Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Software Technology Linux

BBC Commentator Goes After Software Licensing 453

An anonymous reader writes "Bill Thompson, a regular commentator on the BBC World Service programme Go Digital, criticizes current software licenses (including the GPL) for giving developers 'freedom from responsibility which would be considered wholly unacceptable in almost any other sphere of activity, public or private'." From the article: "A friend of mine is a children's writer. When she writes a non-fiction book she is typically asked to sign a contract that indemnifies the publisher against legal costs resulting from errors of fact in the book. If she was to suggest a school experiment that involved drinking sulphuric acid, because she'd confused it with acetic, then she'd be in big trouble. Yet I can't do anything when a company produces software that exposes my online banking details to any script kiddie with time to spare, because I've agreed a license that removes such liability. "
This discussion has been archived. No new comments can be posted.

BBC Commentator Goes After Software Licensing

Comments Filter:
  • agreed (Score:4, Funny)

    by BushCheney08 ( 917605 ) on Friday September 30, 2005 @12:21PM (#13686425)
    I agree. I should be able to sue CmdrTaco for getting me fired.
  • Bad analogy (Score:2, Insightful)

    by pmike_bauer ( 763028 )
    Publisher is to Author as
    Software User is to Developer
    ...BZZZZZT!
    • Re:Bad analogy (Score:4, Informative)

      by kfg ( 145172 ) on Friday September 30, 2005 @12:41PM (#13686697)
      Well, then it's a damned good thing he didn't use that analogy, isn't it.

      In fact, he didn't use an analogy at all, since author is to author isn't an analogy. He merely brought up the indemnification of the publisher to illustrate that in fields other than software authors can be held accountable for what they write and publishers do not wish to be the "deep pockets" target of the accountability.

      And software has publishers too.

      KFG
    • I think it was meant to be READER is to author as user is to developer.
    • Re:Bad analogy (Score:3, Interesting)

      by sedyn ( 880034 )
      Stepping beyond that kind of bad analogy, there is another one:

      "If Apple turned round to nano users and pointed to a shrinkwrap "licence" on the high-design packaging that exempted it from the provisions of consumer protection law it would never get away with such a blatant disregard for its customers' rights."

      But, if I go to a pawn shop and buy refurbished goods, which are sold "as is" then I have accepted more responsibility at the expense of supplier/creator liability.

      Likewise, with free software, you ac
      • Re:Bad analogy (Score:3, Interesting)

        by richdun ( 672214 )
        The moral of the story, hire someone to proof-read the code you want to use, just like people hire lawyers to check contracts. I know that I would like to see an increase of demand for programmers.

        So what about software that comes without source? I think the greater point the author is trying to bring up is that even for non-free software, like say IE, how are companies held liable for releasing software with security holes? Most EULAs make you accept the software as is and doesn't let you sue the com
    • by Dare nMc ( 468959 ) on Friday September 30, 2005 @02:19PM (#13687719)
      I think the bad analogy in this article is between the products. In the case of a book, it is a complete product. When a book is released, it is unlikely to be used for other than the intended purposes, and when used with another product it is not expected to still stand on its own (you cant subst the 265th page for another authors page, and expect it to work, but that is expected of the dll's, windows 98 vs XP, etc.)
      Most software is either released inside a complete product, and the product liabilty is left intact. Or it is software inteded to be used with other software, and with the original programmers usually not being the system integraters, going back to a single person to be responsible is no longer easy or practical.
  • About time (Score:2, Interesting)

    It's about time that someone got up and did something about this. It's time we realized the customer comes FIRST and our comfort and legal safety POST.
    • It's a shame you can't sue MSFT when a worm works it's way across the net costing Billions to clean up after. Of Course according the the MSF eula you can't sue them, and they assume no responsiblity either.

      I guess noone in the software industry actually cares about the customer.
      • It's a shame you can't sue MSFT when a worm works it's way across the net costing Billions to clean up after

        I am not so certain you can't sue them. Is it their fault that some kiddy with too much time on his hands wrote yet another worm? Have they been negligent in developing unsafe software?
        If you answered "yes" to any of these questions, you have reason to go to court in most Western countries. Consumer protection really goes that far and law trumps contract and overrules the EULA. The reason nobody doe

      • Ya, I can't think of anyone who's willing to use a computer despite not having the right to sue.. I mean, why take the chance?
    • Yeah... (Score:3, Insightful)

      by Anonymous Coward
      Let's make all software developers totally legally responsible for their programs. That way, the only people who can afford to write software are huge companies, and even computer progamming for hobbyists ceases to exist because of the liability issues surrounding the creation of code. It'll be sort of like the doctors who have to buy really expensive malpractice insurance as protection against frivolous lawsuits, only the people who have to pay in this case won't be pulling down doctors' salaries.
      • by Travoltus ( 110240 ) on Friday September 30, 2005 @12:47PM (#13686781) Journal
        Just so you know, malpractice premiums do not decrease for doctors in states where malpractice awards are capped to $250,000. Most lawsuits are launched when doctors maim or kill patients due to negligence, not because of highly publicized frivolous reasons. Your analogy is flawed, to say the least.

