Negligence and Open Source 361
icing asks: "With the story about the Melissa trial, some people argue that Microsoft is partly to blame. Negligence in making a product safe to use, cannot be excused. And again, software is compared to real world things like cars and how car makers could not get away with what Microsoft is doing. Does not the same argument apply to makers and distributors of open software? Could makers or distributors of Open Source be held liable? Under which conditions? Or do we have a double standard here?" Hmmm...a touchy issue. What are your impressions?
And now, a quote from the GPL (Score:2)
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
So no, no one can be held responsible for anything their GPL'ed program does. I don't know how the BSD license works, but I would assume some sort of similar constraint.
Jeremy
Not a double standard (Score:3)
I think the best analogy to use in this case is something like kit airplanes. If you buy a whole, complete airplane from a manufacturer (closed source) and it blows up in midair, you naturally and rightfully blame the company that made it. However if you buy a kit plane, put it together yourself, and the engine drops out of the plane in midair, you have only yourself to blame.
So, following this analogy, closed source companies should be held liable, because some things are hidden from the consumer, and open source companies should not, because the customer is able to see _exactly_ what they're getting. This would encourage many companies to switch to an open source model, don't you think?
Re:And now, a quote from the GPL (Score:2)
Implied Responsibility (Score:4)
Open source on the other hand shouldn't have this responsibility because it is given out for free. The the responsibility exists with the individual who implements the systems. If I designed a car and left the drawings open source. I would never be held liable for the car if it proved to be a defective design. If I sold the designs, I would.
If someone else sells my free drawings, maybe they should be liable as well.
Re:Not a double standard (Score:1)
Re:Not a double standard (Score:1)
That doesn't make any sense. Whether the source for Windows was open or not does not change the liability in any way.
It is being sold to people who have neither the time, nor the motivation, nor the expertise to make anything of that source and hence the source being available is immaterial. The analogy with kit airplanes is not apt because the kit airplanes are put together by the people using them and regardless the manufacturer has the reponsibility to make sure that if the instructions were followed reasonably diligently, the aircraft should be in no danger of blowing up.
Now if you want to make up special cases just so you can sleep at night that's a different thing...
IMO anonymous cowards should be kept (Score:1)
Couldn't agree more, except that if anonymity was removed, then previous AC's would register multiple (fake) names (so you still wouldn't know who the comment), and it would prevent the distinction between those who are prepared to stand by what they say, and those who aren't.
As in, anything you post un-anonymously you mean, because everyone else knows who posted it/has your email address.
Double Standards (Score:2)
As for the issue at hand, I don't think anyone, even Microsoft, should be held responsible for such bugs. Cmon, all programs are going to have problems; just because one of the bugs happens to have more risky consequences doesn't mean that it is any worse than a bug that is relatively harmless. It shouldn't be concidered "negligence" - it should be expected by users of the program.
On the other hand, both Microsoft and Open source programmers should be prepared to either a) fix bugs or b) pubish them as soon as they are notified of them.
It's Much Less Of A Problem With Open Source (Score:5)
This is not the case with Microsoft's non-disclosed-source-code software - they don't give the customer the power to check or fix their negligence, thus the negligence is all theirs.
True Open Source in general declines warranties because the software is distributed gratis or at very low cost. Of course, you have the option to make a contract with a support provider who might provide you warranties against negligence. I don't think it's likely that a provider of gratis software, Open Source or not, would be found liable for damages he explicitly disclaims. I'd like to hear of any cases where this has happened.
Thanks
Bruce
You don't buy open source software. (Score:1)
"What if something happens because of the software? There's no one to be held accountable!"
You can look at it as either an advantage or a detriment, but there's no way someone who writes OSS could be held accountable for something like this. Now, there's a difference between the Melissa Virus case and something like UltraHLE (The reverse-engineered N64 Emulator.) I'm talking about legitimate software here.
That's increadably stupid (Score:1)
iToast (Score:1)
Law. Failure to exercise the degree of care considered reasonable under the circumstances, resulting in an unintended injury to another party.
Ok, hypothetical situation time. Company X makes this nifty toaster called the iToast. It can track user settings, adjust to hardware failure, and all sorts of nifty things to make you the perfect toast each and every time until the whole thing goes.
But I must mention that the iToast has a built in 3.5" floppy drive so you can apply patches, or isntall a whole different version of the software. Now, Company X ships the iToast bundled with its own software, but a nice little grassroots orginization creates their own OSS for the device. It's faster, and has a better isToastDone(args), which results in better output. Yum indeed.
Unfortunately, the OSS geeks overlooked a small bug which can, although rare (say 1:20000 uses) cause the toaster to burst into flames. Not good.
Now, the question is where can, if at all, the company become liable?
I say there is little chance that the OSS group would be held liable if they released a patch immediately upon discovery of the bug. However, if they chose to ignore the bug, the group would more than likely be held liable for resulting damages. Of course, there are some creative lawyers out there nowadays, so . . . =)
--
MS EULA (Score:1)
xrayspx
--My magic 8-ball said "Outlook not so good" but they released it anyway...
Re:Not a double standard (Score:1)
Re:That's increadably stupid (Score:1)
Open Source responsibility (Score:1)
Open Source liability? Hmm, isn't that what companies like RedHat are there for? I know some people don't like RedHat, but this question just brings the real issue to the front: most of us Open Source coders are here because it's fun to play around with code and invent new things. The last thing we want to worry about is whether we might get sued over somebody getting hurt by our latest invention. This is where companies like RedHat comes in -- they provide support, and act as somewhat the entity to point your finger at (read, sue) when things go wrong. We coders can't afford to be sued, hence the standard disclaimer of no-warranty in the GPL: we're not even getting paid (in most cases) for our contributions. We need somebody like RedHat as a "shield", so to speak, in case of major trouble.
But as to our responsibility in putting out quality products, I think the nature of Open Source itself lends very well to producing high-quality products. As hobbyists, we're definitely more concerned for creating the best software out there than how to stuff our products with features so that it's more marketable. Perhaps a few coders might be negligent, but with the vast diversity of coders involved in Open Source projects, each with their own needs, preferences, and biases, such problems surface quickly, and hence, get fixed quickly as well. I think I don't need to repeat past stories on how fast security holes in Linux are fixed, compared to MS offerings.
I suppose you can say there is negligence in the very fact that a security hole exists, but this is a little unreasonable because in a complex system, you don't know what the faults are until you actually put it to use. I think the more important issue is (1) whether problems like security holes are quickly fixed, and (2) coders care about their projects enough to make sure it doesn't contain obvious problems. I would say an Open Source project is stronger on both. On (2) particularly because of the coders' interest -- if your dinner depends on how well your code sells, you'd probably cut corners gladly so that you won't miss the deadline.
