1) The bill primary's goals are either bogus or not served by the bill's provisions
There is already quality content on the Internet. The simple fact that it isn't owned by the MPAA member companies is no reason to overlook that fact;
The lack of broadband adoption has arguably much more to due with the "last-mile" and associated problems than with issues of content. How many people who do have DSL, for instance, had to wait in excess of a month for installation because of some Baby Bell dragging its feet to stifle competition, only to then have their provider go under and have to repeat the whole process?
no evidence is being put forth by anyone that adopting protection measures will stimulate the broadband market
2) The technical requirements enumerated in the bill are vague and/or contradictory:
in light of research into these types of systems (particularly watermarking, but others as well), it's doubtful whether "resistant to attack" and "readily implemented" are compatible, much less when combined with the requirement that the tech be "not cost prohibitive";
3) The FTC has already taken punitive/regulatory measures against the RIAA for anti-competitive practices (like the MAP pricing scheme); Congress should be extremely wary of consolidating further the already arguably monopolistic market influence of the RIAA and MPAA.
4) Regardless of the bill's provision that software implementations of the standard be implemented in "open source" software, Microsoft, a company already being sued by the same government for anti-competetive business practices, should not have their monopoly power further bolstered by requiring technology for which MS has a patent and for which no reasonable expectation can exist as to even reasonable terms, much less RF licensing, being available for the technology.
5) The government has a notoriously poor track record at successfully mandating technological solutions -- why don't we have a national ground radar system to prevent runway incursions in airports, for instance?
That's just an "off the top of my head" list. Hopefully others can add significantly persuasive additional arguments.
The law doesn't say what they deserve, only what they receive.
People smarter than I am-- and I dare say smarter than any of us are!-- have come to that conclusion over a period of many, many years.
And you uncritically defer to their authority and believe them. That's fine, it's your right. Many of us on this forum don't, though. And you mare dare say that the people who make the law are smarter than *any* of us, but I don't so dare. I do dare say that with an attitude like that, were I a ruthless dictator you'd doubtless be my favorite citizen.
Huh? There is nothing to assume. I know for a fact that this is not the case as no such cross-licensing has taken place here.
Such cross licensing has not taken place yet. Maybe it's just a matter of days until one of your relatives' competitors realizes that they hold a patent that your relatives infringe (or maybe even the competitor has been letting your relatives' company slowly gain market share while slyly waiting for one of their previously-filed "submarine" patents to issue) and BOOM the game is up?
As a former debater, you should realize that you can't prove a positive premise ("my relatives cannot be forced to cross license") from a lack of evidence ("it hasn't happened yet"), but only by the presence of evidence ("every big company who had patents they believed were infringed by my relatives tried and failed to force my relatives to cross-license"). Just because you or your relatives don't know that there's a patent issued or about-to-be issued that they infringe, doesn't mean it doesn't exist.
So, unless your relatives have been involved in litigation regarding their patents and won, the idea that patents protect them is pure assumption.
If you look at another footnote in the very document you pointed to, you'll see El Gamal and Diffie-Hellman described as non-infringing methods. PKP and then later RSARDI claimed that their patents covered *all* methods of doing PKI, including El Gamal and Diffie-Hellman.
They successfully sued people in court (Schlafly), and settled where it looked plausible that litigation would have invalidated the patent (Cylink).
upon analysis it will seem pretty clear that that harm was the result not so much of the patent itself, but rather of the misinterpretation of the meaning of the patent by one party or another.
But that is precisely a huge part of the problem. Patents are presumed valid after issue, and the burden is on the alleged infringer to show (to a most likely quite non-tech-saavy court) that the patent is invalid or the plaintiff's interpretation is wrong. In the case of RSADSI, they *knew* the patent might be invalid (they settled with Cylink to avoid having that proved in court), and that it probably didn't cover *all* methods of PKI and they still sued and won suits based on their "misinterpretation."
And yes, SSL was available; in Web browsers and Web servers manufactured by 2 deep-pocketed companies, and a few smaller companies selling binary only Apache-based servers.
