Arrests For Selling Poison-Ware In Spain

An anonymous reader writes "Spain's FBI equivalent has arrested the management of a software company (Google translation; Spanish original) for selling custom software to small and medium-sized businesses with 'controlled errors' that resulted in the software bombing on a predetermined date. They would then charge for fixing the problem and press the client into buying a maintenance contract. More than 1,000 clients were affected."

Microsoft

[Dexter+Herbivore]

Sooo, they were following the Micro$oft business model then?

Re:Microsoft

There's nothing the least bit controlled about Microsoft's errors, so I fail to see how this could apply to them.

Re:Microsoft

[badboy_tw2002]

Mod parent up! Epic slam at the '$oft, brah.

Re:Microsoft

[theshowmecanuck]

I call bullshit. For one, I was involved in Y2K related work for businesses that would have failed if their systems were not upgraded, namely the main enterprise business systems for daily newspapers (their circulation systems); for prepaid and wholesale (single copy) sales. And that included almost every newspaper in North America, and many overseas (not that our company worked on every newspaper's system, but considering there are not that many circ system software solutions, and they pretty much all had Y2K issues...). As well, the dot com bubble didn't burst until at least January 2000 which means that the Y2K issue was sorted out or companies were out of business before the dot com people were out of work. As well, the dot com people thrown out of work were mostly web developers, and the Y2K issue affected server side, and often COBOL related software... not exactly in the dot com programming skills bag. The company I worked for by the way provided a non-COBOL replacement system to fix our clients Y2K... complete new system instead of patching the existing system. I don't know where this 'myth of the Y2K' came about, but it seems to yet another conspiracy theory. I haven't seen or heard of one Y2K fix being worked on that wasn't solving a real critical issue. You're not a 'truther' or 'birther' by any chance too?

Re:Shenanigans!

[Meshach]

I hope they throw the book at them. They're basically holding their customers hostage.

Even worse, they are breaking some contract for sure. Bugs are one thing; every written piece of software contains bugs. But when you intentionally code the program to fail at certain intervals you are cheating the customers.

What if cars were programmed to randomly stop at some random interval? GM's head would be served up on a plate.

Re:Shenanigans!

[Meshach]

Planned obsolescence (planning for a product to go out of service) has no relation to selling someone a product that explicitly developed from the start to not do it's advertised capabilities.

Re:Shenanigans!

[Jade+E.+2]

how about this one, does it contain bugs?

10 PRINT "Meshach is never wrong!";
20 GOTO 10;

Yes, BASIC doesn't use semicolons at the end of lines.

Not entirely shenanigans!

[Ungrounded+Lightning]

[Planned obsolescence] has been happening for generations, where have you been?

It's not always ENTIRELY shenanigans.

For instance: The "design lifetime" in the auto industry is not just about selling another car. It's also about not spending a lot of extra money making, say, the transmission good for 750,000 miles when several other major systems are going to go out at a small fraction of that time. (When you're making several million units a year, saving a nickel each adds up to enough to hire two more full-time engineers to figure out how to do it.)

Making mechanical parts that last can be tough and costly. (And half a century ago it was a lot tougher, without the major advances in materials science since then.) If you design all the parts to last for at least some design lifetime and not much longer you can accumulate a lot of savings. If some major system was going to unavoidably fail shortly after that design lifetime anyhow, having the rest not good for much longer doesn't appreciably affect the utility of the vehicle for the consumer. But the cost savings can be used to lower the price (and grab market share, for a net profit increase) - which DOES help him out significantly.

The ideal in the limit is the "Preacher's marvelous one-horse shay, which lasted a hundred years and all fell apart on the very same day."

Nice

[DoofusOfDeath]

In the US, the corporation, not the people, would be charged with a crime. And then they'd settle with the Government for a fine and no admission of wrongdoing.

It sounds like Spain out-justiced the US this time around.

Re:Nice

[mcoca]

The people were charged because it was a criminal case. Had it been a civil action, they would have gone after the company. Pretty sure it's the same in the US.

Meanwhile, back on the ranch

[zennyboy]

I live here in Spain and this doesn't surprise me. Meanwhile, back on the ranch, I'm surprised someone managed to program something so reliable they had to code in a time-bomb to make the software fail!

Spanish coders did that!

I'm proud :-)

(English ex-pat)

Re:Does anyone know who it is?

The company is CIPSA, is mentionend on the GDT news: https://www.gdt.guardiacivil.es/webgdt at the bottom of the page, under "Detenidos los responsables de comercializar software con "bombas lógicas"

Re:Shenanigans!

