Slashdot Mirror
The Self-Modifying EULA?
An anonymous reader asks: "Years ago, when I first installed Windows 2000, I accepted its EULA. Despite serious defects in the product, I resisted installing Service Packs because they modify the original EULA. Now even Homeland Security is on my back to upgrade and install a fix. I would be happy to install SP4 and all the security patches BUT ONLY IF IT IS DONE UNDER THE ORIGINAL EULA. Otherwise, Microsoft has made me an unwilling zombie. The clear fact is that Microsoft delivered a defective product- should not allow them to redefine our agreement. I cannot think of any other market that successfully browbeats its customers in this manner. Can this be legal? Has it been tested in court?"
That certain parts of the update required some sort of change to the EULA? Possibly a new feature or option that was not covered by the original?
Then again, you could always just not accept the EULA and not install it... despite what DHS says. That's why there's another option to select.
If you want the software patch, you accept the new licensing agreement. If you don't want the new EULA, no one is forcing you to download anything. Sounds like a perfectly valid contract to me, but IANAL.
...what terms have changed that you object to?
-b
If I wanted a sig I would have filled in that stupid box.
Well there not really on your back to install the fix. It's just the simplest solution for the vast majority of people. If you are not the vast majority read the freaking website on how to plug up the holes. The DHS does in fact post more than one way to ensure you computer is secure but closing up the holes. Of course with the number of holes you will be bashing your head up against the wall. It depends on your stuberness. Here is an interesting question though. Are then infact changing the EULA or just giving you another one for the patch. Im not hip to the jive of the Microsoft's EULA.
Ooo man the floppy drive is broken. No wait. The computer is just upside down.
Security is not a feature.
Security is a reasonable expectation.
Quit bitching and bend over. You knew what you were getting into when you installed Windows, yet you have the nerve to complain here?
There are some rulings which have held eulas to be invalid primarily because you're forced to exchange the money before youre allowed to actually see the contract, and on other grounds I as someone who is not a lawyer know nothing about.
Other sellout--err judges have held eulas are valid contracts.
To me it seems like they should all be invalidated in their entirety. EULAs as contracts are not negotiated between two parties who have equal latitude. One party has extreme market power, and the other doesn't even have the capacity for negotiation with said entity and has the choice of either accepting unreasonable terms or living in a cave by candle light. (no,that's not an exaggeration; companies are now insisting they still own your electronics even after you buy them --see microsoft tirades against xbox modders--)
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
Excuse me for thinking you're missing a few nuts but why the hell do you care what it sais in SP4's EULA? Yes, SP4 EULA has its problems and I would be inclined to give you the benefit of the doubt if it was't for your inexplicable explanation that you need to update your windows now cause DHS sais so... doh! Where have you been for the last three years? SP4 came out on June 26, 2003!!! And as for MS products being defective - this is surely news to everyone here. Reality is a harsh place for those who can't cope with it.
www.tribalnetworks.org - helping tribal people around the world to own their own means of high-tech communications
I think it's just on products that you already bought where the EULAs' validity is questionable. The reasoning was that the terms of the transaction were already finalized... you paid money and got your product. The EULA tries to add on additional terms on top of that, when the transaction was already finalized WITHOUT those terms, or so they say (IANAL and all that). Add onto this the fact that many places won't let you return opened software, and you can see that anyone who CAN'T agree to an EULA for whatever reason is in an unfair position.
But the service packs are free, so this wouldn't apply there.
Canthros
What if the EULA allowed Microsoft to require spyware on your machine. Actualy, the HIPPA crowd had a huge issue with a change a few years ago when MS added the ability with WGA to inspect your machine and documents and phone home at will... that's not in the original EULA of Windows XP. For the HIPPA people that addition could mean non-compliance with the law... by installing a security update? That's taking advantage of the customer needing their product to work in order to better their own position....that's wrong.
Unless you have to get the legal department to sign off on all EULAs. Some companies have this policy.
Under UK law, the Sale of Goods Act 1979 states that goods must be
* of satisfactory quality - which means the product you buy should be reasonably reliable.
* fit for purpose - which means it should perform the function you bought it to do.
* as described - means it should be exactly what the trader told you it was.
Those white envelopes containing CDs that state "by opening this, you are agreeing to these terms & conditions" are an example of where these EULAs arent enforcable.
I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
This must be the millionth time I've seen this comment from a smug linux geek...
First of all Linux is what gives me the discomfort and headaches - W2K with SP2 and SR1 is secure and stable thank you very much. Every time I've tried Linux (Debian, Ubuntu and currently Suse) I've faced hardware problems as well as stupid things you need to hack some Make file or the kerner to get it to work. No thanks. W2K just works (and BTW is currently running apache, ssl, vpn etc. - and this is just my home workstation).