        Now let's get back on topic. It's wrong for people to make excuses for bugs in code which expose my personal information to hackers, stalkers and marketers. I'd just as soon see the industry grind to a halt until they find a way to nip these miscreants in the bud. And no, I can't opt out of this dangerous system unless I stop driving (so much for being able to get food), close my bank account (yeah, hide my money under my bed so a thief has a reason to physically rob me and then kill my whole family to get rid of witnesses), declare myself dead (to retire my SSN - whoops, that's illegal, welcome to Club Fed! - or at least, welcome to joblessness) and practically move out of the country (well, actually that's a good idea if Canada is my destination).

        Thanks to stupid programmers there's absolutely no way anyone can protect themselves from identity thieves. The only reason why someone hasn't hijacked you is that they don't care to.

        Now please, come back after you find yourself having to fight for years to fix your credit after a hacker stole your personal information off Lexis-Nexis and then tell me they shouldn't stop the digital train for some major overhauls. Until you're a victim of the gaping flaws in the digital fortress you really don't understand the sharpness of that sword of Damocles that is swinging back and forth over your head.
        • I'd just as soon see the industry grind to a halt until they find a way to nip these miscreants in the bud.

          And that's exactly what would happen. Anyone doing any sort of business electronically will cease to do so.

          There is no way for software to be written so that it's absolutely safe from people who are determined to break it. Depending on your paranoia level, you can believe (or be reassured by the notion) that certain 3-letter gov't agencies can decrypt any secure transmission you might make over the w
        • It's wrong for people to make excuses for bugs in code which expose my personal information to hackers, stalkers and marketers.

          Bite me. Programmers don't control the schedule. They also don't decide when to ship, or to delay bugfixes for browser exploits for months. That's all up to managers - they control the schedule and the priorities are.

        • Wow, you impress me sir. Do you think you could introduce me to General Lud someday? I've always wanted to meet that guy.

          First of, the majorty of successful identity theft cases out there have been proven to be the result of social engineering. Meaning, there were no bugs and there were no clever hackers exploting the computer systems. Instead, there were con-men tricking people into giving them information, there were theives sifting through the trash of some careless individual that threw out personal inf
        • "I'd just as soon see the industry grind to a halt until they find a way to nip these miscreants in the bud."

          Yeah, and lets do the same for other products like houses. Lets not allow the sale of houses until they are secure.

          With every product, you take risk. The trick is figuring out where the risk/cost sweet spot is. Obviously, Medical/Financial data needs to have stiffer restrictions than say, an online recipie book. This kind of logic is what leads to things like banks being more secure than houses.
        • by bigpat ( 158134 ) on Friday September 30, 2005 @02:38PM (#13687896)
          Now let's get back on topic. It's wrong for people to make excuses for bugs in code which expose my personal information to hackers, stalkers and marketers. I'd just as soon see the industry grind to a halt until they find a way to nip these miscreants in the bud. And no, I can't opt out of this dangerous system unless I stop driving (so much for being able to get food), close my bank account (yeah, hide my money under my bed so a thief has a reason to physically rob me and then kill my whole family to get rid of witnesses), declare myself dead (to retire my SSN - whoops, that's illegal, welcome to Club Fed! - or at least, welcome to joblessness) and practically move out of the country (well, actually that's a good idea if Canada is my destination).


          and again

          I'd just as soon see the industry grind to a halt

          So, you'd like to see everyone just stop until it is completely safe, but you can't see how it is you could live without the systems that are in place. By the industry grinding to a halt, you mean your just going to stay home and eat your scrambled eggs until the world is without risk. Until your fluffy little world is just right to you.

          Well, the world ain't perfect and you do have choice. And people should be free to assume whatever level of responsibility they feel comfortable with as long as there is no fraud. Doctors should be able to make patients sign legally enforceable waivers of complete responsibility from even claims of malpractice. And so too should manufacturers of software and hardware. If that car manufacturer want to make you sign a contract that says that their cars may explode upon key insertion and they are not liable for damages beyond the cost of the car, then that should be the way it is. Then let some decide to indemnify and other not and see if the price difference is worth it to customers.

          Perfection costs time and money and is most often illusory, so to mandate it is a fools errand.

        • It's wrong for people to make excuses for bugs in code which expose my personal information to hackers, stalkers and marketers.

          Let's say you put your money in a bank. The bank, in turn, puts your money in a safe. It just so happens that the safe has a subtle flaw in the door hinge that makes it vulnerable to robbers; neither the safe manufacturer nor the bank knows about this vulnerability. So when the bank is robbed, who is to blame for the loss of your money? The bank? The robber? The safe manu

    • by xtracto ( 837672 )
      Landing On the Subject, when do you Expect it will be Realized that the EULAS are taking out our basic statutory rights?
    • Re:About time (Score:5, Insightful)

      by Skye16 ( 685048 ) on Friday September 30, 2005 @12:39PM (#13686675)
      I disagree. You don't like buying/using my software because I'm free from any responsibility if it runs amok and kills your family and makes love to your motorcycle? Don't use it. I'm not going to make you. If you don't feel comfortable dealing with those circumstances on your own if they happen, then I don't want you to use my software products (not that I actually have any, but still).

      If you don't like it - write up a new license claiming responsibility for whatever it is your software may do. Write whatever software you want. Users will possibly flock to you just for the peace of mind they would get (or is it piece of mind? ;D).