So, you could use SSL for web browsing if you wanted to use one of only two browser implementations, and for Web serving only if you had $$$. RSARDI refused to license the *use* of the patent without licensing their expensive implementation (it was never clear to me in discussions with them and/or 3rd parties whether you could use some other implementation if you paid the $$$ for theirs), so using SSL for any purpose other than web browsing or serving in a commercial setting for a small company was virutally impossible -- legally, anyway.
So, I think my claim that the patent prevented innovation is reasonably sound and that the fault was due to the patent system which included the patent and its prevailing interpretation, correct or not.
Only slightly on topic but (IMHO) interesting anyway, a long-ago thread on openssl-users about RSADSI's indimidation, licensing, standards manipulation and other nasty practices including:
this, this, this and this is available for you reading pleasure at this site.
Why did you excise part of my post? When I said, "corporations deserve, and are legally entitled to, the same consideration as individuals," you quoted me as "corporations deserve... the same consideration as individuals."
Because I'm conceding that it's a given that they are legally entitled to some of the same considerations as individuals; that's the current state of the law.
However, the proposition in your post was disjunct ("corporations deserve the same consideration as individuals AND corporations are legally entitled to the same consideration as individuals"); I don't concede that "corporations 'deserve' the same consideration as individuals" is a given, and I'm suprised to hear someone assert it so casually. I'm curious as to the philosophical framework that leads you to that position.
The other method is to demonstrate that the status quo is simple unacceptable in and of itself... Can you assert, in some reasonable way, that innovation would be better served in the absence of the patent system?
I'm delighted to provide evidence, even though you haven't yet been kind enough to reciprocate:-)
That seems to be what RMS is arguing, but his assertion isn't really backed up by his examples.
Well, RMS specifically cited the case of PKI, which:
is solely mathematical in nature;
was Patented in one implementation (RSA) developed with public funds, then made available in the US only to those who would pay, at licensing terms which could hardly have been described as RAND;
the holders of the patent innapropriately claimed that their patent covered every known method of PKI;
the holders of the patent were alleged to have use harrasment infringement suits and bogus patent claims to stifle competition (by their own business partners and by Roger Schlafly -- the latter of whom lost his suit through an unfortunate combination of choosing to represent himself, poorly, in court and through a -- to me and plenty of other observers -- rather dubious interpretation of the appellate court of what constitutes "pure math");
the result of all of which certainly included the lack of security in software for any but the deep-pocketed, and conceivably lost economic opportunity and theft because of that, though the latter I can't prove; if anyone out there stole credit cards or rerouted bank transfers during that time period feel free to comment;-)
graciously allowed RF use of the patented technology right before it would have expired anyway
Oh, and there's that small matter of the entire Internet, much of the technology for which was either developed before software patents were legallly recognized or without the protection of such. Of course, you presumeably post your slashdot comments via carrier pigeon, and if BT wins its hyperlink patent lawsuit, we may all have the priviledge of joining you in that method or paying higher fees for our 'net access.
First of all, corporations deserve... the same consideration as individuals.
Please explain to me why corporations "deserve" the same considerations as individuals; that seems like quite a philosophical leap to me. I understand that the law treats them as such in many respects (and you fail to mention many of the other respects where they aren't treated like individuals; e.g. they can't be jailed, executed, drafted into military service, vote -- thank God, though I'm sure that Constitutional amendment will be forthcoming from the Honorable Senator from Disney shortly).
I'm just shocked that you seem so unequivocal about the moral rights of entities who are obliged by fiduciary responsibility to their shareholders to be as immoral, malicious, unfair, greedy, litigious and uninventive as the law and market conditions allow!
(And yes, corporations are bound by fiduciary duty to *not* innovate if the cost of innovation is greater than the cost of *not* innovating and the market doesn't offer an innovative competitor)
The end result of the patent system, as you so ably quoted, is to promote the progress of science and the useful arts.
No, as the parent poster understood (though you may not) that's goal, not the end result. Whether or not it is also the end result in the case of software is what we're debating here, and you've shown no concrete evidence it is.