Secondly, yes, we all know that OpenBSD and others are up there in the ivory tower but who really gives a shit. Some people actually do work on these stupid machines and have invested years learning one particular operating system. Migrating to Linux would involve a learning curve that only students have time for. And then there is all the software, some of which might be replaceable but in my case not. The closest thing out there is OSX but it has the hardware vendor-lock-in problem with limited support for various things essential to my work. Maybe one day when the world stops supporting W2K.
www.tribalnetworks.org - helping tribal people around the world to own their own means of high-tech communications
The originating company has a different problem as they can never say 'that's not our software' where as the end user can always say 'I never clicked on that button, I'm not bound by the contract.'
Of course if you want to see how much companies believe in their EULA call one up and ask for a refund because you don't agree to the EULA. They all say 'If you don't wish to be bound by this agreement, return the product for a full refund.' Which contradicts the return policy of most software outlets by the way, and should be done directly with the company, not the place you bought it from, as it's not their fault. Good luck by the way, I've tried it with Microsoft, Mathworks, and HP. Not one company would issue a refund.
I don't think it's quite that simple. For example, if the product was originally advertised as coming with "free security updates", then one could argue that Microsoft is obligated to provide the free updates they advertised under the same terms as the original product. If the EULA isn't enforceable for the original product, then it's probably not enforceable the the service pack. Another example is if you lawfully received the service pack without agreeing to an EULA beforehand (such as if you get an update CD from Microsoft). Or, certain terms in Microsoft's EULAs might also not be enforceable because of their the company's monopoly status.
I'm not actually saying that I *know* that an EULA wouldn't be enforceable, I'm saying that it's not wise to just assume that it is in all cases. Again, talk to a lawyer in your jurisdiction.
http://outcampaign.org/
Transport company X has a fleet of brand Y trucks. It is time to replace a portion of them. So they buy a handfull of brand Z trucks, park them at the entrance then invite the sales rep for brand Y to come by for a talk. "Well we have been thinking of upgrading our fleet of trucks. We are looking for offers, by the way have you seen those new Z trucks? Nice aren't they? So what kinda of deal can we expect from you?"
Then ask them wich OS they buy and how they deal with their OS seller. Watch them be confused.
It is sensible business. If you are a fleet manager and you would come to your boss saying, "Hi boss, I completely standarized on brand Y trucks, our repair shops can repair nothing else, our drivers can drive nothing else, our loading stations can accept nothing else, we are now one hundred procent at their mercy of brand Y. Oh hi Mr Sales rep from Brand Y, why are you grinning like that?"
Such a fleet manager would be fired in an instant.
In IT, that is what has been taking place for the last decade. The same trucking companies that do everything to get their trucks with the cheapest discount hand over their IT to companies selling just one solution and totally tie their entire company to just one supplier.
Insanity but when it comes to IT common business rules do seem to apply.
In holland the goverment tries to keep monopolies from happening. Market forces can after all only work if there is more then one player right?
So we get silly stuff like the attempt to run more then one company on the dutch rail system (crowded in a crowded country) or Shell being stopped from owning more highway gas stations. Or even sillier stuff like privatizing stuff like gas and elec even medical insurance. All meant to drive down price and all the price does is skyrocket up.
And what is done about the ultimate monopoly? Shit all. Forget Shell owning 80% of dutch highway gas stations. Try MS owning 9*% of all the worlds desktops.
Face it. IT doesn't follow normal rules. No you would not accept a new EULA (or any EULA at all) when your car company recalls your car to have your brakes fixed. In IT MS owns your ass and they can do whatever they want.
But it easy to buy another brand of truck. For proof, just look at your big local trucking company, they almost always got a handfull of trucks of another manufacturer. Keeps your supplier on its toes and the costs are trivial. Now try doing the same with computers. Oh it used to be done. Only a very BAD IT manager would not make sure that his IBM datacenter did not have a couple of Sun machines installed in plain sight. But when it comes to desktops we have come to accept lock-in (says a linux user and someone who refuses to answer personal ads that accept only .doc cv's) and we all can see the result.
Accept lock-in and get locked in. Yet the old trick does work. Look at munich. MS sales rep fell all over himself when he came into his clients office and saw the linux trucks parked outside. In fact MS wherever there is a rumor that a linux truck is even passing MS sends its sales reps with freebies and special deals. And still, the majority of sales meetings with MS go like this. "Ah thank you for your replying to my outlook email, can we shedule a meeting in outlook, I will get your details from access, to meet up and discuss us buying 100 more licenses, I will send you the details in a Word document, btw what kind of pricecut can we look forward too?"
