Slashdot Mirror
Ask Slashdot: Dealing With an Unresponsive Manufacturer Who Doesn't Fix Bugs?
moofo writes: I've had huge problems with a security appliance since its installation. Specifically, the VPN SSL client is causing a problem for the majority of my remote clients. The company acknowledged the bug, but they are jerking me around, and no resolution is in sight. I tried third-party clients, but I'm wary of using them since they are not distributed by the manufacturer, and they require some maintenance to keep working properly.
I also talked to various executives at the company and besides giving me apologies, nothing good is coming my way. It's been more than two years (on a three-year subscription that I can't terminate early), and this is continually causing me trouble and aggravation. It also makes my internal customers unhappy. How do you deal with a manufacturer who doesn't fix bugs in a reasonable time frame?
I also talked to various executives at the company and besides giving me apologies, nothing good is coming my way. It's been more than two years (on a three-year subscription that I can't terminate early), and this is continually causing me trouble and aggravation. It also makes my internal customers unhappy. How do you deal with a manufacturer who doesn't fix bugs in a reasonable time frame?
One way is to give the public the name!
That may give you some rights. Post a link to the EULA, please.
If you have a legitimate beef with the manufacturer, why hide their name? You might find others with the same problem.
Why not just bad mouth them. If they get a reputation for poor service, then so be it. This shouldn't be anyone's first approach, but if you've tried for over a year and they're not living up to your expectations, then they squandered more than one chance to do better.
You chose your vendor poorly. Hope you learned from it. Next time choose a standards based VPN solution that works across many different platforms and clients.
If your company is large enough, have a quick chat with your legal department. A 3 year support contract that isn't providing you with any value is something that's worth addressing. A brief letter from your legal counsel ought to result in an interesting response (whether or not it results in action is another thing entirely).
consult a lawyer. Give them the option of fixing the bug or giving you enough money to replace them.
If they won't fix an acknowledged bug, and you have documentation to that effect, withhold any payments.
They'll either fix it or let you out of your contract.
If you've already paid them, start planning the rip now.
If you're trying to get slashdot to finally deal with some of their old bugs, I'm not sure that shaming them on their own front page is the way to do it. Granted, the exodus of users hasn't done it, either...
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Offer money. If uninterested, offer more money. Repeat until desired result obtained.
Read the contract carefully and sue them for breach of contract. You do have good documentation of the problem and your efforts to get them addressed, don't you? If, not, start creating your paper trail NOW. Depending on the size of contract, jurisdiction, etc., you may be able to take them to small claims court which may be quicker.
Otherwise, shame them by publicizing their name and behavior on sites like yelp, consumerist etc.
Here are your choices:
I tend to prefer the third option, although I've registered my displeasure on BBB on a few occasions too.
You may not be able to stop paying for the contract (be sure your next one is better worded, though), but you can stop using the service — as soon as you find a replacement...
In Soviet Washington the swamp drains you.
Just stop paying the subscription and inform to them upfront that you consider them to have terminated the contract through their own negligence. Go elsewhere.
Make things uncomfortable for them publicly, and who knows, maybe you'll encounter a few other of their customers who are having similar experiences that will help pile on to get a solution fast-tracked.
It's been more than two years (on a three-year subscription that I can't terminate early)
So, you're worried about upholding your end of the contract even though the other side isn't upholding there end? Or did I miss something?
Do you have ESP?
Proper escalation goes something like this:
0: Make sure you aren't doing something that's going to get you sued / fired. Meaning if this is already on your plate, I hope your manager knows about it. Tell them that you are going to be talking to legal/purchasing first about stopping the bills being paid. AKA "never make a threat you can't carry out".
1: Call your sales rep. Tell them that you find their product unacceptable, and you are withholding payment on the contract until such time as you are provided a list of fix dates, workarounds, etc for the product. Be sure to provide a list of the bugs as you understand them, listed in priority order. Be reasonable -- if you have ten bugs and items 1 and 2 are causing the most grief, it might be reasonable to accept immediate fixes for those, but the other ones my need to wait longer, or you can agree that they can be closed.
2: Start lining up a bake-off of similar devices now, to prep when the contract runs out, and start testing them with the people who found all the bugs in the other one. If the original vendor is unresponsive, switch off their device early. It may look like crap from the financial side, but depending on who and what is riding on this bit of equipment, better reliability / less bugginess / etc may have an immediate ROI and it might be worth it.
Other tips:
Never curse, lose your temper or be less than professional. Save that for when you get off the phone.
Schedule an in-person meeting if possible. Barring in-person, phone. Emails don't convey urgency well.
