconduct or incompetence.
Hmm. I just thought of something. One way to solve the problem is require a company to include source code at no extra charge to their customers a software product which is sold if it is offered as is or if they fail to do so they cannot disclaim any warranty. If the customer who buys the product has the source they have (in theory) the capacity to fix the problem; if the customer is denied source then the manufacturer must wartant its performance. This would solve the problem rather nicely; companies like Microsoft could either give away the crown jewels and thus have to provide the means for anyone who bought the product to understand it, or they would have to provide technical support and warranty protection as part of the retail price of the product. Claims that they can't afford it are belied by the extreme price charged for new copies of the program or the excessively high charges for maintenance, often times for which they provide absolutely nothing. If software developers want to charge premium prices they should be providing at least minimum quality warranty protection or allow their customers to be able to fix problems that develop.
The lessons of history teach us - if they teach us anything - that nobody learns the lessons that history teaches us.
FOSS != non-commercial. I sure as hell hope an institution like a bank wouldn't use unsupported software be it open or proprietary. But the author apparently hasn't heard of such obscure companies as "Red Hat" and "Novell" and "IBM."
English is easier said than done.
If you as a company, invest tens of millions into a rollout of a new software product ( be it a new version of Windows, or a new Linux Kernel), without
Take windows for example. If you lose $500,000 in a day because some critical windows server crashed from a certain DDOS attack, should Microsoft be responsible? Or should you be responsible, because you should have known from years of examples that Windows is very vulnerabile to those kinds of attacks, and you should either have an external protection mechanism in place, or not use the software? I think the latter. Then again, I am not the person who thinks "sue" when I slip on icy stairs in the winter and break my neck either. I think "maybe I should have bought better gooddamned shoes for walking around in the winter". The other commentors are right, there is not enough responsibility in the world today. Grow a backbone and stop sueing everyone.
The cost of liability insurance can be prohibitively high or not available at all. I work for a company in the wireless space. We frequently see requests to indemnify against RF "frying your brain". Insurance companies (even the really big boys like Lloyds) won't touch it.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Pay more. Find a company willing to take a contract that includes gaurentees. However don't bitch when it's way more expensive and that it takes way longer. Don't expect something cheaply turned out on the latest hardware in a couple months. Expect that it's a verified system that takes years of testing, and is rigidly controlled.
There are companies that make solutions like this, IBM is one of them. You can get a mainframe setup to do database work that will never go down, ever. However it'll be expensive as hell, you will run the DB and ONLY the DB on it, it will be accessed only in rigidly controlled ways, etc.
You choose to accept the risk, in trade for the benefits. Designing a system with no bugs is expensive and time consuming. You have to test things extensively at every level. That also means testing all the possible interactions. Not only how the OS interacts with the hardware, but how it interacts with the software, and how it interacts with each other. So when you design a system like that, the hardware neede to be known, as does all the software. You can't have it run on random comoddity hardware using random software beacuse then unforseen problems can result.
So by choosing to run software cheaply and quickly developed in random environments, you choose to accept teh fact bugs may occur.
To me, demanding that commoddity software on commoddity hardware run without bugs is like demanding that an automobile on the public streets never get in to an accident, even one caused by driver error, unforsseen conditions, or other drivers. Can't happen. If you want gaurentteed operation, you need controlled conditions.
You're right in that no single vendor is responsible, but you're wrong in that it means that a company can't be liable.
Similar analogies can be made towards anything that is built. When Ford builds a car, they don't create every nut, bolt and beam in the car. They probably buy a lot of the parts from third-party manufacturers and assemble them together. This is true for many products out there.
An analogy closer to home, is the system my friend's company puts out. They treat cancer tumors using some custom hardware run with custom software. But this software runs on windows and some computer hardware they purchase. However, there is a standard configuration for windows and the hardware that's approved by some governing federal medical agency to prevent any foul ups.
Depending on the situation, the assembler is or isn't liable. In the case of my friend's company, they aren't liable since this computer setup has been approved by a large, governing, official body. What about the case where Ford Explorer's had tires from another manufacturer and those tires exploded? Is Ford liable or the tire manufacturers? This is what our court system is for.
"Injustice anywhere is a threat to justice everywhere." - Martin Luther King, Jr.
If you could buy a version of Windows without the disclaiming of all liability, but it cost $10K and was tied to a very specific set of hardware from ten years ago (forget about choosing an LCD monitor, or plugging in a USB card reader, gigahertz CPUs, playing games, etc), would you buy it? No, I don't think so. But that's basically the option you're looking at.
Anyone who wants to can develop software and market it without disclaiming liability. But they would be used as floor mops by companies that disclaim liability. The only places that write that kind of software are those that can afford to spend exorbitant amounts on mission-critical software development because the possibility of failure is even more exorbitantly expensive. Check out what it costs NASA to build software for their space shuttles, and the kind of hardware they run it on; I think it will be illuminating.