Anyway, to get back to the first point -- although we coders have enough interest to avoid obvious problems, and there are enough of us to quickly fix a problem when it comes up, there are still cases where major trouble might result. This is when a commercial entity like RedHat comes in -- it gives us dedicated workers, not just volunteers who could throw up their hands anytime and give up and leave the user in his own soup -- dedicated workers who are ready to accept more responsibility than hobbyists. We need both volunteers and dedicated people.
Lemme fix a mistake (Score:1)
In case of said failure, the group would be prolly liable for damages, but I don't think the feds would be on their case or there would be any major lawsuits, if they immediately released a patch.
--
Bad analogy (Score:2)
Christopher A. Bohn
What about support contracts? (Score:3)
Logically, (Score:1)
it is generally implied that that person is responsible for the car's functionality.
Not so if you sell the car.
Let history repeat itself... (Score:5)
This all changed with the Nadar report - and the publicity it generated in the media and the public eye.
What needs to be done is to increase people's awareness of how bodgy the Micro$ server code is, and how only the micro$ exchange servers were the ones that were affected adversly by the Melissa virus...
Designing in security holes (Score:2)
Re:Not a double standard (Score:1)
Not now (Score:2)
If you are only selling the medium, I suppose you aren't liable.
All software is Buyer Beware (Score:4)
If OSS software is really a general purpose solution then it must meet as stringent a security requirement as any other such solution. For all of those Linux evangelists out there, we can't claim security as an advantage in on sentence, and then claim less resposibility for it in the next without sounding silly.
What Linux does have is a better testing system, a more heterogenious and reliable user base, and a significantly better bug response method.
The concerns about safety, be they virus propogation, data integrety problems, or uptime/essential systems issues. Are the responsibilty of the system's administrator. Any system can be made secure by a careful admin, and any system can be made unsafe by running unknown (read closed) software.
The reality is that computers are so complicated that Admin's (for that matter developers) cannot go through the code checking all cases in some perverse proof of correctness. Making software engineers sign off just means that someone who really isn't responsible for having a buggy or defective piece of softwar can be canned for the zealous marketing and management of his company.
If a company claims that a system is secure - e.g. NT according to MS or perhaps Open BSD then the company could be considered liable if:
a) It fails to take reasonable measures to make sure that said product is secure.
b) Refuses to respond to security issues as they arrive.
The software you buy is always as is. Beware.
Re:Bad analogy (Score:2)
Cost is the key (Score:1)
Re:And now, a quote from the GPL (Score:1)
As long as it does what it's supposed to do... (Score:1)
Reasonable diffrence (Score:2)
If you buy a Compaq computer with Windows preinstalled you still paid Microsoft not Compaq for the software.. But if a defect in Windows is caused by the way it is installed then Compaq who installed it is liable.
The open source develuper who codes and gives away his software sold nothing and is liable for nothing unless he makes clames to the fitness of his software.
Basicly Microsoft might be liable for selling a defective product or a product with an unreasonable security defect. Sence open source develupers do not sell any product they can not be held reliable for that non-sale.
Giving away a defective product is (at this time) not subject to liable.
This may change over time with busnesses selling support instead of product but for now if Microsoft is found liable for selling a defective product it could boost open source a great deal..
Sell product and be liable for defects or sell support and let the userbase be responsable for the repairs.
But again even in open source your liable for clames so if you clame a product is bug free you could put yourself in a position of being even more liable than if you had sold the software to start with... Sold product can get away with a few defects so long as it can be shown to be reasonable.
negligence and open source (Score:1)
Icing's question of a double standard is moot. If someone breaks into your house, is it your fault that you didn't install just the right kind of alarm that would deter that criminal? Don't lose sight of who is malevolent.
Re:That's increadably stupid (Score:1)
important distiction (Score:2)
When you speak of liability I assume you mean money. If microsoft is held liable for whatever they have done, generally the only penalty would be monetary, at worst they might be broken up.
Since microsoft (and most corporations) are pretty big, the penalties don't do all that much damage. It is extremely rare for a government body to come out and say "you have been found guilty, your company will cease to exist, your assets will be liquidated."
When we get to individuals, however, monetary damages can seriously impede your ability to do anything, such as programming, and often times people are thrown in jail (fraud, malpractice, whatever). Bill gates is most certainly not going to do jail time, even if it were proven his company has broken numerous laws with him knowing it. When you have a number of individuals developing a certain product open source style, with no business relationship, who would be held liable anyway? Try to single out who wrote the offending lines of code? It's not that simple and our law system doesn't cover this very well to my knowledge.
Is there much software out there that has a warantee anyway? I haven't seen any...you basically accept it "as is" as far as I know.
Anyway, I think the bottom line is that open source software is much, much more accountable to begin with than microsoft will ever be for plainly obvious reasons: it's simple to determine whats causing the problem.
Re:That's increadably stupid (Score:1)
users have no choice (Score:1)
Re:Double Standards (Score:1)
This is an overly-broad generalization. A bug that trashes your computer's hard drive is one thing, but a bug that kills is another thing altogether. (Yes, there have been software errors that have ended up causing severe injury--and even death. Computer-controlled medical devices come to mind as an example; http://people.delphi.com/salfter/cs301.ht ml [delphi.com] is a paper I wrote a few years back regarding such problems.) Is a bug that kills really no worse than one that merely inconveniences people? I think not.
Re:Bad analogy (Score:2)
To repeat myself, desktop and server software does not put life & limb at risk. Embedded software might.
Further, unless and until life or limb is endangered, then there's nothing to hold Microsoft accountable for. Consider the voluntary recalls many, many companies issue to correct design flaws that they discover before anyone is injured. Similarly, if Microsoft were to issue a Service Pack and notify all registered users of that software before anyone is injured, then there'd be nothing to hold them accountable for.
Christopher A. Bohn
Automobiles, Open Source, and parenting the public (Score:2)
>> This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
If you read the EULA from Microsoft, I'm pretty sure that they have a similar clause, much to most people's surprise. Then what are you actually paying for, you might ask. Well, that's the good question
The car-makers have a responsibility of making cars *reasonably* safe, according to government regulations. They are not required to stop your kids from driving into brick walls using your car. They are however required to make sure your car doesn't fall apart or stops breaking when you want it to etc.
There are no such rules (yet) for software. The vendors make the rules, and the vast majority of customers/consumers simply neglect this fact and *expect* that there is some sort of reasonable agreement behind it all, just like when they bought their car.
Open source licences are usually very cautios to ``warn'' people of the possible dangers that lie ahead when using the software. And some people may even pay attention because ``there's gotta be a catch with gratis software after all''. I think this is a pretty good way to handle things.