      Of course, so will the lawyers, but hey, it was your choice (as a developer) to release software under those conditions anyway.
  • GPL (Score:5, Insightful)

    by Joehonkie ( 665142 ) on Friday September 30, 2005 @12:23PM (#13686456) Homepage
    I bet his wife gives away her books for free, too. On a more serious note, this is more expansion of the culture of victimization and the lack of responsibility that is taking over the Western world. Nothing is ever our fault, we muyst always find someone else to hold responsible for problems that we should be tough enough and capable enough to not get into or to solve ourselves.
    • Re:GPL (Score:3, Insightful)

      by s20451 ( 410424 )
      So you're saying that software companies (say, for example, Microsoft) are actually not responsible at all when they release buggy code, and buyer beware?
      • Parially, yes (Score:5, Insightful)

        by brunes69 ( 86786 ) <slashdot@nOSpam.keirstead.org> on Friday September 30, 2005 @01:14PM (#13687054)

        If you as a company, invest tens of millions into a rollout of a new software product ( be it a new version of Windows, or a new Linux Kernel), without

        • Fully researching the present and past state of the company or individuals responsible for the software, and their abilities both demonstrated and implied.
        • Fully looking into [resent and past security issues with the software
        • Doing a full independant side-by-side comparison with competitors

        .. then Yes, you are responsible for a large part, if that software catastrophically fails. Because it is likely something you would have came across in all this research, in one form or another.

        Take windows for example. If you lose $500,000 in a day because some critical windows server crashed from a certain DDOS attack, should Microsoft be responsible? Or should you be responsible, because you should have known from years of examples that Windows is very vulnerabile to those kinds of attacks, and you should either have an external protection mechanism in place, or not use the software? I think the latter. Then again, I am not the person who thinks "sue" when I slip on icy stairs in the winter and break my neck either. I think "maybe I should have bought better gooddamned shoes for walking around in the winter". The other commentors are right, there is not enough responsibility in the world today. Grow a backbone and stop sueing everyone.

        • Re:Parially, yes (Score:3, Insightful)

          by jglazer75 ( 645716 )
          Except for the fact that at every turn Microsoft is telling you it is secure. That it's software will stand up to a DDOS. The firewall operator exists for the same reason. Yet, when that DDOS occurs, there is no recourse because of the disclaimer of liability by both MS and the firewall. "Oh, well you agreed when you clicked 'I Agree' that you acknowledge that everything we said prior was mere 'puffery' and that it was blatantly obvious to anyone that our products don't ACTUALLY stop a DDOS." So, yeah. If
      • Ya, more or less (Score:5, Interesting)

        by Sycraft-fu ( 314770 ) on Friday September 30, 2005 @01:29PM (#13687220)
        You choose to accept the risk, in trade for the benefits. Designing a system with no bugs is expensive and time consuming. You have to test things extensively at every level. That also means testing all the possible interactions. Not only how the OS interacts with the hardware, but how it interacts with the software, and how it interacts with each other. So when you design a system like that, the hardware neede to be known, as does all the software. You can't have it run on random comoddity hardware using random software beacuse then unforseen problems can result.

        So by choosing to run software cheaply and quickly developed in random environments, you choose to accept teh fact bugs may occur.

        To me, demanding that commoddity software on commoddity hardware run without bugs is like demanding that an automobile on the public streets never get in to an accident, even one caused by driver error, unforsseen conditions, or other drivers. Can't happen. If you want gaurentteed operation, you need controlled conditions.
    • Re:GPL (Score:3, Interesting)

      by gosand ( 234100 )
      On a more serious note, this is more expansion of the culture of victimization and the lack of responsibility that is taking over the Western world. Nothing is ever our fault, we muyst always find someone else to hold responsible for problems that we should be tough enough and capable enough to not get into or to solve ourselves.

      Fear and greed, and a lack of compassion. That is what causes these things.

      Let's say theoretically, someone goes to a restaurant, orders a cup of coffee, and the lid isn't put

    • Re:GPL (Score:3, Insightful)

      by kfg ( 145172 )
      I bet his wife gives away her books for free, too.

      Giving a book away for free does not indemnify the author of accountability for its content. Were I to claim you like whipped cream and underage barnyard animals in an unnatural manner that might well be actionalbe as libel (assuming the claim were false), depsite this post being distributed freely.

      Nothing is ever our fault, we muyst always find someone else to hold responsible for problems that we should be tough enough and capable enough to not get into or
    • Re:GPL (Score:3, Insightful)

      we must always find someone else to hold responsible for problems

      Yes. Because the average BBC columnist has neither the time nor the experience to audit every single OSS application on his computer. OSS has an advantage that the source is there, but many OSS writers think that it means they don't have to guarantee their software - after all, they can see that it's safe. The user's rights include the right to use safe code, and free programs (in either sense) don't relieve the programmer of the responsibilit
  • Keyword (Score:5, Insightful)

    by mysqlrocks ( 783488 ) on Friday September 30, 2005 @12:23PM (#13686459) Homepage Journal
    The keyword is that people agree to these license. If you don't agree, don't use the software. Or, you could buy more expensive software that comes such a guarantee. I can't think of any specific examples, but I'm sure the software that runs pacemakers has some sort of guarantee. However, it's very expensive.
    • No guarantees (Score:5, Insightful)

      by winkydink ( 650484 ) * <sv.dude@gmail.com> on Friday September 30, 2005 @12:29PM (#13686534) Homepage Journal
      In many cases, there is no option for a more expensive software that comes with a guarantee. Yes, some software like hospital life support and air traffic control come with a guarantee, but that is why you will see many 'normal' sw mfgs license mention these applications by name and say that you should not use their product in these environments.
      • Re:No guarantees (Score:5, Interesting)

        by Chyeld ( 713439 ) <chyeld@g m a i l . com> on Friday September 30, 2005 @12:59PM (#13686906)
        Actually in all cases there is that option. Just because no one is willing to pay $150,000 to a software development firm to create a knockoff version of Quicken and guarantee a certain level of reliablity doesn't mean it's not an option.