Both of my parents and a couple of my family members hold patents and have successfully used patents to start and run successful small to medium sized businesses. I can tell you in their case it's not only not an encumbrance; it's a necessity to go head to head against the often much larger competition.
Can you cite a concrete example of a time when any of your relatives' patents stopped some "much larger" competitor from successfully competing with them in their market (or any market)?
Better yet, can you give us the patent #'s so we can look them up ourselves, and do searches for any case law or reporting about the patents in question?
Or are you actually doing what Stallman is talking about and assuming that the patents actually provide your relatives with protection rather than considering the likelihood that some "much larger" competitor could use their own (presumably correspondingly "much larger") patent portfolio to force your relatives to cross-license and lose all of the competitive advantage of the patents?
If you have examples like the ones I cite, do you also have some concrete statistical data to inidicate that this scenario is the rule rather than the exception?
If you can't provide these examples and statistics, I'd suggest that the term "baseless" applies quite well to your own assertions in turn, don't you agree?
So if sendmail breaks, it breaks. Maybe you could demand your money back (at least for the depreciated value of the software), but anything over and above the cost of the software is silly. If the company wants to sell the software with a guarantee, let it be so. Otherwise, let the market decide.
Isn't this the way existing (product liability, merchantability) law works anyway?
Again, I don't see why software merits different treatment. If the product doesn't do what it's supposed to do, you get your money back. If you paid no money, you get nothing. If the provider was negligent and that caused actual damages, and both of those conditions can be proved, the provider is liable for the damages.
It's not a product that can be regulated, or made 'safely.'
I never proposed a specific regulation, nor did the any of the parent posts. As a matter of fact, the poster to whom you responded said explicitly:
Nobody said anything about more laws - they implied that existing laws for negligence should be used to force the appropriate parties to fix their software.
Now you say:
If every piece of software adhered to current best practices, we wouldn't have any new innovation would we?
and.
Regulations should never be applied unless they are absolutely necessary - i.e. in the case of personal safety
Your first statement is prima facie ridiculous.
As for the second, what about the case where there were actual damages other than the loss of life or personal injury? For instance, a vulnerability or deficiency in your software leaks sensitive user data worth millions to an attacker or the public, resulting in your user going out of business, or losing substantial sums of money?
In that case, I don't see why software developers should be exempt from the same "due care" measure of negligence that *every other person* in *every other situation* in our society is. Does that mean I think that you should be able to sue for negligence if the spell checker in your email program doesn't fix your mistakes and makes you look stupid in your email correspondance? Maybe. But hopefully a judge or jury would realize that in that case no standard of "due" care was violated, and if you're lucky, penalize the plaintiff for filing a nuisance suit.
I think our existing laws about negligence have the right idea, and software developers shouldn't get some "magic" exemption.
Note, in some states and in front of some judges, your EULA might be ruled unenforceable anyway, and existing law will be brought to bear and you'd be out $$$ anyway, sucka.
It's not a product that can be regulated, or made 'safely.'
That is such a load of shit. Please don't ever apply for a job as a software developer at my company.
You might as well say the same thing about car or aircraft manufacture. After all, there are doubtless rare meteorological conditions that could cause existing aircraft designs to fail. "Wow, it's impossible to design aircraft safely! Let's put a EULA on our fuselage saying we disclaim all warranties and that the risk of using the product is entirely on the airline, pilot and passengers!"
There is a constantly growing body of knowledge about proven insecure designs in software; likewise there is a growing body of knowledge about best practices in software development processes. Are they perfect, or failsafe? No. But they represent adequate due care in protecting one's customers. They can and should be applied by anyone building and distributing software. Period.
Why the hell doesn't the ORBZ software just send out a MAIL FROM: header that doesn't have the remote side's address?
I mean, why the hell doesn't it just send a header like:
MAIL FROM: <orbz-admin@orbz-domain.com>
anyway?
This seems like it would have been such a simple technical issue to fix on ORBZ side without putting the burden of fixing the problem on Lotus or people running Domino.