There could be some sort of either regulations or at least some rule that software vendors should state LOUD AND CLEAR what they promise and what they don't. Pretty much like the warning messages on cigarette boxes
Re:Bad analogy (Score:2)
I wonder what would happen if I scrambled critical data concerning your life around.
"Gee Mr. Bohn," says the nice lady behind the counter, "Our systems shows that you are overdue on your student loan payments. Guess you can't have that nice car or house or engagment ring."
"Mr. Bohn, due to the lack of poor grades, police record, and drug abuse, we do not want you working for the XYZ company."
"The arrest warrent says the address is 123 Main and the crook is armed and dangerous and a cop killer." (The felon actual lives at 123 Maine, but hey, due to a error, you don't care, you are dead.)
Bad data can kill. Think before you type.
Re:Not a double standard (Score:2)
But when I have to fork out GBP140.00 for just one CD of Win98SE without any applications I damn well expect the thing to work. When it doesn't (even after spending a fortune online to download dozens of megabytes of official updates) I think I'm quite justified in feeling ripped off. Just look at the EULA for Christ's sake. According to them we have no rights of redress at all! We're all being shafted up the ass big time and we must be stupid to let it happen.
Microsoft have got it coming to them all right.
Consciousness is not what it thinks it is
Thought exists only as an abstraction
Re:Double Standards (Score:1)
To make a car analogy.....
Rear hatch on early Chysler minivan. Bug...
latch was poorly designed
Suicide doors on 62 Lincoln.... Feature...
Meant to look good but an inherently unsafe design.
The latch on the minivan can be modified to perform as expected
No matter what you do to a suicide doors (short of welding them shut) they are unsafe.
err.. In case anybody is too young to know, suicide doors open backwards
It's a double standard (Score:1)
You have the wrong idea (Score:1)
Hmm, there's probably more?
Re:Reasonable diffrence (Score:1)
As you mentioned Redhat charges for packaging. Since they are charging for it - its their responsibilty to make sure that what they put in their distro works before they package it.
As someone mentioned previously here the incentive for RedHat is to package it in such a way that for the product not to work - so that they can start charging for support to make the product work.
On the other hand I downloaded RH 6.1 - tried to install it - the install exceptioned out because whoever coded the install decided that after doing partitioning they just continue without rebooting. (Maybe its what RH wants - if the default config does not work - buy support and we will fix it for ya).
If I had paid for that I would have been terribily upset - but since it was free download I downloaded Linux-Mandrake - it recognized the partition prob - made me reboot the system and the install worked.
So my point is - if you pay for something - it better be something that works - or whoever is making money off it should be in serious trouble - whether it is Microsoft's proprietery s/w or RedHat's Open Source software.
Yeah - I know its bit harsh - blaming redhat for a bug in gcc because they packaged it - but rewards come only at a certain risk - and the money that they expect to make out of selling open source be better used to make sure that open source that they are selling really works.
And it may not even fit into the current paradigm of Open Source developemnt - but world is changing and someone should be their to accept responsibility for a bug/problem - because it is no longer a hobby-ist's OS but when businesses get into it they expect someone to take responsibilty for what they are paying big bucks for.
R
From another point of view... (Score:1)
IMO, the software designer can sell or distribute, freely or not, any program, even if it is full of security holes. The license of any program (commercial AND GPL'd) has a clause which says that the software designer is not accountable for bugs their application may contain. That's really the job of a good system administrator to secure its system and to choose the right solution. That's a matter of choice and these clauses in MS EULA-like licenses protecting the software designer against legal attacks seem a Good Thing (TM) to me.
Of course, theses views apply less easily to the home user, but the user who don't protect himself against macroviruses or security holes in his mail client is responsible from his own negligence. There is enough talk about Melissa & others in the mainstream press for the average user to know theses problems.
Don't ever forget that the perfect, bug free, 100% secure software is a myth. Legal actions against software designers have no real effect against big software vendors, but would hurt little companies/individuals, resulting in less choice, since only big companies would be able to "take the risk" to publish software ! It must be harder to write software with the constant fear of a legal action if you make a mistake somewhere in your code.
With my reasoning, no double standard problem : the system administrator / the user is the first person to be accountable for his poor choices.
Just my thoughts,
Stéphane
But w OSS, you can check safety before running it! (Score:1)
Due diligence (to what?) (Score:1)
That being said, what is the intended use of a general purpose operating system (as opposed to specific systems, such as life support systems)? No-one that I have seen will argue, for example, that Windows 98 is secure, or is even intended to be secure. Linux and NT are quite a bit more secure, and it is usually these that are placed in an environment where security is an intended goal.
However, a knife (or car, etc), are devices with a well defined, specific purpose, and the same cannot be said of operating systems, by and large. The intended purpose of any particular OS installation is entirely dependent on what it is trying to do, eg. be a webserver, transaction database, etc. Since it is quite possible for a badly behaved application to compromise even a very good operating system, you are then faced with choosing who to hold responsible for any failure, the OS vendor, or the app vendor (if they differ).
Admittedly, the better the OS, the less likely is the above scenario, but the only really secure system is a secure SYSTEM, in other words, if any part of the system is insecure, the entire system can be considered to be insecure, by extension.
Assuming that we allow the establishment of responsibility on the part of the vendor for security issues, one of the telling parameters that is involved is that of forseeability, or was the compromise that occured one that could have been reasonably forseen, and guarded against before the fact. And we haven't even addressed the issue of bugs.
Due diligence doesn't mean that the product must be perfect, it means that the manufacturer is required to make a reasonable effort to prevent, and / or correct, any issue that might arise. To use the Melissa virus as an example, it is not necessarily MS's fault that such an exploit can be made in the first place, but they could be reasonable held accountable if they failed to address this issue after the fact. I would also say that the same applies to Open Source products as well. It is disingenuous to apply a double standard, if MS can be held accountable, so can Open Source, and vice versa.
Notwithstanding the fact that both MS's EULA, and the GPL both contain warranty disclaimers, it is also true that such disclaimers are not protection against negligence or failure to exercise due diligence.
The above diatribe aside, when it comes down to the crunch, it is my belief that the architects/administrators of the system should be responsible for security issues on their system. And this is where OSS really works best, it places in the architects hands the ability to fully scrutinize the particulars of the system they create, and provides them with the greatest amount of control over the operation of the system. If the system architect chooses a closed system, they still must be responsible, since they CHOSE the system they provide.