        What this guy is complaining about is the fact that he expects consumer level software to come with the same quality of proffessional level software. It's a bit idealistic and unreasonable.

        If you aren't willing to pony up the money for quality, you shouldn't complain about the quality of the what you get.
      • by Sycraft-fu ( 314770 ) on Friday September 30, 2005 @01:22PM (#13687155)
        Pay more. Find a company willing to take a contract that includes gaurentees. However don't bitch when it's way more expensive and that it takes way longer. Don't expect something cheaply turned out on the latest hardware in a couple months. Expect that it's a verified system that takes years of testing, and is rigidly controlled.

        There are companies that make solutions like this, IBM is one of them. You can get a mainframe setup to do database work that will never go down, ever. However it'll be expensive as hell, you will run the DB and ONLY the DB on it, it will be accessed only in rigidly controlled ways, etc.
    • "life critical" (Score:4, Insightful)

      by CarrionBird ( 589738 ) on Friday September 30, 2005 @12:32PM (#13686574) Journal
      Medial equipment, avionics, there's plenty of stuff that is specifically made for situations where failure is not an option. Consumer software is not such a thing.
      • Yep, I remember someone posting that it is the main reason why the NASA is still using some quite old programs, because they are fully tested and work, and they can not afford any kind of BSOD or Kernel Panic on some of its critical missions
    • Re:Keyword (Score:3, Insightful)

      by paranode ( 671698 )
      Not only that but his analogy ignores that an entirely separate entity actively and maliciously misused or exploited the software to gain access to his personal information. Suing the software company would be like suing the acid manufacturer for doing enough to make sure it wouldn't hurt children!
      • Re:Keyword (Score:3, Interesting)

        by M-G ( 44998 )
        Not only that but his analogy ignores that an entirely separate entity actively and maliciously misused or exploited the software to gain access to his personal information. Suing the software company would be like suing the acid manufacturer for doing enough to make sure it wouldn't hurt children!

        Sort of. I was thinking along the lines of what if the acid was mislabeled by the teacher? That's more akin to someone setting up software but not configuring proper security around it.
  • by MrByte420 ( 554317 ) * on Friday September 30, 2005 @12:25PM (#13686477) Journal
    Little Johnny was a boy. He isn't anymore. For what he thought was H20 Was H2S04
  • Sadly, legislation is probably the only way to make software developers--or rather, their companies--more liable. What, you expect the free market to take this one on? Who here honestly expects a company to decide it's competitive to be more liable?
    • Sadly, legislation is probably the only way to make software developers--or rather, their companies--more liable. What, you expect the free market to take this one on? Who here honestly expects a company to decide it's competitive to be more liable?

      Such liability would be rather impractical. To continue with bad analogies about books and such.... What if?:
      - The writer of the book had to learn a new language every month.
      - The writed received updates on new means of spelling existing words every week o

  • by Yonder Way ( 603108 ) on Friday September 30, 2005 @12:25PM (#13686485)
    The license is an agreement. If you don't like the terms, don't accept the license, and don't use the software.

    There is a lot of crap out there about companies liking proprietary software because it gives them someone to sue when the software breaks catastrophically. That Microsoft has about a $40 billion dollar war chest, earned almost entirely through the sale of very broken software, pokes some big holes in that theory.

    You're getting software for free. Don't bitch about indemnity in the license.
    • by cowscows ( 103644 ) on Friday September 30, 2005 @12:40PM (#13686687) Journal
      Yeah, there are places that require much more stringent checks of their software. NASA doesn't just quickly throw together stuff and upload it onto the space shuttle, they test the hell out of it. And so they get high quality stuff written directly for their hardware. The downside to this is that development is slow, and it's expensive.

      So basically, if you want software that's guaranteed, you're going to have to do a few things.
      A) Pay someone a whole lot of money to write it.
      B) Test the hell out of it before it gets put in place.
      C) Realize that this is going to take a long time
      D) Probably pick some very specific hardware for it to function with, and not have the option to easily upgrade in the future.
      E) Make sure you get all the feature requests and whatnot right the first time, because patches and stuff are not going to be easy or cheap.

      The market, for the most part, has opted for halfway broken software for a couple reasons. Upfront costs, freedom to grow/update/expand more easily, and because brokenass Windows was good enough for a lot of stuff. Hardware increases allowed significant boosts in productivity, and to a large degree, software was just sort of along for the ride. Now that commodity hardware offers so much power that the drive to upgrade is much less of a factor, it might make more sense to focus more on software quality.
    • Bullshit. No one agrees to software licenses. No one signs a contract, and there is no one at the other end to reciprocate. All you do is click a button to continue, or enter a license key at best. There is no way you can call that an agreement.
      • the software industry's propoganda works very well as you can see.

        people so thoroughly believe that it's a contract/agreement that they will defend it with their lives.

        education is the only way to counter this.

        tell a friend and pass it on.

        or tell millions of friends on /. and other online venues.
      • EULAs still hold legal weight, just as if it were an agreement. Just look at all the motions and junk David Zamos [wikipedia.org] had to go through.