[DigiShaman]

Per Wiki regarding software

Software companies are sometimes thought to deliberately drop support for older technologies as a calculated attempt to force users to purchase new products to replace those made obsolete[citation needed]. Most proprietary software will ultimately reach an end-of-life point, at which the manufacturer will cease updates and support. As free software can always be updated and maintained by the end user, the user is not at the sole mercy of a proprietary vendor.

Noticed that there's no mention of disabling a program or set of features on a set date. You can still run MS DOS if you wish for as long as you want. Just don't expect to get any support from Microsoft. You're on your own. That's the difference between planned obsolescence and poison-ware.

Re:Yet another argument for Open Source. B-)

[Ungrounded+Lightning]

The folks at the obfuscated C contest would like to point out that just because you see the source doesn't mean you'll easily be able to figure out what it's doing.

True.

But it's a lot easier than with a closed source program with the code owned by the crooks.

Re:Yet another argument for Open Source. B-)

[Mike610544]

How often does anything that looks like an obfuscated C contest entry actually get committed to a repository ?

It happens all the time where I work. I maintain some old code written by an old hacker (he's got a credit in the K&R book!) Shit like this is not uncommon:
*(&z + z) |= ~tqq + m ? u9 >> 2: 741 | w & 0x8F ? ~(~t11) : foo

Re:Yet another argument for Open Source. B-)

[CAIMLAS]

Sure. And who, exactly, is going to contribute to an open source project written intentionally obfuscated? Nobody. Then the project gets the reputation of being shoddy, and nobody uses it.

Or, there's also the "we'll just rewrite this little obfuscation and fork it" scenario.

Open Source thrives on its quality and dies from crap like this. People don't contribute to dead projects: they fork them or reimplement them.

How dare you, my mother is a saint!

[SmallFurryCreature]

I wonder which programmer should be more worried, the one who can't read the above, or the one who can.

Re:How dare you, my mother is a saint!

[KiloByte]

In this case, the one who wrote that. And I don't mean just readability by novices.

*(&z + z) -- unless it's C++, this makes sense only for referring to the zth next variable after z. Like: int z, a, b, c; -- z=1 will select a, z=2 will select b, z=3 will select c. In an old compiler, this will always work. In an optimizing one, it's damn likely to break.

Mixing dec and hex numbers, and writing down constants for bit operations using decimal numbers in general is prone to mistakes.
So is using addition in an expression that consist mostly of bit operations, you want | there instead.

0x8F is a complex mask, it definitely should be a #define with a name. There's nothing wrong with masks like 0x7F or 0x1F, but for 0x8F, it's not obvious enough.

~(~t11) -- uhm, what's the point?

With these issues fixed, though, with a bit of comments such a code isn't that bad.

I'll play advocate of the devil

[mrjb]

Software bombing on a certain date, just so you can charge for "fixing" it is evil.
But that assumes that the software was paid for to start with.

I remember my father adding just this "feature" to the software
of a difficult client that only requested feature upon feature
but had a track record of being months late with their payments
(not very nice if you have a family to feed!)

When the payment was once again long overdue, the client was
faced with a friendly dialog stating that the software was
not paid for yet, and that it would only be re-activated after
payment in full. The payment cleared less than 24 hours later.

It probably would have held up in court, too.

Your lack knowledge of Spanish culture

[kikito]

First of all: No Spanish worker will call his boss "sir". That's very much anti-Spanish. Just to give you an example: a recent unofficial competition asked Spanish people to come up with lyrics for the Spanish national Anthem (which is lyric-less). One of the candidates had the following text:

"Un jefe muy cabrón / soy un buen español"

Which translates to:

"A very bastard boss / I'm a good Spanish citizen"

Also, we use expletives when giving/receiving bad news. They are solely lacking on your text.

Re:Shenanigans!

[zwarte+piet]

There is a story of Henry Ford sending out employees to look on the salvage yards for Ford cars and write down wich parts would still be in excellent shape. If that happend too often for a certain part he knew he could use cheaper materials for that part in new cars.

sometimes it is justified

[eennaarbrak]

A friend of mine works for a company that sells software to a government department a central African country (I want to keep the details vague to avoid incrimination). After completing the contract and delivering the software, reps arrived one day and simply stated "We're not going to pay full price for the software - we're not making as much money out of it as we thought we would." This country does not have much of a justice system to appeal to if you don't have a politician in your pocket, so my friend's company intentionally released code to make the system stop working if the payments are late. AFAIK that fixed the problem.

I'm just curios if these companies were perhaps faced with a similar situation...