If the sales rep doesn't give you satisfaction, call their boss, then keep on working the way up to the top. Top managers do not like it when their lower level managers aren't doing their jobs. They want to concentrate on long term, not stuff like this. Make them irritated enough and you will have the management chain ensuring you go away because you make them look bad -- but this is the flip side of the "being professional" bit -- if you keep using words like "unacceptable", "does not meet advertised uptime numbers", "does not match your published specifications", "crashes when XXYY happens", you stay on issue. If you go off issue into raving lunatic, cursing land, you lose your credibility and are dismissed as "angry customer", not "that guy who has a legit list of 10 major bugs and who has his lawyer and finance department witholding payment".
During install and setup, I noted a couple inconsistencies; and contacted support. They indicated that I did not need to worry about it (the problems). The device is designed to handle more than one incoming high-speed internet line.. and to load balance and fail over should one (internet line) stop working. My primary (Comcast) failed; and the united did not 'fail over' as advertised (Also the problems from long ago now were obvious: The unit failed, and the 'fail over option' never did work as advertised).
I contacted support: the unit was out of warranty; did I wish to purchase another?
Company sells product. Check.
Product has issues. Check.
Company is unresponsive to problems. Check.
Company has you locked into support contract. Check.
Bummer, dude. But what you're describing is pretty much what any of us in the software industry have been seeing for a long time -- the salesman is always lying to you.
Out of curiosity, did you do your own extensive testing and have your legal department put penalty/early termination clauses in? Or, have you become victim to believing what the sales guy told you?
I'm betting half the people on Slashdot have worked at companies where the sales people sold impossible things which don't exist as sold. And the other half has worked for companies which have bought stuff which didn't live up to what the sales guy said.
I'm afraid I have little practical advice for this specific question, but I've seen more than enough examples of the sales guys really stretching the truth about what is real .. to the extent of being quite certain they took the buzzwords from several separate products, turned them into one list, and then claimed they were selling you something which checked all the boxes -- even if there was no way to connect the pieces.
And I've had numerous friends who have been tasked with building something the sales guys sold, only to discover there is no documentation, no resources to turn to, nobody has ever actually done it this way, and there's one guy who costs $4k/day who can be hired to come in and set it up ... if anybody can find him, and assuming he doesn't look at what the sales guys sold and say "wow, I don't think it does that".
So, the moral of the story is ... hang the salesman out the window until he can provide a working system, and make damned sure your legal department is building in clauses which protect you when you realize that you've been hoodwinked.
I've had more than a few vendors after the sale admit that, no, it doesn't really do that, but for our ridiculous consulting fee we can build something which might almost do that.
Lost at C:>. Found at C.
If he had chosen a standards compliant open-source VPN solution, then he would not have to sue. He could hire programmers to fix the problem himself, rather than hiring lawyers to sue the company and hope that someday two years from now the problem is resolved.
In rare cases, you can still pay people for a subscription you don't use and use an alternative instead. e.g. Use an open source piece of software. The only small hitch is that usually executives mandate something be used if they pay for it. Which is why these cases are rare.
While I agree with gist of your sentiment, you're making the assumption that the submitter was able to make the choice of vendor. Not all of us get to choose which technologies we're required to support. Maybe a pointy-haired boss told the guy to go with the vendor because his buddy, the vendor's CEO, let's him win at golf.
This is America! Be a good patriot/consumer and STFU! Corporation Banks and hedge funds are your betters and should be deferred to in all circumstances.
I thought it was Cisco myself.... Not that I've had any issues with their gear and support beyond the price... (cough, cough)
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Simple: file a Bugzilla report on them: that will definitely get the word out!
Most vendor contracts in my experience have long, obtuse and legally dense clauses in them that seek to prevent customers from discussing publicly issues with the product, and setting maximum compensatory relief for lost business and costs as the initial purchase cost of the solution.
However, many of those clauses are also not enforceable under the specific state/federal (or in the case of Europe, EU) laws. The only real way to know what you recourse is within the terms of the contract is to get advice from a contract lawyer first of all, about which legal jurisdiction would be available or need to be used when seeking redress, and second from a contract law expert in that specific jurisdiction about what your legal options are.
The only way the vendor is going to give a damn about you as a client is if they are facing some kind of legal action for not addressing the problems. Their EULA ? Vendor Supply Contract will include a clause that problems with the system are not grounds for legal action or compensation, but those are almost always worth less than the ink used to print the text. If the threat of legal action does not work, and the cost of pursuing actual action and compensation is worth more than the cost of the solution, then probably the only courses open to you will be to you are junking the system and paying up the remainder of the contract/early exit termination fees, or living with it for another 12 months.