        I mean, there are limits to the agreement... I don't think you can put in your EULA "by using this software, your employer agrees to pay me one million dollars every year". Employees of companies agree to EULAs constantly and don't have to consult their legal departments usually, so they can't hold that much weight. But D Zamos went through a lot of headache over a EULA,

  • by Renegade Lisp ( 315687 ) * on Friday September 30, 2005 @12:25PM (#13686491)
    To be held liable for every line of code that you write goes very much contrary to the free software / open source world, where developers often simply scratch their personal itch, or work out of a genuine interest in the matter. It is impossible for such individuals to get the financial backing (i.e. insurance) so that they can take this level of responsibility for their creations.

    The solution, I think, is that the realms of coding and of liability need to be separated. Let the coders code and let service companies such as IBM work together with them to provide support and, if needed, liability for customers that need it. This is exactly what happens when IBM "sells" Linux to Wallstreet, for example. They sell the kind of responsibility for the software that individual developers could by no means provide.

    • how about people who write FOSS and therefore give away their code not be liable but people who sell err excuse me, PROPOGANDA MODE ON, "LICENSE" software have to assume liability.

      no other industry on the face of this earth (except politicians) can sell you stuff and not be liable for it causing harm.

      if you are a merchant, you are liable. if you stand on a street corner (or virtual corner) and give it away then your liability is orders of magnitude less (read: zero).
  • by geomon ( 78680 ) on Friday September 30, 2005 @12:25PM (#13686492) Homepage Journal
    I would hope that Mr. Thompson considered the alternative that people often hold others accountable for their own ignorant actions. Yes, a publisher is often held accountable for the stupid actions of a reader (who would be stupid enough to drink sulphuric acid?). But is that situation an indictment of the author, or the court system that allowed an ignorant person to use the courts to make whole an action that the claimant should be responsible for?

    No, I do not believe that everyone should be left to fend for themselves without ANY regulation. If someone produces a medication and makes a claim that a patient considered reasonable, and they get more ill or die as a result, then the company should be held accountable. But to make every fucking business activity subject to error and omission insurance will wreak holy hell on our economy. E&O insurace requirements will guarantee that

    1) software development will slow,
    2) software for process control will halt due to liability questions,
    3) make lawyers and insurance companies rich,

    all without one single shred of evidence that any of these effects actually made software development any *better*.

    When I install software, especially for the first time, I do NOT have it on my production machine. Why do people like Thompson like doing things like this? Why should a software publisher spend heavily to debug (and still not get EVERYTHING) in a manner that *assures* the E&O insurer that it will not delete Mr. Thompson's latest mp3?
    • Further, why should the software author be on the hook for anything other than the cost of the software? Meaning, most products that don't work as advertised may indeed result in the vendor having to refund money... but to be held liable for, say, loss of other business, or lost income, or other indirect damages is very rare. And it needs to be, because otherwise very few people would write another lick of commercial software, ever... unless it costs a bloody fortune to pay for the billions needed in insura
    • Can you imagine what the lawsuit would be like when some user says "Software X deleted some file" and the software company says "No, it didn't." How would you go about proving this either way? Or in the case where perhaps a virus or something performs an attack on your software like perhaps a buffer overrun attack and causes the file to be deleted? OMG this would be messy for both sides. I can't imagine trying to make a jury understand the issues involved! I think they would end up picking a winner rather a
    • If a doctor screws up somebody dies. If an engineer screws up lots of people die. If a lawyer screws up bad news for the victim (or the defendee). If a web browser has a security flaw people may lose some money but nobody dies and it's easily preventable like you said.
    • I agree that the courts (and people not taking responsibility for their own actions) are a significant contributing factor.

      There are a lot of companies who develop software using the cheapest(often least experienced as well) labor and manage the development based on the release date, with reckless disregard for the features or stability of the product. People that do not understand software assume that all software is either unreliable (like their desktops) or fabulously expensive (mainframes). These peop
      • Then again, I use a lot of open source software, so I'm already getting more than I'm paying for.

        Boy, if that isn't the key fact in this whole sorry tale. I only put stuff on my production machines that I know will not crash it every day. I also keep my data away from all of my machines on a separate storage array.

        People like Thompson love a zero risk world when it comes to something they believe they can control. But don't get on the freeway with these people because they are generally also the people who
  • Wow (Score:2, Insightful)

    by valeriyk ( 914993 )
    And shouldn't the companies that implement the code be responsible for the insecurities, instead of passing the buck onto the developer? If a company incorporates a piece of software, and does nothing to lock down the program, doesn't change passwords, doesn't configure it properly, shouldn't the company be responsible? A developer is responsible to a degree, but so is the user. It takes two to tango, and going back to the quote, if a kid drinks sulphuric acid, how did he get it? The parents are respons
  • And... (Score:3, Interesting)

    by Ooblek ( 544753 ) on Friday September 30, 2005 @12:26PM (#13686501)
    ....every software developer is supposed to know that a customer doesn't have people smart enough on staff to install software using anything other than the default install? There would be nothing but a blame game because much of commercial software depends on other software libraries, including those provided by the OS. If our courts can't figure out that P2P lawsuits are basically meritless, I'd hate to see them figure out who is to blame because someone installed a default option on IIS that had an exploit, yet wasn't required to run IIS with a vendor's software.

    Don't get me wrong...bugs suck, but suing someone over it is as equally bad as releasing buggy software.

