Slashdot Mirror
Should Developers Be Liable For Their Code?
Glyn Moody writes "They might be, if a new European Commission consumer protection proposal, which suggests 'licensing should guarantee consumers the same basic rights as when they purchase a good: the right to get a product that works with fair commercial conditions,' becomes law. The idea of making Microsoft pay for the billions of dollars of damage caused by flaws in its products is certainly attractive, but where would this idea leave free software coders?"
The idea that code should be perfect is a stupid idea: consumers don't want that.
They want "good enough," not perfect. Perfect costs a great deal of money, probably 4X, and consumers will buy the good enough product, at 1/4 of that price, well beyond 95% of the time.
C//
I say that if someone is making software for profit that they should be liable for their code. This would protect the free software coders. Might give Linux a legitimate chance..
Say a developer uses a number of 3rd party libraries (ie. Boost, TinyXML, etc), who will be pay damages if the program crashes in a bad way? The developer for not trying to catch 3rd party crashes, or the 3rd party for writing in bad code?
A morning without coffee is like something without something else.
Until the coders get total control of the project, from inception to completion, then no, they cannot be held responsible for bugs in the code.
How many companies push to get code out the door with *imperfections* - claiming they'll fix those in the first update?
Too many these days.
I'd say it's the management that controls the release schedules that should sign their names in blood on the bugs still known about (and unknown as testing probably wasn't allowed to complete).
Who is general failure, and why is he reading my hard drive?
or coders liable for anything. It will allow the government to say thing like, "Well your small company does not have the financial ability to support your product for "X" amount of years and you need insurance in case there are millions of lawsuits we are sorry but you can't sell your product". Meanwhile the large company (they are to big to fail or follow the rules everyone else is expected to) caries on as usual having eliminated to competition through government assistance and gets to carry on as usual because they are the only company left and we need them.
Sure it's in the license now, and there are similar statements in the license agreements for most commercial software. But the license agreement is only valid if it's legal. So the question is what would happen if a law is passed that guarantees consumers certain rights regardless of what is in the license?
Sure, since that's a public health matter. If software controlling an aircraft crashes and causes the aircraft to crash too and that kills people, I'm pretty sure the software makers might end up liable too.
To continue your analogy, if a soup kitchen gives you soup that is too cold, comes in a plastic bowl and is too small of a portion, you've got nowhere to turn with that and you should have nowhere to turn with that, it is gratis after all. On the other hand, if this happens in a restaurant that calls itself high quality and advertises the famous chicken soup from a master chef and you get the same treatment, then there are numerous consumer protection agencies in Europe at least to fine the given restaurant.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
When you buy software, for example a Linux distribution, you may expect that the distributor has tested the packages and that the software mostly works. Because you pay more for MacOS, you may just expect MacOS to work better.
Off course there has to come jurisprudence on all this, but I don't think that finding just one bug will entitle you to your money back. However, when the software won't work at all for you, the supplier can not hide behind EULAs and could be forced to compensate your damages... It will be a case-by-case balancing of responsibilities.
extern warranty;
main()
{
(void)warranty;
}
The one thing that has always pissed me off about this industry is no one is held responsible for their screwed up products. Unlike the Construction Industry where if you do shoddy work you get "Back Charged" for fixing you shitty work. The sad truth is if companies like Microsoft were held accountable for bad code we would not have the mess we have today on the Internet.
MS and others make too much money from the system being broken. Just think if MS had to pay YOU! ever time their system got infected or it died from bad code. There would be no more need for anti-whatever they would fix their system.
It all about hitting someone where it hurts. Since MS has no balls. Hit them in the pocket book.
If you get free food and it gives you food poisoning, the one that made the soup will still be viable. Same issue here.
If the EU wants higher-quality software, they should support an industry-wide system for the licensing and qualification of programmers, like we have for other engineering disciplines and professions. For example, they could require that all government software, or software for use in aircraft and life-critical functions. These developers wouldn't be "better" than anyone else, but they'd have taken an exam and be nominated by their peers, like a state bar.
If the software is developed by professional developers with licenses, it gets a big seal on it, and then people can choose to buy it or not based on the rep of the licensing body, and their risk tolerance.
Don't blame me, I voted for Baltar.
The result will be two versions of software. One will be priced the same as today, with a detailed license agreement with you ultimately giving up those rights and a second version that sells for a million dollars a copy with those rights.
If they pass a law to protect consumers tho, eula cannot go against it. Those parts in the EULA would be just as null.
Thats how it works in some countries in europe aswell. For example most eulas try to prohibit you from making *any* copies of the software/game, but laws state that you can make yourself personal copies. Law goes on top of EULA, and if they differ law always wins.
I am tired of these implicit assumptions that FOSS is better than proprietary/closed source. You assume that because you have an FOSS product that you automatically have more people testing your it.
A large company just released a RC for their new OS. It's a closed source and proprietary product and it's being tested for free by more people than your product is (admittedly). You should check it out.
Furthermore, open source only matters for testing when your testers are actually doing white box. Unless your free testers are staring at code all day trying to force defects, it's all in vein.
Because the software is not purchased there is no contract. "permission to use" is not the same as a sale.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
If the law changes and requires software to offer a warranty then the GPL will be vulnerable. Even if the GPL didn't include that statement, a court could invalidated it because a contract that breaks the law is not legally binding.
Changing a license for a big project isn't always easy.
This will most likely hurt companies like Redhat, Canonical, Novell and other corporate open source contributors because they will have to stand by their products and you're bound to get a few cases where they have to pay up.
But it's not a law yet.
Dual Opteron < $600
Do you really want to pay for perfect? There are risks associated with anything and buying perfect costs a hell of a lot of money.
This is an issue that is more complicated that should developers be held liable for perfection. Is it good enough to work reliably in most cases? Was there a malicious or negligent intent to box and bunch of schlock? There are a lot of good questions that could be asked here when trying to define the responsibility and accountability of development companies.
The market for proprietary software and the community for open source software does function pretty good for weeding out the crapware.
Don't think of it as a flame, more like an argument that does 3d6 fire damage.
Hmm, it would probably go like this:
Engineers: "It's the software!"
Developers: "It's the hardware!"
Both: "Why didn't the testers catch this?"
Testers: "That wasn't one of the use cases, so it's the designers' fault."
Designers: "The product wasn't meant to be used that way, so it's a documentation error if the tech writers didn't tell users not to do that."
Tech writers: "Don't look at me, I just write what you guys tell me to write."
Open Source Developer: Don't look at me. My users contribute design ideas, code, docs, testing, etc. So if there's a problem, it's their fault 4 times over for designing it, coding it, failing to test it, and failing to document it. ;-)
But equally, people should be free to say what use their product is intended for.
As a number of people pointed out, there are exceptions to this. Basically, laws can restrict what types of agreements can be entered into. The most extreme example of this is that you can't enter into a contract to be a slave. A less extreme example would be a law that voids all "no warranty" clauses of software licenses.
I also fail to see how causing injury is comparable to alleged liability of Microsoft.
Law suits are a mechanism for recovering damages caused by the other party. You can't sue someone for wrong doing (that's what criminal laws are for). What you sue for is the damages that the wrong doing (or negligence or even plain stupidity as long as the counter party was actually the cause of it). The money you win in a law suit is meant to compensate you for the damages you suffer. In this respect both poisoning and bad software are similar.
the problem is loss caused by downtime
What if it's loss of data? Besides, time is worth money, too. And a car breaking down due to wear and tear is one thing. A car breaking down because of a faulty design is quite another. You can sue in the latter case but not the former.
Any guest worker system is indistinguishable from indentured servitude.
This should have been done at least 10 years ago.
Well, yes. But like a great many technological issues the people who make the law have been completely ignorant that the issue even exists, let alone proactive enough to formulate a solution for it.
An airbag has. And you fail to deliver a single argument why we should treat electronic controls different. And what about my TV? I shouldn't get a refund if it is the software that doesn't work?
It is quite simple. If you sell your software by promoting its functions you have to actually deliver these functions. Otherwise you are just a scammer. If your code contains bugs and doesn't work, no problem, just fix them and make it work as promised, or give a refund. Like every other vendor has to provide replacements for their broken stuff.
if you get it for no price, you don't enjoy such priviledges
Not so fast cowboy, author of the work might be liable for damages, even RMS is aware of this. That what that whole:
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE
of the GPL is for. I mean this EU law is utter bullshit from free software or commercial software point of view and would discourage developers, not to mention that it surely be misused against software vendors of any kind.
If you sell motor oil, someone puts it in their car and the car blows up, you would be responsible.
Now that I've used the mandatory car analogy, how is this different from selling well labeled software with major flaws in it?
Actually it'll probably work out like:
Providers: Yeah, it's broken, sorry. Contact our insurance company, and put in a claim.
Clients: Oh, you're insured for this? Great.
Providers: Yeah, of course. We're pros, and totally insured for this, like all the other pros. Why else do you think you couldn't get a two-page website for less than $12,000?
I have mixed feelings on this.
This would only work if 'coders' gain the professional standing like doctors and lawyers. I would welcome the chance to have better qualified people in the field as well as bigger bucks.
On the other hand, all of software is design. It's hard to fault someone for breaking breaking standard protocol, when each piece of software is essentially designing something new. I heart surgeon doesn't invent a new heart procedure with each patient... By definition in software, everything is new as the compiler and CPU handle ALL the repetitive work.
Similarly, all products have a limited use. A company manufactures locks. Well with some kind of equipment, virtually all locks are breakable. IF a thief breaks into a my house can I sue the lock company? Well... only if the lock was defective I suppose... but what does defective mean? It means, it violated what a lock could reasonably stop. Normally by some specification (can withstand X amount of force, tension...). So what is it going to be with software?
They will have to list such specifications too which will basically amount to: this software will work as intended as long as you use it as we instruct. Take your care for example, if you are driving at 100 kph and put the car in reverse, which u can, you will blow up your engine. Yet in software, it is expected to take care of cases where the user pressed the wrong button at the wrong time... It should not crash. In most respects, software is remarkably reliable if you compare it to the rest of the world.
It's kind of pointless.
I think this is just more pointless European regulation. A body that has decided it doesn't want to do anything and just create an economy out of regulation and finance. Just my view anyways...
I say let the market handle reliability. I mean... amazing how Toyota does so well in the free market non? The market is the best structure to determine the trade off between price and reliability.
If software controlling an aircraft crashes and causes the aircraft to crash too and that kills people, I'm pretty sure the software makers might end up liable too.
But the proposed legislation is consumer protection, which is a totally different branch of legislation to that relating to B2B contracts. Yes, the software makers might end up liable, depending on the contract between the service provider and the software supplier, but they might not. There's a lot of Linux used in air traffic control in Europe, but I doubt anybody involved in Linux could end up liable in the event of an accident. Rather, the air traffic service providers have to make sure they have adequate protection against credible failure modes of the Linux element. (I've worked on quite a few safety cases arguing that such protections are adequate, so it's more likely that I'd be liable).
Quidnam Latine loqui modo coepi?
Until the coders get total control of the project, from inception to completion, then no, they cannot be held responsible for bugs in the code.
When say, Ford makes a car, do they make all of the parts that go into the making of the car? So, if you buy a car from Ford and the car won't start because the starter motor is defective, then Ford isn't responsible because they didn't make the starter motor?
Say you buy a Hamilton-Beach toaster. You open the box to find a piece of paper that says "By opening the box, you agree that Hamilton-Beach does not warrant that this toaster will actually toast bread." You plug in the toaster only to find that it doesn't work. Do you say "Oh well, I guess I'm out of luck"?
Such examples are patently stupid. Yet this is exactly what software EULAs say: the software is not warranted for any purpose, not even the purpose for which it was sold. Most jurisdictions have laws pertaining to merchantability and product liability. These laws work adequately (more or less, depending upon jurisdiction) for the sale of goods. The laws make distinctions between defects which do not hinder use, minor defects, major defects, and life-threatening defects. It all works (more or less) for cars and toasters; why shouldn't it be made to work for software.
Silica gel, yum yum!
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Both open source and closed source software typically include non-warranty clauses. If a new law were passed to void those clauses, it would affect both types.
The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to destroy you and leave you (and or your business) reeling in economic and personal obliteration*. That our software looks like it does something productive should not be mistaken for any intent to be useful in any fashion â"the software is free for all its users.
*The GPL or authors of software using the GPL license make no guarantees regarding the efficacy of said software's destruction potential.
Platform advocacy is like choosing a favorite severely developmentally disabled child.
In the food poisoning case you've suffered pain and discomfort.
You don't sue because you've been wronged. You sue because something of yours was taken away without your consent. If the law removes your ability to consent to certain risks (such as the risks associated with using untested software), then you'll be able to sue for the losses you would incur as a result of using untested software.
Ask for a refund.
The amount of damage you suffer is not limited to the price of the product when it comes to recovering damages through law suits. You have $0 involved in a transaction with a car thief. But you can still sue him for the damage he caused to your car.
Any guest worker system is indistinguishable from indentured servitude.
Well, as somebody with an engineering degree, I know that we were taught that we were responsible for designs produced using software products. So, for example, if one used structural design software to design a building, and that software gave erroneous results, you are to blame, and not the software.
The real blame, ultimately lies with the deepest pockets.
I'm a consultant - I convert gibberish into cash-flow.