Either way, more thorough and extensive pre-acceptance testing next time might be in order. Learn where your client went wrong with the evaluation of the existing solution, and correct those mistakes when evaluating the next.
...Is a major reason the GPL and free software / open source movements exist. Remember proprietary Unix and its tool support in the 1980s?
you had me at #!
If your possibly looking for the vendor name... there is one listed in the stroy tags. (or was that a generalization)
... You're a guru, right?
Someone in that company gives a shit, you just have to find them.
Do some homework and start climbing up the ladder using the telephone. No emails for now.
When you hit on someone who's going to help, THEN send up a followup email. Copy your management if applicable.
"I enjoyed our telcon this date, Joe, and I am looking forward to the assistance you have offered in resolving this issue, including your promise t (blah blah).
As we discussed, I can expect resolution by (date) and I will followup by phone (post phone number).
We both want what's best for our firms and your help is greatly appreciated."
If that bastard falls down, climb higher.
Lather, rinse, repeat.
It little behooves the best of us to comment on the rest of us.
Because he might want to have a decent relationship with them? Other then this issue, it might be a great product, might be getting a discount and so on.
Future relationship?!?
So they can buy *more* products with bugs an unresponsive support in the future? I can see why you'd want to protect *that* relationship...
Vote with your boots. Either kick ass or walk away or both. If you can sue, do so. Find out what your legal remedies are per the contract you signed. I presume that's why there was a contract rather than a handshake. Make it clear to your sales rep that you will not be renewing your contract unless the issue is resolved in a specific amount of time. Business isn't for friendships, and sometimes you have to burn some bridges.
Which has more power: the hammer, or the anvil?
According to OPs slashdot profile, his personal website is: http://www.moofo.com/ He has a posting on there about purchasing a watchguard in 2012, their buggy SSL client, and the ineptitude of Watchguard support. http://www.moofo.com/2014/07/1...
I bought a USB temperature reader and the software that came with it would not even run. After 2 weeks of complaining to the manufacturer (in China) I complained to the website that I bought it from. The software was fixed the next day. It turns out the supplier (also in China) had a close business relationship with the manufacturer and basically told them to fix it. I never quite understood how they could let it get to the point of burning software CDs with software that didn't work at all.
For VPN it's just the same. I've been dealing with Cisco AnyCrap VPN for the last 4 months and our problem - establishing a network-transparent VPN access to a remote share to deploy software without Cisco Malware (TM) hijacking our netconfig - still hasn't gone away. Naturally. The fuss is mostly politics (90%) with 3 parties and 15 individuals involved pushing responsibility around and fussing with bullshit that would be fixed in 30 minutes if they'd actually deliver what we need, but I guess that's the usual problem.
Moral to the story, once again, as has been for the past 2 decades:
Never, ever go with proprietary solutions and vendor/service lock-in for mission critical stuff!
That aside, how does your contract look? Is it Lawyer-time yet? Perhaps you should start playing 'legal-ball' or at least start writing snail-mail solicited letters as to indicate that you're pissed and won't take this much longer. Can actually work wonders.
Good luck. And don't forget to add "OpenVPN Compatible" into your next contracts.
We suffer more in our imagination than in reality. - Seneca
Welcome to the new world.
I am aparently one of the increasingly few Software Engineers that does acutally believe in the overall business benefits of only releasing well-engineered software and not treating your customers like Alpha testers,
As such I am becoming more and more disillusioned about my chances of ever working for a company where all the managers are not just always looking for (and rewarding) ways to push some barely functional piece of badly engineered shit out the door as soon as possible, and only investing effort in coming up with new excuses to ignore customer complaints.
You may notice that since we have no details about your problem you won't get responses specific enough to be useful.
Problem with your remote clients... What does that mean?
Try security.stackexchange.com and be specific.
In America, the truth is an absolute defense against libel/slander. As long as you have documented your accusations, you have little to worry about.
Except for perhaps going bankrupt defending yourself. Being right isn't worth much if you get put out of business proving that fact. Accusing a large company with flesh eating lawyers of anything publicly can result in a very costly lawsuit regardless of the merits of the case.
If you think your security appliance is bad, wait till the management hears about the tech support appliance used by your IT. It seems to consist of posting a vague statement to Slashdot and hoping to get a solution. It is not how IT is done, buddy.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
In a civil lawsuit, all the filing costs are paid by the plaintiff, not the defendant.