  • Software quality aside. I am glad the world hasn't gone lawsuit crazy with Software liability cases. No stupid cases about how joe idiot did something stupid and lost his job because he didn't back up.

  • Consumers Bill of Rights, or rationalization that current statutes regulating trade uphold certian Subjective Rights, that may not be given away. In other words, the contract would be invalid, since it imposed illegal conditions.

    Boring old institutional engineering is the answer once again.
  • "But see, if we had to ensure that everything worked all the time, it would take too long and nothing would happen. There would be no software."
    "Oh, I hadn't thought of that," says the commentator whose argument proceeds to disappear in a puff of reality.
    Meanwhile, Industry, rather content with itself, goes on to prove that black is white and white is black and is sued into oblivion by the DMCA.
  • Car manufacturers can be held liable if an accident is caused by a defect. If someone else runs into you, they are not liable. If someone breaks into your car, they are not liable. If there is a defect in the door locking mechanism, the manufacturer does nothing and your car gets broken into, then the manufacturer is liable. If the manufacturer offers recall or free repair to the locking mechanism and you opt not to follow up, hmm..?

    Unlike cars, any given computer software is absolutely identical. So one d

  • Sure you can sue (Score:2, Informative)

    by CKnight ( 92200 )
    You can always sue a service provider (bank, etc.) for such things as making your personal information public. They in turn however, cannot sue the software company (necessarily) because they (the bank) had an opt in. You can sue bacause you had no say in what systems the banks use, so you cannot be held accountable. You didn't agree to waive your rights and to accept liability.

    Put yourself in the bank's shoe however. When you install an OS or any application that comes with a EULA, you have the choice to n
  • If liability were mandatory, software companies would be forced to buy very expensive insurance policies to cover the potential costs of being sued, just like doctors in the US must buy malpractice insurance. The result would be the same as in the medical field - vastly higher prices.

    Consumers complain about the poor quality of software right up until they walk into a software shop - then they buy the cheapest product.
  • by LightStruk ( 228264 ) on Friday September 30, 2005 @12:31PM (#13686561)
    Yet I can't do anything when a company produces software that exposes my online banking details to any script kiddie with time to spare, because I've agreed a license that removes such liability.
    That's exactly what you've done when you agree to a license from Microsoft.
    From the Windows XP Home EULA [microsoft.com], with caps removed to get past lameness filter:
    To the maximum extent permitted by applicable law, in no event shall Microsoft or its suppliers be liable for any special, incidental, punitive, indirect, or consequential damages whatsoever (including, but not limited to, damages for loss of profits or confidential or other information, for business interruption, for personal injury, for loss of privacy, for failure ot meet any duty including of good faith or of reasonable care, for negligence ...
    and so on and so on.

    With this amount of legal protection, I feel completely safe using Microsoft products!
  • If there was a market for software where the developers indemnified their softwre, you would see such software. People just aren't willing to pay the price except in rare circumstances and then you're usually into the realm of bespoke software. Would the comentator be willing to pay $1000 for his web browser?

    Rich
  • Those stupid little EULA won't protect from claims of negligence.
    If a software program tells you to go drink acid you better believe you can sue regardless of what you clicked on.
    It's very similar to those stupid little signs on dump trucks. 'Not responsible for objects that fall off'
    The hell they aren't. If something falls of the truck and hits your car you can be assured that stupid little disclaimer will offer no protection.
  • What nonsense (Score:2, Insightful)

    by Morganth ( 137341 )
    Normally, I'd agree with the commentator in this article. If you sell software, you should be subject to the same liability as if you sold any other thing. For example, if you sell me banking software, it's assumed that this software is secure and won't easily let hackers steal my account information. If you sell a car, it better not explode every time it gets rear-ended, or have tires that explode when going over certain speeds.

    But if you give me a car, or if my hobbyist mechanic friend builds me a car

  • Sure something could happen. Maybe firefox leaks personal information or your previous draft of an email to Ford reveals you are talking to GM too in a Word doc.

    These are risks. If the risks are serious enough in your mind, you can buy insurance; often from someone backed by companies like Lloyds Bank that have expertise in such areas. But don't demand that everyone pay for insurance.

    It is your freedom to decide if you want insurance or not. Don't try to dictate your wishes upon everyone. The costs will
  • One argument against product liability for software is that it would destroy the industry by placing unacceptable costs on developers, and that it would wipe out the open source movement in its current form since there is no way an organisation like the Mozilla Foundation could distribute Firefox for free under those terms.

    But nobody bought a copy of Firefox, did they? The only way you should expect to have consumer rights is if you actually bought the product. In fact, why even mention free software at

  • When she writes a non-fiction book she is typically asked to sign a contract that indemnifies the publisher against legal costs resulting from errors of fact in the book.

    Authors are typically also asked to sign ownership of the copyright over the publisher. So, it sounds like said publishers now want ownership of the IP with someone else essentially signed up to take all the legal liability.

    For that latter, they could technically just go to an insurance company for that kind of thing. Buy, why bother
  • From the article...

    "But if a system is unjust then it should not be supported, and an unwillingness to strip undeserved privileges from a group, however noble their cause, is not sufficient reason to maintain the current dispensation."

    -

    I guess every one of us choose wich privileges we want to "drop"....his argument agianst Open Source is quite handy against any other software license around...they keyword is "you have a choice" and I choose something else.