<irony>I'm against theft of resources in the form of spam, but I'm all for theft of resources in the form of forced distributed software debugging</irony>
The problem with "proper design docs" is that time spent writing them and keeping them up to date in the face of constant requirements change is time not spent actually writing software and keepingitup to date in the face of constant requirements change.
You should strive to make your design docs just good enough for the people who'll be reading them -- the maintenance programmers, who will also have the code. In other words, the design docs are the cliffnotes to the code. The code is always the authoritative design documentation.
BTW, I STRONGLY recommend reading Agile Software Development for anyone who's seriously interested in these issues.
you can not get a baby in a month by making 9 women pregnant. Please repeat until you UNDERSTAND that, not just repeats it.
Problem is, most program managers do understand it. But when they try to explain this to *their* boss, the likely answer is "Well, Bob, that's your problem. We promised customer X that they'd have it by Y. So you'll just have to find a way."
about possible future problems. There are an infinite number of them. Unless you have an infinite amount of time before the project is due, focus on sound architecture, taking care of the "obvious future problems" if any, and let refactoring fix those "possible" problems if and when they ever arise.
He should be able to figure out how long it would take to finish a statue of somebody my size
What if he's never made a statue of a human before, but he's done lots of ducks, elephants, buildings; do you trust his rough estimate knowing that it's *completely* speculative?
Just as a programmer should be able to estimate how to finish a project if he knows what's involved up front... also, changes to the design should be expected to set things back.
Given that changes to the design are almost inevitable, particularly if the speculative duration of the project is long, this further reduces the value of the speculative estimate to the point that even calling it a ballpark is woefully misleading ("the world is my ballpark").
Really, the most successful software projects are going to be ones where:
The development is iterative, the only solid dates -- at least early -- are the ones for the next couple of iterations (or management and users understand that if the end date is solid the feature set can't be), and users and management have enough daily, non-disruptive involvement in the project to understand "the code count went down, and had a definite positive impact on the project."; Or
The date shipped is the only thing that matters and the organization is willing to burn through people and sacrifice efficiency down the road
Note that from a software engineering perspective, the latter approach seems invalid, but from a business standpoint it's possible that it's correct given certain market conditions (though personally I doubt it's valid even from a business standpoint if the software in question has long-term importance for the company).
If one absolutely needs a concrete measure of progress, it should be growth in the feature/bug count ratio.
The issue of whether Hitler was a Christian (which he certainly claimed to be in his *public* speeches -- to his overwhelmingly Christian nation) is debateable and is not likely to be conclusively decided in this forum.
At any rate, if you are confident in your assertion, I suggest you have a *lot* of reading to do.
The "you" we've been talking about the entirety of this thread is the Free Software developer. The software developer *distributes* software that he or she *wrote*!!! The act of distribution, along with announcements on mailing lists, interviews about the product, etc. clearly indicate in most cases that the developer KNOWS that people will be using the software. The acts of authorship and distribution should be subject to due care and normative standards just as much as any other activity. If I fire a loaded gun in the air in a large crowd, I don't have to know WHO it will hit, the fact is I should know it will likely hit SOMEONE!
Now if I distribute a web server, and I either
know it contains a buffer overflow which can result in a remote root exploit, and don't fix it
think that since I'm giving it away, I don't have to be bothered to check for common code errors that are well known sources of exploits
Than it can (and should) be argued that I have failed to show consumers of my software "due care", have been negligent, and am therefore liable for damages -- ASSUMING that damage results from the vulnerabilities!
I need to let this thread die before I have a stroke!
You are only liable when the product is sold, not when it is a gift.
Why do you keep repeating this falsehood? Do you have any legal references or even logical formulation to back it up?
The friend's lack of liability comes from his lack of negligence, not his lack of profit. He might be held liable if he knew it was defective, or if it had been on the news for months that the empty lot he'd taken it from was full of cars that explode, or if the reason he gave it to me was because he didn't like the overwhelming stench of gas fumes that mysteriously appeared every time he drove it...
This is where I'd usually say "you get the point," except it's clear you don't.
OK. IANAL. However, I'm not a stubborn, ignorant, anonymous jackass, either.