You can hardly blame MS for it can you? Not their fault that everyone has their head up their ass when it comes to IT.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
W2K with SP2 and SR1 is secure and stable thank you very much.
Not if you use Internet Explorer, any version of Outlook, Windows Media Player, Realplayer, Microsoft Word or Excel.
All of these programs have built into their design, at a low level, in a way that can't be fixed without breaking existing third-party software, mechanisms to allow untrusted documents and objects to execute code with the full rights of the application itself. Because Microsoft decided that sandboxes slowed things down too much.
In any reasonable market, flaws impacting the safe use of a tool for its intended purpose should be fixed at the manufacturer's expense in a reasonable length of time.
If Microsoft isn't providing secure software (and yes, they aren't), then they should be providing free security fixes under the same terms they provided the original software. To do otherwise is (IMNSHO) to be an accessory to any illegal activities which occur as a result of the flaws.
I think you're completely missing the point, here.
He's not disputing the fact that he needs to install the patches for security reasons. He's upset because this puts him in a situation where he has no other choice other than to agree to the new contract. This is an unfair situation. Microsoft should be providing the patches without any additional conditions.
I guess it would be helpful to know what modifications you're complaining about?
.NET3 for XP, - Which will differ how from WinFX for Vista?
I thought s/he made it clear enough - Any of them. When first installing any version of Windows, you have to agree to the EULA. Why should the terms of using the software change for a frickin' patch to repair their bugs?
Spoken like someone who has never written software of any consequence. All software has bugs. Do you consider every piece of software you own to be defective?
I've written in the gamut from firmware for bill accepters, to thinclient frontend code that runs on one of the world's major lotto machine vendor's hardware. Some might say that counts as "of consequence". And yes, all software has bugs.
The difference between me and Microsoft, I don't have the arrogance to say the bearer of my paycheck has to renegotiate every time someone finds a bug. In some markets, they call that "extortion". "Gee, really awful that your bill accepter sees the new $5 bills as $100s... Someone should patch that for you ASAP! I'd do it, but I already know what a nightmare the code looks like - But if you toss a new house my way, I suppose I could suffer throught it. Say, could you set me up with that new VP's cute daughter?".
OTOH, Microsoft's biggest problem here doesn't even come from the original product... They actually have the arrogance to use their "fixes" to beta-test their next-gen products on live systems in the wild. Consider just how different a fully updated 2000 looked from XP when XP first came out - Practically identical, I didn't even bother upgrading until my 2k box needed reinstallation (and even then, after XP SP2, it still looks and feels almost the same). And the most recent, we have
It's a license, not a contract.
Arguments about single-sided contracts do not apply to licenses.
If anyone buys anything off the shelf for security, they probably haven't done their homework.
Linux is, in general, significantly better than windows, security-wise, but that isn't really saying much.
If you really want security, start with something like openbsd, keep on top of updates, and expect that any changes you make to get the system usable/useful are probably going to leave you more vulnerable to attack. And never, ever, think that you're completely secure.
Above all else, remember that all software sucks.
You're missing the point, that's not an EULA.
If you think imaginary property and real property are the same, when does your house become public domain?
Read:
Kanitz v. Rogers Cable, Inc., OJ 665 (Ontario Super. Ct., 2002). A Canadian court upheld the validity of an amended clickwrap agreement. Rogers Cable amended its user agreement to include an arbitration clause. The originl agreement allowed for amendment provided Rogers gave notice to its customers by posting it on the website, via email, or by post. Furthermore, the agreement stated that continued use of the service following the notice constituted acceptance of the amended agreement. Rogers added the arbitration clause and posted the notice on its customer support webpage. The court held that Rogers had provided its customers with sufficient notice and that the plaintiff customers had accepted the agreement by their continued use of the service.
If you think imaginary property and real property are the same, when does your house become public domain?
That, and I imagine that trying to extort the people who use firmware with gambling applications would be a good way to get your legs broken :).
I too have felt the cold finger of injustice.
Here's how I imagine this would work: a web site to which anyone can post a EULA they've encountered, and a group of lawyers who volunteer time to analyze each EULA and translate it into language anyone can understand. Inconsistencies, gotchas and other noteworthy problems would be highlighted, and the overall validity of each EULA assessed. Hopefully there would be enough buy-in that a large database of EULA analyses would be built up. One problem: are there enough lawyers out there who would be willing to donate their time and expertise?
I understand that English is a living language, but I object to changes arising merely from repeated errors.
"you too can become rich if you work hard and play by our rules"....bullshit.