  • Everything has its price. Authors accept some responsibility, but they are paid far more than any OSS developer. Also, there are a lot more ways that software may malfunction than the reader may misread a book. Any book on chemical experiments contains a disclaimer "do them under you parent's supervision".
  • If commercial softwarre ever wanted to prove their value over decentralized open source, this is it. Without a centralized authority and a large pile of money, open source can never provide the liability guarantee of a corporation. Very few open source projects have this backing, and very few capable backers would support open source. This could provide a balanced duality in the software world: either grab the software for free and accept the liability, or buy into commercial software with a gaurantee.

    Su
  • ...is that a general purpose computer system is a complex combination of hardware, firmware, device drivers, operating system, libraries and application code. Even if I provided you with a warranty it would be in a "blessed" configuration, and even then I'd disclaim any liability for external influence causing my program to malfunction. For those that actually need it, they are better off getting a company to support the whole setup, and possibly with an insurance to cover their backs.
  • the author wants to download software for free *and* be able to hold the author liable for any (direct or indirect) damages... Talk about free-loading.
    Coding and liability are in principle independent.
    When the author assumes liability that constitutes an extra service. What we need is the ability to get software for free, and the ability to get fitness and other guarantees - in exchange of a fee.
  • There is a HUGE difference when designing software. When you talk about massive monolithic pieces of software, close or open, it becomes very difficult to search for every possible error. People are going, for the most part, make software that works to keep their customer base, or in the case of Microsoft and Oracle, spend lots of money on advertising to get people locked into software that doesn't work.

    The argument with the children's book is also a stupid argument. If I write something down and someone fo
  • If she was to suggest a school experiment that involved drinking sulphuric acid, because she'd confused it with acetic, then she'd be in big trouble. Yet I can't do anything when a company produces software that exposes my online banking details to any script kiddie with time to spare

    The real difference is that it's nearly impossible to write any kind of complex software and have it free from bugs. Finding these problems isn't as easy as proofreading because code can function in vastly different ways dep
  • One practical reason why software is not warrantied like hardware products is that no one entity is wholly responsible for the design and maintenance of the total computing system.

    Every piece of software on a computing runs atop a teetering stack of hardware and software each layer of which may come from a different vendor. Not even a company like Apple has complete control of their software environment bottom to top. A bug anywhere in the stack can cause a failure. Developers spend a lot of time working ar
    • You're right in that no single vendor is responsible, but you're wrong in that it means that a company can't be liable.

      Similar analogies can be made towards anything that is built. When Ford builds a car, they don't create every nut, bolt and beam in the car. They probably buy a lot of the parts from third-party manufacturers and assemble them together. This is true for many products out there.

      An analogy closer to home, is the system my friend's company puts out. They treat cancer tumors using some cu
  • Just as software patents shouldn't apply, so should do damages due to loss of information, because information can be BACKED UP. There's some sort of "magic" that lets you make copies of a specific set of data only for the cost of the material holding such data. Can you do that with physical objects?

    Nobody has EVER claimed that Software (in general) is perfect. Because software is much more like a 3D maze than a piece of wood, there can always be a bug hidden somewhere. This is specially true when most soft
  • If software publishers were liable for their bugs to the extent that they had to pay every user's entire loss caused by a bug then no one could ever afford to publish software. But as long as publishers risk no liability whatsoever, we will always have buggy software.

    The problem is the all or nothing approach. What we need is a liability definition that is higher than nothing for paid software (I would explicitly exempt software offered for free, since the publisher is not monetarily compensated). For
  • 1. "It's free, so there should be no liability."

    Wrong. If I own a store and put out a free park bench in front, and there's a nail sticking up, and someone sits on it, I'm liable, whether or not it was malicious, money changed hands, etcetera. Why should software be different?

    2. You agreed to the license.

    It is accepted in law that this is generally only a defence if you had an opportunity to negotiate the license. If it's presented as "take it or leave it" then the license doesn't really represent a negotia

  • One the one hand, yes of course software developers need to be accountable for their work. This isn't bounded by an license or developer. If you release software, you have a responsibility to maintain and support it. I'm not talking about if some one peverts your work into something malicious or if some one uses an unkown exploit. I don't believe developers need be held responsible for damages relating to thos types of situations.
    But I do belive if you have software out there, you have a reponsibility t
  • The author is wrong when he said you "agreed to agreed a license that removes such liability."

    What you do is open the package.

    The makers of the software CLAIM that by doing so it means you agreed, but that opinion has not been proven in any court of law.

    OF COURSE they are going to claim you do that. They can claim anything they want to. They can even claim that their software is not a piece of crap. That doesn't make it true.

    Yes, it will make suing them more dificult, but so what? Lawsuits are rarel

  • I've read Bill Thompson's articles before and he seemed quite sensible.

    I'm quite shocked at this:

    "I can't do anything when a company produces software that exposes my online banking details to any script kiddie with time to spare, because I've agreed a license that removes such liability."

    Yes you can Bill...

    1) Don't use any software.
    2) Don't use online banking.
    3) Don't keep any personal data on your computer.

    No software can be 100% flawless!

    If every software company was to pay up when a flaw within it was e
  • It's good to know that American television doesn't have a monopoly on clueless talking heads blabbering on in things that they do not necessarily know anything about.

    This has already been said in response to this comment, but it bears repeating, if only to make it perfectly clear - he's making an apples-and-oranges comparison. When you buy a book, in general, the book contains the exact same information that every other copy of the same book has.