In Tort law, people are all held to some normative standard of "due care" in all of their interactions with other people regardless of the context. If a person's failure to excercise said normative level of due care causes harm to another, they are liable for damages, plain and simple. Even in war, where the purpose is to kill others, there exist normative standards, transgression of which turns warriors into war criminals.
The McDonalds coffee lady got her money because 12 jurors felt that McDonalds didn't meet the standard of due care with regard to the temperature at which reasonable people serve coffee. If you decided to show your contempt for normative standards of urban foot travel by running blindfolded up and down city streets until you collided with someone, sending them tumbling to the ground and injuring them, legally you'd be liable. No less a legal mind than Oliver Wendell Holmes wrote "If, for instance, a man is born hasty and awkward, is always having accidents and hurting himself or his neighbors... his slips are no less troublesome to his neighbors than if they sprang from guilty neglect." So AS I SAID BEFORE, even incompetence is no excuse.
Because of standard warranty disclaimers in software, software developers are among the only people for whom no violation of normative standards of due care are enough to trigger liability.
I can understand how anonymous trolls might not feel bound by normative standards of society; most reasonable and thoughful people in this forum, however, can probably conceed that some liability, properly crafted to offer balanced protection to consumers and producers of software products, whether free or proprietary, is at least as morally justified and neccessary as standards for hot caffeinated beverages.
NEGLIGENCE. If one can persuasively argue that it was a forseeable consequence of the design of explosive-filled basketballs that someone would get hurt, then the fact that it's an "accident" has no bearing at all. Ingorance does not excuse negligence. If I can't be bothered to figure out whether or not the things I make are safe, I have no business selling them OR giving them away.
But you're right, I guess people don't actually ever get sued for people falling down and hurting themselves on slippery sidewalks in front of businesses ("accident", you cry) or getting burned by a cup of McDonalds coffee ("accident" you merrily chirp again).
You are assuming that the customer is *as capable as the developer* in assessing the risks, and in most cases that's just not so! If your software is going to be used solely by other programmers, great. Enter into a binding legal contract w/ them which states that they will waive all claims against defects. But don't seriously tell me that if some small business uses Apache (which the proprietor's nephew kindly downloads and installs for them) and through an actual flaw in the software suffers some actual damages -- sensitive financial info of a third party, i.e. customer credit card data, is compromised -- you think that the *non-tech-saavy* small business proprietor should bear the legal burden for the loss?
Gimmie a break. THAT will kill free software, *not* imposing liability!
Your comment points out why the assumption embodied in this whole thread is bogus (no offense to anyone):
It is like somebody giving out free basketballs. If the free basketballs were made with defects, you have no basis for forcing the giver to fix your basketball.
If you give me a basketball which unbeknownst to me is filled with an explosive gas, which then explodes and burns me severely, you should be liable. The extent of your liability should of course be mitigated by whether you were nefarious (you knew the basketballs were dangerous, took steps to cover it up, deliberately didn't warn me not to play basketball in lightning storms, whatever) or are just an incompetent basketball maker. The fact is regardless of the cost of the initial transaction, you have cost me greatly in damages. The premise of any commercial transaction is that no party gives up something without assent. If you give me something without charging me, it can be assumed that you assent to not receiving payment, but you can't reasonably infer my assent to being grievously harmed!
I believe this is pretty much the way it works with everything except software, and recently some courts have starting invalidating clickwrap licenses on the basis of arguments like these (which IIRC was one of the motivations for the UCITA). In other words, in the literal basketball example you would currently legally be liable (AFAICT, IANAL, etc). Why should Free Software be any different?
Slashdot Mirror
- There is already quality content on the Internet. The simple fact that it isn't owned by the MPAA member companies is no reason to overlook that fact;
- The lack of broadband adoption has arguably much more to due with the "last-mile" and associated problems than with issues of content. How many people who do have DSL, for instance, had to wait in excess of a month for installation because of some Baby Bell dragging its feet to stifle competition, only to then have their provider go under and have to repeat the whole process?