Microsoft clause to cover their errors (Score:1)
(c) indemnify, hold harmless, and defend Microsoft from and against any claims or lawsuits, including attorney's fees, that arise or result from the distribution of the Redistributable Component
Think it can't happen? Anytime there is a loss, the lawyers take a shotgun approach. Sue EVERYONE who was involved. That means you, the software developer, Micro$oft, etc la.
We humans CAN make error free software. We have missles that fly through the air, make tight corners, fly through windows and blow up. As opposed to software that is on windows that just blow up. Yet, the 'market' won't 'buy' software that is bug-free. Personally, I believe the market won't buy it because it hasn't been convinced to buy it.
The second problem is software doesn't match the assembly-line mass production model, more of an artist crafting a work. So the relability we have come to expect of mass producted items *koff koff* doesn't apply to the software world.
And until we move beyond the lone artist and more assembly line, we will have bug-ridden large software releases.
Who's to blame for the 'virus'? I can say its not me. I don't buy M$, and don't write viruses.
The consumers (for buying insecure software), the writers of the insecure software, and the virus writers are all able to take the blame.
As OpenSource delivers what M$ (and others) can't, the consumers will make the demands of good software, M$ will have to deliver or die.
Okay, How about this.. (Score:1)
1981 Caddy Eldorado with v6. These cars ping.
It is well documented that there is nothing you can do about it
This was an expensive car that has driveability problems. Got tons of bells and whistles but the only thing you can do when it's pinging (which can burn a hole in a piston, not a cheap repair) is turn the radio up. That or put in a different motor (also not cheap).
Let's face it, there is no such thing as a good analogy
but to nitpick because nobody dies from macro viruses
is delusional.
Due Diligence (Score:2)
1) IANAL
2) I am not directly associated with Open Source Software.
The concept of due diligence is hyper important. In fact, a finding of negligence is essentially a finding that due diligence was not performed.
What I have seen of Open Source indicates that the people who work on it are extremely "diligent" where bugs of all kinds, not just security bugs, are concerned. When one is reported, generally someone gets after it right away, to (1) confirm it's there (2) figure out what a fix should be and (3) fix it. This is an historical pattern, I believe, and could be substantiated by lots of testimony.
Note that the Law doesn't require that the bugs actually be fixed, or that the fix be better than the bug was. Due diligence simply means that all reasonable methods were used to conclude what the problem was and how it might be fixed, and to fix it if it seemed warranted.
Note that in the Pinto and GM Truck cases mentioned above, due diligence broke down -- the companies involved concluded that the problem existed, but that it wasn't economically justifiable to fix it, that is, the necessary fix would cost so much that it wasn't worth it. The Court, in general, is hostile to this view, to say the least.
There's also the matter of 'deep pockets' and political correctness. Even with all the malicious hacker stories in the press, you still wouldn't get very many lawyers willing to sue some 26-year-old nerd for negligence in fixing a software bug; defense lawyer starts telling sob stories, and it's likely to turn the whole thing around -- plus, how much are you likely to get? An Open Source programmer isn't likely to have much. Companies like Red Hat theoretically have money, although most of it's virtual, Stock Market valuations that probably couldn't be realized. With BMW payments to make, how many will chance it? Microsoft on the other hand is known to have a pile of real cash, easily converted to your Actual Folding -- just what a plaintiff's lawyer likes to see.
So no, I can't see open source being in much danger from negligence suits for software bugs. It isn't an attractive target for such suits, and a fairly strong defense is on hand. Bill & Steve might should sweat it.
Regards,
Ric
Re:Implied Responsibility (Score:1)
if you compile a program and distribute it, i say, you should be responcible for it, if you distribute the source code and someone else compiles it, they should be responcible.
Altho, car manufacturing plants arent usually redily available to the general public to 'compile' car designs, so, this analogy might not even hold up here.
Re:It's Much Less Of A Problem With Open Source (Score:1)
So someone should start taking some responsibilty. If someone wants to make some easy money out of this OpenSource they better understand that along with just putting everything on a CD and charging low distribution costs of 40/50 bucks they better make sure that they work properly too.
Who's to Blame? (Score:1)
Do we blame the carmakers for making unsafe cars when somebody plants a bomb on it?
Or do we sue the people who make windows when a brick comes flying through and hits us in the eye?
No, of course not!! It's not MS's fault....
Don't sweat it! (Score:1)
Big Rich Company licence: "We are *not* liable."
GPL: "We are *not* liable."
Lawyers know where the gold is. Which will they widdle away at?
RedHat might worry, but the rest of us are safe.
-B
Only Microsoft Will Ever Receive Blame (Score:1)
It is not an issue of open source vs. closed source. It is an issue of Microsoft vs. non-Microsoft. Companies such as Sun, Oracle, Apple, and IBM are primarily closed source, but are 100% immune to blame.
Blaming the Melissa virus on Microsoft was just an example of Microsoft as the scapegoat. Much more serious security problems have occurred in the past which should have been blamed on the appropriate vendor (e.g. the internet worm). However, since these didn't fit into the media's convenient definition of who is to blame for every problem in the industry, they received little press, and were blamed on "hackers", instead of the irresponsible vendors.
A prime example the media using Microsoft as a scapegoat was yesterday's Hotmail outage. Here, the problem was blamed on Microsoft since it owns Hotmail. The fact that the Hotmail servers run Unix was ignored. Had Hotmail been run by another company, but used Microsoft servers, the problem would again have been blamed on Microsoft, absolutely regardless of who really was to blame.
An excellent example of a problem being ignored because Microsoft wasn't involved is eBay's continuing problems with Solaris. eBay's market capitalization has dropped by literally several billion dollars because of outages which were caused by bugs in the Solaris operating system. However, this is never brought up in the media, because Sun is considered a holy company by the media, and the perception is that no problem could POSSIBLY ever be Sun's fault. (Ironically, since eBay uses Microsoft products as the front end for its servers, Microsoft received blame very early when the problem first appeared -- though the critics quickly shut up when they realized that in fact Sun was to blame and the Microsoft products were chugging along nicely. Note that they didn't switch to blaming Sun, they merely stopped blaming Microsoft.)
An extreme example of Microsoft as the scapegoat has been Judge Jackson's ruling that failed products such as Netscape Navigator and OS/2 all owe their failure to Microsoft. It is now commonly thought by many people that ANY product which fails in the marketplace owes its failure to Microsoft, and not lack of marketing, lack of quality, etc.
So, no, open source software will never receive blame if it fails or has technology flaws. At least not now. The media is having a field day blaming Microsoft. If ten years down the line, open source becomes the standard, then it will likely begin receiving the blame, as the media seems to be only pick on whatever is popular.
Take some Initiative (Score:1)
Re:Not a double standard (Score:1)
Where were you when cheese63 took responsibility?