Filing costs maybe but not lawyers fees which always account for the bulk of the cost of any lawsuit aside from any adverse judgements. Filing costs are a rounding error.
If you know you spoke the truth, and you have solid evidence to back that up, then you really don't need a lawyer.
HAHAHAHAHAHA... If you believe that you are an idiot and have never been on the pointy end of an actual lawsuit. This isn't an episode of Judge Judy we are talking about here.
Dealing With an Unresponsive Manufacturer Who Doesn't Fix Bugs?
Dunno, it's a good question. But I'm sure that someone at slashdot can answer it with the same reasoning that they' use to still be apparently trying to roll out the beta design, despite the fact that some of it's own users (customers???) have in their sig, "FUCK BETA".
Politics; n. : A religion whereby man is god.
You may have some legal recourse in this. You've paid for a specific service in subscription form and the vendor is not living up to its obligations. I would consult the company's legal department.
Socialize the bug. The bigger the audience, the better. I suspect that this is especially important with security issues. Argue that of the three legs of security, the bug violates "availability" if the users can't use the service. Also remind the vendor that even if you can't get out of the contract, you have to provide the service, so you will be forced to seek a different solution.
Back when Usenet was still a thang, I was the primary sysadmin for an SGI shop. Some version of SGI had upgraded NFS to some new version but had not updated lockd. File locking over NFS between Sun and SGI machines ceased to work. SGI engineering argued that there was no compelling new functionality in the new version of lockd, so they had not bothered to port it, and besides, "it works for us".
I complained bitterly about this in the appropriate Usenet groups, with analysis and examples. A few weeks later, I was contacted by our sales engineer with a patch, just for us, that fixed the problem. The very next OS release the patch became standard.
Point is, arguing the facts with the vendor did not get the problem fixed. Publicly rubbing the vendor's nose in it did.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Then I've a simple fix: use a different VPN solution.
WatchGuard has offered clients using SSL VPNs and IPSec VPNs. The WatchGuard device likely supports both. Simply check a box in WatchGuard's interface to make sure that both VPN types are enabled. Then have the end user machines install the other client.
We've found that the cause of the issue is not necessarily the end user machines, but the networks they are connecting from. To be safe, having both clients installed is a good thing. Note that client workstations may need to be rebooted.
Sensible? Not really. Did it work reliably? Yes. Using one piece of client software or the other, we could get workstations to connect successfully.
Then, see earlier comment for a long term solution.
I'm working for a company that provides services.... and here's my experience with this
The customer asks to get a high-level person from my company to speak to them directly... asking them to acknowledge the issue and provide an estimates of resolution. In which communication, the provider side also promises to provide a periodic update until resolution is reached. After a certain threshold is reached and the solution is not developed, the customer will cease all funding/payments and escalate all the way to the very highest person in both organizations. This is how you pressure the provider side to live up with their products/services...
Anything less than a several tens or hundreds of thousands of dollars device you can forget it. And even with enterprise grade stuff few bugs are ever really addressed let alone in any timely manner. They will do nothing unless some big retailer gets screwed by hackers and they can point conclusively to THAT device. Otherwise it's like auto recalls. Usually and until the company's name is already being harmed it's cheaper to kill people.
Get a spare server (2 at least) and deploy OpenVPN.
Seriously. Two years into a three year contract and they haven't provided what is advertised within a reasonable effort?
It's only been just under a year for the company I just got hired on, I found the website isn't working as advertised, and was never meant to (hard-coded HTML as placeholders, unable to accept AJAX input from my auction plugin despite them saying they could do it) and we're already lawyering up.
We've already been hit with tens of thousands of dollars in losses because of the site - you better believe you're getting hit for as much and you need to be contacting a lawyer as this is going beyond small claims court.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Sorry, but this is your fault. They'll cover what's in your service contract.
In there you should have very specifically, what is considered reasonable performance. What is a bug. What is not. And how long they have to remedy that. If you don't, that's your own damned fault. If it is in there, and they aren't living up to it, then your lawyers should be talking to theirs about a financial remedy which should also be spelled out in the contract.
Is it Untangle?
Their update for the v10.2 release changed the OpenVPN configuration (the tunnel interface can now be NAT'd -- and is by default, even if it wasn't before), leaving some of us frustrated trying to find what wasn't working. If that's so, you have three options: adjust your network settings to account for NAT, disable NAT on the tunnel interface, or (recommended) switch to the IPSec VPN option. IPSec just works better anyway. I know my users have been a lot happier, and I've preferred not needing to distribute a client at all for most users.