- no evidence is being put forth by anyone that adopting protection measures will stimulate the broadband market
2) The technical requirements enumerated in the bill are vague and/or contradictory:- in light of research into these types of systems (particularly watermarking, but others as well), it's doubtful whether "resistant to attack" and "readily implemented" are compatible, much less when combined with the requirement that the tech be "not cost prohibitive";
3) The FTC has already taken punitive/regulatory measures against the RIAA for anti-competitive practices (like the MAP pricing scheme); Congress should be extremely wary of consolidating further the already arguably monopolistic market influence of the RIAA and MPAA.4) Regardless of the bill's provision that software implementations of the standard be implemented in "open source" software, Microsoft, a company already being sued by the same government for anti-competetive business practices, should not have their monopoly power further bolstered by requiring technology for which MS has a patent and for which no reasonable expectation can exist as to even reasonable terms, much less RF licensing, being available for the technology.
5) The government has a notoriously poor track record at successfully mandating technological solutions -- why don't we have a national ground radar system to prevent runway incursions in airports, for instance?
That's just an "off the top of my head" list. Hopefully others can add significantly persuasive additional arguments.
http://141.76.120.181/javadoc/acid-javadoc/de/acid / til/Base64.html
As a former debater, you should realize that you can't prove a positive premise ("my relatives cannot be forced to cross license") from a lack of evidence ("it hasn't happened yet"), but only by the presence of evidence ("every big company who had patents they believed were infringed by my relatives tried and failed to force my relatives to cross-license"). Just because you or your relatives don't know that there's a patent issued or about-to-be issued that they infringe, doesn't mean it doesn't exist.
So, unless your relatives have been involved in litigation regarding their patents and won, the idea that patents protect them is pure assumption.
They successfully sued people in court (Schlafly), and settled where it looked plausible that litigation would have invalidated the patent (Cylink).
But that is precisely a huge part of the problem. Patents are presumed valid after issue, and the burden is on the alleged infringer to show (to a most likely quite non-tech-saavy court) that the patent is invalid or the plaintiff's interpretation is wrong. In the case of RSADSI, they *knew* the patent might be invalid (they settled with Cylink to avoid having that proved in court), and that it probably didn't cover *all* methods of PKI and they still sued and won suits based on their "misinterpretation."And yes, SSL was available; in Web browsers and Web servers manufactured by 2 deep-pocketed companies, and a few smaller companies selling binary only Apache-based servers.
So, you could use SSL for web browsing if you wanted to use one of only two browser implementations, and for Web serving only if you had $$$. RSARDI refused to license the *use* of the patent without licensing their expensive implementation (it was never clear to me in discussions with them and/or 3rd parties whether you could use some other implementation if you paid the $$$ for theirs), so using SSL for any purpose other than web browsing or serving in a commercial setting for a small company was virutally impossible -- legally, anyway.
So, I think my claim that the patent prevented innovation is reasonably sound and that the fault was due to the patent system which included the patent and its prevailing interpretation, correct or not.
Only slightly on topic but (IMHO) interesting anyway, a long-ago thread on openssl-users about RSADSI's indimidation, licensing, standards manipulation and other nasty practices including: this, this, this and this is available for you reading pleasure at this site.
However, the proposition in your post was disjunct ("corporations deserve the same consideration as individuals AND corporations are legally entitled to the same consideration as individuals"); I don't concede that "corporations 'deserve' the same consideration as individuals" is a given, and I'm suprised to hear someone assert it so casually. I'm curious as to the philosophical framework that leads you to that position.