Re:Bad analogy (Score:2)
Oh, I don't know. I have only so many MacOS crashes left before I take that G3 box and fling it through the window and when I do, your life and limbs better not be on the pavement 4 stories below :-)
--
Re:And now, a quote from the GPL (Score:1)
Re:Not a double standard (Score:2)
Yes, it is a double standard. (Score:2)
Yes, this is a double standard. Let's examine why.
First, the Melissa virus is possible due to the dominance of one specific piece of software on the average users desktop. The only open source equivalent to this kind of dominance -- that I know of -- is sendmail. It is not the same for a variety of reasons, but let's continue on for the sake of discussion.
Compare the closest open source equivalent "virus" -- again, that I know of -- that happened with sendmail [nasa.gov] to the Melissa-Macro Virus [cert.org]. You will notice two interesting things. First, the CERT advisory for Melissa states: "This macro virus is not known to exploit any new vulnerabilities." Second, note the options they give for correction: block the mail, utilize virus scanners, and encourage users to disable Word macros. The free software solution would be to fix the problem at the source -- pun intended. In a free software environment the option to: fix the problem, is available whereas in a closed source solution it is not. You have to wait for company X to fix the problem for you, and in the mean time, get by with blocking, anti-virii programs and the like. Since this problem is not new and any user that buys Microsoft products has to wait for them to deign to fix it, it would seem that there is a powerful argument for some culpability on Microsoft's part.
There are of course the issues that other people have mentioned here: no warranty, free software is not a "product" sold by a business (let us remember companies like Red Hat make money off the service not the CD), etc. However, I think this is the central point. They have different standards because they are not analagous. You are not comparing like things.
Or to put it another way: Sure, a "thief" is responsible for his own actions. However, if I entrust the security of my home to some company, it seems quite reasonable to say that if someone steals something because that company left my door open, the company is also at fault.
For free software, you use it with the understanding that you are not entrusting anything to anyone so the same standard does not apply.
Cheers.
Re:Double Standards (Score:2)
Open source is quite a bit different. Until recently there was hardly any sales or marketing and there is still very little. People who use open source usually seek it out on their own. And they do not exchange anything for it's use. They make agreements about redistribution, but not use.
It seems to me, not being a lawyer, that there is an implied contract in the Microsoft case that isn't present in the open source case, and that this lack might hinder an attempt to hold an open source project responsible for damages consequent to use.
Re:Does it "work" (Score:2)
Consciousness is not what it thinks it is
Thought exists only as an abstraction
Here is why there is no double standard. (Score:2)
The GNU license permits a seller (who is not necessarily the developer) to offer warranty protection. Which means that if you want someone to blame, you just have to find someone who is willing to sell such warranty protection for a given product.
The Microsoft model doesn't permit the user to inspect the software and make improvements. Nor does it create business model for third party vendors. What I mean is, you could sell warrany protection for Microsoft software but you would be crazy to do so, not having any power to actually resolve an emerging issue.
In other words, there is fairness in the Open Source world. I'm not going to guarantee that this program works, but neither will I twist your arm with a draconian license that doesn't permit copying, withhold the source code from you and charge you good money. If you are going to pay money to me, then, unlike say Microsoft, I'm going to stand behind the software.
Re:Double Standards (Score:4)
All proprietary software vendors operate with the implicit (or not so implicit) assumption that They Know Best. They may give lip service to serving the customer's needs, but when push comes to shove they (or in a few cases, a client with a very thick wallet) decide what is done, how it is done, how long it is supported, etc. Because the customer can't look after his own interests, the company is required to assume some measure of responsibility for doing it on the customer's behalf.
In contrast, all open source projects operate on the assumption that the Customer Knows Best. We hope that our code solves the problem as-is, but we embrace customers who are willing and able to modify the source to fit their needs exactly. In general, all we ask in return is feedback (in the form of modified source code) so that we can drift the main source tree towards the customer's requirements, if there's general consensus that the changes are improvements. Not every customer is competent to judge whether the open source project poses an acceptable risk, of course, but they *can* take a hint from the fact that other customers can and do provide updates to the source code.
Besides the staggering difference between these two ideals (and what it appears to do to the psychological profile of each camp), there's a fundamental difference in terms of the law. A proprietary software vendor can, and is expected to, maintain exclusive access to the software. This incurs a significant legal obligation since they, alone, can modify it. In contrast, an open software vendor not only does not maintain exclusive access to the software, he can't force the people downstream to use the latest version of the software or to retain changes made for the purpose of minimizing risk. Meta-legally, you can only be held responsible for acts you control. (That's why many people are *deeply* troubled by the laws that criminally punish parents for the acts of their minor children.)
Finally, it is worth noting that the courts can (and IIRC occasionally *do*) negate the "disclaimer of liability" statements found in shrinkwrap and open licenses.
Re:It's Much Less Of A Problem With Open Source (Score:2)
People who want to provide warranties should be allowed to provide them, for a fee. If everyone has to provide warranties, it is going to drive costs up for applications where warranties are neither desired nor necessary.
Thanks
Bruce
Other sources than OSS are also liability-safe (Score:2)
I think that due diligence for software faults lies in a) acknowledging problems when they occur, b) fixing them rapidly, or if not possible, at least suggesting a workaround, and c) releasing the fixes or workarounds to the customer as quickly and publically as possible.
Open Source Software has a tendancy to do all of these reasonably well. More and more, OSS projects are having publically accessible bug tracking databases, reasonably fast turnaround for security bugs, and a fast enough release cycle (esp. for patches) to fix most security bugs rapidly.
With things like BUGTRAQ, CERT, and other mailinglists and security-advisory sources, most Unix-based systems (Linux, *BSD, Solaris, HP-UX, etc) are fairly good at reacting quickly to a known problem -- the RTM Worm woke them up to the foibles of ignoring security issues -- and they do do a decent job of alerting their customers.
Microsoft isn't entirely negligent -- a quick scan of BUGTRAQ showed a lot of MS-related security bugs, and many of them had MS patches. I think where MS fails is making those patches known to the public.
Another possible pitfall for liability is negligent design -- designing something that should be obvious is a problem. From a "real world" security standpoint, this would be like putting a dimestore lock on a bank vault.
This is where I think that fundamental differences between OSS and MS come to the foreground. A very large percentage of OSS software is designed to run on Unix-like systems, where underlying OS security issues have been considered, studied, and beaten on for nearly 30 years. It's very hard to accidentally code a general system exploit for a program designed to be run as a user. And if an exploit is discovered on purpose, it's a bug in the OS, and is treated as such. Among other things, this creates -some- inherent resistance to viruses. Unix security is generally good, but not perfect. Unix has a reasonably high-quality lock on the bank vault.