Government could write a law prohibiting liability disclaimers. This would kill most software for its jurisdiction. I'm sure the carmakers made the same argument, but here's the difference: software is cheap and easy to develop, virtually free to distribute, and exorbitantly expensive to prove fitness for a given purpose (especially given the possible variety of configurations typically expected of software). Perhaps most significantly, in most cases it's generally cheap to replace when it's proven unfit. In this environment, focusing on guaranteeing fitness brings very rapidly diminishing returns.
-- Moderation in all things, exceptions to all rules --
If you've ever read any commentary by Christopher Rice in his books, you'd see how much disdain he has for those "pass-the-buck-to-the-author" clauses. Not every writer agrees with that concept! It's a lazy concept, akin to publishing super-offensive ads in a magazine and claiming no responsibility for the ad. Let's face it, the publisher should be responsible for the content they distribute to a certain degree, like publishing errors causing serious misunderstandings.
I don't know about the rest of you, but if she tells me to drink poison in a book, I'm not going to do it.
I think the bad analogy in this article is between the products. In the case of a book, it is a complete product. When a book is released, it is unlikely to be used for other than the intended purposes, and when used with another product it is not expected to still stand on its own (you cant subst the 265th page for another authors page, and expect it to work, but that is expected of the dll's, windows 98 vs XP, etc.)
Most software is either released inside a complete product, and the product liabilty is left intact. Or it is software inteded to be used with other software, and with the original programmers usually not being the system integraters, going back to a single person to be responsible is no longer easy or practical.
No, the point of a journaled file system is to maintain the consistency of a file system even if the system shuts down unexpectedly. This is done by writing all the changes to be made to the filesystem into a journal first, ensuring that the journal has been written to the disk, marking the journal entry as complete and then writing the changes into the disk. If that write gets interrupted, the system will simply replay all the writes in the journal the next time it boots up, resulting in a clean file system.
The point here is that the journal is a temprary place to keep modified disk sectors in, not a long-term activity log. And even if it was, could the court really trust a log that came from the machine of one of the parties of the trial ?
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
I read the bbc news pages a lot. Every time I see that Bill was involved, I just skip over. He'll write anything... as long as it is absolute garbage.
Let's say you put your money in a bank. The bank, in turn, puts your money in a safe. It just so happens that the safe has a subtle flaw in the door hinge that makes it vulnerable to robbers; neither the safe manufacturer nor the bank knows about this vulnerability. So when the bank is robbed, who is to blame for the loss of your money? The bank? The robber? The safe manufacturer?
Your automatic blame of software vendors is analogous to always blaming the safe manufacturer. But the only contract you had was with the bank, who had the responsibility to protect your money. Their failure to do so breaches your contract. Consumers can really only directly blame the service provider who failed to protect them.
The bank, on the other hand, has two recourse options to consider: the robber and the safe manufacturer. While the robber had specific malicious intent (stealing money), the safe manufacturer operated in good faith and indeed their purpose in business is to attempt to protect against such crimes. The only way the safe manufacturer could be legally responsible for the robbery is if 1) they knew the safe was vulnerable and yet did nothing, or 2) the safe's design was so poor as to be criminally negligent.
Given the huge amount of design consideration and effort that security receives in modern software development houses, proving criminal negligence would be a very difficult challenge indeed.
And finally, I despise the fact that lawsuits are everyone's first thought when they don't like a product. "Have a problem? A lawsuit can fix it!" It's a preposterous system stacked against those businesses who try to operate in good faith. The best idea I've heard in years is to force lawsuit losers to pay for court costs and legal fees. That would make people think twice before filing frivolous lawsuits. And don't tell me it doesn't happen. I've been sued twice for absolutely RIDICULOUS stuff. My insurance company settled each case for a nuisance fee, which was all opposing counsel was looking for. A distant cousin of mine is a personal injury attorney, and my skin crawls when I hear about some of the things he has done.
Instead, if you don't like the service you're getting, vote with your feet and encourage others to do the same!
Implementing responsibility in software is desirable -- and unlikely.
At the bottom of the problem (surprise, surprise!) we find money. Software development requires expensive human labor and support; the software industry already limits its investment in quality assurance and support. To fully test every piece of software for 100% (or even 99%) reliability would drive software prices spiralling — you would see no free software movement, no open source, and be living with a very limited selection of corporate software at cocaine-like prices. Witness what has happend with liability lawsuits and medicine, driving costs to astronomical levels.
If anything, the success of the software industry could be attributed the its very lack of guarantees. It has few material costs; anyone with a $500 PC can start a software business. You don't need to guarantee your product, and society is conditioned to accept broken software after years of living with Microsoft's badly engineered products. Companies ship erroneous code to customers, knowing full-well that it can be patched later.
Do I think software should provide guarantees? Yes. Will it happen in my lifetime? Not unless society changes dramatically.
All about me
One thing one must consider is proper use, and chance of error.
Take condoms, for example. They can help protect against pregnancy and/or STD's. They can also break. In a reasonable situation you should be able to expect some safety in using them, if you use them properly. If you think that wearing a condom is going to make it OK for you to head on down to 3rd and Main every night to pick up a $10 date... well you don't sue Trojan when you get a little more than you bargained for, no do you?