- is solely mathematical in nature;
- was Patented in one implementation (RSA) developed with public funds, then made available in the US only to those who would pay, at licensing terms which could hardly have been described as RAND;
- the holders of the patent innapropriately claimed that their patent covered every known method of PKI;
- the holders of the patent were alleged to have use harrasment infringement suits and bogus patent claims to stifle competition (by their own business partners and by Roger Schlafly -- the latter of whom lost his suit through an unfortunate combination of choosing to represent himself, poorly, in court and through a -- to me and plenty of other observers -- rather dubious interpretation of the appellate court of what constitutes "pure math");
- the result of all of which certainly included the lack of security in software for any but the deep-pocketed, and conceivably lost economic opportunity and theft because of that, though the latter I can't prove; if anyone out there stole credit cards or rerouted bank transfers during that time period feel free to comment
;-)
- graciously allowed RF use of the patented technology right before it would have expired anyway
Oh, and there's that small matter of the entire Internet, much of the technology for which was either developed before software patents were legallly recognized or without the protection of such. Of course, you presumeably post your slashdot comments via carrier pigeon, and if BT wins its hyperlink patent lawsuit, we may all have the priviledge of joining you in that method or paying higher fees for our 'net access.That's just a couple off the top of my head.
Your turn.
I'm just shocked that you seem so unequivocal about the moral rights of entities who are obliged by fiduciary responsibility to their shareholders to be as immoral, malicious, unfair, greedy, litigious and uninventive as the law and market conditions allow!
(And yes, corporations are bound by fiduciary duty to *not* innovate if the cost of innovation is greater than the cost of *not* innovating and the market doesn't offer an innovative competitor)
No, as the parent poster understood (though you may not) that's goal, not the end result. Whether or not it is also the end result in the case of software is what we're debating here, and you've shown no concrete evidence it is.Better yet, can you give us the patent #'s so we can look them up ourselves, and do searches for any case law or reporting about the patents in question?
Or are you actually doing what Stallman is talking about and assuming that the patents actually provide your relatives with protection rather than considering the likelihood that some "much larger" competitor could use their own (presumably correspondingly "much larger") patent portfolio to force your relatives to cross-license and lose all of the competitive advantage of the patents?
If you have examples like the ones I cite, do you also have some concrete statistical data to inidicate that this scenario is the rule rather than the exception?
If you can't provide these examples and statistics, I'd suggest that the term "baseless" applies quite well to your own assertions in turn, don't you agree?
Again, I don't see why software merits different treatment. If the product doesn't do what it's supposed to do, you get your money back. If you paid no money, you get nothing. If the provider was negligent and that caused actual damages, and both of those conditions can be proved, the provider is liable for the damages.
As for the second, what about the case where there were actual damages other than the loss of life or personal injury? For instance, a vulnerability or deficiency in your software leaks sensitive user data worth millions to an attacker or the public, resulting in your user going out of business, or losing substantial sums of money?
In that case, I don't see why software developers should be exempt from the same "due care" measure of negligence that *every other person* in *every other situation* in our society is. Does that mean I think that you should be able to sue for negligence if the spell checker in your email program doesn't fix your mistakes and makes you look stupid in your email correspondance? Maybe. But hopefully a judge or jury would realize that in that case no standard of "due" care was violated, and if you're lucky, penalize the plaintiff for filing a nuisance suit.
I think our existing laws about negligence have the right idea, and software developers shouldn't get some "magic" exemption.
Note, in some states and in front of some judges, your EULA might be ruled unenforceable anyway, and existing law will be brought to bear and you'd be out $$$ anyway, sucka.
You might as well say the same thing about car or aircraft manufacture. After all, there are doubtless rare meteorological conditions that could cause existing aircraft designs to fail. "Wow, it's impossible to design aircraft safely! Let's put a EULA on our fuselage saying we disclaim all warranties and that the risk of using the product is entirely on the airline, pilot and passengers!"
There is a constantly growing body of knowledge about proven insecure designs in software; likewise there is a growing body of knowledge about best practices in software development processes. Are they perfect, or failsafe? No. But they represent adequate due care in protecting one's customers. They can and should be applied by anyone building and distributing software. Period.
I mean, why the hell doesn't it just send a header like: MAIL FROM: <orbz-admin@orbz-domain.com> anyway?
This seems like it would have been such a simple technical issue to fix on ORBZ side without putting the burden of fixing the problem on Lotus or people running Domino.
<irony>I'm against theft of resources in the form of spam, but I'm all for theft of resources in the form of forced distributed software debugging</irony>
You should strive to make your design docs just good enough for the people who'll be reading them -- the maintenance programmers, who will also have the code. In other words, the design docs are the cliffnotes to the code. The code is always the authoritative design documentation.