On the otherhand, MS Win95/98 isn't really designed with security in mind. At a fundamental level, the OS is open to any meddling that any program wants to do. On top of that, MS has added "features" that become reasonably trivial to exploit to creat security issues -- MS Word macros, ActiveX controls, etc.
For years, security experts have been telling people that the "Good Times" virus is a hoax -- that you can't get a virus from just reading an email, you have to run a program to do it. MS managed through their "features" and "enhancements" to make "Good Times" possible.
It's like MS, not content with putting a dimestore lock on the bank-vault, decided to put a plate-glass window on the vault so people could see their money from the sidewalk!
I don't think I have a double standard with regard to negligence, but I think that, in general, OSS software tends to meet my standards more than MS does.
Re:Microsoft Is Responsible for Hotmail/Passport (Score:2)
As you will be reading in the news in the next few days, Hotmail was down because passport.com went down (passport.com is used to authenticate users). Passport.com went down because (listen carefully) microsoft was late paying the $35.00 domain registration fee to Network Solutions Inc. and NSI removed the IP from the DNS. Even the big guys have to pay there bills.
We're not ragging on ms. They due a good enough job of triping on there own feet(read:msbob). We're just around to point it out when they do.
_________________________
Re:It's Much Less Of A Problem With Open Source (Score:2)
Take a look at the Kodak box, any Kodak box made in the last 30 years or more, and you'll see they are not liable for more than replacement of the blank film. And that makes sense to me. If I want that kind of insurance, I'll buy it when I need it.
This doesn't mean that wouldn't do my best to fix bugs and protect the users. That's the attitude that is important to getting mainstream customers, and that's what Linux distributions should be doing to the software they distribute - and for the most part they are. Certainly Debian has fixed 50K bugs in the lifetime of its bug system, no doubt the others do something similar.
Thanks
Bruce
Enable macros!=turn off my air bags (Score:2)
_________________________
Actually the law *is* clear (Score:2)
That is counted as your stupidity.
If I sell you a bill of goods but I did misrepresent it and you really had no chance to validate my claims - you have me to rights.
That is counted as my taking advantage of you.
OSS is no different than selling used cars. I can sell a used car without telling you about some problems and it is your problem if you buy it from me. What? You are not competent to identify those problems? Sorry - that is why you have the right to get the car inspected by an independent mechanic or to bring in a friend. If you didn't do that, that is your problem.
So whether or not you have the skills to evaluate software, you can hire someone with said skills, so failure to do so is your problem, not mine.
Cheers,
Ben
There is a quid pro quo (Score:2)
I gain the guarantee that my wishes are respected regarding the distribution of my works.
Read the GPL closely, you don't need to agree to it to use the software, only to distribute it. In other words it isn't the act of downloading that is the point of agreement, it is the point of putting it on your ftp site.
Cheers,
Ben
Re:But w OSS, you can check safety before running (Score:2)
Totally offtopic but... (Score:2)
They even come with a warning label (Score:3)
Damn straight! When someone buys Microsoft products, they know what they are getting into. All this whining about Microsoft products executing arbitrary code sent to them has been going on for years. When these products first came out, it was Microsoft's fault. But it's old news now. If you buy a known defective product with the expectation that when (not if, but when) it blows up, you can just sue the maker, then you are the negligent one. These products all come with a warning label in huge letters: the Microsoft trademark. How can a person possibly pretend they were ignorant of the danger?
I bet more people know about Microsoft these days than even the Ford Pinto.
The best way to improve software quality is for people to start taking responsibility for their decisions. If you buy an Internet product for your company from Microsoft -- a company with an established reputation and a known and consistent track record of repeatedly making horribly defective product after horribly defective product -- then you should get fired. It's as simple as that.
For people to keep blaming their problems on Microsoft is immoral. It's 1999 and if you're still using Microsoft products, then you deserve what's coming to you.
It's like you buy a '74 Ford Pinto, and it blows up and kills your son. That's bad, and it shouldn't have happened. You go to the pub to drown your sorrows in beer, and everyone else is also talking about how their Pintos also blew up and killed a loved one. Then you buy another Pinto. It blows up and kills your daughter. You buy another one, and it blows up and kills your wife. Who is your wife's ghost going to haunt: Ford, or you?
---
Re:open source software is like a commodity (Score:2)
Re:(mildly off topic (Score:2)
Not being Mr. Perens, I can't say for sure, but it seems to me that he used "Disclosed source-code" rather than "Open Source ode" purposely, since there is a difference between the two. His arguments apply to any situation in which the source code has been disclosed. This source code, however, is not necessarily "Open Source." For example, code licensed under the SCSL (Sun's not-quite-Free license) is disclosed to the user, but not Open.
Why I used that phrase (Score:2)
Sometimes it makes sense to talk about that without licensing coming in to the picture.
You are correct that all cases of non-disclosed source code are probably proprietary. But my argument didn't rest on the license being compliant with the Open Source Definition, so there was no point in bringing Free/Proprietary into it.
I hope that makes it easier to understand.
Thanks
Bruce
Re:That's increadably [sic] stupid (Score:2)
Re:A couple thoughts (Score:2)
In the U.S. I think negligence gets you triple damages in a lawsuit, while simple liability gets you just damages, but IANAL and it's no doubt more complicated than that.
Thanks
Bruce
Re:Open Source responsibility (Score:2)
Re:Synchronicity (Score:2)
Bruce
Re:Not now (Score:2)
Charging $$$ and making false claims (Score:4)
The main differences between open source and commercial software on this matter is cost and claims. Lets look at a few points:
It's akin to claiming to make an impenetrable door. Selling the customer a version with a doggie-door and plastic hinges instead. Then strong-arming the contractor into installing it with built-in plate-glass Windows. Then charging the customer for shutters, metal hinges and, oh yeah, a lock.
Linux is the alternative. It's free, and everyone knows (and keeps repeating) that it's written by the community. The quality disclaimer is implicit - it's written for fun, in spare time, by people who know (and love) what they're doing. You can look inside the door jambs and see how reinforced it is. You can put in a steel plate if you want - and there's plenty of people willing to tell you, and help you, get it done. For free.
Not only are you able to do this, but you are encouraged to do this. And, if security matters to you, you are given the means to take responsibility for the security of your system. This way, the responsibility is divided. You can check that the developer did his job, and if not, or if your needs differ enough to make it a special case, then you can remedy the situation.
With closed software, you are not given the choice of taking responsibility. Logically then, the full responsibility rests squarely on the shouders of the people who made the product.
If you don't like Linux, you can go out back, drag home one of the reinforced BSD doors, and hoist it into place youself. The cost? Your time.
The cost of securing an OS, be it from a big closed-source shop or from some freak in a Bazaar, is time. In the case of the former it's also money. And you don't get to see why it needs securing in the first place so you end up guessing or taking a priest at his word.
In the case of the latter, you can pore over the code to find the flaw, fix it and take it back to the freak. He won't give you money for your efforts, but he'll give your suggestion to his freaky friends for review - and you might get a free beer out of it.
-- Did anyone notice that the latest security innovation in NT2k is Kerberos security?
The process is open too... (Score:2)
In addition to Bruce's comment about the code being open, I think it's important that the process is (usually) open too.
A typical closed source product gets developed behind closed doors and then unleashed on the public - we don't really know how decisions were made about what problems to fix. It's easy to imagine (even if it's not true) that people behind closed doors might conspire to conceal problems rather than fixing them.
An Open Source project typically has a public mailing list where problems are reported and discussed. Somebody might still make a decision to release the product with known problems - but there's no question of it being a secret.
I make it a practice to subscribe to development lists for products that are important to me. It allows me to get a great sense of how the product is doing - even if I have no intention of modifying the code. I would think that any company large enough to have a few million dollars worth of damages should be able to have somebody follow the development of essential software.
Re:That's increadably [sic] stupid (Score:2)
Re:Microsoft clause to cover their errors (Score:2)
I've got another analogy for us that proves why virus writers can't be held responsible because they wrote the virus...
I have 2 old and decrepit computers, and I decide I want to end their lives in a bang. I write a program that could be considered a virus that's designed to attack several computers on a network. My friend likes it. He asks if he can have a copy. He stupidly runs it on his computer that is attached to a T1 and it starts infecting not only his computer, but also some other computers on the internet. Can he be held accountable? NO, he didn't realize he was releasing it. Can I be held accountable? No, I didn't release it.
OK there was another rant.
Re:Bad analogy (Score:2)
Sorry to be picky, but I'd think that poor grades, a police record, and drug abuse are all very good things to lack.
--
Re:And now, a quote from the GPL (Score:2)
First, a court would have to find that there was negligence. That is to say, that there was a standard of care that applied in the situation, that the standard of care was breached, and that the breached caused damage both in fact and in terms of "proximate" cause. Second, there is the fact that this would be products liability, which has some of its own rules. I don't know them very well, though I am familiar with a rule which holds that one can generally disclaim the merchantability of a product for certain kidns of uses, unless the product can be made unusually dangerous (usually construed as physically dangerous to a person) in its intended use by negligent manufacturing.
I don't have time to write about all of these elements, and you don't want to read it all anyway. I want to note, though, that in most cases where the negligence of one party creates a dangerous situation, and another party discovers it and intentionally exploits it to bring about the danger that was risked, the connection of "legal cause" between the negligence and the damage is understood to be broken.
An example which comes up in casebooks is a case where a railroad company spilled gasoline all over the place. The question presented was whether the railroad was liable for damage from the ensuing fire when someone threw a match on it -- there was testimony to show that he had intentionally thrown the match. The appellate court in the case held that the railroad would not be liable if the other defendant had intentionally thrown the match. The rationale (at least according to my torts professor) is that if someone exploits a dangerous situation before the negligent party finds out about it and has a chance to clean it up, we shift the liabiltity over to him and take it off the negligent party.
Now, we can all think of how there are similarities and difference in a software situation, where the parties know that the person using the software is relying on it to get the job done. On the other hand, there are the issues of warranty disclaimer and the defenses to liability. I think one of the reasons courts are unlikely to find Microsoft liable in this situation, even going past the defenses it would have available, is that they would have to apply it to all small companies and open source programmers to that kind of liability, and no one can insure against it. The courts will look for the best ways to spread these losses around so that they are manageable. Microsoft might be able to spread those kinds of losses around, by insuring itself and raising software prices (yes, I say that in all seriousness), so it will be tempting to assign liability there, but the individual or group who writes a shareware or open source network program and leaves in an opportunity for a buffer overflow cannot, and would go bankrupt quickly, leaving only a few people compensated and countless more uncompensated. The courts will not create an otherwise-unjustified double standard between the behemoth and the little guy when the only difference between them is that one is a behemoth and one is a little guy.
For these reasons, I expect that the person or company who accepts the licensing agreement and its disclaimers, even for mission-critical operations, will have to self-insure against its failure when there is no warranty, and will have to self-insure against the security risks involved in using such software.
In parting, here's my own little disclaimer: I am not a lawyer, just a student, so you should not rely on anything I have said for any purpose other than as something to think about.
Better analogy (Score:2)
In response to the responses to my original post, I propose an alternative analogy. A refrigerator. If the refrigerator has a flaw such that, if abused, the door would fail to seal, then the manufacturer would really tick off a lot of people and could cause a lot of companies to lose money (especially in the food service industry). Yet, we could come up with a scenario in which this could threaten life or limb, such as if the refrigerator is used as temporary storage of blood in a surgical ward. Or if someone failed to notice that the refrigerator was no longer cold and then failed to properly cook the food inside. Or when someone opened the freezer, all the melted ice spilled out and that someone slipped on the floor. Or someone who cannot travel outside the home and must rely on someone else to bring the groceries, and the new groceries aren't due for another week.
But by its nature, by its obvious intended purpose, such a flaw is an inconvenience and a cause of lost money, but is not a direct threat to life or limb (unlike a 1000kg collection of steel, aluminum, and plastic travelling at 100kph).
And that last bit really is the crux of this discussion -- the suitability for any particular purpose. And that's been discussed sufficently elsewhere in this article.
And, yes, I realize a different flaw in a refrigerator could cause it to topple over, but that isn't my point ... I chose a refrigerator because it was easier to come up with a flaw with similar results to a flaw in Microsoft's OLE than if I were to suggest a flaw in a book (besides something so obvious as misprinting) that could, in certain scenarios, threaten life or limb.
Christopher A. Bohn
...unless... (Score:2)
The sad fact is, unreliable software -does- cost lives, every year. The difference is, you can -see- the cause and effect from a motor accident, it's usually a lot messier, and it's usually a lot more direct. This isn't true for deaths or injuries relating to computer software errors.
However, that's almost by the by. Software companies claim that the Turing Halting Problem gives them exemption. As they cannot prove fitness for use, they argue that they should be exempt from any and all quality legislation.
Software EULA's (Score:2)
Let's take a look at the typical EULA.
The fact is, software companies have got it made. The EULA's are getting legal protection in the USA, which gives software houses total immunity from prosecution for any reason, whatsoever, for anything and everything.
That's not the only scary thing. You think it'll stop there? Car manufacturers are -big-! If the software companies get immunity from prosecution and immunity from consumer protection laws, do you think the larger manufacturers are going to just say "oh, well, that's them"? Or are they going to say "hey! Give us immunity too!"