    But, to continue with the article writer's (faulty) book ana

  • Liability is one of those attorney-enriching words. Buy a gun, load it, point it at your head, and hurt (if not kill) yourself, and there is no liability. This is because of several long understood characteristics about what a gun does and what happens with high-speed metal projectiles.

    Should you incorrectly state the formula for something mixed with sulphuric acid rather than acetic acid stated in TFA, you might have compensatory claim for your subsequent injury.

    Software is used to complete a task or state
  • Accept the risk (Score:3, Interesting)

    by Red Flayer ( 890720 ) on Friday September 30, 2005 @01:04PM (#13686951) Journal
    FTA: "Programmers have built their business models on a freedom from responsibility which would be considered wholly unacceptable in almost any other sphere of activity, public or private. [1]

    We all pay the cost in wasted time, lost files, hacked systems and reduced productivity [2]. Our children spend time in lessons waiting for interactive whiteboards to be repaired [3] while businesses around the world suffer from crashes and security breaches. [4] "


    Hey, you know what, Bill? You don't like the fact that you accept the responsibility and risk when you use the software? Then don't use it.

    I bank online, not because I need to, but because it is convenient. I accept that there is a slight risk involved. If I only banked brick-and-mortar, and my banking information was hacked, who is liable? The bank, because they CHOSE to use software that is insecure, KNOWING that it is potentially insecure, is who I hold liable.

    I enjoy using the internet. Do I need to use it? No. But because I want to use it, I accept that there is risk, and do my best to protect myself.

    [1] Not so. How many stunt shows always start with a disclaimer that no one should try the stunt at home? Fore-warned is fore-armed.

    [2] We all also reap the rewards of the software. Do our kids ride bikes, Bill? When they fall and scrape their hands, do we send the medical bill to the bike distributor, manufacturer, or retailer? We accept a certain level of risk. If the bike design is faulty, that is a different issue -- but then again, we never signed a usage agreement that disclosed that there might be problems.

    [3] Why doesn't that classroom have a dry-erase board or a chalkboard? Why is the teacher incapable of instruction without it?

    [4] Businesses would suffer more if there were no innovation in software due to possible lawsuits. Businesses would be better off putting systems in place to prevent hackjobs, to make sensitive information secure even if their system is compromised, to prevent extreme loss of business due to system downtime.

    I think it is ridiculous for every tomdickandharry to want someone else to be responsible for the risk that they voluntarily took on.

    Software is not a necessity. It is a tool that we use to help us do things more efficiently. The tradeoff for that efficiency is risk.
  • Fallacy (Score:3, Interesting)

    by hunterx11 ( 778171 ) <hunterx11@NOSpAm.gmail.com> on Friday September 30, 2005 @01:13PM (#13687041) Homepage Journal
    FOSS != non-commercial. I sure as hell hope an institution like a bank wouldn't use unsupported software be it open or proprietary. But the author apparently hasn't heard of such obscure companies as "Red Hat" and "Novell" and "IBM."
  • by robbway ( 200983 ) on Friday September 30, 2005 @02:12PM (#13687655) Journal
    If you've ever read any commentary by Christopher Rice in his books, you'd see how much disdain he has for those "pass-the-buck-to-the-author" clauses. Not every writer agrees with that concept! It's a lazy concept, akin to publishing super-offensive ads in a magazine and claiming no responsibility for the ad. Let's face it, the publisher should be responsible for the content they distribute to a certain degree, like publishing errors causing serious misunderstandings.

    I don't know about the rest of you, but if she tells me to drink poison in a book, I'm not going to do it.
  • by psychofox ( 92356 ) on Friday September 30, 2005 @02:50PM (#13688008)
    I read the bbc news pages a lot. Every time I see that Bill was involved, I just skip over. He'll write anything... as long as it is absolute garbage.
  • by ChaoticCoyote ( 195677 ) on Friday September 30, 2005 @03:19PM (#13688281) Homepage

    Implementing responsibility in software is desirable -- and unlikely.

    At the bottom of the problem (surprise, surprise!) we find money. Software development requires expensive human labor and support; the software industry already limits its investment in quality assurance and support. To fully test every piece of software for 100% (or even 99%) reliability would drive software prices spiralling — you would see no free software movement, no open source, and be living with a very limited selection of corporate software at cocaine-like prices. Witness what has happend with liability lawsuits and medicine, driving costs to astronomical levels.

    If anything, the success of the software industry could be attributed the its very lack of guarantees. It has few material costs; anyone with a $500 PC can start a software business. You don't need to guarantee your product, and society is conditioned to accept broken software after years of living with Microsoft's badly engineered products. Companies ship erroneous code to customers, knowing full-well that it can be patched later.

    Do I think software should provide guarantees? Yes. Will it happen in my lifetime? Not unless society changes dramatically.

  • by phorm ( 591458 ) on Friday September 30, 2005 @05:08PM (#13689347) Journal
    One thing one must consider is proper use, and chance of error.

    Take condoms, for example. They can help protect against pregnancy and/or STD's. They can also break. In a reasonable situation you should be able to expect some safety in using them, if you use them properly. If you think that wearing a condom is going to make it OK for you to head on down to 3rd and Main every night to pick up a $10 date... well you don't sue Trojan when you get a little more than you bargained for, no do you?

"The following is not for the weak of heart or Fundamentalists." -- Dave Barry

Working...