BTW, I STRONGLY recommend reading Agile Software Development for anyone who's seriously interested in these issues.
about possible future problems. There are an infinite number of them. Unless you have an infinite amount of time before the project is due, focus on sound architecture, taking care of the "obvious future problems" if any, and let refactoring fix those "possible" problems if and when they ever arise.
Really, the most successful software projects are going to be ones where:
- The development is iterative, the only solid dates -- at least early -- are the ones for the next couple of iterations (or management and users understand that if the end date is solid the feature set can't be), and users and management have enough daily, non-disruptive involvement in the project to understand "the code count went down, and had a definite positive impact on the project."; Or
- The date shipped is the only thing that matters and the organization is willing to burn through people and sacrifice efficiency down the road
Note that from a software engineering perspective, the latter approach seems invalid, but from a business standpoint it's possible that it's correct given certain market conditions (though personally I doubt it's valid even from a business standpoint if the software in question has long-term importance for the company).If one absolutely needs a concrete measure of progress, it should be growth in the feature/bug count ratio.
At any rate, if you are confident in your assertion, I suggest you have a *lot* of reading to do.
Now if I distribute a web server, and I either
- know it contains a buffer overflow which can result in a remote root exploit, and don't fix it
- think that since I'm giving it away, I don't have to be bothered to check for common code errors that are well known sources of exploits
Than it can (and should) be argued that I have failed to show consumers of my software "due care", have been negligent, and am therefore liable for damages -- ASSUMING that damage results from the vulnerabilities!I need to let this thread die before I have a stroke!
The friend's lack of liability comes from his lack of negligence, not his lack of profit. He might be held liable if he knew it was defective, or if it had been on the news for months that the empty lot he'd taken it from was full of cars that explode, or if the reason he gave it to me was because he didn't like the overwhelming stench of gas fumes that mysteriously appeared every time he drove it...
This is where I'd usually say "you get the point," except it's clear you don't.
BTW, the Holmes quote is from Common Law. Thank God for Project Gutenberg.
In Tort law, people are all held to some normative standard of "due care" in all of their interactions with other people regardless of the context. If a person's failure to excercise said normative level of due care causes harm to another, they are liable for damages, plain and simple. Even in war, where the purpose is to kill others, there exist normative standards, transgression of which turns warriors into war criminals.
The McDonalds coffee lady got her money because 12 jurors felt that McDonalds didn't meet the standard of due care with regard to the temperature at which reasonable people serve coffee. If you decided to show your contempt for normative standards of urban foot travel by running blindfolded up and down city streets until you collided with someone, sending them tumbling to the ground and injuring them, legally you'd be liable. No less a legal mind than Oliver Wendell Holmes wrote "If, for instance, a man is born hasty and awkward, is always having accidents and hurting himself or his neighbors ... his slips are no less troublesome to his neighbors than if they sprang from guilty neglect." So AS I SAID BEFORE, even incompetence is no excuse.
Because of standard warranty disclaimers in software, software developers are among the only people for whom no violation of normative standards of due care are enough to trigger liability.
I can understand how anonymous trolls might not feel bound by normative standards of society; most reasonable and thoughful people in this forum, however, can probably conceed that some liability, properly crafted to offer balanced protection to consumers and producers of software products, whether free or proprietary, is at least as morally justified and neccessary as standards for hot caffeinated beverages.
But you're right, I guess people don't actually ever get sued for people falling down and hurting themselves on slippery sidewalks in front of businesses ("accident", you cry) or getting burned by a cup of McDonalds coffee ("accident" you merrily chirp again).
Oh, wait; they do! For millions even!
Gimmie a break. THAT will kill free software, *not* imposing liability!
I believe this is pretty much the way it works with everything except software, and recently some courts have starting invalidating clickwrap licenses on the basis of arguments like these (which IIRC was one of the motivations for the UCITA). In other words, in the literal basketball example you would currently legally be liable (AFAICT, IANAL, etc). Why should Free Software be any different?