I became rich by playing by their rules you insensitive clod!
-Rick (Just kidding!!)
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
Unless your taking a shot at someone paying for secure linux when they do not have to, as they could have used this secure distribution based on SE linux. Yeah, thats it. Sorry. You were obviously pointing out there is no need to pay for a secure operating system.
And yet, is has a fraction of the bugs that Windows has.
And yes, I would call it overall secure. I would also say that the developers/distros do a good job of staying on top of the bugs. But if security is job 1, then openbsd, or a trusted *nix(trusted solaris) is what you seek.
BTW, several years ago I was developing systems for sale to a few US Federal agencies. They considered a few of the Linux secure enough, while Windows was not.
I prefer the "u" in honour as it seems to be missing these days.
Ignoring the fact that "Slashdot" includes a large number of opinions and not just one, and does not advocate just one, you raise an excellent point.
The basis of copyright is the idea that, while people can easily copy ideas, works of art, and software (particularly when in digital form, not just when it's digital), it's not in our collective interest to always do so. Thus, the government enforces a time-limited monopoly on the implementation of an idea, preventing its citezenry from exercising their natural rights in the hopes that the creators of idea implementations will find this good enough incentive to create more implementations of ideas. At is core, then, copyright is a tradeoff between our natural rights and the desire to have more art, literature, software, etc.
Copyright is entirely artifical--in the absence of copyright, anyone can copy anything at any time in any way they wish. This is possible because it's an idea, not a physical object. (If you could create matter without any energy or prior matter, then many things would have to be revisited.) As it stands, however, you cannot simply replicate a physical object--you must deprive someone else (if it has a prior owner) of that object (or, if matter compilers existed, then the precursors of creating that object). That is theft--obtaining an object by depriving someone else of that object. Breaching copyright--a time-limited monopoly on the specific implementation of an idea (as opposed to a patent, which is a time-limited monopoly on the idea itself--is categorically not theft, as the original author still possesses the original implementation.
So that gives you some background on why copyrighted idea implementations (here, software) is different from physical objects. Without knowing what specifically you believe "different set of rules" entails, I cannot be of more help with that side of things.
Now, given this context, what is the basis of believing that the software vendor isn't required to provide defect repairs (e.g. security updates) that fall outside of normal wear-and-tear (which obviously doesn't apply, since the defects have been present from the original creation of the software)?
--
Given enough personal experience, all stereotypes are shallow.
Depends on what you mean by "enforcable".
In the UK, copyright law is stricter than in the US. There's no "fair use". You do, actually, need a license to perform any act that requires copying takes place. This includes copying software onto your hard drive (otherwise known as "installing" it) or possibly even into memory.
Now, if a license doesn't come with a piece of software, it's arguable that you have an implied right, under the Sale of Goods Act, to run it. If you can't run it without installing it (ie it doesn't run from the disk), then you may have an implied right to install it. Once. No back-ups. But if it does come with a license, or an EULA (which provides licenses if you agree to certain acts on your part), and the license is compatible with using the product in its intended way, then yes, you're obliged to either accept it, or take it back.
Is it not enforcable? Only in the sense that without draconian monitoring, some provisions of the EULA cannot be proven to have been breached. But otherwise, yes, it's enforcable, that license agreement, if provided, does indeed apply in the UK.
That's in the UK though. In the US, where the "Sale of Goods Act" has no juristiction, EULAs occupy a murkier area.
You are not alone. This is not normal. None of this is normal.
>In the UK, copyright law is stricter than in the US.
_ 2.htm
>There's no "fair use". You do, actually, need a license
>to perform any act that requires copying takes place.
This is not completely true. Although no general "fair use" exists, there is special provisions for computer programs that allows you to make nessecary copies. There is a clause about regulating agreement but it doesn't require such a thing. In the absence of an agreement restricting copying, any copying needed to use the software is allowed by a lawfull user of the software. There is no requirement of having an agreement to be a lawfull user. So unless you do agree to a contract (for example an EULA) that restrict copying to use (which seems stupid), you are allowed by copyright law to make such copying anyway.
http://www.opsi.gov.uk/si/si1992/Uksi_19923233_en
"Offering" a patch while tying it to a different license is entirely unreasonable, and amounts to the same thing as not offering the patch at all.
In fact, what it amounts to is extortion -- an "agree to my [new, unreasonable] terms or the software dies" kind of thing.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Indeed -- it's really unfortunate that some people don't realize this. Also, it doesn't help that lots of GPL software (especially on Windows) displays it and requires the user to "agree" as if it were one. OpenOffice is guilty of this one, IIRC.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz