Arrests For Selling Poison-Ware In Spain

An anonymous reader writes "Spain's FBI equivalent has arrested the management of a software company (Google translation; Spanish original) for selling custom software to small and medium-sized businesses with 'controlled errors' that resulted in the software bombing on a predetermined date. They would then charge for fixing the problem and press the client into buying a maintenance contract. More than 1,000 clients were affected."

Microsoft

[Dexter+Herbivore]

Sooo, they were following the Micro$oft business model then?

Re:Microsoft

There's nothing the least bit controlled about Microsoft's errors, so I fail to see how this could apply to them.

Re:Microsoft

[badboy_tw2002]

Mod parent up! Epic slam at the '$oft, brah.

Re:Microsoft

[ElectricTurtle]

Those who did not learn from the history of Windows 3.0 are doomed to repeat it.

Re:Microsoft

[mysidia]

That's right... plausible deniability.

You have to pay for non-security bugfixes to Windows 2003 now, by buying a contract within 90 days of Jul 12, if you want support.

There are no "bomb on X date" bugs, but who in their right mind doesn't think there will eventually think there will eventually be some nasty bugs found? :)

Re:Microsoft

[mysidia]

[Er.... there are no known "bomb on X date" bugs]... Until the next Y2k-style event that is, when system clock reaches the maximum.

Many 32-bit OSes will be screwed in Jan 2038.

Re:Microsoft

[mysidia]

Maybe so... but by 2038, there will be a lot more old software than there was in 2000.

There are still businesses today, relying on Windows '98, even DOS 5.0 and Netware 3.x, are critical software to some businesses.

Think.. back in 2000, computers had only been in widespread use since the mid-80s. Approximately 20 years.

The number of software developers, and the number of programs people relied upon was very small back then.

The amount of different business critical software programs in use by different companies, software written between 1990 and 2030, that is likely to exhibit further date bugs, is likely an order of magnitude (at least) more massive, then the amount of software there could have been Y2K issues with..

Re:Microsoft

[pegdhcp]

My dear Sir, the correct expression should be:
"There's nothing the least bit controlled _by the user_ about Microsoft's errors."
Sincerely

Re:Microsoft

[theshowmecanuck]

I call bullshit. For one, I was involved in Y2K related work for businesses that would have failed if their systems were not upgraded, namely the main enterprise business systems for daily newspapers (their circulation systems); for prepaid and wholesale (single copy) sales. And that included almost every newspaper in North America, and many overseas (not that our company worked on every newspaper's system, but considering there are not that many circ system software solutions, and they pretty much all had Y2K issues...). As well, the dot com bubble didn't burst until at least January 2000 which means that the Y2K issue was sorted out or companies were out of business before the dot com people were out of work. As well, the dot com people thrown out of work were mostly web developers, and the Y2K issue affected server side, and often COBOL related software... not exactly in the dot com programming skills bag. The company I worked for by the way provided a non-COBOL replacement system to fix our clients Y2K... complete new system instead of patching the existing system. I don't know where this 'myth of the Y2K' came about, but it seems to yet another conspiracy theory. I haven't seen or heard of one Y2K fix being worked on that wasn't solving a real critical issue. You're not a 'truther' or 'birther' by any chance too?

Shenanigans!

[WrongSizeGlass]

I hope they throw the book at them. They're basically holding their customers hostage.

Re:Shenanigans!

[Meshach]

I hope they throw the book at them. They're basically holding their customers hostage.

Even worse, they are breaking some contract for sure. Bugs are one thing; every written piece of software contains bugs. But when you intentionally code the program to fail at certain intervals you are cheating the customers.

What if cars were programmed to randomly stop at some random interval? GM's head would be served up on a plate.

Re:Shenanigans!

[Stoutlimb]

That kind of thing has been happening for generations, where have you been?. http://en.wikipedia.org/wiki/Planned_obsolescence

Re:Shenanigans!

[Meshach]

Planned obsolescence (planning for a product to go out of service) has no relation to selling someone a product that explicitly developed from the start to not do it's advertised capabilities.

Re:Shenanigans!

[Jade+E.+2]

how about this one, does it contain bugs?

10 PRINT "Meshach is never wrong!";
20 GOTO 10;

Yes, BASIC doesn't use semicolons at the end of lines.

Re:Shenanigans!

[icebraining]

Nice post!

Re:Shenanigans!

[DigiShaman]

Per Wiki regarding software

Software companies are sometimes thought to deliberately drop support for older technologies as a calculated attempt to force users to purchase new products to replace those made obsolete[citation needed]. Most proprietary software will ultimately reach an end-of-life point, at which the manufacturer will cease updates and support. As free software can always be updated and maintained by the end user, the user is not at the sole mercy of a proprietary vendor.

Noticed that there's no mention of disabling a program or set of features on a set date. You can still run MS DOS if you wish for as long as you want. Just don't expect to get any support from Microsoft. You're on your own. That's the difference between planned obsolescence and poison-ware.

Re:Shenanigans!

Then there is Toyota - their cars are randomly programmed *not* to stop at random intervals.

[rimshot]

fun captcha = Kicked

Re:Shenanigans!

[MichaelSmith]

10 PRINT "Meshach is never wrong!";

20 GOTO 10;

I'd count an infinite loop as a bug...

All of my microcontroller programs have infinite loops.

Re:Shenanigans!

[zwarte+piet]

There is a story of Henry Ford sending out employees to look on the salvage yards for Ford cars and write down wich parts would still be in excellent shape. If that happend too often for a certain part he knew he could use cheaper materials for that part in new cars.

Not entirely shenanigans!

[Ungrounded+Lightning]

[Planned obsolescence] has been happening for generations, where have you been?

It's not always ENTIRELY shenanigans.

For instance: The "design lifetime" in the auto industry is not just about selling another car. It's also about not spending a lot of extra money making, say, the transmission good for 750,000 miles when several other major systems are going to go out at a small fraction of that time. (When you're making several million units a year, saving a nickel each adds up to enough to hire two more full-time engineers to figure out how to do it.)

Making mechanical parts that last can be tough and costly. (And half a century ago it was a lot tougher, without the major advances in materials science since then.) If you design all the parts to last for at least some design lifetime and not much longer you can accumulate a lot of savings. If some major system was going to unavoidably fail shortly after that design lifetime anyhow, having the rest not good for much longer doesn't appreciably affect the utility of the vehicle for the consumer. But the cost savings can be used to lower the price (and grab market share, for a net profit increase) - which DOES help him out significantly.

The ideal in the limit is the "Preacher's marvelous one-horse shay, which lasted a hundred years and all fell apart on the very same day."

Nice

[DoofusOfDeath]

In the US, the corporation, not the people, would be charged with a crime. And then they'd settle with the Government for a fine and no admission of wrongdoing.

It sounds like Spain out-justiced the US this time around.

Re:Nice

[Caledfwlch]

... unless they're doing the criticizing themselves!

Re:Nice

[reydelamirienda]

I'm not an expert but I'd say that depends on what kind of company it was. If you have a SRL (Sociedad de Responsabilidad Limitada, Limited Liability Company), they can go after you for fraud (the limitation of liability is restricted to debts), otherwise I think it's harder...

Re:Nice

[mcoca]

The people were charged because it was a criminal case. Had it been a civil action, they would have gone after the company. Pretty sure it's the same in the US.

Yet another argument for Open Source. B-)

[Ungrounded+Lightning]

(Subject line says it all.)

Meanwhile, back on the ranch

[zennyboy]

I live here in Spain and this doesn't surprise me. Meanwhile, back on the ranch, I'm surprised someone managed to program something so reliable they had to code in a time-bomb to make the software fail!

Spanish coders did that!

I'm proud :-)

(English ex-pat)

some cars have oil change light that only dealer c

[Joe+The+Dragon]

some cars have oil change light that only dealer can trun off. But there are other laws that stop the them going to far.

Just wait for the AIR force to get shut off and then this carp will die fast and some may go hidden jail.

Re:Does anyone know who it is?

The company is CIPSA, is mentionend on the GDT news: https://www.gdt.guardiacivil.es/webgdt at the bottom of the page, under "Detenidos los responsables de comercializar software con "bombas lógicas"

Re:Yet another argument for Open Source. B-)

[Ungrounded+Lightning]

The folks at the obfuscated C contest would like to point out that just because you see the source doesn't mean you'll easily be able to figure out what it's doing.

True.

But it's a lot easier than with a closed source program with the code owned by the crooks.

Re:Yet another argument for Open Source. B-)

[nacturation]

How often does anything that looks like an obfuscated C contest entry actually get committed to a repository ?

Check out any project on SourceForge that is written in Perl. :)

Re:Yet another argument for Open Source. B-)

[Mike610544]

How often does anything that looks like an obfuscated C contest entry actually get committed to a repository ?

It happens all the time where I work. I maintain some old code written by an old hacker (he's got a credit in the K&R book!) Shit like this is not uncommon:
*(&z + z) |= ~tqq + m ? u9 >> 2: 741 | w & 0x8F ? ~(~t11) : foo

Re:Yet another argument for Open Source. B-)

[CAIMLAS]

Sure. And who, exactly, is going to contribute to an open source project written intentionally obfuscated? Nobody. Then the project gets the reputation of being shoddy, and nobody uses it.

Or, there's also the "we'll just rewrite this little obfuscation and fork it" scenario.

Open Source thrives on its quality and dies from crap like this. People don't contribute to dead projects: they fork them or reimplement them.

How dare you, my mother is a saint!

[SmallFurryCreature]

I wonder which programmer should be more worried, the one who can't read the above, or the one who can.

Re:How dare you, my mother is a saint!

[KiloByte]

In this case, the one who wrote that. And I don't mean just readability by novices.

*(&z + z) -- unless it's C++, this makes sense only for referring to the zth next variable after z. Like: int z, a, b, c; -- z=1 will select a, z=2 will select b, z=3 will select c. In an old compiler, this will always work. In an optimizing one, it's damn likely to break.

Mixing dec and hex numbers, and writing down constants for bit operations using decimal numbers in general is prone to mistakes.
So is using addition in an expression that consist mostly of bit operations, you want | there instead.

0x8F is a complex mask, it definitely should be a #define with a name. There's nothing wrong with masks like 0x7F or 0x1F, but for 0x8F, it's not obvious enough.

~(~t11) -- uhm, what's the point?

With these issues fixed, though, with a bit of comments such a code isn't that bad.

I'll play advocate of the devil

[mrjb]

Software bombing on a certain date, just so you can charge for "fixing" it is evil.
But that assumes that the software was paid for to start with.

I remember my father adding just this "feature" to the software
of a difficult client that only requested feature upon feature
but had a track record of being months late with their payments
(not very nice if you have a family to feed!)

When the payment was once again long overdue, the client was
faced with a friendly dialog stating that the software was
not paid for yet, and that it would only be re-activated after
payment in full. The payment cleared less than 24 hours later.

It probably would have held up in court, too.

Huh, thats odd.

[The+Hatchet]

Here in the US, not only is it not illegal to do that, but several companies hold patents on different ways of doing that. It seems to be heavily encouraged to ass-rape every customer you have ever had here, but there is actually a place where this is not so!!?!?!? EGADS!

Your lack knowledge of Spanish culture

[kikito]

First of all: No Spanish worker will call his boss "sir". That's very much anti-Spanish. Just to give you an example: a recent unofficial competition asked Spanish people to come up with lyrics for the Spanish national Anthem (which is lyric-less). One of the candidates had the following text:

"Un jefe muy cabrón / soy un buen español"

Which translates to:

"A very bastard boss / I'm a good Spanish citizen"

Also, we use expletives when giving/receiving bad news. They are solely lacking on your text.

It's not the language, it's the people

[kikito]

I'd like to point out that the fact that perl allows this kind of aberration doesn't mean it enforces or promotes it.

In fact, that code (or a very similar one) can be written in other languages, such as ruby.

This just points out that the programmer in question had serious issues in understanding fundamental concepts such as maintainability, and was more interested in amusing himself than in doing a professional job.

The credit on K&R doesn't mean a thing if you program like that on a day-to-day basis.

sometimes it is justified

[eennaarbrak]

A friend of mine works for a company that sells software to a government department a central African country (I want to keep the details vague to avoid incrimination). After completing the contract and delivering the software, reps arrived one day and simply stated "We're not going to pay full price for the software - we're not making as much money out of it as we thought we would." This country does not have much of a justice system to appeal to if you don't have a politician in your pocket, so my friend's company intentionally released code to make the system stop working if the payments are late. AFAIK that fixed the problem.

I'm just curios if these companies were perhaps faced with a similar situation...

Re:some cars have oil change light that only deale

[KshGoddess]

I'd like to call shenanigans on that one. Every car I've owned (GM, VW, Honda, Ford) has pointed out in the owner's manual in clear text how to turn the light off. Usually, you push some button or series of buttons that will turn that light off.