How long before no consumer protection exists in the US, and you are literally taking your life in your hands every time you use the microwave or toaster?
Re:But w OSS, you can check safety before running (Score:2)
someone else said in response.
> I disagree... having the ability to look deep
> into the product to check for possible problems
> is not the job of the consumer.
This is exactly why I think Free Software
programmers should not be held liable.
Free Software does not follow the standard
Capitalist model. The standard model is, Party 1
makes the product, party 2 pays money to party 1
for the product.
Free software is "Party 1 makes the product.
Anyone is free to take the product". Rather than
"Hey here it is, the one thing you need"
its
"Heres what I did, use it if it fits your needs,
don't use it if it doesn't"
Its about being open and shareing. The whole
purpose of negligence and similar things came
about because capitalism inherintly rewards
cutting corners and making products as cheaply
as possible, whether its safe or not.
It is because of this that negligence laws and
similar responsibilities of product producing
companies exist.
In Free Software, there is no incentive to cut
corners. A person working on a piece of software
is usually writting it first and formost because
he needs it. As such the incentive is in getting
it to work and fill his need.
As such, there is no "Consumer". A person who
needs the same need filled can take his code and
use it if they like. They are the ones that seek
it out, and they are the ones who put it in place.
Ultimatly they should be responsible for making
sure it meets their need before they put it in
place.
> Software engineers are simply unethical
> engineers.
I disagree emphaticaly. What is so unethical about
disclaiming any warrenty? Other engineers
generally work for hire or for a company. This
means they are getting money to design something
for someone else, as such they are liable to the
person who is paying them.
However, if an electical engineer designs his own
TV remote control from parts he can buy at radio
shack, completely at home and on his own. Then he
releases the plans on how to build it...
should he be liable if someone builds it and it
doesn't work for them?
He didn't charge them for the plans. He just said
"Here is how I did it, this works for me"
Should he suddenly be liable if it doesn't work
or causes harm to someone elses TV?
If that is to be the case, then free exchange of
information may as well be a dead idea. It would
make it much to costly.
Re:Does it "work" (Score:2)
> you make it out to be
I was a PC tech on Desktop machines in a HUGE
Win95 environment. I can make WIndows out to be
pretty damned defective from what I have seen it
do.
> Windows 98 works just fine for the vast majority
> of people who use it.
Well...the "vast Majority of people" are morons.
They have just gotten used to rebooting several
times a day when the system crashes. They have
gotten used to phrases like "You have to expect
it will crash ocasionally".
I have even heard a salesman on TV saying that
computers run so FAST these days that they
ocasionally make mistakes and get themselevs
screwed up. I kid you not he was actually saying
on no uncertain terms that "crashes" and lockups
were the fault of the hardware going real fast
and losing track of what it was doing.
I have seen too many Windows machines with too
many differnt problems for too many users to
say that Windows is not extremely defective.
It IS defective.
Which is exactly why I no longer run it on any of
my machines.
Re:Does it "work" (Score:2)
I neither lied not exaggerated. Why should I? I don't have any hidden agenda. My only animosity towards Microsoft is precisely because of my negative experiences with Windows.
I have had the same or similar problems with a range of hardware including three different CPUs, two different chipsets and four different motherboards, three different sound cards, three different graphics cards. And four different hard disk, three different sets of Simms, three different CD-ROM drives.
It's therefore a fact that there is a great deal of hardware out there upon which Win95 OSR2 and Win98SE simply will not run reliably. I'm giving you the benefit of the doubt here because I don't directly know of any hardware configurations upon which it will run reliably.
Windows, any version, is not as defective as you make it out to be. Windows 98 works just fine for the vast majority of people who use it.
The only remotely stable Windows 95 configurations I have ever seen was the original (pre-OSR2) Win95 release on integrated motherboards from Intel. From what I've heard, Win98SE is not stable on any configuration and the problems I've been having are widespread.
Just because YOU can't figure something out or because it doesn't work for YOU
I can figure out plenty. I've had to learn because Windows 95 OSR/2 and Windows 98 are so temperamental. I've spent hundreds of hours studying Microsoft Knowledge Base articles and following their useless recommendations. The fact is Microsoft are extremely reluctant to admit to faults that can't be fixed which are down to inadequacies in their software, so many of the problems I've faced are simply not acknowledged.
It doesn't work as advertised. Microsoft cannot or will not fix it. It is, by any meaningful definition, a defective product.
In attempting to refute facts which are well known to correspond to most technical users' experience, you clumsily expose yourself as a Microsoft employee. No surprise then that you post as an AC. Listen up drone; denying that the problem exists will not make it go away. At least, not here it won't.
Consciousness is not what it thinks it is
Thought exists only as an abstraction
Re:Actually the law *is* clear (Score:2)
Yes, as long as the fact is disclosed clearly and unambiguously before sale...
(of course, IANAL, that's my disclosure
Your Working Boy,
Re:It's Much Less Of A Problem With Open Source (Score:2)
That assertion may be printed on the box but that doesn't mean that Kodak has no liability for consequential damages. That is a question for a court to decide. It is common to see blanket disclaimers of liability and other statements that conflict with the law on licenses, contracts, sales receipts, warranties and product packaging.
What is the intended use? (Score:2)
If you buy a car, the intended use is to drive it on roads. Thus you have cause to sue if the brakes stop working or the wheels fall off. If you decided instead to use it as a foodstuff, you couldn't sue claiming injury because of indigestion. It's your own fault for using it for
a purpose it wasn't designed for.
You can apply this to software too. If you bought a web browser and found that it wouldn't display web pages (and you could prove that this was the browser's fault, and not badly-behaved site, broken networking or whatever else), you would have a legitimate grievance. (Although IMHO the most you should be entitled to is a refund of what you paid, unless you have agreed different warranty terms in advance.)
However, if you used the browser for a mission-critical information display, in a hospital or whatever, you wouldn't have a legitimate complaint if memory leaks caused it to crash after two weeks of use. A browser is not designed to give that kind of reliability, and it doesn't claim to. (Some things such as Java explicitly say that 'X is not designed for use in safety critical applications'.)
So I think that you have to ask: is the user just being stupid by trying to use the software for something inappropriate?
Re:It's Much Less Of A Problem With Open Source (Score:2)
Disclosed source-code software has much less of a problem with negligence since the user and distributor are able to perform due diligience on their own
I think this mostly summs it up. I would add that consistant public denial of security problems on the part of a certain vendor compounds the liability. Open Source projects very rarely deny security flaws in press releases or marketing material.
Re:Not now (Score:2)