Does that saying apply to lawyers too if they get sued? Maybe they would end up making stupid mistakes because of the emotional involvement?
Lawyers do seem pretty good at the job security game: make the system very complicated and convince everyone they need lawyers. Software houses should keep this in mind and not try to focus on ease of use. :-)
According to OPs slashdot profile, his personal website is: http://www.moofo.com/ He has a posting on there about purchasing a watchguard in 2012, their buggy SSL client, and the ineptitude of Watchguard support. http://www.moofo.com/2014/07/1...
I deal a lot with clients who have compliance requirements such as PCI. This sort of thing is an endless source of grief, where the, "it doesn't matter, it's just an appliance" phrase comes up all the time. You have devices put into PCI-scoped network zones to do a job, but which are either using a dusty version of a commodity OS under the hood, or don't support a bunch of requirements like account controls such as password complexity and account lockouts.
Being big-name security appliance and networking companies, it's tough to justify taking them all out back to the shooting range. But I'd love to...
So your suggested solution is a time machine and self-support?
I'd like to introduce you to Bossy, the Spherical Cow.
Welcome to the Panopticon. Used to be a prison, now it's your home.
Sonicwall is planned obsolescence at its finest and most sinister.
-
Comment removed based on user account deletion
If you believe that you are an idiot and have never been on the pointy end of an actual lawsuit.
I may be an idiot, but after 30 years in the software business, I have been involved in many lawsuits. Most were about IP law, but some involved employment, and contract law. I used a lawyer when I was the plaintiff, and I used a lawyer if the case was complex and the stakes were high. But for routine stuff, I represented myself. In more than a dozen instances, I only lost once, which was an employment case. I fired a guy for stealing money from a postage meter, and refused to pay him severance since it was "for cause". The judge disagreed, and said I couldn't withhold severance for stealing unless I had filed a police report. So I had to pay him four weeks severance, which was way less than I would have paid a lawyer even if I had won. The thief/ex-employee also represented himself, so even this instance wasn't a case of "you need a lawyer to win".
"We have a deliverable! Congratulations, you're fired!"
If so, that's who you should be talking to about this. As soon as you even mention involving a lawyer this kind of crap tends to get fixed very quickly.
If your business needs a working VPN and your current supplier isn't capable of providing one you must to cut your losses and procure a new solution. And this time get someone who knows what they are doing to run the procurement process. Once you have the working alternative in place let your lawyers try to recover costs if you must. But my experience, which is that the behaviour you are experiencing is what happens shortly before the supplier goes bust. Namgge
If it's anything like many such big companies the customer service team couldn't tell the difference between a bug and user error to save their lives. The're probably also under pressure to admit no bugs - which is easy, because the software is bug-free until the instant a new release is made, anyway.
I wouldn't be surprised if the dev team used the mailing list to bypass the customer service people as well. That way they can actually find out about problems from customers without having to interpret reports filtered through four layers of idiot between the customer and the dev team.
I have the pleasure of working for a company where the dev team ARE the support escalations team and keep an eye on support contacts. Of course, we're small, and that doesn't scale, but we're also not afraid to say "I think that might be our bug, let me look into it."
His experience perfectly matches our experience with WatchGuard.
In my business, we keep a spreadsheet of company names and websites we call "NEVER AGAIN." We check this list before every purchase, to make sure we're not buying from vendors of unreliable products (e.g., WiFi adapters from StarTech), those who don't have responsible software update policies, or those with unreasonable policies (e.g., No returns after one week).
I do not live in fear of legal retaliation. If, for example, StarTech wants to sue me for my opinions about their products, I will stand on my First Amendment rights in the U.S.A. to express my opinion. We also keep scrupulous records when we attempt to install new products (in the case of Startech, they don't even supply the latest versions of software available from THEIR supplier; we logged every version of software we tried).
The only way to punish these kinds of vendors is to deprive them of our revenue. The larger the company, the less likely they are to take customer dissatisfaction seriously (e.g., AT&T)...with some notable exceptions (e.g., Dell).
....after consulting with a lawyer. Services were not rendered and for that reason you should not feel obligated to pay full price. And terminate the contract early. If an employee does not do the job you can fire her or him, same applies to a vendor. Given that you talked to the top brass it should not come as a surprise to them. Leave it at that. While public shaming is a powerful tool it also comes with a long tail that will spell trouble for you and your company. Assuming that the vendor treats other customers the same way they will sooner than later find out that their business is going down the drain. Then again, not fixing bugs and instead crank out more features in ever shorter cycles is what the Agile revolution has brought us. Mediocre is the new black!